49results about How to "Improve vulnerability detection efficiency" patented technology

The invention provides an Android application privilege disclosure vulnerability detection method, which is used for solving the technical problems of low efficiency of application privilege disclosure vulnerability detection and incomplete detection result in the prior art. The method includes: extracting each application programming interface corresponding to an Android sensitive privilege froman Android system source code, and configuring pollution source functions and trap functions; performing reverse engineering on an application to be detected, analyzing the obtained resource file, andobtaining an application component with the risk of privilege disclosure; then, constructing a detection flow method of static stain analysis of the application component with the risk of privilege disclosure; performing the static stain analysis on the basis of the method, and obtaining a privilege disclosure path list of the application to be detected; finally, outputting the detection result of privilege disclosure vulnerability of the application to be detected. The invention can comprehensively and efficiently detect the Android application privilege disclosure vulnerability, and can beused for the analysis and research of the Android application privilege disclosure vulnerability.

the embodiment of that present specification provide a vulnerability detection method, Installations and equipment, the of that present specification exploit file related to historical vulnerabilities, especially patch files, generating a patch feature database including functional features and disassembly information, and utilizing executable binary file of the program to be tested to construct characteristic database of the program to be tested, Firstly, the function features of the program to be tested are matched with the sample function features in the patch feature database, The invention identifies as many functions as possible, and then matches the disassembly information to be tested with the sample disassembly information corresponding to the matched sample function in the patchfeature database, so as to determine whether the program to be tested exists corresponding patch according to the matching result, and when the corresponding patch exists, determines the vulnerabilitytype of the program to be tested according to the patch.

The invention provides a method, a device and a system for ranking test samples. The method comprises the following steps that the following steps are executed for one turn or several turns; each test samples in a plurality of test samples is used for testing a test object according to the ranging sequence of the test samples in an initial test sample set, the attacking effect of each test sample is monitored, and in addition, the priority of each test sample is determined according to the attacking effect corresponding to each test sample; the test samples in the initial test sample set are re-ordered again according to the determined priority of each test sample; the re-ordered test sample set obtained in the current turn can be used as the initial test sample set used in the execution process in the next turn.

The invention discloses a vulnerability detection method and device, relates to the technical field of security, and mainly aims to reduce the search range of an unknown vulnerability detection hole,simplify the vulnerability detection process and save the time consumed by detection, thereby improving the vulnerability detection efficiency. The method comprises the following steps: carrying out virtualization processing on a system of terminal device; Using a virtualized virtual machine monitor to perform memory permission monitoring on an operation behavior corresponding to the terminal device so as to detect whether the operation behavior has a memory access violation or not; And if the memory access violation occurs, determining that a suspected unknown vulnerability is detected, and storing a context environment corresponding to the operation behavior, the context environment being used for further detecting the suspected unknown vulnerability. The method is suitable for vulnerability detection.

The invention discloses an intelligent fuzzy test method, device and system, and relates to the technical field of computers, and the method comprises the steps: converting an input variable of a tested target into a symbolic expression through symbolic execution; performing execution path constraint on the symbolic expression of the multiple paths of input variables; generating a test case according to the constrained execution path; and executing the test case, and obtaining an execution state and test data of the test case. The embodiment of the invention can solve the problem of low detection efficiency of the existing fuzzy test.

The invention discloses a vulnerability detection system and method of Android hybrid-application code injection. The system includes a permission feature extraction module, a data channel feature extraction module and a vulnerability detection module. The permission feature extraction module is used for extracting a sensitive permission application set of a to-be-detected hybrid application fromto-be-detected hybrid-application code. The data channel feature extraction module is used for extracting a source point set and a receiving point set of data channels from the to-be-detected hybrid-application code. A first input end of the vulnerability detection module is connected to the output end of the permission feature extraction module, and the second input end thereof is connected to the output end of the data channel feature extraction module. The vulnerability detection module is used for according to sensitive permissions and the source point set and the receiving point set of the data channels, using a vulnerability detection model to determine whether vulnerability code injection of the to-be-detected hybrid application exists. Compared with traditional detection methods based on control flow and program call graphs, the method of the invention has higher efficiency, is very high in classification accuracy, and has very good usability.

The invention provides a vulnerability detection method and system, and the method comprises the steps: responding to a vulnerability detection request, and determining a to-be-detected object; determining a target vulnerability rule list at least based on the to-be-detected object and the performance score value of each vulnerability rule in a rule base, wherein a plurality of target vulnerability rules are recorded in the target vulnerability rule list; performing vulnerability scanning on the to-be-detected object based on the target vulnerability list; generating feedback information at least based on the scanning result; and updating a performance score value of the target vulnerability rule based on the feedback information. According to the vulnerability detection method, the optimal vulnerability rule can be automatically determined and updated, so that the success rate and speed of each vulnerability detection are ensured.

The invention provides a vulnerability detection method and device, a server and a storage medium. The method includes: generating a source code set of an application by decompiling an application installation package; scanning file content of a source code file in the source code set to judge whether the source code file carries a first vulnerability feature or not; under the condition that the source code file carries the first vulnerability feature, performing semantic analysis on the source code file, detecting whether the source code file carries a second vulnerability feature matched with the first vulnerability feature based on a semantic analysis result of the source code file, and if the source code file carries the second vulnerability feature matched with the first vulnerabilityfeature, determining that the source code file has a vulnerability. According to the invention, whether the source code file possibly has the vulnerability or not is determined through the first vulnerability feature irrelevant to semantics; semantic analysis is performed on the source code file to determine whether the source code file really has the vulnerability on the basis that the source code file possibly has the vulnerability, so that the vulnerability detection of the source code file can be realized, and the vulnerability detection efficiency can be effectively improved.

The invention discloses a vulnerability management system based on network assets. The system comprises a vulnerability library module, a vulnerability information display module, a vulnerability retrieval module, a vulnerability library updating module and a vulnerability library exporting module; wherein the vulnerability library module classifies the detected vulnerability information; the vulnerability information display module displays specific vulnerability information under three different classifications of CNNVD, CNVD and CVE; the vulnerability retrieval module performs HTML (Hypertext Markup Language) analysis and arrangement on the screened information; the vulnerability library updating module stores the obtained useful information in a MongoDB database; the increment detection module completes increment update detection; the vulnerability library export module exports vulnerabilities. According to the method, automatic detection is performed on the network assets through the Scrapy framework, so that excessive dependence on manual detection is avoided; and then the network assets are continuously detected, and the vulnerability library is updated in time, so that the hysteresis of the database is effectively avoided, and meanwhile, the vulnerability information is favorably exported from the MongoDB database and is analyzed, and the security threat is solved.

The invention discloses a zero false alarm detection method for Android App vulnerabilities, which comprises the following steps of: 1) analyzing experience knowledge (such as vulnerability attack paths, CVE reports and the like) of the Android App vulnerabilities, and summarizing, detecting and triggering comprehensive description of the vulnerabilities; 2) App feature extraction: statically searching vulnerability attributes and constructing field values required by a test case and a trigger; 3) performing exploration path constraints by using symbols, and filtering invalid field values in the step 2); 4) dynamically generating a test case and a trigger, and triggering the target App; 5) performing dynamic binary instrumentation on the entry function and the target function of the targetApp; 6), if the behavior of the target function is matched with the vulnerability behavior, judging that the vulnerability exists. According to the zero false alarm detection method, the informationfor detecting and triggering the vulnerability is summarized by analyzing the experience knowledge of the vulnerability; meanwhile, static analysis, symbolic execution and the dynamic binary instrumentation technology are combined for detecting and verifying the vulnerability, and the zero-false-alarm detection effect is achieved.

The invention provides a vulnerability detection method and device, equipment and a storage medium. The method comprises the steps that after a to-be-detected field returned by a target application is received, feature extraction is conducted on the to-be-detected field, a feature vector of the to-be-detected field is obtained, the feature vector is input into a pre-trained vulnerability detection model, and a detection result of the to-be-detected field is obtained, the detection result is used for indicating whether a vulnerability and/or a vulnerability position exists in the to-be-detected field. By adopting the supervised machine learning model to perform vulnerability detection on the to-be-detected field, the detection accuracy is high. In addition, the detection process can assist testers in performing field preliminary screening, and the vulnerability detection efficiency is improved.

The invention provides a router automation vulnerability utilization method and system and electronic equipment, and the method comprises the steps: obtaining a to-be-detected router, and determiningthe target version information of the to-be-detected router; determining a target vulnerability detection and identification method corresponding to the target version information in a router vulnerability utilization library according to the target version information; carrying out vulnerability detection on the to-be-detected router through a target vulnerability detection and identification method; and under the condition that the to-be-detected router has the vulnerability through detection, performing vulnerability utilization attack on the to-be-detected router through the target vulnerability utilization code corresponding to the target vulnerability detection and identification method. According to the invention, the vulnerability of the to-be-detected router can be automatically identified and utilized based on the router vulnerability utilization library, so that the router vulnerability detection efficiency is improved, the security of the Internet of Things equipment is improved, and the technical problem of low efficiency of an existing manual router vulnerability detection mode is relieved.

The invention provides an equipment protocol vulnerability detection method and device, and the method comprises the steps: determining a to-be-detected protocol type of to-be-detected equipment, and obtaining a protocol message corresponding to the to-be-detected protocol type in a system where the to-be-detected equipment is located; obtaining a relationship between fields in the protocol message; performing protocol state machine learning on a system where the to-be-detected equipment is located according to the protocol message, and obtaining a state machine path of the system where the to-be-detected equipment is located; determining a test case generation method according to the state paths, and generating test cases corresponding to the state paths according to the test case generation method in combination with the relationship between the fields; and inputting the test case into the to-be-detected equipment, and obtaining a protocol vulnerability detection result of the to-be-detected equipment according to the working state of the to-be-detected equipment. According to the method and the device, the test cases are generated in combination with the relationship among the fields in the protocol message and the state path, so that a large number of redundant test cases are prevented from being generated, the code coverage rate is improved, and the vulnerability detection efficiency is improved.

The invention discloses a vulnerability mining method and device and a readable storage medium, belonging to the field of software security. The method includes: determining a target functional unit among a plurality of functional units of a target application; using n test data of target data type to test the vulnerability of target functional unit to obtain a first vulnerability test result, wherein, the target functional unit is used for processing the data of the target data type, and the value of n is within the range of the experience value, and the experience value range is obtained according to the numb of times the data of the same data type is processed before the security vulnerability of the functional unit occurs; and based on the results of the first vulnerability test, a security vulnerability in the target application is identified. The present disclosure solves the problem of lower application security due to fewer security vulnerabilities of the excavated application.The present disclosure is used for security vulnerability mining.

The invention provides a WASM smart contract vulnerability detection method based on symbolic execution, and belongs to the technical field of software testing. The method comprises the steps: constructing executable examples through WebAssembly byte codes of a to-be-analyzed smart contract, calling an initialization function in each example to initialize the state of a running environment, and filling numerical values of a memory area and a data area of the running environment; and further calling a function body to perform symbolic execution according to an index in a function signature, traversing an execution path of the byte code level smart contract to explore a possible state of the smart contract during actual operation, and analyzing potential security vulnerabilities of the smart contract according to the state. In addition, a general function interface and a special function are used for realizing simulation support for library functions of different block chain platforms, so that the integrity of a symbolic execution process is ensured. By setting a circulation upper limit and a branch access upper limit, the path explosion problem and the coverage rate problem in symbolic execution are solved.

The invention discloses a Weblogic deserialization vulnerability scanning detection method and tool, the tool comprises a vulnerability detection tool body, a vulnerability scanning host, a vulnerability detection module and a deserialization processing module, the vulnerability detection tool body is internally provided with the vulnerability scanning host, the vulnerability scanning host is connected with the deserialization processing module, and the deserialization processing module is connected with the vulnerability detection module. The input end of the vulnerability scanning host is connected with the input end of the vulnerability detection server, and the deserialization processing module is adopted to initialize the vulnerability scanning interface, so that the detection interface, the domain name address, the detection result and the user instruction are recovered to the initial running state at the same time; by adopting the mode, the detection interface, the domain name address, the detection result and the user instruction can be in the initial state before each vulnerability scanning, so that the vulnerability scanning detection tool does not need to be initialized by manually inputting the instruction, and the subsequent vulnerability detection efficiency of other Weblogic servers is effectively improved.