CN114443477A - Password security configuration testing method, system, terminal and storage medium - Google Patents
Password security configuration testing method, system, terminal and storage medium Download PDFInfo
- Publication number
- CN114443477A CN114443477A CN202210041411.XA CN202210041411A CN114443477A CN 114443477 A CN114443477 A CN 114443477A CN 202210041411 A CN202210041411 A CN 202210041411A CN 114443477 A CN114443477 A CN 114443477A
- Authority
- CN
- China
- Prior art keywords
- information
- password
- network configuration
- request
- block elements
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 95
- 230000004044 response Effects 0.000 claims abstract description 48
- 238000000034 method Methods 0.000 claims abstract description 38
- 230000006870 function Effects 0.000 claims description 37
- 238000004458 analytical method Methods 0.000 claims description 13
- 230000009193 crawling Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 238000013522 software testing Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000009960 carding Methods 0.000 description 1
- 210000001520 comb Anatomy 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of software testing, in particular to a method, a system, a terminal and a storage medium for testing password security configuration, which comprises the following steps: acquiring back-end network configuration information and network configuration data of a front-end webpage; positioning block elements of all password input boxes according to network configuration information and network configuration data, and reading description information and operation association function information from the block elements; randomly generating a plurality of passwords, and respectively constructing the plurality of passwords into a plurality of requests sent to the server according to the description information and the operation association function information; and recording request response information returned by the server, and generating a test result according to the request response information. After the invention obtains the account information of the front end and the back end of the test system, the http request interface data related to the password can be automatically obtained and constructed to send the request, thereby improving the efficiency of manually arranging the http request interface information and identifying the test scene.
Description
Technical Field
The invention relates to the technical field of software testing, in particular to a password security configuration testing method, a system, a terminal and a storage medium.
Background
With the prosperous development of the internet, more and more software systems are developed by adopting a CS architecture (Server-Client, i.e., Client-Server structure), and front-end WebUI interaction and background system processing exist, so http interface communication between front and back ends is an important link. Testing of the interface is also critical during software development. At present, http interface testing of a software system with WebUI interaction gradually turns to automation, software automation testing is a mode of converting a test behavior driven by human into machine execution, in the prior art, a tester clearly combs a test scene, writes corresponding automation test codes one by one, and runs the test codes to realize automation testing so as to obtain a corresponding test result file.
At present, a software system for providing services externally generally has a user management module, and if the password configuration in the user management module has a security problem, a user with a weak password may exist in the system. The weak password may cause hacker attack, thereby causing serious risks such as server fall-down, research and development data leakage, etc., under the basic requirements of IT system construction, operation and maintenance, such as information security and customer information security, password security configuration needs to be intensively tested, and the maximum potential safety hazard existing in system operation is eliminated. A weak password (weak password) refers to a password that is easily guessed by others or broken by a cracking tool, such as a short string: 1w @2q, case and case mixed: SelfPwd, reverse sequential numbers: 87654321, etc.
In order to verify the security of the system, the password-related interface in the system needs to be tested, and in order to conveniently perform multiple rounds of test for finding and verifying problems, the password-related test needs to be converted into an automatic test. For the automatic test related to the password, if the current test strategy flow is adopted, the test case needs to be correspondingly compiled by manually combing the test scene, and repeated test logics exist inevitably, such as repeated construction of passwords with different complexities. So that the manual carding process is complicated and time-consuming during test preparation; different test case codes have different test objects but the test logic is repeated continuously, and the code writing efficiency is low.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, the present invention provides a method, a system, a terminal and a storage medium for testing password security configuration, so as to solve the above-mentioned technical problems.
In a first aspect, the present invention provides a method for testing a password security configuration, including:
acquiring back-end network configuration information and network configuration data of a front-end webpage;
positioning block elements of all password input boxes according to network configuration information and network configuration data, and reading description information and operation association function information from the block elements;
randomly generating a plurality of passwords, and respectively constructing the plurality of passwords into a plurality of requests sent to the server according to the description information and the operation association function information;
and recording request response information returned by the server, and generating a test result according to the request response information.
Further, acquiring the back-end network configuration information and the network configuration data of the front-end webpage includes:
traversing all the page source code configuration files at the back end to acquire back-end network configuration information;
and crawling the network configuration data of the webpage at the front end.
Further, positioning block elements of all password input boxes according to the network configuration information and the network configuration data, and reading the description information and the operation association function information from the block elements, comprises:
traversing all input boxes of the network configuration data, and searching a password input box with the input type of password input;
positioning block elements of a password input box from the network configuration information, and reading description information except the password from the block elements;
and searching a function related to the click event in the block element, and acquiring a request address, a request type and request parameters of the function.
Further, randomly generating a plurality of passwords, and respectively constructing the plurality of passwords into a plurality of requests to be sent to the server according to the description information and the operation association function information, wherein the method comprises the following steps:
generating passwords in various formats by using a random function, wherein the various formats comprise random capital and lower case digital special symbols, full capital English, full small capital English and full digital formats;
and changing the length of the password according to a set rule to obtain the password groups with different lengths in the same format.
Further, recording request response information returned by the server, and generating a test result according to the request response information, including:
and analyzing the password format requirement of the password input box according to the password type and corresponding request response information, wherein the request response information comprises request passing, request failure and format error prompt.
In a second aspect, the present invention provides a cryptographic security configuration testing system, comprising:
the configuration analysis unit is used for acquiring back-end network configuration information and network configuration data of a front-end webpage;
the element analysis unit is used for positioning block elements of all password input boxes according to the network configuration information and the network configuration data and reading description information and operation association function information from the block elements;
the password generating unit is used for randomly generating a plurality of passwords and respectively constructing the plurality of passwords into a plurality of requests sent to the server according to the description information and the operation association function information;
and the response analysis unit is used for recording the request response information returned by the server and generating a test result according to the request response information.
Further, the configuration parsing unit includes:
the back-end analysis module is used for traversing all the page source code configuration files at the back end to acquire back-end network configuration information;
and the front-end analysis module is used for crawling the network configuration data of the webpage at the front end.
Further, the element parsing unit includes:
the data traversing module is used for traversing all input boxes of the network configuration data and searching a password input box with the input type of password input;
the element positioning module is used for positioning the block elements of the password input box from the network configuration information and reading the description information except the password from the block elements;
and the function acquisition module is used for searching a function related to the click event in the block element and acquiring the request address, the request type and the request parameter of the function.
In a third aspect, a terminal is provided, including:
a processor, a memory, wherein,
the memory is used for storing a computer program which,
the processor is used for calling and running the computer program from the memory so as to make the terminal execute the method of the terminal.
In a fourth aspect, a computer storage medium is provided having stored therein instructions that, when executed on a computer, cause the computer to perform the method of the above aspects.
The password security configuration testing method, the system, the terminal and the storage medium have the advantages that after the account information of the front end and the back end of the testing system is obtained, the http request interface data related to the password can be automatically obtained and constructed to send the request, and the efficiency of manually arranging the http request interface information and identifying the testing scene is improved.
In addition, the invention has reliable design principle, simple structure and very wide application prospect.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a schematic flow diagram of a method of one embodiment of the invention.
FIG. 2 is another schematic flow diagram of a method of one embodiment of the invention.
FIG. 3 is a schematic flow chart diagram of cryptographic complexity testing of a method of one embodiment of the invention
FIG. 4 is a schematic flow chart diagram of a cryptographic maximum length test of a method of one embodiment of the invention.
FIG. 5 is a schematic flow chart diagram of cryptographic minimum length testing of the method of one embodiment of the present invention.
FIG. 6 is a schematic flow diagram of response information processing for a method of one embodiment of the invention.
FIG. 7 is a schematic block diagram of a system of one embodiment of the present invention.
Fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
FIG. 1 is a schematic flow diagram of a method of one embodiment of the invention. The execution subject in fig. 1 may be a cryptographic security configuration test system.
As shown in fig. 1, the method includes:
and 140, recording the request response information returned by the server, and generating a test result according to the request response information.
In order to facilitate understanding of the present invention, the principle of the password security configuration testing method of the present invention is used in conjunction with the process of managing the password security configuration testing in the embodiment to further describe the password security configuration testing method provided by the present invention.
Specifically, referring to fig. 2, the method for testing the password security configuration includes:
and S1, acquiring the back-end network configuration information and the network configuration data of the front-end webpage.
And traversing all page source code html files at the rear end of the system to obtain html file information, crawling webpage html data at the front end, traversing an input box in the html data, and matching type: password to a password related area.
And S2, positioning the block elements of all the password input boxes according to the network configuration information and the network configuration data, and reading the description information and the operation association function information from the block elements.
Positioning a div block element where a password input box is located, and reading types/descriptions of other input boxes except passwords, such as user names (usernames), mailboxes (emails), telephone numbers (cellphones) and the like, in the div block element; and searching click buttons in the div block elements, such as login, confirmation, modification, resetting and the like, reading the associated JavaScript function through an onclick event corresponding to the button, and reading the url, the request method type and the request parameter name of the request through the function.
And S3, randomly generating a plurality of passwords, and respectively constructing the plurality of passwords into a plurality of requests sent to the server according to the description information and the operation association function information.
Generating a test password according to a password generation rule, and constructing parameter data according to the url, the request method, the parameter name and the parameter description obtained in the step; and inputting various types of passwords for testing the password security configuration into an input box with the type of password. And constructing a request by each value through a python development language request method, and sending the request to a server to obtain a response.
The password conforming to the password security configuration may have potential safety hazards, and common general weak passwords include: simple number combinations, sequential character combinations, adjacent character combinations, and the like. Storing digit sequential/reverse order combination, letter case sequential/reverse order combination and keyboard adjacent digit letter sequential/reverse order combination, respectively intercepting combination segments, mixing letter cases, assembling into a test password meeting the requirement of interface password length for interface test, recording test data and response success result every time, and judging that the interface can protect common weak password if conventional recording 500 times is not problematic. In an embodiment of the present invention, the password generation rule includes a test password complexity rule, a test password maximum length rule and a test password minimum length rule.
The process of generating a password according to the password complexity test rule is shown in fig. 3, and comprises the steps of sequentially testing the complexity requirement from pure numbers and the like, pairwise combination and every three combination:
and (3) sequentially randomly generating 8-bit characters by using pure numbers, pure capital letters, pure small letters and special symbols as passwords to test whether the interface requests success: if the password complexity requirement test is successful, interrupting the test and outputting a password complexity requirement test result; if the test is unsuccessful, combining pure numbers, pure upper case letters, pure lower case letters and special symbols in pairs to randomly generate 8-bit characters as passwords for testing, and continuously judging whether the test is successful: if the password complexity requirement test is successful, interrupting the test and outputting a password complexity requirement test result; if the password is unsuccessful, combining pure numbers, pure upper-case letters, pure lower-case letters and special symbols for every three times, and then randomly generating 8-bit characters to be used as the password for testing. And continuously judging whether the test is successful: if the password complexity requirement test is successful, interrupting the test and outputting a password complexity requirement test result; if the password is unsuccessful, the characters of pure numbers, pure upper-case letters, pure lower-case letters and special symbols are randomly combined to generate 8-bit characters to be used as the password for testing.
Fig. 4 shows a process of testing maximum length of a password, which includes:
randomly generating a password meeting the complexity requirement, intercepting the password into 8 bits, judging whether the interface requests successfully or not: if yes, the cipher length is expanded by 2 times and tested again (if 16 bits pass the test, the cipher length is expanded to 32 bits until the response fails). If the response fails, taking a median (1.5n) between the length (n) before the expansion and the length (2n) after the expansion by 2 times, setting the password length as the median at the moment, judging whether the interface request is successful, if so, taking the median between the maximum value of the length at the moment and the median, and if not, taking the median between the minimum value of the length at the moment and the median; judging whether the median is different from the minimum/large value at the moment by 1: if not, setting the median as the current password length and acquiring response information, and repeating the updating operation of the previous length until the judgment is successful; if yes, taking the median between the maximum length value and the median at the moment, and judging whether the interface requests successfully: if yes, the maximum password length of the interface is limited to the median at the moment, and if not, the maximum password length of the interface is limited to the minimum at the moment.
The minimum length of the test code is shown in fig. 5, and includes:
randomly generating a password length meeting the complexity requirement, intercepting the password length into 8 bits, judging whether an interface request under the password succeeds or not, if so, reducing the password length by 2 times, judging whether the length is 1 or not, if so, setting the password length to be null and acquiring a request response, if response information is the request success, limiting the minimum password length of the interface to be 0, otherwise, limiting the minimum password length of the interface to be 1. If the length of the password is not 1 after being reduced by 2 times, the request response of the password is obtained, and if the response is still successful, the length of the password is reduced by 2 times. If the password response of the current length fails, taking the median (1.5n) between the length before reduction (2n) and the length after reduction by 2 times (n), setting the password length as the median at the moment and judging whether the interface request is successful: if the length is successful, taking a median between the minimum length value and the median at the moment; if the failure occurs, taking the median between the maximum length value and the median at the moment; judging whether the difference between the current median and the current minimum/large value is 1: if not, setting the median as the current password length and acquiring response information, and repeating the updating operation of the previous length until the judgment is successful; if yes, taking the median between the maximum length value and the median at the moment and judging whether the interface requests successfully: if the password is successful, the minimum password length of the interface is limited to the median at the moment; if the password fails, the minimum password length of the interface is limited to the maximum value at the moment.
And S4, recording the request response information returned by the server, and generating a test result according to the request response information.
Finally, all the automatically acquired password interface data, the password complexity requirement test result and the length range test result corresponding to each interface, and the common weak password protection test result are summarized, so that the system password security configuration can be generated.
As shown in fig. 6, the response information processing method includes:
the method comprises the steps of constructing a request test interface password security configuration, obtaining all responses (responses) of a system after a request is sent, filtering interference responses different from a request sending type of post/put, and obtaining HTTP status codes and response contents (json/text/html and the like). And extracting response content from the test result, if the response content contains the password, adding a safety prompt in the test result, and if the response content contains a specific password requirement, explaining in the test result. Judging whether the HTTP status codes are 2xx series, if not, judging that the requests are abnormal, and feeding back a test result; if yes, judging whether the response content contains Error/Error information prompt: if so, judging that the request fails, and feeding back a test result; if not, judging that the request is successful, and feeding back a test result.
As shown in fig. 7, the system 700 includes:
a configuration analysis unit 710, configured to obtain backend network configuration information and network configuration data of a front-end webpage;
an element parsing unit 720, configured to locate block elements of all password input boxes according to the network configuration information and the network configuration data, and read description information and operation association function information from the block elements;
the password generating unit 730 is configured to randomly generate a plurality of passwords, and respectively construct the plurality of passwords into a plurality of requests to be sent to the server according to the description information and the operation association function information;
the response parsing unit 740 is configured to record request response information returned by the server, and generate a test result according to the request response information.
Optionally, as an embodiment of the present invention, the configuration parsing unit includes:
the back-end analysis module is used for traversing all the page source code configuration files at the back end to acquire back-end network configuration information;
and the front-end analysis module is used for crawling the network configuration data of the webpage at the front end.
Optionally, as an embodiment of the present invention, the element parsing unit includes:
the data traversing module is used for traversing all input boxes of the network configuration data and searching a password input box with the input type of password input;
the element positioning module is used for positioning the block elements of the password input box from the network configuration information and reading the description information except the password from the block elements;
and the function acquisition module is used for searching a function related to the click event in the block element and acquiring the request address, the request type and the request parameter of the function.
Fig. 8 is a schematic structural diagram of a terminal 800 according to an embodiment of the present invention, where the terminal 800 may be used to execute the method for testing the password security configuration according to the embodiment of the present invention.
The terminal 800 may include: a processor 810, a memory 820, and a communication unit 830. The components communicate via one or more buses, and those skilled in the art will appreciate that the architecture of the servers shown in the figures is not intended to be limiting, and may be a bus architecture, a star architecture, a combination of more or less components than those shown, or a different arrangement of components.
The memory 820 may be used for storing instructions executed by the processor 810, and the memory 820 may be implemented by any type of volatile or non-volatile storage terminal or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk. The executable instructions in memory 820, when executed by processor 810, enable terminal 800 to perform some or all of the steps in the method embodiments described below.
The processor 810 is a control center of the storage terminal, connects various parts of the entire electronic terminal using various interfaces and lines, and performs various functions of the electronic terminal and/or processes data by operating or executing software programs and/or modules stored in the memory 820 and calling data stored in the memory. The processor may be composed of an Integrated Circuit (IC), for example, a single packaged IC, or a plurality of packaged ICs connected with the same or different functions. For example, processor 810 may include only a Central Processing Unit (CPU). In the embodiment of the present invention, the CPU may be a single operation core, or may include multiple operation cores.
A communication unit 830, configured to establish a communication channel so that the storage terminal can communicate with other terminals. And receiving user data sent by other terminals or sending the user data to other terminals.
The present invention also provides a computer storage medium, wherein the computer storage medium may store a program, and the program may include some or all of the steps in the embodiments provided by the present invention when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM) or a Random Access Memory (RAM).
Therefore, after the account information of the front end and the back end of the test system is acquired, the http request interface data related to the password can be automatically acquired and constructed to send the request, so that the efficiency of manually sorting the http request interface information and identifying the test scene is improved.
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented as software plus a required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in the form of a software product, where the computer software product is stored in a storage medium, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and the like, and the storage medium can store program codes, and includes instructions for enabling a computer terminal (which may be a personal computer, a server, or a second terminal, a network terminal, and the like) to perform all or part of the steps of the method in the embodiments of the present invention.
The same and similar parts in the various embodiments in this specification may be referred to each other. Especially, for the terminal embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant points can be referred to the description in the method embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed system and method can be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, systems or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
Although the present invention has been described in detail by referring to the drawings in connection with the preferred embodiments, the present invention is not limited thereto. Various equivalent modifications or substitutions can be made on the embodiments of the present invention by those skilled in the art without departing from the spirit and scope of the present invention, and these modifications or substitutions are within the scope of the present invention/any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for testing password security configuration, comprising:
acquiring back-end network configuration information and network configuration data of a front-end webpage;
positioning block elements of all password input boxes according to network configuration information and network configuration data, and reading description information and operation association function information from the block elements;
randomly generating a plurality of passwords, and respectively constructing the plurality of passwords into a plurality of requests sent to the server according to the description information and the operation association function information;
and recording request response information returned by the server, and generating a test result according to the request response information.
2. The method of claim 1, wherein obtaining backend network configuration information and network configuration data of a front-end webpage comprises:
traversing all the page source code configuration files at the back end to acquire back-end network configuration information;
and crawling the network configuration data of the webpage at the front end.
3. The method of claim 1, wherein locating block elements of all password input boxes according to network configuration information and network configuration data, and reading description information and operation association function information from the block elements comprises:
traversing all input boxes of the network configuration data, and searching a password input box with the input type of password input;
positioning block elements of a password input box from the network configuration information, and reading description information except the password from the block elements;
and searching a function related to the click event in the block element, and acquiring a request address, a request type and request parameters of the function.
4. The method of claim 1, wherein randomly generating a plurality of passwords, and respectively constructing the plurality of passwords as a plurality of requests to be sent to the server according to the description information and the operation association function information comprises:
generating passwords in various formats by using a random function, wherein the various formats comprise random capital and lower case digital special symbols, full capital English, full small capital English and full digital formats;
and changing the length of the password according to a set rule to obtain the password groups with different lengths in the same format.
5. The method of claim 1, wherein the step of recording request response information returned by the server and generating a test result according to the request response information comprises:
and analyzing the password format requirement of the password input box according to the password type and corresponding request response information, wherein the request response information comprises request passing, request failure and format error prompt.
6. A cryptographic security configuration testing system, comprising:
the configuration analysis unit is used for acquiring back-end network configuration information and network configuration data of a front-end webpage;
the element analysis unit is used for positioning block elements of all password input boxes according to the network configuration information and the network configuration data and reading description information and operation association function information from the block elements;
the password generating unit is used for randomly generating a plurality of passwords and respectively constructing the plurality of passwords into a plurality of requests sent to the server according to the description information and the operation association function information;
and the response analysis unit is used for recording the request response information returned by the server and generating a test result according to the request response information.
7. The system of claim 6, wherein the configuration parsing unit comprises:
the back-end analysis module is used for traversing all the page source code configuration files at the back end to acquire back-end network configuration information;
and the front-end analysis module is used for crawling the network configuration data of the webpage at the front end.
8. The system of claim 6, wherein the element parsing unit comprises:
the data traversing module is used for traversing all input boxes of the network configuration data and searching a password input box with the input type of password input;
the element positioning module is used for positioning the block elements of the password input box from the network configuration information and reading the description information except the password from the block elements;
and the function acquisition module is used for searching a function related to the click event in the block element and acquiring the request address, the request type and the request parameter of the function.
9. A terminal, comprising:
a processor;
a memory for storing instructions for execution by the processor;
wherein the processor is configured to perform the method of any one of claims 1-5.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210041411.XA CN114443477A (en) | 2022-01-14 | 2022-01-14 | Password security configuration testing method, system, terminal and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210041411.XA CN114443477A (en) | 2022-01-14 | 2022-01-14 | Password security configuration testing method, system, terminal and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114443477A true CN114443477A (en) | 2022-05-06 |
Family
ID=81368511
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210041411.XA Pending CN114443477A (en) | 2022-01-14 | 2022-01-14 | Password security configuration testing method, system, terminal and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114443477A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109828903A (en) * | 2018-12-14 | 2019-05-31 | 中国平安人寿保险股份有限公司 | Automated testing method, device, computer installation and storage medium |
CN109992496A (en) * | 2017-12-29 | 2019-07-09 | 北京京东尚科信息技术有限公司 | A kind of data processing method and device for automatic test |
-
2022
- 2022-01-14 CN CN202210041411.XA patent/CN114443477A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109992496A (en) * | 2017-12-29 | 2019-07-09 | 北京京东尚科信息技术有限公司 | A kind of data processing method and device for automatic test |
CN109828903A (en) * | 2018-12-14 | 2019-05-31 | 中国平安人寿保险股份有限公司 | Automated testing method, device, computer installation and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10769228B2 (en) | Systems and methods for web analytics testing and web development | |
CN1845489B (en) | Authentication information generating device and its method, inverse automata checking device and its method | |
CN105512881B (en) | A kind of method and terminal for completing payment based on two dimensional code | |
CA2753694C (en) | System and methods for automatically accessing a web site on behalf of a client | |
CN105550551B (en) | Cipher processing method and equipment and password prompt method and apparatus | |
CN108427731B (en) | Page code processing method and device, terminal equipment and medium | |
CN110032597B (en) | Visual processing method and device for operation behaviors of application program | |
US20050028082A1 (en) | Reverse mapping method and apparatus for form filling | |
CN110597511B (en) | Page automatic generation method, system, terminal equipment and storage medium | |
CN106909811B (en) | Method and device for processing user identification | |
CN103685307A (en) | Method, system, client and server for detecting phishing fraud webpage based on feature library | |
CN105101122A (en) | Verification code inputting method and device | |
CN111552633A (en) | Interface abnormal call testing method and device, computer equipment and storage medium | |
CN108418797A (en) | Web access method, device, computer equipment and storage medium | |
CN109587351B (en) | Call testing method, device, equipment and storage medium | |
CN109450880A (en) | Detection method for phishing site, device and computer equipment based on decision tree | |
CN108388796B (en) | Dynamic domain name verification method, system, computer device and storage medium | |
CN111563037B (en) | Test optimization method and device based on test questions, storage medium and terminal | |
CN112286815A (en) | Interface test script generation method and related equipment thereof | |
CN114443477A (en) | Password security configuration testing method, system, terminal and storage medium | |
CN116361793A (en) | Code detection method, device, electronic equipment and storage medium | |
CN111786991B (en) | Block chain-based platform authentication login method and related device | |
Zujevs | Authentication by Graphical Passwords Method ‘Hope’ | |
CN114817024A (en) | Use case generation method and device, equipment and storage medium | |
CN115827612A (en) | Data attribute generation method and device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |