Code auditing method and apparatus

A code auditing and source code technology, applied in the field of information security, can solve the problems of inability to completely make up for omissions, inability to meet business needs, and high implementation costs, and achieve the effect of shortening audit time, improving audit efficiency, and reducing workload.

Active Publication Date: 2016-07-06
SHANXI CHINA MOBILE COMM CORP
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the rapid development of the organization's business, the application system is often updated frequently to meet the needs of business development, waiting for several weeks or even months to complete the code audit, and then carry out rectification and reinforcement to make the system meet the safety requirements of going online or running. This obviously cannot meet the business needs
[0017] To sum up, the code audit based on tool scanning has many false positives and missed negatives, and the workload of post-processing is heavy, and it cannot completely make up for the problem of missed negatives; the code audit based on manual audits has a large workload and requires The cycle is long, the implementation cost is high, and it is not suitable for application systems with rapid business changes

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code auditing method and apparatus
  • Code auditing method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] In the embodiment of the present invention, the corresponding relationship between the URL and the operating parameters and the source code is established; according to the frequency of user access to the URL and the operating parameters, and / or the security scanning report, the key URL and the key operating parameters are selected; The source code corresponding to the URL and key operating parameters is audited.

[0046] Generally, an HTTP request will include URL and operation parameters at the same time. Here, the URL is a concise representation of the location and access method of resources available on the Internet, and is the address of standard resources on the Internet. Every file on the Internet has a unique URL, which contains information indicating where the file is located and how the browser should handle the URL. Generally, the URL consists of the following parts from left to right: Internet resource type (scheme), server address (host), port (port), path ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses a code auditing method. The method comprises: establishing a corresponding relation between a URL and an operating parameter and a source code; according to a frequency at which a user accesses the URL and the operating parameter, and/or a secure scanning report, selecting a key URL and a key operating parameter; and auditing the source code corresponding to the key URL and the key operating parameter.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a code auditing method and device. Background technique [0002] In the process of application system design and development, due to factors such as imperfect development specifications, poor implementation, and uneven technical levels of developers, it is easy to cause security holes in the developed code, such as the common Structured Query Language (Structured Query Language, SQL ) injection vulnerabilities, cross-site scripting (CrossSiteScripting, XSS) vulnerabilities, buffer overflow vulnerabilities, sensitive information disclosure vulnerabilities in configuration files, etc. If these loopholes cannot be discovered in time and properly resolved, it will bring great security risks to the WEB application system after it goes online. [0003] Conducting code security audits on application systems is the main method to discover these security vulnerabilities. The...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 常乐
Owner SHANXI CHINA MOBILE COMM CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap