CN115935356A - Software security testing method, system and application - Google Patents
Software security testing method, system and application Download PDFInfo
- Publication number
- CN115935356A CN115935356A CN202211693987.0A CN202211693987A CN115935356A CN 115935356 A CN115935356 A CN 115935356A CN 202211693987 A CN202211693987 A CN 202211693987A CN 115935356 A CN115935356 A CN 115935356A
- Authority
- CN
- China
- Prior art keywords
- software
- prompt
- tested
- information
- source file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a software security testing method, a system and an application, wherein error processing information is sent to software to be tested, prompt information generated by the software to be tested is obtained, the obtained prompt information is decomposed to obtain a source file and an associated file corresponding to the prompt information, the source file and the associated file are compared with a preset security prompt information list one by one, if the source file and the associated file are not matched with the preset security prompt information list, the software to be tested is unsafe, a corresponding position is identified, an intrusion matrix and a verification intrusion matrix are established, and potential safety hazards of the source file and the associated file are listed. By the scheme, the prompt information returned by the software to be tested under error processing can be analyzed and processed, and particularly the prompt information carrying data in a non-authority range is screened and checked, so that the accuracy of software security testing is improved.
Description
Technical Field
The invention relates to the technical field of software security, in particular to a software security testing method, a software security testing system and application.
Background
With the rapid development of the internet of things, the network space is the fifth main right field space after the air-sea-land sky, but the network space formed by connecting ubiquitous software and devices in series also brings new requirements and challenges to network security.
In a network space, software security and data security are the most important rings, and it can be said that "there is no network security and no national security", but software in the network space nowadays has a vulnerability to a greater or lesser extent, and if the vulnerability of the software is discovered by a malicious user and attacks the software by using the vulnerability, not only the software cannot be used normally, but also property or other losses are caused, and even the normal operation of an enterprise or a country may be affected.
In some software, when a user performs error processing, the software returns prompt information about the error processing, however, in the process of returning some prompt information to the software, an effect outside a call authority function may exist, so that data outside the call authority exists in the prompt information, and in this case, if the returned prompt information is intercepted by a malicious user, the malicious user can acquire the data outside the call authority in the prompt information to attack the software, so that if the prompt information with a risk possibly existing in the software is analyzed and processed at the beginning, the safety of the software can be greatly guaranteed. In view of the foregoing, a detection method for ensuring software security by efficiently and accurately detecting prompt information generated by software is needed.
Disclosure of Invention
The embodiment of the application provides a software security test method, a software security test system and application, wherein prompt information generated when software to be tested deals with errors is screened and checked in a virtual sand table to obtain data in a non-authority range, and after source files are screened for the data, security verification is performed on the source files and the rest files, so that the accuracy of software security test is improved.
In a first aspect, an embodiment of the present application provides a method, a system, and an application for testing software security, which specifically include:
acquiring characteristic fingerprint information of software to be tested, sending error processing to the software to be tested, and capturing at least one prompt message generated by the software to be tested;
presetting a prompt safety list, wherein normal prompt information corresponding to error processing, a source file of the normal prompt information and an associated file of the normal prompt information are arranged in the prompt safety list;
acquiring a source file and an associated file corresponding to the prompt information, and comparing the source file and the associated text of the prompt information with the prompt safety list;
if the source file and/or the associated file are not matched with the prompt safety list, identifying the source file and the associated file to obtain an identification position;
and establishing an intrusion matrix according to the identification position, and verifying the intrusion matrix to obtain the potential safety hazard of the current prompt information.
In a second aspect, an embodiment of the present application provides a software security testing method and apparatus, including:
an acquisition device: the system comprises a fingerprint acquisition module, a fingerprint acquisition module and a fingerprint acquisition module, wherein the fingerprint acquisition module is used for acquiring characteristic fingerprint information of software to be detected; the system is used for capturing at least one prompt message generated by the software to be tested; the system comprises a prompt safety list, a data processing unit and a data processing unit, wherein the prompt safety list is used for acquiring a prompt safety list, and normal prompt information corresponding to error processing, a source file of the normal prompt information and an associated file of the normal prompt information are arranged in the prompt safety list; the source file and the associated file corresponding to the prompt message are obtained; the method comprises the steps of acquiring potential safety hazards of current prompt information after the intrusion matrix is verified;
a comparison device: comparing the source file and the associated file for the prompt information with the prompt safety list;
the identification device: the source file and the associated file which are not matched with the prompt safety list are identified to obtain an identification position;
the establishing and verifying device: and the intrusion matrix is established according to the identification position and verified.
In a third aspect, an embodiment of the present application provides an electronic apparatus, which includes a memory and a processor, where the memory stores a computer program, and the processor is configured to run the computer program to execute a software security testing method.
In a fourth aspect, an embodiment of the present application provides a readable storage medium, where a computer program is stored, where the computer program includes a program code for controlling a process to execute a process, where the process is a software security testing method and system.
The main contributions and innovation points of the invention are as follows:
aiming at the condition that the traditional software security test can only carry out vulnerability investigation on data but neglects the non-authority functional data carried in the prompt message, the scheme initiatively analyzes and processes the error prompt message returned by each module of the software to be tested under the error process, screens the non-authority functional data exceeding the authority range from the error prompt message, acquires a source file of the non-authority functional data exceeding the authority range, and carries out forward verification on the source file to detect the security performance of the non-authority functional data; therefore, malicious software is prevented from being maliciously attacked by taking the non-permission function data carried by the prompt information as the breach, and compared with the traditional software security testing method, the method has the effects of wider investigation, higher pertinence and higher accuracy.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow chart of a method for testing software security according to an embodiment of the present application;
FIG. 2 is a logic diagram of a software security testing method according to an embodiment of the present application;
FIG. 3 is a schematic structural diagram of a software security testing apparatus according to an embodiment of the present application;
fig. 4 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the methods may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
Example one
Aiming at the condition that the traditional software security test can only carry out vulnerability investigation on data but neglects the condition that the prompt information carries the non-authority functional data, the scheme initiatively analyzes and processes the error prompt information returned by each module of the software to be tested under the error processing so as to carry out the security investigation on the condition that the prompt information carries the non-authority functional data.
Specifically, the invention provides a software security testing method, which comprises the following steps:
acquiring feature fingerprint information of software to be detected, sending error processing to the software to be detected based on the feature fingerprint information, and capturing at least one prompt message generated by the software to be detected aiming at the error processing;
presetting a prompt safety list, wherein normal prompt information corresponding to error processing, a source file of the normal prompt information and an associated file of the normal prompt information are arranged in the prompt safety list;
acquiring a source file and an associated file corresponding to the prompt information, and comparing the source file and the associated text of the prompt information with the prompt safety list;
if the source file and/or the associated file are not matched with the prompt safety list, identifying the source file and the associated file to obtain an identification position;
and establishing an intrusion matrix according to the identification position, and verifying the intrusion matrix to obtain the potential safety hazard of the current prompt information.
Specifically, in the step of "acquiring the feature fingerprint information of the software to be tested and sending error processing to the software to be tested based on the feature fingerprint information", a transmission test script is adopted to acquire the feature fingerprint information of the software to be tested, and error processing is sent to the software to be tested based on the feature fingerprint information.
And in the step of capturing at least one prompt message generated by the software to be tested aiming at the error processing, capturing at least one prompt message generated by the software to be tested by adopting a data capture model.
It is worth to be noted that the data capture model and the transmission test script in the scheme both belong to the same service test scene of the software to be tested, so as to ensure that the feature fingerprint information, the prompt information and the like of the current software to be tested can be obtained.
In addition, the method and the device utilize a transmission test script to obtain the characteristic fingerprint information of the software to be tested on the simulation sand table, and send error processing to the software to be tested; the data capture model captures at least one prompt message generated by the software to be tested, and the method has the advantages that the transmission test script, all files and registries created, modified or deleted by the data capture model in the software test process are virtualized and redirected, so that the real files and registries in the software to be tested can not be changed when the software security test is carried out in a sand table, and the virus can not change key parts of the system to damage the system.
Further, in an embodiment of the present disclosure, the simulation sand table further includes a program control function similar to a HIPS, and the program control function may disable some high-risk activities of the program in time, where the high-risk activities include, but are not limited to, installing a driver in the program, operating a bottom disk, and the like.
Specifically, in the step of "obtaining feature fingerprint information of software to be tested", the feature fingerprint information is a combination feature of logic and data of the software to be tested, and the feature fingerprint information represents a type of the software to be tested. The different types of software to be tested correspond to different error processing, and the type of the software to be tested is obtained through the characteristic fingerprint information and then the corresponding error processing is sent to the software to be tested.
Specifically, the step of sending error processing to the software to be tested based on the feature fingerprint information includes:
acquiring characteristic fingerprint information of software to be tested based on the transmission test script, and establishing a threat model based on the defect space;
acquiring an intrusion point of the software to be tested according to the threat model, performing matching test on the intrusion point by using vulnerability data corresponding to the software to be tested, and capturing a security space without a matching result;
and sending error processing to the security space by using the vulnerability data.
Specifically, in the step of acquiring feature fingerprint information of software to be tested based on a transmission test script and establishing a threat model based on a defect space, the transmission test script acquires the feature fingerprint information of the software to be tested, determines the type of the software to be tested based on the feature fingerprint information, determines error processing and a defect space for the type of Internet of things equipment based on the determined type of the software to be tested, and the defect space is a space where historical vulnerabilities in the software to be tested are distributed.
It should be noted that the space where the historical vulnerability of the software to be tested is located can be obtained after the type of the software to be tested is known, and the defect space is determined based on the space where the historical vulnerability is located.
Further, the threat model is constructed by the following specific steps:
decomposing software to be tested based on decomposition software to generate a plurality of components , The component is an operation functional component of the software to be tested;
analyzing each type of component by adopting a threat analysis model to obtain a threat item in each type of component;
and evaluating the threat items of each type of the components to obtain an evaluation processing result, and acquiring the intrusion point of the software to be tested based on the evaluation processing result.
Wherein the threat analysis model for each of said classes of components is prior art.
In some embodiments, the threat model is specifically constructed by the following steps:
s1: decomposing the software to be tested by utilizing Diagram software, and decomposing the software to be tested into parts by utilizing a Diagram application program to generate a Data Flow Diagram (DFD), wherein the parts comprise the following elements:
data flow (arrow segments): moving data such as a network connection, a named pipe, an RPC channel and the like;
data storage (double horizontal line): representing files, databases, registry keys, and the like;
progression (round): a computer running a computer or program;
interactive square (square): endpoints of the software under test, such as people, web servers, and servers;
trust boundary (dashed line): representing the boundary between trusted and non-trusted elements.
According to the flowing, processing and storing conditions of various information in a system during the running process of the software to be tested, the software to be tested is decomposed into components, and elements of the components refer to the characteristics contained in the running functional components of the software to be tested.
S2: performing threat analysis on each type of component element by using a corresponding threat analysis model to obtain a threat item, wherein the content of the threat analysis model comprises:
spoofing (Spoofing) -authentication is done;
tampering — guarantee of integrity;
recommendation-reinforcement traceability;
information Disclosure-encryption;
guaranteed availability of Service;
elevation of Privileges-enforcing rights control;
table one: threat item for component element
| Element(s) | S | T | R | I | D | E | |
| Process | √ | √ | √ | √ | √ | √ | |
| Data storage | √ | × | √ | √ | |||
| Data flow | √ | √ | √ |
。
In some embodiments, the threat items corresponding to the component elements in the component are shown in table one: the checked elements correspond to existing threat items, and some threat items may exist or may not exist, for example, the x in the R item means that R (denial) of the data storage may or may not exist, only when the analyzed data storage is used as an audit, the threat of R denial is analyzed, and the R denial threat is not analyzed when the analyzed data storage is not used as an audit.
In other words, each component has no or at least one threat item, and part of the threat items are different according to different actual scenes.
S3: and (4) threat mitigation: and evaluating each threat item, and evaluating the threat items to obtain an evaluation processing result.
Specifically, since the number of threat items is large, it is necessary to pay reasonable investment while performing performance security verification in consideration of the priority of the threat items. The method for evaluating and processing the threat items comprises an ALE (annual expected loss) and a DREAD (DREAD), wherein the ALE evaluation method comprises the following steps: risk = probability of occurrence potential loss, said DREAD being defined as:
damage potential, if defect is exploited, how large is the loss?
Reproducibility, how difficult is it to repeatedly make an attack?
How difficult is it to launch an attack?
Affected users, expressed as a rough percentage, how many users are Affected?
Discovery is easy to detect?
All threat items can be evaluated in a high, middle and low mode, and further the outputted threat items used for decision making are judged.
S4: and (5) verifying the relieving measures, and when the evaluation processing result meets the baseline requirement, performing the next iteration again.
And completing the construction of the threat model.
It should be noted that before the threat model is established according to the defect space, corresponding funnel data and error processing are required to be acquired according to the field of the software to be tested. In some embodiments, the vulnerability data in the domain of the software under test is obtained through networking.
Further, matching test is carried out on the intrusion point by utilizing the vulnerability data corresponding to the software to be tested, and a security space without a matching result is captured; and in the step of sending error processing to the safe space by utilizing the vulnerability data, carrying out corresponding matching test on the obtained intrusion point according to the vulnerability data, capturing the safe space without a matching result based on the matching test result, and controlling the transmission test script to send error processing to the safe space based on the vulnerability data.
Further, in some embodiments, if the vulnerability data performs a matching test on the intrusion point and a captured security space without a matching result exceeds one, it may be directly determined that the software to be tested is unsafe.
Specifically, in some embodiments, when the intrusion point is subjected to matching test based on the vulnerability data, a vulnerability matrix is established based on the intrusion point, the vulnerability data is put into the vulnerability matrix as a possible threat for management, if a mature vulnerability exists, the mature vulnerability is scanned first, and then the problem found after scanning is brought into the vulnerability matrix for management. Wherein, how to construct the vulnerability matrix based on the intrusion points is the prior art, and the explanation is not provided herein,
it should be noted that, in some embodiments, the software to be tested is divided into a user mode and a kernel mode, where data of the kernel mode is a root, data of the user mode is feedback of the kernel mode, and the data of the user mode can be illegally tampered. Therefore, in order to prevent data from being illegally tampered, the security control of the software to be tested can be better implemented, so as to ensure the security of the software to be tested.
Specifically, in the step of "presetting a prompt safety list", normal prompt information, a source file of the normal prompt information, and an associated file of the normal prompt information corresponding to error processing are set in the prompt safety list, and the source file of the normal prompt information and the associated file of the normal prompt information are both associated with the error processing data.
Specifically, in the step of "obtaining the source file and the associated file corresponding to the prompt information", the prompt information is decomposed to obtain the source file and the associated file corresponding to the prompt information
In addition, in some embodiments, the step of capturing at least one prompt message generated by the software to be tested for the error processing is followed by the steps of:
carrying out data cleaning on error items, missing items and weight items in all the prompt messages;
extracting the characteristics of each prompt message subjected to data cleaning to obtain a characteristic diagram of each prompt message;
and adjusting the characteristic diagram by adopting a residual error structure to obtain the adjusted characteristic information of the prompt message, wherein the characteristic information of the prompt message is used for decomposing to obtain a source file and a related file of the prompt message.
Wherein the expression of the residual structure is:
k=rand(log[a*f(x,y)])
rand () is a character extraction layer based on a random number between (0, 1), f (x, y) is a feature map, and a is a gain constant.
After the characteristic information of the prompt message is obtained, the source file and the associated file of the prompt message can be obtained based on the characteristic information decomposition of the prompt message.
Specifically, in the step of "identifying the source file and the associated file to obtain an identification position", based on the comparison between the source file and/or the associated file and the prompt security list, if the comparison result between the source file and/or the associated file and the prompt security list is not matched, the source file and the associated file are identified.
In some embodiments, if the prompt information includes a source file and an associated file outside the authority range, the prompt information often carries a function exceeding the authority range, and correspondingly, the source file and/or the associated file of the prompt information are subjected to location identifier management, so as to facilitate subsequent troubleshooting.
Specifically, in the step of establishing an intrusion matrix according to the identification position and verifying the intrusion matrix to acquire the potential safety hazard of the current prompt information, the intrusion matrix is obtained by inputting the identification position into an intrusion detection model and performing verification test on the intrusion matrix by adopting various test methods.
In some embodiments, the testing method includes a system test, a tool test and a manual test, in this embodiment, the adopted testing methods are the system test and the tool test, and their respective testing methods are:
and (3) system testing: the method comprises the steps that 360 website safety detection is used for detection, in the actual test, after the test is finished, a login module is annotated, and user information is initialized so as to enter a personal center for testing;
testing the tool: the method comprises the steps of using AWVS to test, wherein during testing, due to the fact that the test can be possibly intercepted as an attack due to the safety protection function of the Aliskiren cloud, an IP address needs to be added into an Aliskiren cloud white list before testing, specifically, the step of adding the IP to the Aliskiren cloud white list through 360 website safety detection can be referred to, and if the test cannot be performed, a local test can be tried.
Example two:
based on the same concept, referring to fig. 3, the present application also proposes a software security testing apparatus, including:
an acquisition device: the system comprises a fingerprint acquisition module, a software processing module and a software processing module, wherein the fingerprint acquisition module is used for acquiring characteristic fingerprint information of software to be tested, sending error processing to the software to be tested based on the characteristic fingerprint information and capturing at least one prompt message generated by the software to be tested aiming at the error processing; the system comprises a prompt safety list, a data processing unit and a data processing unit, wherein the prompt safety list is used for acquiring a prompt safety list, and normal prompt information corresponding to error processing, a source file of the normal prompt information and an associated file of the normal prompt information are arranged in the prompt safety list; the source file and the associated file corresponding to the prompt message are acquired; the potential safety hazard of the current prompt information after the intrusion matrix is verified is obtained;
a comparison device: comparing the source file and the associated file for the prompt information with the prompt safety list;
an identification device: the source file and the associated file which are not matched with the prompt safety list are identified to obtain an identification position;
the verification device: and the intrusion matrix is established according to the identification position and verified.
The same contents as those in the first embodiment in the second embodiment will not be redundantly described.
Example three:
the present embodiment further provides an electronic apparatus, referring to fig. 4, comprising a memory 404 and a processor 402, wherein the memory 404 stores a computer program, and the processor 402 is configured to run the computer program to perform the steps of any one of the software security testing method embodiments described above.
Specifically, the processor 402 may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more integrated circuits of the embodiments of the present application.
The processor 402 may implement any of the software security testing methods described in the above embodiments by reading and executing computer program instructions stored in the memory 404.
Optionally, the electronic apparatus may further include a transmission device 406 and an input/output device 408, where the transmission device 406 is connected to the processor 402, and the input/output device 408 is connected to the processor 402.
The transmitting device 406 may be used to receive or transmit data via a network. Specific examples of the network described above may include wired or wireless networks provided by communication providers of the electronic devices. In one example, the transmission device includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmitting device 406 may be a Radio Frequency (RF) module configured to communicate with the internet via wireless.
The input and output devices 408 are used to input or output information. In the present embodiment, the input information may be error handling information or the like, and the output information may be prompt information or the like.
Optionally, in this embodiment, the processor 402 may be configured to execute the following steps by a computer program:
acquiring feature fingerprint information of software to be tested, sending error processing to the software to be tested based on the feature fingerprint information, and capturing at least one prompt message generated by the software to be tested aiming at the error processing;
presetting a prompt safety list, wherein normal prompt information corresponding to error processing, a source file of the normal prompt information and an associated file of the normal prompt information are arranged in the prompt safety list;
acquiring a source file and an associated file corresponding to the prompt information, and comparing the source file and the associated text of the prompt information with the prompt safety list;
if the source file and/or the associated file are not matched with the prompt safety list, identifying the source file and the associated file to obtain an identification position;
and establishing an intrusion matrix according to the identification position, and verifying the intrusion matrix to obtain the potential safety hazard of the current prompt information.
It should be noted that, for specific examples in this embodiment, reference may be made to examples described in the foregoing embodiments and optional implementations, and details of this embodiment are not described herein again.
In general, the various embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects of the invention may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the invention is not limited thereto. While various aspects of the invention may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
Embodiments of the invention may be implemented by computer software executable by a data processor of the mobile device, such as in a processor entity, or by hardware, or by a combination of software and hardware. Computer software or programs (also referred to as program products) including software routines, applets and/or macros can be stored in any device-readable data storage medium and they include program instructions for performing particular tasks. The computer program product may comprise one or more computer-executable components configured to perform embodiments when the program is run. The one or more computer-executable components may be at least one software code or a portion thereof. Further in this regard it should be noted that any block of the logic flow as in the figures may represent a program step, or an interconnected logic circuit, block and function, or a combination of a program step and a logic circuit, block and function. The software may be stored on physical media such as memory chips or memory blocks implemented within the processor, magnetic media such as hard or floppy disks, and optical media such as, for example, DVDs and data variants thereof, CDs. The physical medium is a non-transitory medium.
It should be understood by those skilled in the art that various technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, the scope of the present description should be considered as being described in the present specification.
The above examples are merely illustrative of several embodiments of the present application, and the description is more specific and detailed, but not to be construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (10)
1. A software security testing method is characterized by comprising the following steps:
acquiring feature fingerprint information of software to be tested, sending error processing to the software to be tested based on the feature fingerprint information, and capturing at least one prompt message generated by the software to be tested aiming at the error processing;
presetting a prompt safety list, wherein normal prompt information corresponding to error processing, a source file of the normal prompt information and an associated file of the normal prompt information are arranged in the prompt safety list;
acquiring a source file and an associated file corresponding to the prompt information, and comparing the source file and the associated text of the prompt information with the prompt safety list;
if the source file and/or the associated file are not matched with the prompt safety list, identifying the source file and the associated file to obtain an identification position;
and establishing an intrusion matrix according to the identification position, and verifying the intrusion matrix to obtain the potential safety hazard of the current prompt information.
2. The software security testing method of claim 1, wherein a simulation sand table is used to perform software security testing on the software to be tested.
3. The software security testing method according to claim 1, wherein the characteristic fingerprint information is a combined characteristic of logic and data of the software to be tested, and the characteristic fingerprint information characterizes a type of the software to be tested.
4. The software security testing method according to claim 1, wherein in the step of sending error handling to the software to be tested based on the characteristic fingerprint information, the characteristic fingerprint information of the software to be tested is acquired, and a threat model is established based on a defect space;
acquiring an intrusion point of the software to be tested according to the threat model, performing matching test on the intrusion point by using vulnerability data corresponding to the software to be tested, and capturing a security space without a matching result;
and sending error processing to the security space by using the vulnerability data.
5. The software security testing method according to claim 1, wherein when the intrusion point is subjected to the matching test based on the vulnerability data, a vulnerability matrix is established based on the intrusion point, and the vulnerability data is put into the vulnerability matrix as a possible threat for management.
6. The method according to claim 4, wherein if there is a vulnerability, scanning the vulnerability, and then managing the problems found after scanning in the vulnerability matrix.
7. The method for testing software safety according to claim 1, wherein after the step of capturing at least one prompt message generated by the software to be tested for the error handling, the method comprises: carrying out data cleaning on error items, missing items and weight items in all the prompt messages; extracting the characteristics of each prompt message subjected to data cleaning to obtain a characteristic diagram of each prompt message; and adjusting the characteristic graph by adopting a residual error structure to obtain the adjusted characteristic information of the prompt information, wherein the characteristic information of the prompt information is used for decomposing to obtain a source file and an associated file of the prompt information.
8. A software security testing apparatus, comprising:
an acquisition device: the system comprises a fingerprint acquisition module, a software processing module and a software processing module, wherein the fingerprint acquisition module is used for acquiring characteristic fingerprint information of software to be tested, sending error processing to the software to be tested based on the characteristic fingerprint information and capturing at least one prompt message generated by the software to be tested aiming at the error processing; the system comprises a prompt safety list, a normal prompt message, a source file of the normal prompt message and an associated file of the normal prompt message, wherein the normal prompt message, the source file of the normal prompt message and the associated file of the normal prompt message correspond to error processing; the source file and the associated file corresponding to the prompt message are acquired; the method comprises the steps of acquiring potential safety hazards of current prompt information after the intrusion matrix is verified;
a comparison device: comparing the source file and the associated file for the prompt information with the prompt safety list;
an identification device: the source file and the associated file which are not matched with the prompt safety list are identified to obtain an identification position;
establishing and verifying a device: and the intrusion matrix is established according to the identification position and verified.
9. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform a software security testing method according to any one of claims 1 to 7.
10. A readable storage medium, in which a computer program is stored, the computer program comprising program code for controlling a process to execute a process, the process comprising a software security test method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211693987.0A CN115935356A (en) | 2022-12-28 | 2022-12-28 | Software security testing method, system and application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211693987.0A CN115935356A (en) | 2022-12-28 | 2022-12-28 | Software security testing method, system and application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115935356A true CN115935356A (en) | 2023-04-07 |
Family
ID=86552156
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211693987.0A Pending CN115935356A (en) | 2022-12-28 | 2022-12-28 | Software security testing method, system and application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115935356A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117896372A (en) * | 2023-12-29 | 2024-04-16 | 山东神州安付信息科技有限公司 | Sensitive file protection method and device |
-
2022
- 2022-12-28 CN CN202211693987.0A patent/CN115935356A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117896372A (en) * | 2023-12-29 | 2024-04-16 | 山东神州安付信息科技有限公司 | Sensitive file protection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10873594B2 (en) | Test system and method for identifying security vulnerabilities of a device under test | |
| US9953162B2 (en) | Rapid malware inspection of mobile applications | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| US11861006B2 (en) | High-confidence malware severity classification of reference file set | |
| US20140181972A1 (en) | Preventive intrusion device and method for mobile devices | |
| TW201642135A (en) | Detecting malicious files | |
| CN113168473A (en) | Network utilization-based network security vulnerability classification and repair | |
| CN106982188B (en) | Malicious propagation source detection method and device | |
| US11777961B2 (en) | Asset remediation trend map generation and utilization for threat mitigation | |
| CN110677381A (en) | Penetration testing method and device, storage medium and electronic device | |
| CN110768951B (en) | Method and device for verifying system vulnerability, storage medium and electronic device | |
| KR101731312B1 (en) | Method, device and computer readable recording medium for searching permission change of application installed in user's terminal | |
| US8701196B2 (en) | System, method and computer program product for obtaining a reputation associated with a file | |
| CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
| US11762991B2 (en) | Attack kill chain generation and utilization for threat analysis | |
| CN111611592A (en) | Big data platform security assessment method and device | |
| CN116599747A (en) | Network and information security service system | |
| CN115935356A (en) | Software security testing method, system and application | |
| CN110768950A (en) | Permeation instruction sending method and device, storage medium and electronic device | |
| CN113098852A (en) | Log processing method and device | |
| CN114070632B (en) | Automatic penetration test method and device and electronic equipment | |
| CN114257404B (en) | Abnormal external connection statistical alarm method, device, computer equipment and storage medium | |
| US11496502B2 (en) | Method and apparatus for generating attack string | |
| CN113824678B (en) | System, method, and non-transitory computer readable medium for processing information security events | |
| CN117955739B (en) | Interface security identification method and device, computing equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |