CN113014440A - Safety testing method and device based on industrial platform as service cloud platform - Google Patents
Safety testing method and device based on industrial platform as service cloud platform Download PDFInfo
- Publication number
- CN113014440A CN113014440A CN201911315478.2A CN201911315478A CN113014440A CN 113014440 A CN113014440 A CN 113014440A CN 201911315478 A CN201911315478 A CN 201911315478A CN 113014440 A CN113014440 A CN 113014440A
- Authority
- CN
- China
- Prior art keywords
- cloud platform
- tampering
- industrial
- app
- operation data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The disclosure provides a security testing method and device based on industrial PaaS, and relates to the technical field of security. The safety testing method based on the industrial PaaS cloud platform comprises the following steps: intercepting operation data from an Application (APP) under the condition that a user operates an industrial platform and a service platform as a service (PaaS) cloud platform by using the APP; tampering with the operational data based on a predetermined tampering policy; sending the tampered operation data to an industrial PaaS cloud platform; and generating a detection result according to the reaction of the industrial PaaS cloud platform to the operation data. By the method, test data do not need to be generated manually, and the test efficiency is improved; in the testing process, the process of operating the industrial PaaS cloud platform based on the APP realizes effective detection on the communication mechanism and protocol safety of the application and the industrial PaaS cloud platform, and improves the reliability of the test.
Description
Technical Field
The present disclosure relates to the field of security technologies, and in particular, to a security testing method and device based on an industrial PaaS a Service (Platform as a Service cloud Platform).
Background
With the automation and intelligent development of industrial production, the safety and reliability of the industrial PaaS cloud platform become more important. In the related art, in order to improve the reliability of the industrial PaaS cloud platform, wrong calling data of the industrial PaaS cloud platform can be manually generated, and then the reaction of the platform is recorded.
Disclosure of Invention
The inventor finds that the detection method in the related art is low in efficiency, and the application is difficult to effectively detect the safety of the communication mechanism and the protocol of the industrial PaaS cloud platform.
One object of the present disclosure is to improve the efficiency and reliability of industrial PaaS cloud platform testing.
According to an aspect of some embodiments of the present disclosure, a security testing method based on an industrial PaaS cloud platform is provided, including: intercepting operation data from an Application (APP) under the condition that a user operates an industrial platform and a service platform as a service (PaaS) cloud platform by using the APP; tampering with the operational data based on a predetermined tampering policy; sending the tampered operation data to an industrial PaaS cloud platform; and generating a detection result according to the reaction of the industrial PaaS cloud platform to the operation data.
In some embodiments, intercepting operational data from the APP comprises: intercepting operation data from an APP through an interface of interaction between the APP and an industrial PaaS cloud platform; sending the tampered operation data to the industrial PaaS cloud platform comprises the following steps: and sending the tampered operation data to the industrial PaaS cloud platform through an interface for interaction between the APP and the industrial PaaS cloud platform.
In some embodiments, tampering with the operational data based on the predetermined tampering policy comprises: selecting a tampering policy from predetermined tampering policies based on a predetermined detection level, wherein the predetermined tampering policy includes performing one or more of addition, modification, deletion, or inspection of one or more fields, the tampering policy being classified into a plurality of levels according to at least one of the type of field tampered or the type of tampering operation; and tampering the operation data according to the selected tampering strategy.
In some embodiments, tampering with the operational data according to the selected tampering policy comprises: operating the data based on the fuzzy test logic according to a tampering policy.
In some embodiments, the security testing method based on the industrial PaaS cloud platform further includes: configuring a predetermined detection level and fuzzy test logic; in the process that a user operates an industrial PaaS cloud platform by using an APP, executing the operation of intercepting operation data from the APP and generating a detection result; judging whether the test is finished or not, if not, continuing to execute the operation of intercepting the operation data from the APP and generating a detection result; and if the test is finished, generating a detection report based on the detection result.
By the method, test data do not need to be generated manually, and the test efficiency is improved; in the testing process, the process of operating the industrial PaaS cloud platform based on the APP realizes effective detection on the communication mechanism and protocol safety of the application and the industrial PaaS cloud platform, and improves the reliability of the test.
According to an aspect of some embodiments of the present disclosure, a security testing apparatus based on an industrial PaaS cloud platform is provided, including: the interface agent module is configured to intercept operation data from the APP under the condition that a user operates the industrial platform and the PaaS cloud platform by using the APP; a data modification module configured to tamper with the operational data based on a predetermined tamper policy; the interface agent module is also configured to send the tampered operation data to an industrial PaaS cloud platform; and the result generation module is configured to generate a detection result according to the reaction of the industrial PaaS cloud platform to the operation data.
In some embodiments, the interface agent module is configured to intercept operational data from the APP through an interface through which the APP interacts with the industrial PaaS cloud platform; and sending the tampered operation data to the industrial PaaS cloud platform through an interface for interaction between the APP and the industrial PaaS cloud platform.
In some embodiments, the data modification module is configured to: selecting a tampering policy from predetermined tampering policies based on a predetermined detection level, wherein the predetermined tampering policy includes performing one or more of addition, modification, deletion, or inspection of one or more fields, the tampering policy being classified into a plurality of levels according to at least one of the type of field tampered or the type of tampering operation; and tampering the operation data according to the selected tampering strategy.
In some embodiments, the data modification module is configured to: operating the data based on the fuzzy test logic according to a tampering policy.
In some embodiments, the security testing apparatus based on an industrial PaaS cloud platform further includes: the configuration module is configured to configure a preset detection level and fuzzy test logic so as to activate the interface agent module to execute an operation of intercepting operation data from the APP, and the result generation module generates a detection result; the judging unit is configured to judge whether the test is finished or not, and if not, the interface agent module is continuously activated to execute the operation of intercepting the operation data from the APP so that the result generating module generates the detection result; and if the test is finished, the activation result generation module generates a detection report based on the detection result.
According to an aspect of some embodiments of the present disclosure, a security testing apparatus based on an industrial PaaS cloud platform is provided, including: a memory; and a processor coupled to the memory, the processor configured to execute any of the above industrial PaaS cloud platform based security testing methods based on instructions stored in the memory.
The safety testing device based on the industrial PaaS cloud platform does not need to generate testing data artificially, and the testing efficiency is improved; in the testing process, the process of operating the industrial PaaS cloud platform based on the APP realizes effective detection on the communication mechanism and protocol safety of the application and the industrial PaaS cloud platform, and improves the reliability of the test.
According to an aspect of some embodiments of the present disclosure, a computer-readable storage medium is provided, on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of any one of the above industrial PaaS cloud platform based security testing methods.
By executing the instructions on the computer-readable storage medium, test data does not need to be generated artificially, and the test efficiency is improved; in the testing process, the process of operating the industrial PaaS cloud platform based on the APP realizes effective detection on the communication mechanism and protocol safety of the application and the industrial PaaS cloud platform, and improves the reliability of the test.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this disclosure, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure and not to limit the disclosure. In the drawings:
fig. 1 is a flow diagram of some embodiments of an industrial PaaS cloud platform based security testing method of the present disclosure.
Fig. 2 is a flowchart of another embodiment of the security testing method based on the industrial PaaS cloud platform according to the present disclosure.
Fig. 3 is a schematic diagram of some embodiments of an industrial PaaS cloud platform based security testing apparatus of the present disclosure.
Fig. 4 is a schematic diagram of some embodiments of an application environment of the industrial PaaS cloud platform-based security testing apparatus of the present disclosure.
Fig. 5 is a schematic diagram of further embodiments of the industrial PaaS cloud platform-based security testing apparatus according to the present disclosure.
Fig. 6 is a schematic diagram of further embodiments of the industrial PaaS cloud platform-based security testing apparatus of the present disclosure.
Detailed Description
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
A flowchart of some embodiments of the industrial PaaS cloud platform based security testing method of the present disclosure is shown in fig. 1.
In step 101, when a user operates an industrial platform and a PaaS cloud platform using an APP, operation data from the APP is intercepted. In some embodiments, operational data from an APP may be intercepted through an interface through which the APP interacts with an industrial PaaS cloud platform. In some embodiments, the operations performed by the user may be specified according to the content to be tested; in other embodiments, the user may be enabled to operate according to normal usage, thereby making the testing process more consistent with normal applications.
In step 102, the operational data is tampered with based on a predetermined tampering policy. In some embodiments, the predetermined tampering policy may include performing one or more of an addition, a modification, a deletion, or a lookup of one or more fields. In some embodiments, a plurality of detection levels can be set for different fields and different tampering operations, and a tampering policy of a corresponding part in each level includes which tampering operations are performed on which fields, so that directional testing is facilitated, and testing efficiency is improved.
In step 103, the tampered operation data is sent to the industrial PaaS cloud platform. In some embodiments, the tampered operation data is sent to the industrial PaaS cloud platform through an interface where the APP interacts with the industrial PaaS cloud platform.
In step 104, a detection result is generated according to the reaction of the industrial PaaS cloud platform to the operation data. The industrial PaaS cloud platform has certain tolerance to the tampered operation data, and if automatic error correction is possible, abnormity cannot occur; errors may also be found to occur, thereby reporting errors; there is also the possibility of entering the wrong logic, causing a malfunction such as a crash.
By the method, test data do not need to be generated manually, and the test efficiency is improved; in the testing process, the process of operating the industrial PaaS cloud platform based on the APP realizes effective detection on the communication mechanism and protocol safety of the application and the industrial PaaS cloud platform, and improves the reliability of the test.
In some embodiments, tampering of the operational data may also be performed by the fuzz testing logic, such as randomly replacing certain contents of the operational data. By the method, the randomness and the comprehensiveness of the test content can be improved, the detection defects caused by the tendency of manual modification are avoided, and the reliability of platform detection is further improved.
Flow charts of other embodiments of the industrial PaaS cloud platform-based security testing method of the present disclosure are shown in fig. 2.
In step 201, a predetermined detection level and fuzz test logic is configured. In some embodiments, the level of detection currently to be detected, as well as the fuzzy test logic, such as timing variations, interface parameter variations, business logic confusion, etc., may be specified manually. In some embodiments, a tamper policy corresponding to a predetermined detection level may be configured in the device, and a module storing the user-configured predetermined detection level and the fuzz testing logic for invocation during application.
In step 202, a user operates an industrial PaaS cloud platform using APP.
In step 203, operational data from the APP is intercepted.
In step 204, the operational data is tampered with based on a predetermined tampering policy.
In step 205, the tampered operation data is sent to the industrial PaaS cloud platform.
In step 206, a detection result is generated according to the reaction of the industrial PaaS cloud platform to the operation data.
In step 207, it is determined whether the test is finished. If not, go to step 202; if so, go to step 208.
In step 208, a test report is generated based on the test results.
By the method, the operation data takeover of the application of the industrial PaaS cloud platform can be called through the agent industrial PaaS cloud platform calling interface, the data flow and the control flow of the APP are modeled, and the high-efficiency detection of the safety risk is realized; through the fuzzy test, the control instruction, the flow and the data are sent after being randomly tampered according to a certain rule and sequence, so that the unknown risk of the platform can be conveniently found, and the efficiency and the coverage rate of the safety detection are improved.
A schematic diagram of some embodiments of an industrial PaaS cloud platform based security testing apparatus 300 of the present disclosure is shown in fig. 3.
The interface agent module 301 can intercept operation data from an APP when a user operates an industrial platform and a PaaS cloud platform using the APP. In some embodiments, the operations performed by the user may be specified according to the content to be tested; in other embodiments, the user may be enabled to operate according to normal usage, thereby making the testing process more consistent with normal applications.
The data modification module 302 is capable of tampering with the operational data based on a predetermined tampering policy. In some embodiments, the predetermined tampering policy may include performing one or more of an addition, a modification, a deletion, or a lookup of one or more fields. In some embodiments, a plurality of detection levels can be set for different fields and different tampering operations, and a tampering policy of a corresponding part in each level includes which tampering operations are performed on which fields, so that directional testing is facilitated, and testing efficiency is improved.
The interface agent module 301 can send the tampered operation data to the industrial PaaS cloud platform. In some embodiments, the tampered operation data is sent to the industrial PaaS cloud platform through an interface where the APP interacts with the industrial PaaS cloud platform.
The result generation module 303 can generate a detection result according to a reaction of the industrial PaaS cloud platform to the operation data. The industrial PaaS cloud platform has certain tolerance to the tampered operation data, and if automatic error correction is possible, abnormity cannot occur; errors may also be found to occur, thereby reporting errors; there is also the possibility of entering the wrong logic, causing a malfunction such as a crash.
The device does not need to generate test data artificially, so that the test efficiency is improved; in the testing process, the process of operating the industrial PaaS cloud platform based on the APP realizes effective detection on the communication mechanism and protocol safety of the application and the industrial PaaS cloud platform, and improves the reliability of the test.
In some embodiments, as shown in fig. 3, the industrial PaaS cloud platform based security testing apparatus may further include a configuration module 304, which enables a user to configure the predetermined detection level and the fuzzy test logic. In some embodiments, the level of detection currently to be detected, as well as the fuzzy test logic, such as timing variations, interface parameter variations, business logic confusion, etc., may be specified manually. In some embodiments, the configuration module 304 is capable of managing a tamper policy corresponding to a predetermined detection level, and storing a user configured predetermined detection level and a module of fuzz testing logic for invocation during application.
The device can be used for a user to specify the detection level and logic, so that the directional detection is realized, and the detection pertinence and efficiency are improved.
In some embodiments, as shown in fig. 3, the security testing apparatus based on the industrial PaaS cloud platform may further include a determining unit 305, which is capable of determining whether the test is finished. If not, prompting the user to continue operating through the APP, so that the interface agent module 301 continues intercepting the operating data from the APP; or only activating the interface agent module 301 to continuously intercept the operation data from the APP in the case that the operation of the APP does not need to be prompted. If it is determined that the test is finished, the result generation module 303 is caused to generate a detection report based on the detection result.
The device is convenient for batch and continuous testing, the testing efficiency is further improved, a large number of tests can reflect results more, the test accuracy is prevented from being influenced by accidental phenomena, and the test accuracy is further improved.
A schematic diagram of some embodiments of an application environment of the industrial PaaS cloud platform based security testing apparatus of the present disclosure is shown in fig. 4. The industrial PaaS cloud platform comprises three types of interfaces,
(1) the system comprises an API (application programming interface) connected with industrial internet APPs, wherein one or more APPs realize corresponding service logic by calling the API provided by a PaaS (platform as a service) platform;
(2) the device interface, as shown in fig. 4, may be connected to a LaaS (Infrastructure as a Service) platform 43, and includes a data upload and control instruction issue interface. LaaS can interact with one or more devices, such as devices 441-44 n (n is a positive integer), so as to realize the operation of the devices.
(3) The management system interface provides a management interface for a conventional ERP (Enterprise Resource Planning) system 45, and realizes smooth cloud migration of services.
The user operates the industrial PaaS cloud platform 42 through one or more APPs, and sends operation data. An interface agent module 401 located at an interface between the industrial PaaS cloud platform 42 and the APP intercepts data, and a data modification module 402 performs data tampering. And sending the data to the industrial PaaS cloud platform 42 after the tampering is completed.
The safety testing device based on the industrial PAAS cloud platform can be organically combined with the industrial PAAS cloud platform, the APP matched with the industrial PAAS cloud platform and the operation environment of the industrial PAAS cloud platform, so that the reliable and efficient detection of the industrial PAAS cloud platform is realized, the reliability of the operation of the ERP and all related equipment is improved, and the development of the industry is accelerated.
Fig. 5 shows a schematic structural diagram of an embodiment of the security testing apparatus based on the industrial PAAS cloud platform according to the present disclosure. The industrial PAAS cloud platform based security testing device comprises a memory 501 and a processor 502. Wherein: the memory 501 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used for storing the instructions in the corresponding embodiments of the above security testing method based on the industrial PAAS cloud platform. The processor 502 is coupled to the memory 501 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 502 is used to execute instructions stored in the memory, which can improve the reliability and efficiency of the test.
In one embodiment, as also shown in fig. 6, the industrial PAAS cloud platform based security testing apparatus 600 includes a memory 601 and a processor 602. The processor 602 is coupled to the memory 601 by a BUS 603. The industrial PAAS cloud platform based security testing device 600 may also be connected to an external storage device 605 through a storage interface 604 for invoking external data, and may also be connected to a network or another computer system (not shown) through a network interface 606. And will not be described in detail herein.
In this embodiment, the data instructions are stored in the memory and processed by the processor, which can improve the reliability and efficiency of the test.
In another embodiment, a computer readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the corresponding embodiment of the industrial PAAS cloud platform based security testing method. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Finally, it should be noted that: the above examples are intended only to illustrate the technical solutions of the present disclosure and not to limit them; although the present disclosure has been described in detail with reference to preferred embodiments, those of ordinary skill in the art will understand that: modifications to the specific embodiments of the disclosure or equivalent substitutions for parts of the technical features may still be made; all such modifications are intended to be included within the scope of the claims of this disclosure without departing from the spirit thereof.
Claims (12)
1. A safety testing method based on an industrial platform, namely a service cloud platform comprises the following steps:
intercepting operation data from an Application (APP) under the condition that a user operates an industrial platform and a service platform as a service (PaaS) cloud platform by using the APP;
tampering with the operational data based on a predetermined tampering policy;
sending the tampered operation data to the industrial PaaS cloud platform;
and generating a detection result according to the reaction of the industrial PaaS cloud platform to the operation data.
2. The method of claim 1, wherein,
intercepting operational data from an APP comprises:
intercepting operation data from the APP through an interface of interaction between the APP and the industrial PaaS cloud platform;
the sending the tampered operation data to the industrial PaaS cloud platform comprises:
and sending the tampered operation data to the industrial PaaS cloud platform through an interface for interaction between the APP and the industrial PaaS cloud platform.
3. The method of claim 1, wherein said tampering with said operational data based on a predetermined tampering policy comprises:
selecting a tampering policy from the predetermined tampering policies based on a predetermined detection level, wherein the predetermined tampering policy comprises performing one or more of addition, modification, deletion, or inspection of one or more fields, and the tampering policy is classified into a plurality of levels according to at least one of a type of field being tampered or a type of tampering operation;
and tampering the operation data according to the selected tampering strategy.
4. The method of claim 3, wherein said tampering with said operational data according to a selected tampering policy comprises:
and according to the tampering strategy, based on fuzzy test logic, the operation data.
5. The method of claim 4, further comprising:
configuring a predetermined detection level and fuzzy test logic;
in the process that a user operates an industrial PaaS cloud platform by using an APP, executing the operation of intercepting operation data from the APP and generating a detection result;
judging whether the test is finished or not, if not, continuing to execute the operation of intercepting the operation data from the APP and generating a detection result;
and if the test is finished, generating a detection report based on the detection result.
6. A safety testing device based on an industrial platform (service cloud platform) comprises:
the interface agent module is configured to intercept operation data from the APP under the condition that a user operates the industrial platform and the PaaS cloud platform by using the APP;
a data modification module configured to tamper with the operational data based on a predetermined tamper policy;
the interface agent module is further configured to send the tampered operation data to the industrial PaaS cloud platform;
a result generation module configured to generate a detection result according to a reaction of the industrial PaaS cloud platform to the operation data.
7. The apparatus of claim 6, wherein,
the interface agent module is configured to intercept operation data from an APP through an interface where the APP interacts with the industrial PaaS cloud platform; and sending the tampered operation data to the industrial PaaS cloud platform through an interface for interaction between the APP and the industrial PaaS cloud platform.
8. The apparatus of claim 6, wherein the data modification module is configured to:
selecting a tampering policy from the predetermined tampering policies based on a predetermined detection level, wherein the predetermined tampering policy comprises performing one or more of addition, modification, deletion, or inspection of one or more fields, and the tampering policy is classified into a plurality of levels according to at least one of a type of field being tampered or a type of tampering operation;
and tampering the operation data according to the selected tampering strategy.
9. The apparatus of claim 8, wherein the data modification module is configured to: and according to the tampering strategy, based on fuzzy test logic, the operation data.
10. The apparatus of claim 9, further comprising:
the configuration module is configured to configure a preset detection level and fuzzy test logic so as to activate the interface agent module to execute an operation of intercepting operation data from the APP, so that the result generation module generates a detection result;
the judging unit is configured to judge whether the test is finished or not, and if not, the interface agent module is continuously activated to execute the operation of intercepting the operation data from the APP so that the result generating module generates the detection result; and if the test is finished, activating the result generation module to generate a detection report based on the detection result.
11. A safety testing device based on an industrial platform (service cloud platform) comprises:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-5 based on instructions stored in the memory.
12. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911315478.2A CN113014440A (en) | 2019-12-19 | 2019-12-19 | Safety testing method and device based on industrial platform as service cloud platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911315478.2A CN113014440A (en) | 2019-12-19 | 2019-12-19 | Safety testing method and device based on industrial platform as service cloud platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113014440A true CN113014440A (en) | 2021-06-22 |
Family
ID=76382565
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911315478.2A Pending CN113014440A (en) | 2019-12-19 | 2019-12-19 | Safety testing method and device based on industrial platform as service cloud platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113014440A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243114A (en) * | 2014-09-26 | 2014-12-24 | 浙江中控技术股份有限公司 | Communication robustness test method and platform |
| CN109088789A (en) * | 2018-07-19 | 2018-12-25 | 青岛萨纳斯智能科技股份有限公司 | A kind of network environment simulation test tool and test method |
| US20190108116A1 (en) * | 2017-10-06 | 2019-04-11 | Red Hat, Inc. | Enabling attributes for containerization of applications |
| CN110427323A (en) * | 2019-07-29 | 2019-11-08 | 天津车之家数据信息技术有限公司 | A kind of application testing method, device, proxy server and system |
-
2019
- 2019-12-19 CN CN201911315478.2A patent/CN113014440A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243114A (en) * | 2014-09-26 | 2014-12-24 | 浙江中控技术股份有限公司 | Communication robustness test method and platform |
| US20190108116A1 (en) * | 2017-10-06 | 2019-04-11 | Red Hat, Inc. | Enabling attributes for containerization of applications |
| CN109088789A (en) * | 2018-07-19 | 2018-12-25 | 青岛萨纳斯智能科技股份有限公司 | A kind of network environment simulation test tool and test method |
| CN110427323A (en) * | 2019-07-29 | 2019-11-08 | 天津车之家数据信息技术有限公司 | A kind of application testing method, device, proxy server and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105550585B (en) | Application program security testing method, device and system | |
| CN105955782B (en) | Application program operation control method and device | |
| US20070220492A1 (en) | Application verifier infrastructure and checks | |
| US10169203B2 (en) | Test simulation for software defined networking environments | |
| CN108182359B (en) | Method, device and storage medium for testing API security in trusted environment | |
| US10042744B2 (en) | Adopting an existing automation script to a new framework | |
| US9658842B2 (en) | Application runtime expert for deployment of an application on multiple computer systems | |
| US9804952B1 (en) | Application debugging in a restricted container environment | |
| US11748245B2 (en) | Object-oriented regression-candidate filter | |
| US20150040112A1 (en) | Enabling Interoperability Between Software Applications By Utilizing Partial Binaries | |
| CN109388569B (en) | Method for remotely detecting environmental anomaly of client, test server and storage medium | |
| US20150100831A1 (en) | Method and system for selecting and executing test scripts | |
| CN111258913A (en) | Automatic algorithm testing method and device, computer system and readable storage medium | |
| CN108021791B (en) | Data protection method and device | |
| CN107179982B (en) | Cross-process debugging method and device | |
| CN104615471A (en) | System upgrading method and device for terminal | |
| KR20120081873A (en) | Method for verifying mobile application and terminal using the same | |
| CN105446886B (en) | A kind of computer program debugging method and apparatus | |
| EP3321808B1 (en) | Verification system and verification method | |
| US20230315620A1 (en) | System and Method for Diagnosing a Computing Device in Safe Mode | |
| CN113014440A (en) | Safety testing method and device based on industrial platform as service cloud platform | |
| CN111090575B (en) | Test method | |
| CN113515452A (en) | Automatic test method and system for application, electronic equipment and storage medium | |
| CN107797915B (en) | Fault repairing method, device and system | |
| CN114073039A (en) | Method and device for safety control automation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210622 |