Software Security Defect Discovery System

A software security and defect technology, applied in the field of software security defect discovery system, can solve problems such as difficulties, time-consuming and laborious, and difficult-to-understand format of defect reports, and achieve the effects of reducing difficulty of use, easy management of defects, and perfect detection range

Active Publication Date: 2017-09-01
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This has resulted in a high learning cost for software security defect detection. For a large-scale project with mixed languages, it is necessary to be proficient in various testing tools to achieve a relatively complete security defect detection. During software development, there is little testing for security flaws
[0007] Secondly, the defect reports generated by existing defect detection tools are difficult to understand and have inconsistent formats. Even if a relatively complete security defect detection is carried out on a software project, it will be very difficult to read all kinds of reports quickly and easily, and Due to the scattered defect reports, it is not convenient to have an overall understanding of software security defects
[0008] Thirdly, current defect detection usually only provides detection and viewing functions, and defect reports still need to be written by hand, which is time-consuming and laborious
[0009] There are very few existing relatively complete security defect discovery systems. At present, although "Software Security Vulnerability Detection Device and Method" (Chinese invention patent application, publication number: CN 102541729A, publication date 2012.7.4) provides fuzzy testing and penetration testing. Defect detection function, and it is equipped with corresponding defect management function to view defects. However, in terms of detecting software security in actual application, the detection results obtained by one or two detection methods are relatively one-sided, which is not enough to reflect the overall security status of the software. The detection results still not perfect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software Security Defect Discovery System
  • Software Security Defect Discovery System
  • Software Security Defect Discovery System

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0026] The present invention provides a software security defect discovery system (hereinafter referred to as the system), such as figure 1 As shown, it includes behavior static testing module, behavior monitoring module, fuzz testing module, penetration testing module, knowledge base and defect database; where, the knowledge base includes behavior monitoring knowledge base and penetration knowledge base, and the behavior monitoring knowledge base is used to store behavior The sequence call sequence segment generated by the software training of the monitoring module is used as a reference call sequence, and the penetration knowledge base is used to store penetration test cases for penetration testing; the defect database is used to store sorted and formatted defect data.

[0027] The security detection of the software to be tested is completed by the moni...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software safety defect discovery system. The invention can carry out static analysis, behavior monitoring, fuzzy test and penetration test on the software to be tested, the test mode is perfect, the security defect of the software can be found more perfectly and accurately, and the detection speed is improved. The present invention first performs static analysis, stores the security defect data obtained by it into the defect database according to the set database format, and then uses the behavior monitoring module, the fuzzy testing module and the penetration testing module to respectively detect the security defects obtained by the static analysis module, At the same time, the software under test is also routinely detected, and the system call sequence, fuzzy test case or penetration test case name that causes abnormal system behavior or security problems is stored in the defect database. The invention can realize a complete and powerful defect detection process, the detection process is automatic, and can reduce the use difficulty of security defect testers.

Description

technical field [0001] The invention relates to the technical field of software safety testing, in particular to a software safety defect discovery system. Background technique [0002] At present, there are many kinds of software security defect detection technologies and scattered. The main detection methods are static analysis, behavior monitoring, fuzz testing and penetration testing. However, the above four types of detection methods have completely different detection methods for software. For example, using static analysis to detect software security flaws is usually aimed at the source code of the software, and there are also some tools that can decompile executable files of Java and .NET programs for static analysis. The current static analysis security defect detection tools are all aimed at some mainstream programming languages, and different programming languages ​​have their corresponding static analysis tools. For example, there are CppCheck and Antic for C / C+...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
Inventor 胡昌振赵小林付裕王子阳薛静锋
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products