Method and system for detecting security hole of application software

An application software and vulnerability detection technology, applied in the field of information security, can solve problems affecting the efficiency of security vulnerability detection, and achieve the effect of avoiding false positives and false negatives, avoiding rough inspection, and reducing workload

Active Publication Date: 2017-08-11
PING AN TECH (SHENZHEN) CO LTD
View PDF1 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to provide a method and system for detecting application software security vulnerabilities, aiming to solve the technical problem that the application software code language affects the efficiency of security vulnerability detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting security hole of application software
  • Method and system for detecting security hole of application software
  • Method and system for detecting security hole of application software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0046] refer to figure 1 According to the first embodiment of the application software security vulnerability detection method of the present invention, an application software security vulnerability detection method is provided, and the application software security vulnerability detection method includes:

[0047] Step S10, compiling the application software into a preset intermediate language code text.

[0048] In the present invention, by compiling the application software to be detected into an intermediate language text, one statement of the obtained application software code contains one semantic meaning, which will not cause ambiguity, and the language strength is relatively thinner than high-level languages, and thicker than low-level languages, which is suitable for static applications Software security vu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting a security hole of application software. The method comprises the steps of compiling the application software into a preset intermediate language code text; acquiring a data association structure of the application software according to the code text; reversibly finding out an external input point corresponding to a sensitive calling point according to a variable parameter of the sensitive calling point and the data association structure in the application software; and if the external input point corresponding to the sensitive calling point is successfully found out, determining the external input point as the security hole of the application software. The invention also discloses a system for detecting the security hole of the application software. According to the method and the system, the detection efficiency for the security hole of the application software is greatly improved.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a method and system for detecting application software security vulnerabilities. Background technique [0002] Existing application software vulnerability static detection schemes are usually based on rule scanning of Android smali (Android compiler) or java (computer programming language) source code, and judge the code of application software by using predefined regular or character string feature matching check methods. Is there a problem with the pattern. [0003] Because this kind of static scanning is not associated with the program context data, it is only detected according to the established rules, which is prone to false positives of a large number of security risks; moreover, the language granularity of the Android smali code is relatively fine, and one semantic needs to be expressed by multiple statements. When detecting security vulnerabilities ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
CPCG06F11/3636
Inventor 王金锭
Owner PING AN TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products