Form feature-based Web security vulnerability dynamic testing method

A dynamic detection and vulnerability detection technology, applied in the field of security vulnerability detection, can solve problems such as poor scalability, low performance, limited application scenarios, etc., to save testing time and labor costs.

Inactive Publication Date: 2010-12-01
NANJING UNIV
View PDF4 Cites 50 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The main purpose of the present invention is to propose a dynamic detection method for web application security vulnerabilities based on form features, which uses domain knowledge to Generate test values ​​for form input fields, use forms as test units, and detect potential security vulnerabilities in web applications through dynamic testing

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Form feature-based Web security vulnerability dynamic testing method
  • Form feature-based Web security vulnerability dynamic testing method
  • Form feature-based Web security vulnerability dynamic testing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] Such as figure 1 As shown, the dynamic detection method of web application security vulnerabilities based on form features is organized according to the flow architecture by four modules: web form feature collection, test case set generation, test case set execution, and potential security vulnerability analysis. The Web form feature collection module collects and organizes Web page information and included form features, including each edit field of the form (such as text, password type input form fields, and textarea form fields) and non-edit fields (such as radio, checkbox, input form fields of submit, reset, and hidden types, select form fields), collectively referred to as form input fields (referred to as form fields). The test case set generation module takes the form as the unit, uses the domain knowledge of web application security vulnerabilities, and assigns a set of specific vulnerability candidate test values ​​to each input field of the form; then generate...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a form feature-based Web security vulnerability dynamic testing method. The method comprises the following steps of: 1) extracting automation features of a page to be tested of Web application, a form and a form domain thereof; and acquiring and storing data; 2) endowing each form domain with a group of test candidate values by taking the form as a testing unit; primarily generating an all-combination test case set; computing a weight value for each test case; and generating a test case set by using a maximal weight selection method; 3) executing the test case set; and4) performing potential security vulnerability analysis aiming at an execution result of each test case, and summarizing and generating a test report. The method endows the form domain with a security vulnerability testing value in a targeted way by using field knowledge by performing feature analysis on the Web form, interacts with a Web server to acquire a server response, and automatically tests a potential security vulnerability in the Web application according to a response result.

Description

technical field [0001] The present invention relates to the security loophole detection based on the form input field in the web application automation test technology, especially relates to the situation that the web form becomes one of the main ways of web application security attack, effectively analyzing and using the characteristics of the form, and giving each input field of the form Targeted security vulnerability testing values ​​to detect security vulnerabilities in web applications. Background technique [0002] The method of dynamic detection of web application security vulnerabilities has been applied to the security testing of web applications. Security testing is an essential link in the process of web application development, and its ultimate goal is to ensure the security and reliability of web applications. With the increasing complexity of the scale of Web application systems and the deepening impact on social life, the demand for Web application security ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 张立久顾庆彭树森陈翔陈道蓄
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap