CN117171050A - Security test method, security test device, electronic equipment and computer readable storage medium - Google Patents
Security test method, security test device, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN117171050A CN117171050A CN202311265676.9A CN202311265676A CN117171050A CN 117171050 A CN117171050 A CN 117171050A CN 202311265676 A CN202311265676 A CN 202311265676A CN 117171050 A CN117171050 A CN 117171050A
- Authority
- CN
- China
- Prior art keywords
- target
- security
- test
- case
- attack code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 128
- 238000010998 test method Methods 0.000 title claims abstract description 10
- 230000004044 response Effects 0.000 claims abstract description 31
- 238000000034 method Methods 0.000 claims description 24
- 230000006870 function Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 4
- 238000009781 safety test method Methods 0.000 claims description 4
- 238000011076 safety test Methods 0.000 abstract description 5
- 125000004122 cyclic group Chemical group 0.000 description 15
- 238000010586 diagram Methods 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The application discloses a security test method, a security test device, electronic equipment and a computer readable storage medium, wherein the security test method comprises the following steps: acquiring a target security attack code, wherein the target security attack code is stored in advance; determining a test case to be tested, and determining target parameters under the test case to be tested, wherein the test case to be tested is a software service case and has an automatic test function; based on the target security attack code and the target parameter, sending a replacement request to a server of the test case to be tested, wherein the replacement request is used for requesting the target security attack code to replace the target parameter; and generating a security test result based on a response result of the server to the replacement request so as to complete the security test. The efficiency and the speed of safety test can be improved, and the labor cost is reduced.
Description
Technical Field
The present application relates to the field of security testing, and in particular, to a security testing method, apparatus, electronic device, and computer readable storage medium.
Background
With the rapid development of the software industry, a large amount of important data can be generated by using the software service, and the important data is easy to leak due to security attack by lawbreakers utilizing the loopholes of the software service, so that users are subjected to various losses, and therefore, the software service data needs to be securely protected so as to improve the security of the software service.
In order to improve the safety of the software service, the safety of the software service is often required to be tested first, and then, the decision of how to improve the safety of the software service is made according to the test result, however, the current safety test of the software service is mainly carried out manually by a user, the test efficiency and speed are low, and the labor cost is high.
Disclosure of Invention
Aiming at the technical problems, the application provides a safety testing method, a safety testing device, electronic equipment and a computer readable storage medium, and the technical scheme is as follows:
according to a first aspect of the present application, there is provided a security test method comprising:
acquiring a target security attack code, wherein the target security attack code is stored in advance;
determining a test case to be tested, and determining target parameters under the test case to be tested, wherein the test case to be tested is a software service case and has an automatic test function;
based on the target security attack code and the target parameter, sending a replacement request to a server of the test case to be tested, wherein the replacement request is used for requesting the target security attack code to replace the target parameter;
and generating a security test result based on a response result of the server to the replacement request so as to complete the security test.
According to a second aspect of the present application there is provided a security test device comprising:
the acquisition unit is used for acquiring target security attack codes which are stored in advance;
the determining unit is used for determining a to-be-tested case which is a case of a software service and has an automatic testing function, and determining target parameters under the to-be-tested case;
the sending unit is used for sending a replacement request to the server of the test case to be tested based on the security attack code and the target parameter, wherein the replacement request is used for requesting to replace the target parameter with the security attack code;
and the generating unit is used for generating a security test result based on the response result of the server to the replacement request so as to complete the security test.
According to a third aspect of the present application, there is provided an electronic device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method according to the first aspect.
According to a fourth aspect of the present application there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method according to the first aspect.
According to the technical scheme provided by the application, for the software service case with the automatic test function, based on the prestored security attack code and the appointed parameter in the software service case, a replacement request is sent to the server of the software service case, the appointed parameter is requested to be replaced by the security attack code, and then the security test result is generated based on the response result of the server, so that the security test is finished.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings required for the embodiments or the related technical descriptions will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to the drawings for those skilled in the art.
FIG. 1 is a schematic diagram of a related art security test scenario;
FIG. 2 is a flow chart of a security test method according to an embodiment of the present application;
FIG. 3 is a flow chart of a security testing method according to another embodiment of the present application;
FIG. 4 is a flow chart of a security testing method according to another embodiment of the application;
FIG. 5 is a schematic diagram of a security test device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the technical solutions of the present application, the following detailed description of the technical solutions of the embodiments of the present application will be given with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which are derived by a person skilled in the art based on the embodiments of the application, shall fall within the scope of protection of the application.
With the rapid development of the software industry, a large amount of important data can be generated by using the software service, and the important data is easy to leak due to security attack by lawbreakers utilizing the loopholes of the software service, so that users are subjected to various losses, and therefore, the software service data needs to be securely protected so as to improve the security of the software service.
In order to improve the safety of the software service, the safety of the software service is often required to be tested first, and then, the decision of how to improve the safety of the software service is made according to the test result, however, the current safety test of the software service is mainly carried out manually by a user, the test efficiency and speed are low, and the labor cost is high.
Referring to fig. 1, an exemplary description of a related art security test scenario is provided below:
in the related art, when a tester performs security test on a software service, the tester needs to manually acquire a security attack code, the security attack code can be obtained by online searching for the existing security attack code by the tester, or can be obtained by the tester by writing the security attack code for possible security holes, because the number of use cases of the software service is large, the tester also needs to automatically select the use case of the software service to be tested from a plurality of use cases (for example, select a user input use case on a website and manually input the security attack code on an input box of the use case), determine specified parameters in the use case of the software service to be tested, manually input the acquired security attack code for the specified parameters, request to replace the specified parameters for a server of the use case, and autonomously perform security hole evaluation according to a response result returned by the server, so as to complete the security test. However, the degree of automation in the safety test process is low, the safety test needs to be manually performed by a tester, the test efficiency and speed are low, the labor cost is high, and the test error may occur due to the limitation of manual operation.
It will be appreciated that the above description of the security test scenario is merely exemplary, and in practical applications, the existence of other security test scenarios is not excluded, which is not limited in particular.
In view of the above problems, an embodiment of the present application provides a security testing method, which can improve the efficiency and speed of security testing and reduce the cost of manpower. As shown in fig. 2, the method comprises the steps of:
s201, acquiring a target security attack code, wherein the target security attack code is stored in advance;
the target security attack code may have a variety of specific implementations, one of which may include, by way of example: the target security attack code is cross-site scripting attack (Cross Site Scripting, XSS) code. XSS code is a common way of attacking by using security holes of software services, taking a scene of a website as an example, the security holes of the website can enable an attacker to embed malicious script code into a website page accessed by a normal user, and when the user accesses the page normally, the execution of the embedded malicious script code may be caused, so that the purpose of maliciously attacking the user is achieved, and the attacker may obtain various contents including but not limited to higher authority, such as executing some operations, private webpage contents, sessions, cookies and the like. Effective security test is carried out on XSS codes, so that common security holes can be found as much as possible. It should be noted that the foregoing description of the specific implementation of the target security attack code is merely an exemplary illustration, in practical application, it is not excluded that there are other specific implementations in which the attack mode can be replaced by a code for the parameters of the use case, for example, the target security attack code may also be a structured query language (Structured Query Language, SQL) injection attack code, and thus, the specific implementation of the target security attack code is not limited.
The target security attack code may have a plurality of acquisition modes, and one of the acquisition modes may include: the server of the test case to be tested can be maintained with a security attack code database, the target security attack code can be stored in the security attack code database in advance, and the target security attack code can be obtained from the security attack code database. Because the security attack code database is pre-constructed and can store various security attack codes in advance, the efficiency and speed for acquiring the security attack codes can be improved by acquiring the security attack codes through the security attack code database. It should be noted that the above description of the target security attack code acquisition manner is only exemplary, and in practical application, it is not excluded that other acquisition manners exist, for example, the target security attack code may also be obtained by online searching or be immediately written by a tester, so the acquisition manner of the target security attack code is not limited specifically.
As an example, the security attack code in the security attack code database may be a security attack code case from history, or may be a security attack code written by a user in real time and stored in the security attack code database, which is not limited specifically.
As an example, the obtained target security attack codes may be one or more, and when a plurality of target security attack codes need to be obtained, the loop may be obtained from the security attack code database to obtain a plurality of target security attack codes.
The above-mentioned cycle acquisition method may be various, and one method may include, as an example: the cyclic acquisition is performed by using the For cyclic statement, or the cyclic acquisition is performed by using the While cyclic statement, and the mode of cyclic acquisition is not particularly limited.
As an example, a target security attack code list may be generated according to the acquired plurality of target security attack codes, where the target security attack code list includes the plurality of target security attack codes, and the target security attack code list may exist in the cache, and when the plurality of target security attack codes need to be used, the target security attack code may be directly taken from the target security attack code list existing in the cache. The efficiency and the speed of taking the target security attack code can be greatly improved.
S202, determining a test case to be tested, and determining target parameters under the test case to be tested, wherein the test case to be tested is a software service case and has an automatic test function;
there are various methods for determining the test cases to be tested, and one determination method may include: the method can debug the to-be-debugged case first, and can determine the debugged to-be-debugged case as the to-be-debugged case, and the debugging can indicate that the server response can be obtained by the request aiming at the to-be-debugged case. Before the use case is subjected to security test, the use case is debugged, so that the request for the use case is ensured to be responded by the server, and then the security test is performed on the use case passing the debugging, so that the success rate of the security test can be improved. It should be noted that the foregoing description of the determination manner of the test case to be tested is merely an exemplary illustration, and in practical application, other determination manners are not excluded, which is not limited in particular.
As an example, the meaning of the above automated test function may include: aiming at the test case to be tested, parameters are input into the test case to be tested, a request can be automatically sent to the server based on the input parameters, and the response of the server to the request is automatically obtained. Illustrating: taking the test case to be tested as the login interface case as an example, inputting a normal user plane and a password aiming at the login interface case, automatically sending a request to the server based on the input user plane and password, and automatically obtaining a response returned by the server aiming at the request. It should be noted that the above-mentioned automated test function may also include other meanings, which are not limited in particular.
As an example, the above-determined test cases may be one or more, and the cases themselves may be pre-stored in a local case file, and when multiple test cases need to be determined, a loop determination may be performed from the local case file to determine multiple test cases.
The above-mentioned cycle acquisition method may be various, and one method may include, as an example: the cyclic acquisition is performed by using the For cyclic statement, or the cyclic acquisition is performed by using the While cyclic statement, and the mode of cyclic acquisition is not particularly limited.
As an example, a test case list may be generated according to the determined multiple test cases, where the test case list includes the multiple test cases, the test case list may exist in a cache, and when the multiple test cases need to be used, the test cases may be directly taken from the test case list existing in the cache. The efficiency and the speed of taking the test cases to be tested can be greatly improved.
The test cases and the target parameters may have various specific implementations, and as an example, one specific implementation may include: the test case may be an interface case, and the target parameter may be an interface parameter. Aiming at the security test of the interface use case, whether the security hole exists or not can be tested from the angles of the interface and the interface parameters. Illustrating: taking the test case to be tested as the login interface case as an example, the target parameters can be login interface parameters, such as a user plane, a password, a verification code and the like, aiming at the login interface case.
As an example, the interface parameter may be one or more fields under the interface use case, or may be other implementations, which is not limited in specific terms.
As an example, another specific implementation of the test case and the target parameter may include: the test case may be a User Interface (UI) case, and the target parameter may be an input parameter for the UI.
The input parameters for the UI may be, for example, a website scene, and the input parameters for the UI may be, for example, content in a website page, where a user accessing the website can directly input data to the page, such as a page input box. Other specific implementations of the input parameters for the UI are also possible, which are not limited.
The input parameters for the UI may be determined in various ways, and as an example, when the input parameters for the UI are the above-described page input boxes, one of the determining ways may include: the page input box is determined according to XML path language (XML Path Language, xpath), and the Xpath path is obtained as an input parameter for the UI. It should be noted that the foregoing description of the determination manner of the input parameters for the UI is merely an exemplary illustration, and in practical application, other determination manners are not excluded, which is not limited in particular.
The type of the page input box may be, for example, a query type, a report error to database type, etc., which is not limited in particular.
As an example, there may be one or more target parameters under the same test case, and when multiple target parameters need to be determined, loop determination may be performed under the test case to determine multiple target parameters.
The above-mentioned cycle acquisition method may be various, and one method may include, as an example: the cyclic acquisition is performed by using the For cyclic statement, or the cyclic acquisition is performed by using the While cyclic statement, and the mode of cyclic acquisition is not particularly limited.
As an example, a target parameter list may be generated according to the determined multiple target parameters, where the target parameter list includes the multiple target parameters, and the target parameter list may exist in the cache, and when the multiple target parameters need to be used, the target parameters may be directly taken from the target parameter list existing in the cache. The efficiency and the speed of taking the target parameters can be greatly improved.
The target parameter may be an update type parameter or an input type parameter, or may be another type parameter, which is not limited in particular.
S203, based on the target security attack code and the target parameter, sending a replacement request to a server of the to-be-tested test case, wherein the replacement request is used for requesting to replace the target parameter by the target security attack code;
as an example, the above-mentioned replacement request may be a request issued each time a target parameter needs to be replaced with a target security attack code, or may be a request issued in other cases, which is not limited in particular.
S204, based on the response result of the server to the replacement request, generating a security test result to complete security test.
There are various specific implementations of the above-mentioned response result and security test result, and as an example, one specific implementation may include: the response result may include at least an indication of success or failure of replacement, and the security test result may be recorded with at least: and when the response result is an indication of successful replacement, the security attack code used for replacement, the replaced parameter and the application corresponding to the replaced parameter are used for replacement. And carrying out security vulnerability processing aiming at the security attack code used for replacement, the replaced parameter and the replaced parameter, thereby improving the processing efficiency. Illustrating: for the replacement request of the security attack code A for replacing the parameter C under the use case B, the server returns a response result, and when the response result is an indication of successful replacement, the generated security test result can be at least recorded with the security attack code A, the use case B and the parameter C under the use case B. It should be noted that the foregoing description of the specific implementation of the response result and the security test result is merely exemplary, and in practical application, other specific implementations are not excluded, which are not limited to the specific implementation.
For example, when the response result is an indication of replacement failure, it may indicate that the server prohibits the input of the target security attack code, that is, the server does not have a security hole for the target security attack code; when the response result is an indication of successful replacement, the character that the server can escape the target security attack code may be indicated, that is, the server has a security hole for the target security attack code.
As an example, the security test result may be stored in a local file after being generated, so as to facilitate the user to take or process later.
As an example, a log record may be generated for the above-described response results to record the response results returned by the server.
As an example, a report mail may also be generated according to the above-described security test result, and sent to a tester or other person.
As an example, the replacement request may be sent to the server under different test environments, for example, test environment, UIT environment, PRE environment, etc., and the replacement request returned by the server may be verified according to the test environment corresponding to the replacement request.
Note that, the precedence relationship between S201 and S202 is not limited.
According to the technical scheme provided by the embodiment of the application, for the software service case with the automatic test function, based on the prestored security attack code and the appointed parameter in the software service case, a replacement request is sent to the server of the software service case, the appointed parameter is requested to be replaced by the security attack code, and then the security test result is generated based on the response result of the server, so that the security test is completed.
Another embodiment of the present application further provides a security testing method, as shown in fig. 3, including the following steps:
s301, acquiring target XSS codes, wherein the target XSS codes are stored in advance;
s302, determining an interface case to be tested, and determining target interface parameters under the interface case to be tested, wherein the interface case to be tested is a case of software service and has an automatic test function;
s303, based on the target XSS code and the target interface parameters, sending a replacement request to a server of the interface use case to be tested, wherein the replacement request is used for requesting to replace the target interface parameters by the target XSS code;
s304, generating a security test result based on the response result of the server to the replacement request so as to complete the security test.
In this embodiment, S301 to S304 are similar to S201 to S204 in the embodiment shown in fig. 2, and the specific implementation is similar except that the obtained target security attack code is XSS code, the test case to be tested is an interface case, and the target parameter is an interface parameter, which is not described in detail herein.
Another embodiment of the present application further provides a security test method, as shown in fig. 4, including the steps of:
s401, acquiring target XSS codes, wherein the target XSS codes are stored in advance;
s402, determining a user interface case to be tested, and determining target input parameters under the user interface case to be tested, wherein the user interface case to be tested is a case of software service and has an automatic test function;
s403, based on the target XSS code and the target input parameters, sending a replacement request to a server of the user interface case to be tested, wherein the replacement request is used for requesting to replace the target input parameters by the target XSS code;
s404, based on the response result of the server to the replacement request, generating a security test result to complete the security test.
In this embodiment, S401 to S404 are similar to S201 to S204 in the embodiment shown in fig. 2, except that the obtained target security attack code is XSS code, the test case to be tested is a user interface case, and the target parameter is a target input parameter in the user interface case, and the other specific implementations are similar, and detailed descriptions thereof are omitted herein.
Corresponding to the above method embodiment, the embodiment of the present application further provides a safety testing device, as shown in fig. 5, which may include:
an obtaining unit 501, configured to obtain a target security attack code, where the target security attack code is stored in advance;
the determining unit 502 is configured to determine a test case to be tested, and determine a target parameter under the test case to be tested, where the test case to be tested is a case of a software service and has an automatic test function;
a sending unit 503, configured to send a replacement request to a server of the to-be-tested case, based on the security attack code and the target parameter, where the replacement request is used to request the security attack code to replace the target parameter;
and the generating unit 504 is configured to generate a security test result based on a response result of the server to the replacement request, so as to complete a security test.
As an example, the determining unit 502 is specifically configured to debug a to-be-debugged case, and determine the to-be-debugged case that passes the debugging as the to-be-debugged case, where the debugging can obtain a response of the server by indicating a request for the to-be-debugged case.
As an example, the target security attack code includes XSS code.
As an example, the server maintains a security attack code database, the target security attack code being pre-stored in the security attack code database, and the obtaining unit 501 is specifically configured to obtain the target security attack code from the security attack code database.
As an example, the test case to be tested is an interface case, and the target parameter is an interface parameter.
As an example, the test case to be tested is a user interface case, and the target parameter is an input parameter for a user interface.
As an example, the response result includes at least an indication of success or failure of replacement, and the security test result records at least: and when the response result is an indication of successful replacement, the security attack code used for replacement, the replaced parameter and the application corresponding to the replaced parameter are used for replacement.
The present application also provides an electronic device, as shown in fig. 6, including:
a processor 601;
a memory 602 for storing processor-executable instructions;
wherein the processor 601 is configured to implement the security test method described in any of the embodiments above.
The application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the security test method described in any of the embodiments above.
The foregoing is merely illustrative of the embodiments of this application and it will be appreciated by those skilled in the art that variations and modifications may be made without departing from the principles of the application, and it is intended to cover all modifications and variations as fall within the scope of the application.
Claims (10)
1. A security test method, comprising:
acquiring a target security attack code, wherein the target security attack code is stored in advance;
determining a test case to be tested, and determining target parameters under the test case to be tested, wherein the test case to be tested is a software service case and has an automatic test function;
based on the target security attack code and the target parameter, sending a replacement request to a server of the test case to be tested, wherein the replacement request is used for requesting the target security attack code to replace the target parameter;
and generating a security test result based on a response result of the server to the replacement request so as to complete the security test.
2. The method of claim 1, wherein the determining the test case to be tested comprises:
debugging the to-be-debugged case, determining the to-be-debugged case passing the debugging as the to-be-debugged case, and enabling the debugging to obtain the response of the server by indicating the request aiming at the to-be-debugged case.
3. The method of claim 1, wherein the target security attack code comprises XSS code.
4. The method of claim 1, wherein the server maintains a security attack code database, the target security attack code being pre-stored in the security attack code database, the obtaining the target security attack code comprising:
and acquiring the target security attack code from the security attack code database.
5. The method of claim 1, wherein the test case to be tested is an interface case and the target parameter is an interface parameter.
6. The method of claim 1, wherein the test case to be tested is a user interface case and the target parameter is an input parameter for a user interface.
7. The method according to claim 1, wherein the response result includes at least an indication of success or failure of replacement, and the security test result is recorded with at least: and when the response result is an indication of successful replacement, the security attack code used for replacement, the replaced parameter and the application corresponding to the replaced parameter are used for replacement.
8. A safety testing device, comprising:
the acquisition unit is used for acquiring target security attack codes which are stored in advance;
the determining unit is used for determining a to-be-tested case which is a case of a software service and has an automatic testing function, and determining target parameters under the to-be-tested case;
the sending unit is used for sending a replacement request to the server of the test case to be tested based on the security attack code and the target parameter, wherein the replacement request is used for requesting to replace the target parameter with the security attack code;
and the generating unit is used for generating a security test result based on the response result of the server to the replacement request so as to complete the security test.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of any one of claims 1 to 7.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311265676.9A CN117171050A (en) | 2023-09-27 | 2023-09-27 | Security test method, security test device, electronic equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311265676.9A CN117171050A (en) | 2023-09-27 | 2023-09-27 | Security test method, security test device, electronic equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117171050A true CN117171050A (en) | 2023-12-05 |
Family
ID=88945006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311265676.9A Pending CN117171050A (en) | 2023-09-27 | 2023-09-27 | Security test method, security test device, electronic equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117171050A (en) |
-
2023
- 2023-09-27 CN CN202311265676.9A patent/CN117171050A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10243679B2 (en) | Vulnerability detection | |
| Fonseca et al. | Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks | |
| Gupta et al. | PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications | |
| CN111400722B (en) | Method, apparatus, computer device and storage medium for scanning small program | |
| Halfond et al. | Improving penetration testing through static and dynamic analysis | |
| CN108989355B (en) | Vulnerability detection method and device | |
| CN111783096B (en) | Method and device for detecting security hole | |
| CN107682361B (en) | Website vulnerability scanning method and device, computer equipment and storage medium | |
| US9846781B2 (en) | Unused parameters of application under test | |
| CN113259392B (en) | Network security attack and defense method, device and storage medium | |
| US10515220B2 (en) | Determine whether an appropriate defensive response was made by an application under test | |
| CN113315767B (en) | Electric power internet of things equipment safety detection system and method | |
| CN113868659B (en) | Vulnerability detection method and system | |
| CN116842531B (en) | Code vaccine-based vulnerability real-time verification method, device, equipment and medium | |
| Li et al. | The application of fuzzing in web software security vulnerabilities test | |
| CN113868669A (en) | Vulnerability detection method and system | |
| Zukran et al. | Performance comparison on SQL injection and XSS detection using open source vulnerability scanners | |
| US10242199B2 (en) | Application test using attack suggestions | |
| US9661014B2 (en) | Leveraging persistent identities in website testing | |
| Bozic et al. | Planning-based security testing of web applications | |
| US11921862B2 (en) | Systems and methods for rules-based automated penetration testing to certify release candidates | |
| CN117171050A (en) | Security test method, security test device, electronic equipment and computer readable storage medium | |
| Deng et al. | {NAUTILUS}: Automated {RESTful}{API} Vulnerability Detection | |
| CN113868670A (en) | Vulnerability detection flow inspection method and system | |
| CN113886837A (en) | Vulnerability detection tool credibility verification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |