WEB dynamic security flaw detection method based on JAVA

Abstract

The invention relates to a security test of WEB application, and aims to provide a WEB dynamic security flaw detection method based on JAVA. The WEB dynamic security flaw detection method based on JAVA is used for detecting the security flaws of a WEB application system, and comprises the following steps: modifying JAVA middleware; performing fuzzing test and dynamic flaw tracking. Due to the adoption of the WEB dynamic security flaw detection method, more WEB security flaw problems can be found rapidly, the security flaw range of black box test can be better covered, more deep WEB security problems can be found, the problem of high cost in white box test can be solved, the specific position of a flaw code can be determined more accurately, and lower missing report rate and error report rate in a detection process are ensured.

Description

technical field

[0001] The invention relates to WEB application security testing, in particular to a JAVA-based WEB dynamic security loophole detection method. Background technique

[0002] In WEB application security testing, frequently used detection methods are usually black-box testing and white-box testing. But both black-box testing and white-box testing have different defects.

[0003] Black-box testing can only find out all the errors in the program only when the test method of exhaustive input information is adopted and all possible input information is considered as the test situation. In fact, there are infinitely many test situations, and people not only need to test all legal information inputs, but also test those information inputs that are illegal but possible. From this point of view, it is impossible to complete the test, so we need to conduct targeted security vulnerability testing, guide the implementation of testing by formulating test cases, and ensur...

Images