49results about How to "Improve vulnerability detection efficiency" patented technology

The present application provides a vulnerability detection method and device. According to the vulnerability detection method and device of the invention, a step for converting a field of the JSON format in a first request message to a field of the URL format is added in a vulnerability detection process, and therefore, with an existing URL format-based vulnerability scanner engine unmodified, a test load is added to the field of the URL format, and the test load-added field in the URL format is converted into a field of the JSON format; a second request message is generated and is sent to a server, so that the server can identify the second request message; a second response message which is corresponding to the second request message and returned by the server is directly compared with afirst response message which is returned by the server after a first request message is sent to the server; and a vulnerability detection result is obtained on the basis of vulnerability judgment reset rules in a vulnerability knowledge base; and thus, JSON format-based automatic vulnerability detection is realized, development costs are saved, and vulnerability detection efficiency can be improved.

The invention discloses a vulnerability detection method, device, storage medium and electronic equipment in a cloud technology scene, and specifically, it also relates to technologies such as protection in the field of cloud security. Wherein, the method includes: calling the built-in probe function of the self-defined function in the target system to detect the first data, so as to obtain the first detection result; when the first detection result indicates that the first data is normal, use the self-defined function to process The first data to obtain the second data; when the second data is returned to the custom function, call the probe function to detect the second data to obtain the second detection result, wherein the second detection result is used to indicate the target system Whether there is a vulnerability. The invention solves the technical problem of low loophole detection efficiency.

Embodiments of the present invention provide a port vulnerability detection method, a terminal, and a computer-readable medium. The method includes: obtaining an IP address to be detected, and detecting the port information of each port corresponding to the IP address; If there is a first port whose port information changes in each port corresponding to the IP address, then call the preset vulnerability scanning engine to detect the vulnerability of the first port; if it is detected that in each port corresponding to the IP address There is a second port whose port information has not changed, then obtain port service information in the second port; detect the port service information in the second port; if it is detected that the port service information has changed , the preset vulnerability scanning engine is invoked to detect the vulnerability of the second port, which realizes the vulnerability detection of the port whose port information changes, and improves the efficiency of vulnerability detection.

The invention discloses a loophole detection system and method for Android mixed application code injection. The system includes an authority feature extraction module, a data channel feature extraction module and a vulnerability detection module. The authority feature extraction module is used to extract the mixed application code to be detected The sensitive permission application set of the hybrid application; the data channel feature extraction module is used to extract the source point set and the receiving point set of the data channel from the mixed application code to be detected; the first input terminal of the vulnerability detection module is the same as the output of the permission feature extraction module The second input terminal is connected to the output terminal of the data channel feature extraction module, which is used to determine whether there is vulnerability code injection in the mixed application to be detected by using the vulnerability detection model according to the sensitive authority and the source point set and the receiving point set of the data channel . Compared with the traditional detection method based on control flow and program call graph, it has higher efficiency, high classification accuracy and good usability.