Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

WEB dynamic security flaw detection method based on JAVA

A vulnerability detection and dynamic security technology, which is applied in the field of WEB application security testing, can solve the problems of high testing cost, high basic quality requirements of testers, and inability to pay attention to the position of the program under test or the internal logic code of the system, so as to reduce the high Effect of cost, low false negative and false positive rates

Active Publication Date: 2014-04-02
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF3 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In security testing, black-box testing can globally test visible input information and output information, but black-box testing cannot pay attention to the specific internal logic of the program or system under test, the code location where the problem occurs, and the deeper and more hidden WEB security breach
The white-box testing method has high requirements for the basic quality of the testers, and the cost of testing is very high in the case of a huge amount of code, and it may not be possible to clearly understand all the code flow

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WEB dynamic security flaw detection method based on JAVA
  • WEB dynamic security flaw detection method based on JAVA

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] First of all, it should be explained that the present invention is an application of computer technology in the field of information security technology. During the implementation of the present invention, the application of multiple software function modules will be involved. The applicant believes that, after carefully reading the application documents and accurately understanding the realization principle and purpose of the present invention, combined with existing known technologies, those skilled in the art can fully implement the present invention by using their software programming skills. The aforementioned software functional modules include but are not limited to: Agent.jar package, Proxy+Fuzzing tools, etc. All mentioned in the application documents of the present invention belong to this category, and the applicant will not list them one by one.

[0023] Below in conjunction with accompanying drawing and specific embodiment the present invention is described...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a security test of WEB application, and aims to provide a WEB dynamic security flaw detection method based on JAVA. The WEB dynamic security flaw detection method based on JAVA is used for detecting the security flaws of a WEB application system, and comprises the following steps: modifying JAVA middleware; performing fuzzing test and dynamic flaw tracking. Due to the adoption of the WEB dynamic security flaw detection method, more WEB security flaw problems can be found rapidly, the security flaw range of black box test can be better covered, more deep WEB security problems can be found, the problem of high cost in white box test can be solved, the specific position of a flaw code can be determined more accurately, and lower missing report rate and error report rate in a detection process are ensured.

Description

technical field [0001] The invention relates to WEB application security testing, in particular to a JAVA-based WEB dynamic security loophole detection method. Background technique [0002] In WEB application security testing, frequently used detection methods are usually black-box testing and white-box testing. But both black-box testing and white-box testing have different defects. [0003] Black-box testing can only find out all the errors in the program only when the test method of exhaustive input information is adopted and all possible input information is considered as the test situation. In fact, there are infinitely many test situations, and people not only need to test all legal information inputs, but also test those information inputs that are illegal but possible. From this point of view, it is impossible to complete the test, so we need to conduct targeted security vulnerability testing, guide the implementation of testing by formulating test cases, and ensur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 吴卓群刘志乐范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products