Unlock instant, AI-driven research and patent intelligence for your innovation.

Detecting method and device for vulnerabilities

A vulnerability detection and vulnerability technology, which is applied in the computer field, can solve the problems of high rate of false positives and false negatives of vulnerabilities, and achieve the effect of reducing the rate of false positives of vulnerabilities and improving the accuracy of vulnerability detection

Active Publication Date: 2015-03-25
SHENZHEN TENCENT COMP SYST CO LTD
View PDF6 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Dynamic black-box testing relies too much on test cases, so it is easy to cause false positives; while the existing static white-box scans through audit tools to detect vulnerabilities, the false positive rate of vulnerabilities is also high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detecting method and device for vulnerabilities
  • Detecting method and device for vulnerabilities
  • Detecting method and device for vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0021] figure 1 is a schematic flow chart of the first embodiment of the vulnerability detection method of the present invention; figure 1 As shown, the vulnerability detection method of the present invention comprises the following steps:

[0022] Step S01, receiving the source code that needs to be tested for vulnerabilities;

[0023] The vulnerability detection program receives the source code that needs to be tested for the vulnerability; The source code submitted regularly by SVN (subversion, version management) tool. In an actual application scenario, the source code submitted by the web page is usually the source code developed by PHP (Professional Hypertex...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detecting method and device for vulnerabilities. The method includes receiving a source code needed to be subjected to vulnerability detection; subjecting the received source code to grammatical analysis and configuring detection points for vulnerability detection to acquire corresponding syntax tree information; resolving the configured detection points in the syntax tree information to acquire relevant variables of each detection point, and acquiring initial values of the variables by resolving the acquired variables; analyzing the acquired initial values of the variables and detecting the vulnerabilities of the source code if the initial values are external controllable inputs. In the prior art, dynamic black-box testing of test case and dynamic white-box testing scan-detected by audit tools are relied on heavily. Compared with the prior art, by the application of the detecting method and device for vulnerabilities, the accuracy of vulnerability detection is improved, and the false alarm rate of the vulnerability when the source code detected is decreased.

Description

technical field [0001] The present invention relates to the computer field, and also to information security technology, in particular to a loophole detection method and device. Background technique [0002] With the popularity and rapid development of Web applications such as social networking sites, electronic malls, portals, and forums, the security issues of Web applications have also attracted much attention. Due to defects in the specific implementation of hardware devices, software systems, communication protocols, etc. that carry web applications or in system security policies, loopholes will inevitably exist in the development process of web applications. [0003] Currently common methods for detecting web vulnerabilities are mainly dynamic black-box testing and static white-box scanning; dynamic black-box testing is to construct a large number of deformed test cases, visit web pages, and then judge the content of the returned web pages; The data existing in the we...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/034
Inventor 王培伟王金锭谭晓光陈薇婷王岳
Owner SHENZHEN TENCENT COMP SYST CO LTD