Flow chart-based method for automatically detecting logic loopholes of electronic commerce websites

Abstract

The invention discloses a flow chart-based method for automatically detecting logic loopholes of electronic commerce websites. The method comprises the following steps: collecting the traces of a user using an electronic commerce website through an agency and structuring the traces into a flow chart; expanding the existing flow chart, seeking the undiscovered electronic commerce flows and integrating the undiscovered electronic commerce flows into the existing flow chart; and analyzing the expanded flow chart, recognizing the functions, embodied in the flow chart, of the electronic commerce website, carrying out logic loophole detection on the electronic commerce website by using a generated test example so as to generate a test result, calculating the similarity between the a page returned by the test and a page returned by the input flow chart, and comparing the similarity with a threshold to determine whether corresponding loopholes exist or not. According to the flow chart-based method for automatically detecting logic loopholes of electronic commerce websites, the problems that the traditional alogical loophole detection tools are low in crawler crawling efficiency and the operation of covering all the test parameters requires plenty of time are solved, so that the method is more suitable for the comprehensive detection of the logic loopholes of the electronic commerce websites.

Description

technical field [0001] The invention relates to a method for automatically detecting logic loopholes in an e-commerce website based on a flowchart. Background technique [0002] The current method of detecting logic loopholes in e-commerce websites is traditional manual detection. The method is proposed based on the defects exposed in the process of traditional manual analysis of logic vulnerabilities of e-commerce websites: [0003] (1) At present, traditional e-commerce website logic vulnerability detection can only be done manually, and manual detection usually relies on agents intercepting request-response pairs between e-commerce websites and shoppers and modifying the parameters. Due to the large number of parameters in the shopping process, it is very easy to miss the test parameters and cause false positives. Since most logic vulnerabilities need to keep a single variable of the tested parameter in the detection process (otherwise, even if an error is detected, it ...

AI Technical Summary

Problems solved by technology

[0005] In order to solve the above problems, the present invention proposes a method for automatically detecting logic loopholes in e-commerce websites based on flow charts. This method generates flow charts through the traces of users using e-commerce sites, and uses the flow charts as the basic basis for the automatic detection process. On the basis of the flow chart, the crawler is used to expand, which solves the problem of insufficient accuracy and low efficiency of the traditional automatic crawling page

Images