CN115879115A - Method and system for detecting Web application security vulnerability - Google Patents
Method and system for detecting Web application security vulnerability Download PDFInfo
- Publication number
- CN115879115A CN115879115A CN202211594869.4A CN202211594869A CN115879115A CN 115879115 A CN115879115 A CN 115879115A CN 202211594869 A CN202211594869 A CN 202211594869A CN 115879115 A CN115879115 A CN 115879115A
- Authority
- CN
- China
- Prior art keywords
- fuzz
- mutation
- url
- program
- tested
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 230000035772 mutation Effects 0.000 claims abstract description 60
- 238000012360 testing method Methods 0.000 claims abstract description 48
- 238000001514 detection method Methods 0.000 claims abstract description 16
- 238000004458 analytical method Methods 0.000 claims abstract description 15
- 239000003471 mutagenic agent Substances 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims description 18
- 239000003795 chemical substances by application Substances 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 4
- 239000002917 insecticide Substances 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 14
- 230000003993 interaction Effects 0.000 description 9
- 230000008901 benefit Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000000575 pesticide Substances 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000013522 software testing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a method and a system for detecting Web application security loopholes.A client calls an AFL tool to perform fuzz test according to a user test instruction, and performs parameter mutation on a URL (uniform resource locator) of a program to be tested by using a specified mutator, wherein the URL is subjected to directional mutation by taking key information of the program to be tested, which is collected by stain tracking, as a characteristic value of auxiliary mutation, and a mutation result is integrated into an http (hyper text transport protocol) request and is sent to a server; and the server analyzes the obtained http request, performs security vulnerability detection and coverage analysis on the program to be tested by taking the mutation result obtained by analysis as input, obtains the test result by calling the taint tracking module, and returns the test result to the client. By utilizing a stain tracking technology, the accuracy of the webfuzz test mutation is realized, meanwhile, the false report in the traditional web vulnerability scanning is reduced, and the fuzz technology can eliminate the insecticide paradox in the traditional automatic test software.
Description
Technical Field
The invention relates to the technical field of security vulnerability detection, in particular to a method and a system for detecting a security vulnerability of Web application.
Background
Vulnerability scanning, a computer program designed to evaluate and discover known vulnerabilities of a computer, network or application, and to identify and detect vulnerabilities in firewalls, routers, network servers, application servers, etc., due to misconfiguration or defective programs. In addition, the vulnerability scanner scans the installed software, open ports, certificates and other host information on the computer and gives reports of vulnerabilities and detailed and accurate information about the operating system and the installed software, such as configuration problems and security patches missing from the system. Fuzzing (fuzzing) is a software testing technique. The core idea is to input automatically or semi-automatically generated random data into a program and monitor program exceptions such as crashes, assertion (assertion) failures to discover possible program errors such as memory leaks.
Traditional Web vulnerability scanning, especially static code scanning, can generate a large number of false positives, pesticide paradoxs are generated due to the limitation of a test case library, and after test software runs for a period of time, new bugs are difficult to monitor. Current fuzz testing techniques test the javaweb program or can only detect a single error, such as a crash (kelnci); or an assertion needs to be specified for each target to be detected in a complex mode, so that the use is more complicated, the cost in actual production is too high, and the use is difficult.
Disclosure of Invention
Therefore, the invention provides a method and a system for detecting Web application security vulnerabilities, so as to solve the technical problems.
In order to achieve the above purpose, the invention provides the following technical scheme:
according to a first aspect of an embodiment of the present invention, a method for detecting a security vulnerability of a Web application is provided, where the method includes:
the fuzz client calls an AFL tool according to the user test instruction and designates a specific URL path of the program to be tested to perform fuzz test, the AFL tool performs parameter mutation on the URL of the program to be tested by using a designated mutator, wherein the URL is subjected to directional mutation by taking key information of the program to be tested, which is collected according to stain tracking, as a characteristic value of auxiliary mutation, and a mutation result is integrated into an http request and is sent to a fuzz server;
the fuzz server analyzes the acquired http request, performs security vulnerability detection and coverage analysis on the program to be tested based on the mutation result obtained by analysis as input, acquires the test result by calling the taint tracking module, determines the URL of the program to be tested which may have security problems and the detected web security vulnerability, and returns the test result to the fuzz client.
Further, the method further comprises:
and the fuzz client calls a fuzz verification module to start verification on the web security vulnerability found in the obtained test result, and the final detection result is obtained by removing the false alarm information through verification.
Further, the method further comprises:
and the user sends test instructions including starting and stopping instructions to the fuzz client by operating the SDK.
Further, the method further comprises:
the fuzz server responds to the request of the fuzz client to acquire a URL list of the program to be tested and returns the URL list to the fuzz client, so that the fuzz client starts to perform the fuzz test on the URL of the program to be tested;
the method for acquiring the url information of the program to be tested comprises recording the called url and the url in the analysis frame.
Further, performing directional mutation on the URL according to key information of the program to be tested, collected by the stain tracking, as a characteristic value of the auxiliary mutation, specifically including:
the fuzzy server responds to the request of the fuzzy client and returns the key information of the program to be tested, which is collected by the taint tracking module, to the fuzzy client as a mutation characteristic value;
and the fuzz client mutates the parameters in the URL according to a preset mutation mode through the appointed mutator on the acquired mutation characteristic value.
According to a second aspect of the embodiment of the invention, a detection system for Web application security vulnerabilities is provided, which comprises a fuzz client and a fuzz server;
the fuzz client comprises a fuzz management module and a fuzz agent module;
the fuzz management module is used for calling an AFL tool according to a user test instruction and appointing a specific URL path of the program to be tested to perform fuzz test, the AFL tool performs parameter mutation on the URL of the program to be tested by using an appointed mutator, and directional mutation is performed on the URL according to key information of the program to be tested, which is collected by stain tracking and used as a characteristic value of auxiliary mutation; the fuzz agent module is used for sending the http request of the fuzz client to the fuzz server and receiving a request feedback result of the fuzz server;
the fuzzy server comprises a request processing module, a taint tracking module and a JQF agent module;
the request processing module is used for acquiring an http request sent by the fuzz client and feeding back a request return result to the fuzz client; the stain tracking module is used for acquiring safety problems, stack information and mutation characteristic values possibly existing in the program to be tested; the JQF agent module is used for acquiring coverage rate information of a program to be tested based on the JQF fuzzy test platform.
Further, the fuzz client further comprises a fuzz verification module, which is used for starting verification on the web security vulnerabilities found in the obtained test results, and removing the false alarm information through verification to obtain a final detection result.
Further, the system also comprises an SDK, and the SDK is used for sending test instructions including starting and stopping instructions to the fuzz client by operating the SDK by a user.
Further, the fuzz server further comprises a fuzz URL collection module used for obtaining a URL list of the program to be tested; the method for acquiring the url information of the program to be tested comprises recording the called url and the url in the analysis frame.
Further, the mutation device is specifically configured to perform mutation on the parameter in the URL according to a preset mutation mode according to the obtained mutation characteristic value.
The invention has the following advantages:
the invention provides a method and a system for detecting Web application security vulnerabilities, wherein the method comprises the following steps: the fuzz client calls an AFL tool according to a user test instruction and designates a specific URL path of the program to be tested to perform fuzz test, the AFL tool performs parameter mutation on the URL of the program to be tested by using a designated mutation device, wherein the URL is subjected to directional mutation by taking key information of the program to be tested, which is collected according to stain tracking, as a characteristic value of auxiliary mutation, and a mutation result is integrated into an http request and sent to a fuzz server; the fuzz server analyzes the obtained http request, performs security vulnerability detection and coverage analysis on the program to be tested based on the mutation result obtained by analysis as input, obtains the test result by calling the stain tracking module, determines the URL of the program to be tested which possibly has security problems and the detected web security vulnerability, and returns the test result to the fuzz client. And collecting key information of the system to be tested through stain tracking, and performing directional mutation on the client by using the collected information to perform a fuzz test. By utilizing a stain tracking technology, the accuracy of the webfuzz test mutation is realized, meanwhile, the false report in the traditional web vulnerability scanning is reduced, and the fuzz technology can eliminate the insecticide paradox in the traditional automatic test software.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic flowchart of a method for detecting a security vulnerability of a Web application according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a system for detecting a security vulnerability of a Web application according to an embodiment of the present invention.
Detailed Description
The present invention is described in terms of specific embodiments, and other advantages and benefits of the present invention will become apparent to those skilled in the art from the following disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, this embodiment provides a method for detecting a security vulnerability of a Web application, where the method includes:
s100, the fuzz client calls an AFL tool according to a user test instruction and designates a specific URL path of a program to be tested to perform fuzz test, the AFL tool performs parameter mutation on the URL of the program to be tested by using a designated mutator, directional mutation is performed on the URL according to key information of the program to be tested, collected by stain tracking, and used as characteristic values of auxiliary mutation, mutation results are integrated into an http request, and the http request is sent to a fuzz server;
s200, analyzing the obtained http request by the fuzz server, performing security vulnerability detection and coverage analysis on the program to be tested by taking a mutation result obtained by analysis as an input, obtaining a test result by calling a taint tracking module, determining URL (Uniform resource locator) possibly having a security problem and a detected web security vulnerability of the program to be tested, and returning the test result to the fuzz client.
Further, the method also includes:
s300, the fuzz client calls a fuzz verification module to start verification on the web security vulnerability found in the obtained test result, and the false alarm information is removed through verification to obtain a final detection result.
Fig. 2 shows a schematic structural diagram of a detection system for detecting a Web application security vulnerability, which is used for implementing the detection method of the present embodiment, and the overall work flow of the system is as follows:
the first step is as follows: sending a test instruction by an sdk requester;
the second step is that: after a test instruction reaches a webfuzz (product function is short, namely a fuzz tool aiming at a web website) client, a fuzz-manager module calls an af, a specified mutator module is used for fuzz, a mutation result is returned to the fuzz-manager module, a fuzz-manager module integrates a request, and the request is transmitted to the fuzz-proxy module;
the third step: a fuzz-proxy module sends a request to a webFuzz server side;
the fourth step: after the server side obtains the request, the fuzz-java-agent carries out security vulnerability detection, the JQWidagent carries out coverage rate analysis, the request is intercepted by the HTTP-server, the external request is intercepted, and a request return value is processed;
the HTTP-server calls a fuzzy-URL-Collection, stain tracking or problem verification function respectively according to different incoming requests;
the fifth step: after receiving the return value of the server, the web client calls a fuzz-validation-module to validate the found bug.
In particular:
the module calling sequence for realizing url acquisition is as follows:
fuzz-proxy- > (webfuzz server side) fuzz-java-agent- > http-server- > fuzz-url-colletion.
The module calling sequence for realizing the security vulnerability detection is as follows:
fuzzy-manager- > fuzzy-proxy- > fuzzy-java-agent- > Http-server- > taint tracing.
The following describes the specific functions and interactive contents of the modules of the system in detail:
a client:
1.fuzz-manager (fuzz management module)
The module functions as follows: scheduling and managing a fuzz main flow, and recording and interacting a fuzz result:
1.sdk: starting and stopping instructions and the like sent by user operation sdk;
1.Fuzz-proxy: acquiring url information of the to-be-fuzz through a fuzz-proxy module;
2. Aft: designating a specific URL path to start fuzz;
2.afl
the module functions as follows: performing a single url of fuzz (there may be multiple conditions to stop, e.g., no new path)
Interaction:
1.fuzz-manager: returning the fuzz result to the fuzz-manager, and judging whether the fuzz-manager is finished or not;
2.Mutator: appointing a mutator to obtain mutated content;
fuzz-proxy: the mutated content is given to the fuzzy-proxy and is sent to the target program;
mutator (mutation module)
The module functions as follows: carrying out parameter mutation in url, and appointing specific mutation mode, such as adding special symbol, adding character with appointed length, etc., to mutate parameter in url into brand-new content
Interaction: 1. Af: sending the mutated content to afl;
2.Fuzz-proxy: acquiring information of auxiliary variation such as characteristic values and the like obtained by the fuzz-proxy;
fuzzy-validation-module (fuzzy validation module)
The module functions as follows: the module is used for removing false alarm information and carrying out centralized verification
Interaction:
1.sdk: acquiring url of the detected problem and the corresponding problem condition;
2.Fuzz-proxy: sending request verification information to a program to be tested;
fuzz-proxy (fuzz proxy module)
The module functions as follows: the HTTPrest request is sent to the server side, the return value of the server side is analyzed and processed, and the server side returns the specific information such as the url list, the test result, the characteristic value and the like according to different sending requests
Interaction:
1.fuzz-manager: returning to a url list to be tested;
2. Af: returning the test result of the single request;
3 mutator: returning the characteristic value of the url to be measured;
4. Fuzzy-validation-module: returning a request result;
webfuzzy plug-in-HTTP-server: all requests are sent to the target program, intercepted and processed by the module
The server side:
1.fuzz-java-agent
the module functions as follows: scheduling and managing agent main process
Interaction:
1.Sdk: receiving instructions such as start stop and the like sent by sdk;
HTTP-server: monitoring and controlling the use condition of the HTTP-server;
2.HTTP-server
the module functions as follows: intercepting external requests, analyzing functions of webFuzz tool-fuzz-proxy module targets, and processing request return values
Interaction:
1.fuzz-java-agent: receiving scheduling control;
2.Fuzz-URL-Collection: acquiring a url list to be detected;
3. and (3) stain tracking: acquiring security problems, stack information, mutation characteristic values and the like possibly existing in a target program;
3. Fuzzy-URL-Collection (fuzzy URL Collection Module)
The module functions as follows: acquiring url information of a program to be tested in two ways, 1, recording the called url; 2. parsing url in a framework
Interaction:
HTTP-server: returning the acquired url information;
4. stain tracking
The module functions as follows: discovering security issues of a program under test
Interaction:
HTTP-server: returning the problems of stack information of the trigger sink point and the like;
5.JQFAgent
the module functions as follows: obtaining coverage rate information of a program to be tested
Interaction:
HTTP-server: coverage of return requests
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, it is intended that all such modifications and alterations be included within the scope of this invention as defined in the appended claims.
Claims (10)
1.A method for detecting Web application security vulnerabilities is characterized by comprising the following steps:
the fuzz client calls an AFL tool according to a user test instruction and designates a specific URL path of the program to be tested to perform fuzz test, the AFL tool performs parameter mutation on the URL of the program to be tested by using a designated mutation device, wherein the URL is subjected to directional mutation by taking key information of the program to be tested, which is collected according to stain tracking, as a characteristic value of auxiliary mutation, and a mutation result is integrated into an http request and sent to a fuzz server;
the fuzz server analyzes the acquired http request, performs security vulnerability detection and coverage analysis on the program to be tested based on the mutation result obtained by analysis as input, acquires the test result by calling the taint tracking module, determines the URL of the program to be tested which may have security problems and the detected web security vulnerability, and returns the test result to the fuzz client.
2. The method for detecting the Web application security vulnerability according to claim 1, further comprising:
and the fuzz client calls a fuzz verification module to start verification on the web security vulnerability found in the obtained test result, and the final detection result is obtained by removing the false alarm information through verification.
3. The method for detecting the Web application security vulnerability according to claim 1, further comprising:
and the user sends test instructions including starting and stopping instructions to the fuzz client by operating the SDK.
4. The method for detecting the Web application security vulnerability according to claim 1, further comprising:
the fuzz server responds to the request of the fuzz client to acquire a URL list of the program to be tested and returns the URL list to the fuzz client, so that the fuzz client starts to perform the fuzz test on the URL of the program to be tested;
the method for acquiring the url information of the program to be tested comprises the steps of recording the called url and the url in the analysis frame.
5. The method for detecting the Web application security vulnerability according to claim 1, wherein performing directional mutation on the URL according to key information of a program to be detected collected by stain tracking as a feature value of auxiliary mutation specifically comprises:
the fuzz server responds to the request of the fuzz client and returns the key information of the program to be tested, which is collected by the taint tracking module, to the fuzz client as a mutation characteristic value;
and the fuzz client mutates the parameters in the URL according to a preset mutation mode through the appointed mutator according to the acquired mutation characteristic value.
6. The system for detecting the Web application security vulnerability is characterized by comprising a fuzz client and a fuzz server;
the fuzz client comprises a fuzz management module and a fuzz agent module;
the fuzz management module is used for calling an AFL tool according to a user test instruction and appointing a specific URL path of the program to be tested to perform fuzz test, the AFL tool performs parameter mutation on the URL of the program to be tested by using an appointed mutator, and directional mutation is performed on the URL according to key information of the program to be tested, which is collected by stain tracking and used as a characteristic value of auxiliary mutation; the fuzz agent module is used for sending the http request of the fuzz client to the fuzz server and receiving the request feedback result of the fuzz server;
the fuzzy server comprises a request processing module, a taint tracking module and a JQF agent module;
the request processing module is used for acquiring an http request sent by the fuzz client and feeding back a request return result to the fuzz client; the stain tracking module is used for acquiring safety problems, stack information and mutation characteristic values possibly existing in the program to be tested; the JQF agent module is used for acquiring coverage rate information of a program to be tested based on the JQF fuzzy test platform.
7. The system for detecting the Web application security vulnerability according to claim 6, wherein the fuzz client further comprises a fuzz verification module, which is used for starting verification of the Web security vulnerability found in the obtained test results and obtaining a final detection result by removing false alarm information through verification.
8. The system according to claim 6, further comprising an SDK, configured to send a test instruction, including a start instruction and a stop instruction, to the fuzz client by operating the SDK.
9. The system for detecting the Web application security vulnerability of claim 6, wherein the fuzz server further comprises a fuzz URL collection module for obtaining a URL list of a program to be tested; the method for acquiring the url information of the program to be tested comprises the steps of recording the called url and the url in the analysis frame.
10. The system according to claim 6, wherein the mutation unit is configured to mutate the parameters in the URL according to a preset mutation mode according to the obtained mutation characteristic value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211594869.4A CN115879115B (en) | 2022-12-13 | 2022-12-13 | Method and system for detecting security holes of Web application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211594869.4A CN115879115B (en) | 2022-12-13 | 2022-12-13 | Method and system for detecting security holes of Web application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115879115A true CN115879115A (en) | 2023-03-31 |
| CN115879115B CN115879115B (en) | 2024-03-29 |
Family
ID=85767169
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211594869.4A Active CN115879115B (en) | 2022-12-13 | 2022-12-13 | Method and system for detecting security holes of Web application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115879115B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108255711A (en) * | 2017-12-29 | 2018-07-06 | 湖南优利泰克自动化系统有限公司 | A kind of PLC firmware fuzz testing systems and test method based on stain analysis |
| CN109308415A (en) * | 2018-09-21 | 2019-02-05 | 四川大学 | One kind is towards binary guiding performance fuzz testing method and system |
| CN110516448A (en) * | 2019-09-02 | 2019-11-29 | 杭州安恒信息技术股份有限公司 | A kind of grey box testing method, apparatus, equipment and readable storage medium storing program for executing |
| CN114297079A (en) * | 2021-12-30 | 2022-04-08 | 北京工业大学 | XSS fuzzy test case generation method based on time convolution network |
| CN114780398A (en) * | 2022-04-14 | 2022-07-22 | 中国人民解放军战略支援部队信息工程大学 | Cisco IOS-XE-oriented Web command injection vulnerability detection method |
| CN114968750A (en) * | 2021-02-23 | 2022-08-30 | 腾讯科技(深圳)有限公司 | Test case generation method, device, equipment and medium based on artificial intelligence |
| CN115422543A (en) * | 2022-08-19 | 2022-12-02 | 复旦大学 | Vulnerability detection method based on applet framework |
-
2022
- 2022-12-13 CN CN202211594869.4A patent/CN115879115B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108255711A (en) * | 2017-12-29 | 2018-07-06 | 湖南优利泰克自动化系统有限公司 | A kind of PLC firmware fuzz testing systems and test method based on stain analysis |
| CN109308415A (en) * | 2018-09-21 | 2019-02-05 | 四川大学 | One kind is towards binary guiding performance fuzz testing method and system |
| CN110516448A (en) * | 2019-09-02 | 2019-11-29 | 杭州安恒信息技术股份有限公司 | A kind of grey box testing method, apparatus, equipment and readable storage medium storing program for executing |
| CN114968750A (en) * | 2021-02-23 | 2022-08-30 | 腾讯科技(深圳)有限公司 | Test case generation method, device, equipment and medium based on artificial intelligence |
| CN114297079A (en) * | 2021-12-30 | 2022-04-08 | 北京工业大学 | XSS fuzzy test case generation method based on time convolution network |
| CN114780398A (en) * | 2022-04-14 | 2022-07-22 | 中国人民解放军战略支援部队信息工程大学 | Cisco IOS-XE-oriented Web command injection vulnerability detection method |
| CN115422543A (en) * | 2022-08-19 | 2022-12-02 | 复旦大学 | Vulnerability detection method based on applet framework |
Non-Patent Citations (2)
| Title |
|---|
| 戴渭;陆余良;朱凯龙;: "基于动态能量调控的导向式灰盒模糊测试技术", 浙江大学学报(工学版), no. 08, 15 August 2020 (2020-08-15) * |
| 段斌;李兰;赖俊;詹俊;: "基于动态污点分析的工控设备硬件漏洞挖掘方法研究", 信息网络安全, no. 04, 10 April 2019 (2019-04-10) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115879115B (en) | 2024-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108683562B (en) | Anomaly detection positioning method and device, computer equipment and storage medium | |
| US8631124B2 (en) | Network analysis system and method utilizing collected metadata | |
| CN106484611B (en) | Fuzzy test method and device based on automatic protocol adaptation | |
| US20200117587A1 (en) | Log File Analysis | |
| CN107241229B (en) | Service monitoring method and device based on interface testing tool | |
| US20150371047A1 (en) | Determining coverage of dynamic security scans using runtime and static code analyses | |
| CN111259399B (en) | Method and system for dynamically detecting vulnerability attacks for web applications | |
| CN110943984B (en) | Asset safety protection method and device | |
| CN111371623B (en) | Service performance and safety monitoring method and device, storage medium and electronic equipment | |
| CN114157554A (en) | Troubleshooting method and device, storage medium and computer equipment | |
| CN112668010A (en) | Method, system and computing device for scanning industrial control system for bugs | |
| CN107168844B (en) | Performance monitoring method and device | |
| CN113934621A (en) | Fuzzy test method, system, electronic device and medium | |
| US11349730B2 (en) | Operation device and operation method | |
| Kim et al. | Smart seed selection-based effective black box fuzzing for IIoT protocol | |
| CN109522202B (en) | Software testing method and device | |
| CN113965355A (en) | SOC-based illegal IP (Internet protocol) provincial network plugging method and device | |
| KR101824924B1 (en) | System and method for performance measurements of web site in response to the real time load | |
| CN112765611A (en) | Unauthorized vulnerability detection method, device, equipment and storage medium | |
| CN115879115B (en) | Method and system for detecting security holes of Web application | |
| CN111752819B (en) | Abnormality monitoring method, device, system, equipment and storage medium | |
| JP2017199250A (en) | Computer system, analysis method of data, and computer | |
| CN113704763B (en) | Pipelined device scanning detection method | |
| CN115550228A (en) | Internet of vehicles bus communication network test method and system | |
| CN114428715A (en) | Log processing method, device and system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |