Safety detection method and device for Web application system

A security detection and web application technology, applied in the field of network security, can solve the problems of inability to locate the source code of vulnerabilities, high false positive rate, and low security of web application systems, so as to improve code security awareness, strengthen security, and enhance The effect of code security awareness

Inactive Publication Date: 2014-12-03
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF6 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the invention patent application solves the problem of high false positive rate of white box testing and black box testing of web application systems, the security of the web application system is still low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety detection method and device for Web application system
  • Safety detection method and device for Web application system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] A security detection method for a web application system, the steps comprising:

[0034] Step 1. Local security detection

[0035] Local security detection mainly analyzes the code of the web application system, uses crawler technology to simulate the use of the web application system, and marks the detected web application system code vulnerabilities as warning marks;

[0036] The process of code analysis is to firstly detect the dangerous function of the code of the Web application system, and then perform parameter filtering and identity verification on the code of the Web application system.

[0037] The source code analysis technique is adopted in the code analysis, and the source code analysis technique mainly includes the following three steps:

[0038] Step 3-1, first perform lexical analysis and syntax analysis on the code of the Web application system (for example, perform mathematical modeling on the logical structure of the code of the Web application syste...

Embodiment 2

[0058] A security detection device for a web application system includes a local security detection module, a cloud security detection module and a penetration testing module.

[0059] The local security detection module is used to analyze the code of the Web application system by using the source code analysis technology, simulate the use of the Web application system by using the crawler technology, and mark the detected code loopholes of the Web application system as warnings. The local security detection module adopts the local security detection method in the first embodiment above.

[0060] The cloud security detection module is used for uploading the sample of the Web application system code to the cloud server, and comparing each basic block of the sample of the Web application system code with the defective basic block pre-stored on the cloud server, and comparing the generated Web Application system code vulnerabilities are marked with warnings. The cloud security d...

Embodiment 3

[0064] On the basis of the second embodiment, an update module is also provided. The update module is used to update the defective basic blocks, security modules and penetration testing tools pre-stored on the cloud server.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a safety detection method and device for a Web application system, aims at providing the safety detection method and device which can conduct dual detection including the local detection and the cloud end detection and are high in safety performance for the Web application system, and belongs to the technical field of network safety. Safety detection on the Web application system is achieved through the detection method including the steps of local safety detection, cloud end safety detection and permeation tests. The method and the system are used for safety detection of the Web application system.

Description

technical field [0001] The invention relates to a security detection method and a detection device of a Web application system, which are used for the security detection of the Web application system and belong to the technical field of network security. Background technique [0002] Today, with the popularization of the Internet and the rapid development of Web technology, the Web has had a profound impact on business, education, government and entertainment, as well as our work and life. Correspondingly, there has been a large market for Web-based applications. With the deepening of informatization construction, the Web application system has become increasingly mature, and the Web application system platform has been widely used in e-government, e-commerce and other fields, represented by collaborative work environment, social network services and hosting applications Web technology has changed the way people communicate, exchange and work to a great extent. However, due...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 张小松陈瑞东吴安彬牛伟纳王东徐浩然孙恩博柯明敏杨高明张艺峰
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap