Vulnerability detection method and device

A vulnerability detection and vulnerability technology, applied in software testing/debugging, platform integrity maintenance, etc., can solve problems such as inaccurate vulnerability detection, and achieve the effect of solving inaccurate detection, real-time accurate detection, and strong real-time performance

Inactive Publication Date: 2015-12-30
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The embodiment of the present invention provides a vulnerability detection method and device to at least sol

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection method and device
  • Vulnerability detection method and device
  • Vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0021] According to an embodiment of the present invention, an embodiment of a vulnerability detection method is provided. It should be noted that the steps shown in the flowcharts of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and, although A logical order is shown in the flowcharts, but in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0022] According to an embodiment of the present invention, a vulnerability detection method is provided, such as figure 1 As shown, the detection method can be realized through the following steps:

[0023] Step S102: mark the area used by the application to be detected when performing a storage operation on the illegal data source marked as illegal as an illegal illegal operation area.

[0024] Step S104: Obtain an operation instruction executed when the application to be detected is running.

[0025]...

Embodiment 2

[0110] According to an embodiment of the present invention, a vulnerability detection device is also provided, which can be implemented by the method involved in the embodiment, and the implementation process of the present application will be described in detail below.

[0111] Figure 5 is a schematic structural diagram of a vulnerability detection device according to an embodiment of the present invention.

[0112] Such as Figure 5 As shown, the device may include: a marking module 10 , an instruction acquisition module 20 , an area judgment module 30 , and a vulnerability detection module 40 .

[0113] Wherein, the marking module is configured to mark the area used when the application to be detected performs a storage operation on the marked illegal data source as an illegal illegal operation area.

[0114] The instruction acquiring module is configured to acquire an operation instruction executed when the application to be detected is running.

[0115] The area judgi...

Embodiment 3

[0148] The embodiment of the present invention also provides a terminal. Optionally, in this embodiment, the above-mentioned terminal may execute the vulnerability detection method, and the vulnerability detection device in the above-mentioned embodiment may be set on the terminal.

[0149] Figure 6 is a structural block diagram of a terminal according to an embodiment of the present invention. Such as Figure 6 As shown, the terminal 50 may include: one or more (only one is shown in the figure) processors 51 , a memory 53 , and a transmission device 55 .

[0150] Among them, the memory 53 can be used to store software programs and modules, such as the program instructions / modules corresponding to the vulnerability detection method and device in the embodiment of the present invention, and the processor 51 executes various functions by running the software programs and modules stored in the memory 53. A functional application and data processing, that is, to realize the ab...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a vulnerability detection method and device. The method comprises the steps that the area used when an application to be detected executes storage operation on an illegal data source marked to be illegal is marked as an illegal operation area; an operation instruction executed when the application to be detected runs is obtained; whether a storage area operated by the operation instruction contains the illegal operation area marked to be illegal or not is judged; if yes, it is detected that the operation instruction has vulnerability. By the adoption of the vulnerability detection method and device, the problem that an existing black box vulnerability discovery method cannot detect the vulnerability accurately is solved, and the effect of detecting the vulnerability of the application to be detected accurately in real time is achieved.

Description

technical field [0001] The present invention relates to the field of application program testing, in particular to a loophole detection method and device. Background technique [0002] At present, the automated vulnerability mining systems used in the industry can be roughly divided into two types according to different mining ideas: white-box vulnerability mining and black-box vulnerability mining. Starting from the source code, try to understand its semantics and logic, and then scan these semantics and logic according to the prepared vulnerability rules in order to find vulnerabilities; while black-box vulnerability mining is to treat the product to be tested as a black box, to the black box Populate a large number of test cases for the external interface of the system, and then observe the performance of the black box when processing these test cases to identify vulnerabilities. [0003] Compared with white-box mining in the prior art, black-box mining is simpler and mo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36G06F21/57
Inventor 郭冕
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products