Web application safety detection method with white-box and black-box combined

A security detection and web application technology, applied in the field of information security, can solve the problems of high false alarm rate and inability to locate the source code location of the vulnerability, etc., and achieve the effect of solving the high false positive rate

Active Publication Date: 2013-05-22
CHINA ELECTRIC POWER RES INST +2
View PDF2 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] In order to overcome the above-mentioned defects, the present invention provides a web application security detection method combining white and black boxes, which sol

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web application safety detection method with white-box and black-box combined
  • Web application safety detection method with white-box and black-box combined
  • Web application safety detection method with white-box and black-box combined

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Characters are defined as follows:

[0036] W: White box testing.

[0037] WT: A collection of technologies used in white-box testing, one of which is represented by WT-n (n=1, 2, 3...).

[0038] B: Black box testing.

[0039] P: Detection process.

[0040] DUT: the target Web application system under test.

[0041] C: Web application system source code.

[0042] PF: a collection of source code files of the Web application system, and a certain result is represented by PF-n (n=1, 2, 3...).

[0043] WS: the result set of the white-box test, and one of the results is represented by WS-n (n=1, 2, 3.....).

[0044] BS: the result set of the black-box test, and one of the results is represented by BS-n (n=1, 2, 3...).

[0045] LS: Vulnerability set, one of the results is represented by LS-n (n=1, 2, 3...).

[0046] WS-nF: The file where a vulnerability in the white box test results resides.

[0047] BS-nF: The file containing a vulnerability in the black box test res...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a Web application safety detection method with a white-box and a black-box combined. The method includes the following steps: step 1, white-box testing is carried out on a Web application system; step 2, black-box testing is carried out on the Web application system; step 3, file association is carried out through K; step 4, file search is carried out through S; and step 5, integrity combination testing is carried out. The Web application safety detection method with the white-box and the black-box combined solves the problems that false alarm rates of the white-box testing on the Web application system are high and bug source code positions of the black-box testing can not be located.

Description

technical field [0001] The invention belongs to the field of information security, and in particular relates to a web application security detection method combining white and black boxes. Background technique [0002] The continuous innovation and development of Internet applications has greatly promoted the progress of society and the development of human civilization, and has become one of the main driving forces for the development of today's society. Information and network security are also facing unprecedented serious problems. The challenges in the field of network security are becoming more and more severe, and people are paying more and more attention to network security issues. [0003] In general, the biggest threat to network security is the vulnerability of web applications. Currently, web application vulnerability detection is mainly divided into two categories: black-box testing and white-box testing. [0004] Black box testing is mainly to test the runtime ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36
Inventor 范杰石聪聪余勇郭骞高鹏俞庚申蒋诚智冯谷
Owner CHINA ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap