CN116260643A - Security testing method, device and equipment for web service of Internet of things - Google Patents

Security testing method, device and equipment for web service of Internet of things Download PDF

Info

Publication number
CN116260643A
CN116260643A CN202310209940.0A CN202310209940A CN116260643A CN 116260643 A CN116260643 A CN 116260643A CN 202310209940 A CN202310209940 A CN 202310209940A CN 116260643 A CN116260643 A CN 116260643A
Authority
CN
China
Prior art keywords
internet
things
test
data
web service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310209940.0A
Other languages
Chinese (zh)
Inventor
王旭元
郑志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Huawei Cloud Computing Technology Co ltd
Original Assignee
Shenzhen Huawei Cloud Computing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Huawei Cloud Computing Technology Co ltd filed Critical Shenzhen Huawei Cloud Computing Technology Co ltd
Priority to CN202310209940.0A priority Critical patent/CN116260643A/en
Publication of CN116260643A publication Critical patent/CN116260643A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/10Detection; Monitoring
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a security test method, device and equipment for web services of the Internet of things, wherein the method comprises the following steps: the method comprises the steps that safety test equipment obtains first data, wherein the first data are requests or responses of web services of the Internet of things; performing mutation on the first data to obtain first test data; the first test data are sent to the Internet of things equipment; and receiving a first monitoring result sent by the Internet of things equipment, wherein the first monitoring result comprises one or more of a first abnormal condition, first error information and first program coverage rate, and judging whether the web service of the Internet of things has a vulnerability or not according to the first monitoring result. In the process, the security test equipment introduces the fuzzy test technology into the security test of the web service of the Internet of things, generates test data according to the first rule applicable to the web service of the Internet of things, and can perform comprehensive automatic detection on the web service under the condition of unknown web program source codes of the Internet of things, thereby improving the security test efficiency.

Description

Security testing method, device and equipment for web service of Internet of things
Technical Field
The application relates to the technical field of network security, in particular to a security testing method, device and equipment for web services of the internet of things.
Background
The internet of things device refers to an embedded device connected to a network, and is widely applied to various fields of traffic, industry, home life and the like, wherein web services provided by the internet of things device are high-incidence zones of vulnerabilities, and an attacker can attack the internet of things device according to the web service vulnerabilities, so that the security problem of the internet of things web services is increasingly prominent.
Currently, a security test method for a general web service simulates the attack behavior of a system through a script file, records and analyzes a response result, and determines a web service vulnerability. The internet of things device has specificity, for example, the web service of the internet of things device is developed based on the C/C++ language and is different from the existing web service developed based on the JAVA, PHP, python script language and the like, and the internet of things web interface function is also different from the existing interface and the like. Therefore, the traditional web security testing method is applied to the Internet of things equipment, and has the problems that security testing cannot be carried out on all functions of the Internet of things web service, and the like, so that the security testing efficiency is low and the effect is poor.
Disclosure of Invention
According to the safety test method, the safety test device and the safety test equipment for the web service of the Internet of things, the fuzzy test is introduced into the safety test of the web service of the Internet of things, test data are generated according to rules applicable to the web service of the Internet of things, potential vulnerabilities are determined according to monitoring results, the web service of the Internet of things can be comprehensively and automatically tested under the condition that the web program source code of the Internet of things is unknown, and the efficiency and the effect of the safety test are improved.
In a first aspect, the present application provides a security testing method for an internet of things web service, where the method is applied to a security testing device. The method comprises the following steps: the method comprises the steps that safety test equipment obtains first data, wherein the first data are requests or responses of web services of the Internet of things, which are obtained by the safety test equipment; performing mutation on the first data to obtain first test data; the method comprises the steps of sending first test data to Internet of things equipment, wherein the Internet of things equipment is used for providing Internet of things web services; and receiving a first monitoring result sent by the Internet of things equipment, wherein the first monitoring result comprises one or more of a first abnormal condition, first error information and first program coverage rate, and judging whether the web service of the Internet of things has a vulnerability or not according to the first monitoring result.
In the process, the security test equipment introduces the fuzzy test technology into the security detection method of the web service of the Internet of things. The security test equipment mutates on the basis of the first data according to a first rule applicable to the web service of the Internet of things, sends the first test data to the Internet of things equipment, and determines the loopholes of the web service of the Internet of things by receiving a first monitoring result generated by the Internet of things equipment according to the first test data. The safety test equipment can improve the program coverage rate to a greater extent by generating a plurality of unexpected test data, comprehensively test the web service of the Internet of things, reduce the application scenario of the web service of the Internet of things which is not suitable for the existing safety test technology and the situation that the special problem cannot be detected, and further improve the safety test effect. Compared with the prior art, the security test device determines possible loopholes of the web service of the Internet of things through abnormal conditions and error information in the monitoring result, and loopholes are not required to be analyzed according to the response result, so that the process is simpler, and the security test efficiency can be improved.
In one possible embodiment, after the first data is acquired, the security test device further identifies a first parameter in the first data, wherein the first parameter affects operation of the internet of things device. The safety test equipment can determine the data mutated in the subsequent mutation process of the first data and the first rule used by mutation by identifying the first parameter, so that the operation of the web service of the Internet of things is influenced as much as possible, the safety test efficiency can be improved, and the program coverage rate of the web service of the Internet of things is improved to a greater extent.
In one possible embodiment, the security test device mutates the first data according to a first rule, where the first rule is determined by the security test device according to a first parameter, to obtain the first test data. The safety test equipment determines the first rule according to the first parameter, so that the first rule can be ensured to be suitable for safety test of the web service of the Internet of things, and therefore, the first test data obtained according to variation of the first rule can be ensured to comprehensively detect the function of the web service of the Internet of things, and the effect of the safety test is improved.
In one possible implementation, after the first test data is sent to the internet of things device, the security test device receives the first response sent by the internet of things device in addition to the first monitoring result.
In a possible implementation manner, the security test device sends the first response to the internet of things device under the condition that the program coverage rate in the first monitoring result is improved. And improving the program coverage rate in the first monitoring result to show that the first test data corresponding to the first monitoring result covers the unknown part of the web program of the Internet of things equipment. The security test equipment sends the first response to the Internet of things equipment, the type of test data can be increased, the program coverage rate is improved to a greater extent, unknown vulnerabilities of web services of the Internet of things are detected, and the security test efficiency is improved.
In one possible implementation manner, the safety test device mutates the first test data to obtain second test data under the condition that all the variations of the first test data are not completed; and sending the second test data to the Internet of things equipment. The security test equipment continues to mutate on the basis of the first test data, and the obtained second test data can detect different web service vulnerabilities, so that the program coverage rate can be improved, and a better security test effect can be obtained.
In a second aspect, the present application provides a security test device, which is applied to a security test apparatus, and the security test device includes an acquisition module, a mutation module, a sending module and a receiving module. The system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring first data, and the first data is a request or a response of the Internet of things web service acquired by the acquisition module; the mutation module is used for mutating the first data to obtain first test data; the system comprises a sending module, a testing module and a testing module, wherein the sending module is used for sending first test data to the Internet of things equipment, and the Internet of things equipment is used for providing Internet of things web services; the receiving module is used for receiving a first monitoring result sent by the Internet of things equipment, wherein the first monitoring result comprises one or more of a first abnormal condition, first error information and first program coverage rate, and judging whether the Internet of things web service has a vulnerability or not according to the first monitoring result.
In a third aspect, the present application provides a cluster of computing devices, the cluster of computing devices comprising at least one computing device, each computing device comprising a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the cluster of computing devices to perform the method provided in the first aspect.
In a fourth aspect, the present application provides a computer program product comprising instructions which, when executed by a cluster of computing devices, cause the cluster of computing devices to perform the method of the first aspect.
In a fifth aspect, the present application provides a computer readable storage medium comprising computer program instructions which, when executed by a cluster of computing devices, perform the method provided in the first aspect.
Further combinations of the present application may be made to provide further implementations based on the implementations provided in the above aspects.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below.
FIG. 1 is a flow chart of a web service security testing method provided by an embodiment of the present application;
Fig. 2 is a schematic structural diagram of an internet of things web service security testing system according to an embodiment of the present application;
fig. 3 is a flowchart of a method for testing web service security of the internet of things according to an embodiment of the present application;
FIG. 4 is a flow chart of a partial ambiguity test method provided by an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a safety testing device according to an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of a computing device provided in an embodiment of the present application;
FIG. 7 is a schematic diagram of a computing device cluster according to an embodiment of the present disclosure;
fig. 8 is a schematic diagram of a structure of one or more computing devices connected by a network according to an embodiment of the present application.
Detailed Description
As shown in fig. 1, fig. 1 is a flowchart of a web service security testing method provided in an embodiment of the present application, where the method is applied to a scanner in a system formed by a scanner 110 and a service device 120, where the scanner and the service device are connected through a network, and the service device is used to provide web services, and includes a monitoring module 121 for monitoring web service data. The method performs security testing for Web services built by a general Web framework (e.g., spring, react, PHP, etc.) in the field of information and communication technology (information and communications technology, ICT), wherein the Web services are developed by JAVA, (hypertext preprocessor, PHP, etc. as scripting languages. The method comprises the following steps.
The scanner obtains all initial traffic requests for the web service. Thereafter, the scanner obtains target features of the Web service, including authoring language, web service framework, front-end and back-end state, middleware state, component version, interface parameters, etc., obtained by the scanner according to known Web program source code. The scanner generates a preset rule base according to the target characteristics of the web service, wherein the preset rule base comprises a plurality of rules, and the scanner processes the initial service request according to the plurality of rules to generate a new request which is used as a test request for carrying out the web service security test. And then, the scanner sends the generated test request to the service equipment, the service equipment runs the web application according to the test request, and the monitoring module starts to monitor the web service related data, generates monitoring data and sends the monitoring data to the scanner, wherein the monitoring data can be response information of the web service or business state of the web service and the like. The scanner judges whether the monitoring data is matched with the abnormal feature library, and records the abnormal situation when the monitoring data is matched with the abnormal situation in the abnormal feature library, wherein the abnormal features in the abnormal feature library are determined according to web program source codes. The scanner judges whether a test request which is not sent to the service equipment exists or not under the condition that the abnormal situation is recorded or the monitored data does not exist and is matched with the abnormal situation in the abnormal feature library. If there is a test request not sent to the service device, the scanner repeats the above steps until the test is ended under the condition that all the test requests in the scanner are sent to the service device for security test.
In the process, the more comprehensive the rules in the preset rule base are, or the more abundant the initial service request is, the larger the web service range which can be covered by the test request generated by the scanner according to the rules and the initial service request is, the better the safety test effect is, and the higher the efficiency is.
At present, the internet of things equipment is widely applied to a plurality of fields such as intelligent life, traffic, industry and the like, and web services of the internet of things equipment are high-occurrence zones of vulnerabilities. In the case where the web service security test method shown in fig. 1 is applied to the web service of the internet of things, since the web service of the internet of things device is developed using the C/c++ language, unlike the web service developed in the current scripting language such as JAVA, PHP, etc., the above security test method cannot detect the encoding problem (e.g., buffer overflow, integer overflow, etc.) of the C/c++ language. In addition, the web interface function of the Internet of things device is different from the existing web service interface, and the web service safety test method cannot perform safety test on all functions of the Internet of things web service, so that the safety test efficiency for the Internet of things web service is low and the effect is poor.
Therefore, the application provides a safety test method for the web service of the Internet of things, which is characterized in that the safety test equipment is used for identifying the application scene of the equipment of the Internet of things and the type of key parameters, determining the mutation rule used when the test request of the web service of the Internet of things is generated, and determining program loopholes and the like according to the monitoring information acquired by the equipment of the Internet of things. According to the method, the fuzzy test technology is introduced into the security test of the web service of the Internet of things, the web service of the Internet of things can be automatically and comprehensively tested under the condition of unknown program source codes of the web service of the Internet of things, the security test efficiency is improved, the program coverage rate can be improved through proper variation rules, and more unknown program holes are detected. The security testing method of the web service of the Internet of things is applied to security testing equipment in the system shown in fig. 2.
As shown in fig. 2, fig. 2 is a schematic structural diagram of an internet of things web service security testing system provided in an embodiment of the present application. The system comprises a security test device 210 and an internet of things device 220, wherein the internet of things device and the security test device are connected through a network 230.
In a specific implementation, the internet of things device can be a non-standard computing device which is connected to a network through a wired or wireless mode, such as a router, a monitoring camera, an intelligent home, an intelligent sound box and the like, has the capability of transmitting data, can perform communication and interaction, and can also be remotely monitored and controlled. Different internet of things devices provide different external web services under different application scenes, for example, a router provides functions such as network configuration and management, and the service provided by an intelligent sound box is simpler.
In a possible implementation manner, the internet of things device may be replaced by any device or chip that provides an interface or a remote access function, which is not specifically limited in this application.
In a specific implementation, the security test device may be a mobile phone, a tablet computer, a desktop computer, or the like, in which the internet of things web service security test software is installed, or a bare metal server (bare metal server, BMS), a container, a Virtual Machine (VM), or the like, which includes the internet of things web service security test application, which is not specifically limited in this application.
As shown in fig. 3, fig. 3 is a flowchart of a method for testing web service security of the internet of things according to an embodiment of the present application. The method is applied to safety test equipment in the Internet of things web service safety test system shown in fig. 2, and comprises the following steps of.
Step S310: the security test device obtains first data, wherein the first data is a request or a response of the internet of things web service obtained by the security test device.
The security test device crawls requests or responses of the internet of things web service through a crawler program.
In one possible implementation, since the web service of the internet of things device is relatively simple and has typical features, for example, a website homepage requires entry of an administrator password for login, etc., the security test device determines the crawler program according to the application scenario of the internet of things device. The service interface of the Internet of things equipment can be acquired more accurately and efficiently according to the crawler program customized by the application scene of the Internet of things equipment, so that the efficiency of acquiring the first data is improved. The security test device may also obtain the first data by other manners, which is not specifically limited in this application.
Step S320: the security test equipment mutates the first data to obtain first test data, and the first test data is sent to the Internet of things equipment.
After the first data are acquired, the security test device identifies a first parameter included in the first data, wherein the first parameter affects operation of the internet of things device. The security test equipment determines a first rule applicable to the security test of the web service of the Internet of things according to the first parameter, mutates the first data according to the first rule to obtain first test data, and sends the first test data to the equipment of the Internet of things.
In one possible implementation, the first parameter may be a request header portion, a hardware interface related parameter, a number, a character string, an IP address, etc. that may be parsed and understood, a parameter related to an interface function of a product, etc., which is not specifically limited in this application. By identifying the first parameter, the security test device can determine data mutated in the subsequent mutation process of the first data, so that the operation of the web service of the Internet of things is influenced, the program coverage rate of the web service of the Internet of things is improved to a greater extent, the loopholes of the web service of the Internet of things are triggered, and the security test efficiency is improved.
In one possible embodiment, the security test device, after identifying the first parameter and the type of the first parameter in the first data, determines the appropriate first rule according to the first parameter and the type of the first parameter. The determining of the first rule may also relate to more or less content such as an application scenario of the internet of things device, which is not specifically limited in this application. The safety test equipment uses the first rule for the variation of the first data, so that the comprehensive test of the web service function of the Internet of things can be realized, and the safety detection efficiency is improved.
In one possible implementation, the first rule includes a mutation rule based on regular program coverage, and a mutation rule based on internet of things device web service characteristics. The mutation rule based on the coverage rate of the routine program comprises the following steps: the input is duplicated a plurality of times, the number type of data is increased or decreased, or the original input is replaced according to the input type, etc., which is not particularly limited in this application. The mutation rule based on the web service characteristics of the Internet of things equipment comprises the following steps: triggering buffer overflow and command injection loopholes, and triggering integer overflow and integer overturn loopholes; triggering serialization and de-serialization vulnerabilities, etc., the first rule may also include more or less content, which is not specifically limited in this application.
In a specific embodiment, in the case that the first data includes "Host:192.168.128.30", the security test device identifies the first data, determines that the Host corresponds to an IP address, and determines the type of the first parameter. The security test equipment determines a first rule to be used according to the first parameter and the type of the first parameter, mutates the first data, replaces an IP address '192.168.128.30' in the first data with various forms such as '0.0.0', '11111.0.0.0' or '3.300', generates a series of first test data, and sends the first test data to the Internet of things equipment. In the process, the safety test equipment identifies the first parameters and the first parameter types of the first data, so that a proper first rule is determined, the efficiency of generating the first test data can be greatly improved, the probability of causing potential problems of the web service of the Internet of things by the first test data is improved, the comprehensive functional test of the web service of the Internet of things is realized, and the safety test efficiency is improved.
The method for generating the first test data can solve the problem that the first data is limited and fixed due to the fact that the web service interface of the Internet of things device is simple in logic and limited in device function, the safety test device carries out mutation processing on the first data according to the first rule to generate a plurality of different first test data, the program coverage rate of the Internet of things web service can be improved, or the response change of the Internet of things device is increased, and the safety test effect is improved.
Step S330: the internet of things device generates a first monitoring result and a first response according to the first test data, and sends the first monitoring result and the first response to the safety test device.
After receiving the first test data, the Internet of things device runs the web service program, executes the monitoring function, generates a first monitoring result and a first response, and sends the first monitoring result and the first response to the safety test device. The first monitoring result is used for displaying vulnerabilities of the web service of the Internet of things, and comprises one or more of a first abnormal condition, first error information and first program coverage rate, wherein a one-to-one correspondence exists between the first monitoring result and first test data, and a one-to-one correspondence exists between the first response and the first test data.
In one possible implementation manner, the first abnormal condition in the first monitoring result refers to a situation that an unexpected result occurs to the function of the test target, but the main function can still operate normally; the first error information refers to information which causes that the test target crashes, exits, restarts and the like cannot normally run; the first program coverage rate refers to a duty ratio of a function executed in the test object, and the information included in the first monitoring result is not particularly limited in the present application. The first monitoring result including the first abnormal condition, the first error information or the first program coverage rate, which is obtained by the security test device, may be used to evaluate the security test effect corresponding to the first test data, for example, the increase of the first program coverage rate indicates that the security test is more sufficient, and the obtained response result may be used as new test data under the condition that the program coverage rate is increased, enriches the test data types, and improves the efficiency of the security test, where the first monitoring result may include more or less content.
In a possible implementation manner, the internet of things device executes a monitoring function after the web service program runs, and can monitor related data of the web service by means of firmware simulation, monitoring agent injection, debugging modes and the like, so as to obtain first program coverage rate, first abnormal condition, first error information and the like corresponding to the first test data. The firmware simulation method simulates hardware behaviors by writing software, so that the firmware package of the Internet of things equipment can run in a simulation environment outside the real equipment, and a test target can also be run and monitored in a virtual environment. The monitoring agent is injected with a series of specific programs, the programs are implanted into the tested internet of things equipment, and monitoring and feedback of monitoring results are achieved. The debugging mode is that in part of the internet of things equipment, the debugging switch is turned on to enter the debugging mode, and under the condition of the debugging mode, the internet of things equipment can directly acquire related monitoring results.
In one possible implementation, the internet of things device determines whether a significant change occurs in the generated first response in addition to the monitor coverage, the abnormal situation, and the error information.
In the process, after the first test data is received, the data such as program coverage rate, abnormal conditions, error information and the like are acquired by the Internet of things equipment through methods such as firmware simulation, monitoring agent injection and debugging mode, so that the safety test equipment is facilitated to judge potential problems in the Internet of things web service detected by the test data, and compared with the prior art, the safety test efficiency can be improved by analyzing possible loopholes according to response.
Step S340: and the security test equipment receives the first monitoring result and the first response and judges whether the web service of the Internet of things has the loopholes according to the first monitoring result.
The security test equipment judges whether a first abnormal condition and first error information exist in the received first monitoring result, and judges whether the web service of the Internet of things has loopholes according to the first abnormal condition and the first error information.
In a possible implementation manner, under the condition that the first abnormal condition and the first error information exist, the security test device records the first abnormal condition and the first error information, and determines the loopholes existing in the web services of the internet of things detected by the first test data.
In another possible implementation manner, under the condition that the first abnormal condition and the first error information do not exist, the security test device determines that the first test data does not detect the loophole in the web service of the internet of things, then the security test device judges whether the test data which is not sent to the internet of things exists in the test data queue, and under the condition that the unsent test data exists, the security test device repeats the step S340, and under the condition that the unsent test data does not exist, the security test device ends the round of security test.
The security test equipment judges whether the web service of the Internet of things has a vulnerability according to the first monitoring result, and judges whether new test data can be obtained according to the first monitoring result and the first test data.
In one possible implementation manner, the security test device sends the first response to the test data queue as the test data to the internet of things device under the condition that the coverage rate of the first program in the first monitoring result is improved. The safety test equipment takes the first response as test data, so that the types of the test data sent to the Internet of things equipment can be enriched, the program coverage rate is improved to a greater extent, and the safety test efficiency is improved.
In one possible implementation manner, after the safety test device receives the first monitoring result and the first response, the safety test device mutates the first test data according to the first rule to obtain the second test data in the case that all the mutations of the first test data are not completed. The safety test equipment generates second test data, so that the program coverage rate can be improved to a greater extent, and the efficiency and effect of the safety test are improved.
In one possible implementation manner, after the first monitoring result and the first response are obtained, the safety test device needs to determine whether all variations of the first program coverage rate and the first test data in the first monitoring result are completed, and obtain new test data according to the determination result.
As shown in fig. 4, fig. 4 is a flowchart of a partial ambiguity test method provided in an embodiment of the present application, where a security test apparatus performs the following steps.
Step S410: the safety test equipment judges whether the coverage rate of the first program in the first monitoring result is improved.
Under the condition that the coverage rate of the first program in the first monitoring result is improved, the safety test equipment executes step S420; in the case that the first program coverage rate in the first monitoring result is not improved, step S430 is performed.
Step S420: the security test device sends a first response to the test data queue.
Under the condition that the coverage rate of a first program in a first monitoring result is improved, the safety test device determines that first test data corresponding to the first monitoring result covers an unknown part of a web program of the Internet of things device, so that a first response corresponding to the first test data is sent to a test data queue to be sent to the Internet of things device for subsequent safety test, the type of the test data sent to the Internet of things device can be increased, the program coverage rate is improved to a greater extent, and the safety test efficiency is improved.
Step S430: the safety test device judges whether the first test data has all variations.
Under the condition that the program coverage rate in the monitoring result is not improved, or after the safety test equipment sends a first response corresponding to the first test data to the test data queue, the safety test equipment judges whether all variations of the first test data are completed.
In case that all variations are not completed in the first test data, the safety test device performs step S440.
In the case that all variations are completed in the first test data, the safety test device performs step S450.
Step S440: the safety test equipment mutates the first test data to obtain second test data.
In one possible implementation manner, the security test device mutates the first test data by using the first rule to obtain the second test data, and sends the second test data to the test data queue, wherein the specific process is the same as the process that the security test device mutates according to the first data and obtains the first test data. The security test equipment obtains second test data according to the first test data, and by generating the test data, the program coverage rate can be improved, unknown vulnerabilities in web services of the Internet of things are triggered, a better security test effect is obtained, and the security test efficiency is improved.
Step S450: the security test device determines if the test data queue is empty.
In a possible implementation manner, when the test data queue is not empty, the security test device continues to send the first test data, the first response or the second test data included in the test data queue to the internet of things device, receives the monitoring result and the response sent by the internet of things device, and executes the step S340 and the step in fig. 4 until the security test device sends all the test data in the test data queue to the internet of things device. The process can enable the safety test equipment to send test data to the Internet of things equipment as much as possible, and comprehensively test the functions of the Internet of things web service so as to improve the safety test effect.
In another possible implementation, in the case that the test data queue is empty, the security test device performs step S460.
Step S460: the safety test equipment ends the safety test of the round.
In a possible implementation manner, under the condition that the safety test of the round is finished, the safety test equipment generates a second rule according to monitoring results corresponding to the first test data and the second test data acquired by the safety test of the round. In the new round of internet of things web service security testing process, the security testing equipment mutates the newly acquired first data according to the second rule to obtain new first testing data, and the application is not particularly limited.
In a possible implementation manner, the security testing method of the web service of the internet of things provided by the application may be applied to not only the equipment of the internet of things, but also more different application scenarios, for example, various chips for receiving and transmitting wireless data, or various equipment controlled by infrared, etc., which is not particularly limited in this application. That is, the security test method provided by the present application is applicable to any device or chip that provides an interface externally or any function for remote access. Under the condition that access threshold and protocol analysis exist in equipment needing to be subjected to security test, the security test method provided by the application can be accessed and subjected to security test after being processed by professionals.
In a specific embodiment, the first data is exemplified as follows:
POST/check.cgidata=check_aio HTTP/1.1
Host:192.168.128.30
Connection:keep-alive
Content-Length:209
submit_flag=ntp_debug&conflict_wanlan=&ntpserver1=time.test1.com
&ntpserver2=a.test.com&ntpadjust=0&hidden_ntpserver=GMT8&h
and the safety test equipment identifies the first parameters and the types of the first parameters included in the first data under the condition that the first data are acquired. For example, the security test device recognizes "check_aio" corresponding to data as a character string; the corresponding '192.168.128.30' of the Host is an IP address and is a digital point division structure; "209" corresponding to Content-Length is an integer; the corresponding "a.test.com" and IP address of ntpserver2 is composed of point division structure.
The security test equipment selects a first rule for constructing and triggering buffer overflow and command injection loopholes according to the character string 'check_aio', mutates the first data according to the first rule, mutates the 'check_aio' into 1000 character strings 'a' which are formed by a, or replaces the 'check_aio' with more character strings with different lengths to obtain a plurality of first test data, and sends the first test data to the Internet of things equipment. And then, the safety test equipment acquires a first monitoring result and a first response corresponding to the first test data, records abnormal conditions, error information and the like generated by the web service of the Internet of things, and further mutates the first test data under the condition that all the variations of the first test data are not completed. The security test equipment selects a first rule for constructing and triggering integer overflow according to an integer '209' in the first test data, changes '209' into data such as '0', '1', '100000000', and the like, obtains a plurality of second test data, and sends the second test data to the internet of things equipment. The security test equipment continuously repeats the process until the test data does not exist in the test data queue, the security test is ended, and the loopholes existing in the web service of the Internet of things can be determined according to the recorded abnormal conditions and error information.
At present, a security test method for the web service of the Internet of things does not exist, but the security test method for the web service in the existing information and communication technical field is only applied to the security test of the web service of the Internet of things. In the security test method provided by the application, the security test equipment mutates the first data to obtain first test data, mutates the first test data on the basis of the first test data to obtain second test data, and sends the first test data and the second test data to the Internet of things equipment. The first rule is determined according to the first data, is applicable to variation rules of the security test of the web service of the Internet of things, and the first test data and the second test data generated according to the first rule can more comprehensively detect the functions of the web service of the Internet of things, so that the program coverage rate is improved, potential loopholes of the web service of the Internet of things are detected to a greater extent, the security test effect is improved, and the security test efficiency is improved. The security test device can determine potential vulnerabilities of the web service of the Internet of things according to the monitoring results generated according to the first test data or the second test data and sent by the Internet of things device, the security test device is more convenient, and the security test efficiency is improved.
In summary, in the embodiment of the present application, the security test device automatically generates a series of unconventional test data according to a special mutation rule by introducing the fuzzy test technology into the security test of the web service of the internet of things, and sends the unconventional test data to the tested device, and according to the monitoring result generated by the tested device, the test of the abnormal condition, the error information and the program coverage rate of the tested program is implemented, so that under the condition of unknown web service program source code, the potential vulnerability can be determined according to the monitoring result, and the security test effect is improved.
As shown in fig. 5, fig. 5 is a schematic structural diagram of a security test device provided in an embodiment of the present application, where the security test device is applied to security test equipment in an internet of things web service security test system shown in fig. 2, and is applied to an internet of things web service security test method shown in fig. 3. The safety test apparatus 500 includes: the device comprises an acquisition module 510, a mutation module 520, a transmission module 530 and a receiving module 540. The system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring first data, and the first data is a request or a response of the Internet of things web service acquired by the acquisition module; the mutation module is used for mutating the first data to obtain first test data; the system comprises a sending module, a testing module and a testing module, wherein the sending module is used for sending first test data to the Internet of things equipment, and the Internet of things equipment is used for providing Internet of things web services; the receiving module is used for receiving a first monitoring result sent by the Internet of things equipment, wherein the first monitoring result comprises one or more of a first abnormal condition, first error information and first program coverage rate, and judging whether the Internet of things web service has a vulnerability or not according to the first monitoring result.
The acquiring module, the mutation module, the sending module and the receiving module can be realized by software or hardware. Illustratively, the implementation of the mutation module is described below as an example of the mutation module. Similarly, the implementation manners of the acquisition module, the sending module and the receiving module may refer to the implementation manner of the mutation module.
Modules as an example of a software functional unit, a mutation module may include code that runs on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, and a container, among others. Further, the above-described computing examples may be one or more. For example, the mutation module may include code running on multiple hosts/virtual machines/containers. It should be noted that, multiple hosts/virtual machines/containers for running the code may be distributed in the same region (region), or may be distributed in different regions. Further, multiple hosts/virtual machines/containers for running the code may be distributed in the same availability zone (availability zone, AZ) or may be distributed in different AZs, each AZ comprising a data center or multiple geographically close data centers. Wherein typically a region may comprise a plurality of AZs.
Also, multiple hosts/virtual machines/containers for running the code may be distributed in the same virtual private cloud (virtual private cloud, VPC) or in multiple VPCs. In general, one VPC is disposed in one region, and a communication gateway is disposed in each VPC for implementing inter-connection between VPCs in the same region and between VPCs in different regions.
Modules as an example of hardware functional units, a mutation module may include at least one computing device, such as a server or the like. Alternatively, the mutation module may be a device implemented by an application-specific integrated circuit (ASIC) or a programmable logic device (programmable logic device, PLD), or the like. The PLD may be implemented as a complex program logic device (complex programmable logical device, CPLD), a field-programmable gate array (FPGA), a general-purpose array logic (generic array logic, GAL), or any combination thereof.
Multiple computing devices included in the mutation module may be distributed in the same region or may be distributed in different regions. The multiple computing devices included in the mutation module may be distributed in the same AZ or may be distributed in different AZ. The multiple computing devices included in the mutation module may be distributed in the same VPC or may be distributed in multiple VPCs. The plurality of computing devices may be any combination of computing devices such as servers, ASIC, PLD, CPLD, FPGA, and GAL.
The obtaining module performs step S310 in fig. 3, the mutation module performs step S320 in fig. 3, the sending module performs step S320 in fig. 3, and the receiving module performs step S340 in fig. 3. It should be noted that, in other embodiments, the acquiring module, the mutation module, the sending module, and the receiving module may be respectively configured to execute any step in the federal learning operation method shown in fig. 2, and the steps that the acquiring module, the mutation module, the sending module, and the receiving module are responsible for implementing may be specified according to needs, and all functions of the security test device are implemented by implementing different steps in the internet of things web service security test method shown in fig. 3 through the acquiring module, the mutation module, the sending module, and the receiving module.
As shown in fig. 6, fig. 6 is a schematic structural diagram of a computing device according to an embodiment of the present invention, where the computing device 600 may be the security test device in fig. 2, and is applied to a method for testing web service security of the internet of things shown in fig. 3. The computing device 600 includes: processor 610, memory 620, communication interface 630, and bus 640. The processor, the memory, and the communication interface may communicate via a bus. Computing device 600 may be a server or a terminal device. It should be understood that the present application is not limited to the number of processors, memories in computing device 600.
The processor 610 may be comprised of at least one general purpose processor, such as a central processing unit (central processing unit, CPU), or a combination of CPU and hardware chips. The hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (programmable logic device, PLD), or a combination thereof. The PLD may be a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL), or any combination thereof. The processor 610 is configured to execute various types of digitally stored instructions, and each of the executed steps implements a corresponding function.
The memory 620 may be a volatile memory (volatile memory), such as random access memory (random access memory, RAM), dynamic RAM (DRAM), static RAM (SRAM), synchronous dynamic RAM (synchronous dynamic RAM, SDRAM), double data rate RAM (DDR), cache (cache), etc., and the memory may also include combinations of the above. The memory 620 includes executable program codes, and the processor 610 can implement the functions of the acquisition module 510, the mutation module 520 and the transmission module 530 by executing the program codes, thereby implementing the security test method of the internet of things web service in fig. 3. That is, the memory 620 has instructions stored thereon for performing the security test method of the internet of things web service in fig. 3.
The communication interface 630 uses a transceiver module, such as, but not limited to, a network interface card, a transceiver, etc., to implement communication between the computing device 600 and other devices or communication networks, and may be used to receive a response result, a monitoring result, etc., sent by the internet of things device, which is not specifically limited in this application.
Bus 640 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one line is shown in fig. 6, but not only one bus or one type of bus. Bus 640 may include a path to transfer information between various components of computing device 600 (e.g., processor 610, memory 620, communication interface 630).
It should be noted that fig. 6 is only one possible implementation of the embodiment of the present application, and in practical applications, the network device may further include more or fewer components, which is not limited herein.
The embodiment of the application also provides a computing device cluster. The cluster of computing devices includes at least one computing device. The computing device may be a server, such as a central server, an edge server, or a local server in a local data center. In some embodiments, the computing device may also be a terminal device such as a desktop, notebook, or smart phone.
As shown in fig. 7, fig. 7 is a schematic structural diagram of a computing device cluster provided in an embodiment of the present application, where the computing device cluster includes at least one computing device 600. The same instructions for executing the method for testing web service security of internet of things provided in the embodiments of the present application may be stored in the memory 620 of one or more computing devices 600 in the computing device cluster.
In some possible implementations, part of the instructions for performing the above-described internet of things web service security testing method may also be stored separately in the memory 620 of one or more computing devices 600 in the computing device cluster. In other words, a combination of one or more computing devices 600 may collectively execute instructions for performing the internet of things web service security test method.
It should be noted that, the memory 620 in different computing devices 600 in the computing device cluster may store different instructions, and the instructions stored in the memory 620 in different computing devices 600 may implement functions of one or more of the acquisition module, the mutation module, the sending module, and the receiving module.
In some possible implementations, one or more computing devices in a cluster of computing devices may be connected through a network. Wherein the network may be a wide area network or a local area network, etc. As shown in fig. 8, fig. 8 is a schematic structural diagram of one or more computing devices connected through a network according to an embodiment of the present application. The two computing devices 600A and 600B are connected by a network, the computing device 600A including a processor 610A, a memory 620A, a communication interface 630A, and a bus 640A, and the computing device 600B including a processor 610B, a memory 620B, a communication interface 630B, and a bus 640B. Specifically, the connection to the network is made through a communication interface in each computing device. In this type of possible implementation, instructions to perform the functions of the acquisition module are stored in memory 620A in computing device 600A. Meanwhile, the memory 620B in the computing device 600B has stored therein instructions for performing the functions of the mutation module and the transmission module. It should be appreciated that the functionality of computing device 600A shown in fig. 8 may also be performed by multiple computing devices 600. Likewise, the functionality of computing device 600B may also be performed by multiple computing devices 600.
Embodiments of the present application also provide a computer program product comprising instructions. The computer program product may be software or a program product containing instructions capable of running on a computing device or stored in any useful medium. The computer program product, when run on at least one computing device, causes the at least one computing device to perform the internet of things web service security test method shown in fig. 3.
Embodiments of the present application also provide a computer-readable storage medium. The computer readable storage medium may be any available medium that can be stored by a computing device or a data storage device such as a data center containing one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), etc. The computer-readable storage medium includes instructions that instruct a computing device to perform a method of internet of things web service security testing as shown in fig. 3.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; these modifications or substitutions do not depart from the essence of the corresponding technical solutions from the protection scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A security testing method for web services of the internet of things, which is applied to security testing equipment, the method comprising:
acquiring first data, wherein the first data is a request or a response of the Internet of things web service acquired by the security test equipment;
performing mutation on the first data to obtain first test data;
the first test data are sent to Internet of things equipment, wherein the Internet of things equipment is used for providing the Internet of things web service;
and receiving a first monitoring result sent by the Internet of things equipment, wherein the first monitoring result comprises one or more of a first abnormal condition, first error information and first program coverage rate, and judging whether the Internet of things web service has a vulnerability or not according to the first monitoring result.
2. The method of claim 1, wherein after the acquiring the first data, the method further comprises:
and identifying a first parameter in the first data, wherein the first parameter affects the operation of the Internet of things device.
3. The method of claim 2, wherein mutating the first data to obtain first test data comprises:
And mutating the first data according to a first rule to obtain first test data, wherein the first rule is determined by the safety test equipment according to the first parameter.
4. A method according to any one of claims 1 to 3, wherein after transmitting the first test data to an internet of things device, the method further comprises:
and receiving a first response sent by the Internet of things equipment.
5. The method of claim 4, wherein after the receiving the first monitoring result sent by the internet of things device, the method further comprises:
and under the condition that the coverage rate of the first program is improved, sending the first response to the Internet of things equipment.
6. The method of claim 5, wherein the method further comprises:
under the condition that all variations of the first test data are not completed, the first test data are subjected to variation to obtain second test data;
and sending the second test data to the Internet of things equipment.
7. The safety testing device is applied to safety testing equipment and is characterized by comprising an acquisition module, a mutation module, a sending module and a receiving module:
The acquisition module is used for acquiring first data, wherein the first data is a request or a response of the Internet of things web service acquired by the acquisition module;
the mutation module is used for mutating the first data to obtain first test data;
the sending module is configured to send the first test data to the internet of things device, where the internet of things device is configured to provide the internet of things web service;
the receiving module is configured to receive a first monitoring result sent by the internet of things device, where the first monitoring result includes one or more of a first abnormal condition, a first error message, and a first program coverage rate, and determine whether a vulnerability exists in the internet of things web service according to the first monitoring result.
8. A cluster of computing devices, comprising at least one computing device, each computing device comprising a processor and a memory;
the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the cluster of computing devices to perform the method of claim 1.
9. A computer program product containing instructions that, when executed by a cluster of computing devices, cause the cluster of computing devices to perform the method of claim 1.
10. A computer readable storage medium comprising computer program instructions which, when executed by a cluster of computing devices, perform the method of claim 1.
CN202310209940.0A 2023-02-25 2023-02-25 Security testing method, device and equipment for web service of Internet of things Pending CN116260643A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310209940.0A CN116260643A (en) 2023-02-25 2023-02-25 Security testing method, device and equipment for web service of Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310209940.0A CN116260643A (en) 2023-02-25 2023-02-25 Security testing method, device and equipment for web service of Internet of things

Publications (1)

Publication Number Publication Date
CN116260643A true CN116260643A (en) 2023-06-13

Family

ID=86687730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310209940.0A Pending CN116260643A (en) 2023-02-25 2023-02-25 Security testing method, device and equipment for web service of Internet of things

Country Status (1)

Country Link
CN (1) CN116260643A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116956293A (en) * 2023-09-19 2023-10-27 天津华来科技股份有限公司 API security vulnerability detection system and method
CN118764326A (en) * 2024-09-09 2024-10-11 国网四川省电力公司乐山供电公司 Chain type information collection and vulnerability investigation method and related products

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116956293A (en) * 2023-09-19 2023-10-27 天津华来科技股份有限公司 API security vulnerability detection system and method
CN116956293B (en) * 2023-09-19 2024-01-30 天津华来科技股份有限公司 API security vulnerability detection system and method
CN118764326A (en) * 2024-09-09 2024-10-11 国网四川省电力公司乐山供电公司 Chain type information collection and vulnerability investigation method and related products

Similar Documents

Publication Publication Date Title
CN112953971B (en) Network security flow intrusion detection method and system
CN111400722A (en) Method, apparatus, computer device and storage medium for scanning small program
CN104956372A (en) Determining coverage of dynamic security scans using runtime and static code analyses
CN111885007B (en) Information tracing method, device, system and storage medium
CN111818035B (en) Permission verification method and device based on API gateway
CN111198797B (en) Operation monitoring method and device and operation analysis method and device
CN111628900A (en) Fuzzy test method and device based on network protocol and computer readable medium
CN116155771A (en) Network anomaly test method, device, equipment, storage medium and program
CN113114680A (en) Detection method and detection device for file uploading vulnerability
CN116599747A (en) Network and information security service system
WO2024007615A1 (en) Model training method and apparatus, and related device
CN116260643A (en) Security testing method, device and equipment for web service of Internet of things
CN112671605A (en) Test method and device and electronic equipment
CN111953665A (en) Server attack access identification method and system, computer equipment and storage medium
CN113419971B (en) Android system service vulnerability detection method and related device
CN114448645A (en) Method, device, storage medium and program product for processing webpage access
CN108650274B (en) Network intrusion detection method and system
CN115454856B (en) Multi-application security detection method, device, medium and electronic equipment
CN116866082A (en) Cloud network-based security assessment system and method
Xu et al. FIoTFuzzer: Response-based black-box fuzzing for IoT devices
CN116166536A (en) Test method, test device, electronic equipment and storage medium
CN116055092A (en) Hidden tunnel attack behavior detection method and device
CN115016995A (en) Interface testing method, computer device and computer storage medium
CN114025014A (en) Asset detection method and device, electronic equipment and storage medium
CN117648262B (en) Fuzzy test method, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination