Application security testing method, device and system

A technology for security testing and application programs, applied in the field of communication, can solve problems such as false negatives and false negatives, and achieve the effect of improving accuracy

Active Publication Date: 2016-05-04
TENCENT TECH (SHENZHEN) CO LTD
View PDF8 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Since the statically scanned code is not necessarily executed during actual operation, false negatives and false positives will occur; and static feature code detectio

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Application security testing method, device and system
  • Application security testing method, device and system
  • Application security testing method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] In this embodiment, the application program security test is completed by using only the terminal device as an example.

[0041] see figure 1 , figure 1 It is a schematic diagram of the application program security testing process in Embodiment 1 of the present application. The specific steps are:

[0042] Step 101, the terminal device runs the Hook program while running the application program.

[0043] In this step, the terminal device can pass automated testing, manual testing, or use the application to make the application run

[0044] Whether you are using the application or testing the application, you need to traverse all the controls in the entire application, that is, all the corresponding user interfaces (UserInterface, UI); of course, if you only need to determine whether there is a security in a certain part of the application Vulnerabilities, just run a certain part of the program.

[0045] When performing automated testing on an application, various a...

Embodiment 2

[0080] In this embodiment, a combination of the testing device and the device under test is used to complete the security test of the application program. The test device here can be a PC, etc.; the device to be tested, such as a mobile phone, a tablet, etc.

[0081] In this embodiment, the application program and the Hook program run on the device under test, and the device under test and the test device can communicate wirelessly or through a USB interface.

[0082] For example, when testing the android program, the ADB server program is usually installed on the device under test (terminal device) using the android program, then the ADB client program is installed on the test device, and the ADB client is used to call the uiautomator program of the android system, namely Information about the applications running on the terminal device can be obtained.

[0083] see Figure 5 , Figure 5 It is a schematic diagram of the application program security testing process in the s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an application security testing method, device and system. The method includes the steps that a Hook program is installed on a terminal device, and a calling function to be monitored is configured on the Hook program; when an application runs, the Hook program runs; in the running process of the application, when a calling function matched with the configured calling function is monitored through the Hook program, calling information of the calling function is recorded, wherein the calling information includes input parameters and/or return values; when all controls in the application are traversed, whether information matched with configured matching parameters exits in the recorded calling information of the calling function or not is determined, if yes, it is determined that security flaws exist in the application, and if not, it is determined that the application is secure. By means of the technical scheme, the security testing accuracy of the application can be improved.

Description

technical field [0001] The invention relates to the technical field of communications, in particular to an application program security testing method, device and system. Background technique [0002] It is undeniable that mobile phone applications have become very important in both personal and enterprise applications, and among them, Android has the largest share. However, Android applications have always had a problem criticized by users, which is their security. Therefore, the importance of security is self-evident when building a successful Android application. [0003] The existing implementation of security testing for Android applications adopts a static feature code detection scheme, that is, decompiling the Android installation package (Android Package, APk). [0004] Since the statically scanned code is not necessarily executed during actual operation, false negatives and false positives will occur; and static feature code detection relies on decompiled APk, and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F11/36
CPCG06F11/3612G06F21/566
Inventor 高岳
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap