Application software security vulnerability detection method and system

An application software and vulnerability detection technology, applied in the field of information security, can solve problems such as affecting the efficiency of security vulnerability detection, and achieve the effects of avoiding false positives and false negatives, reducing workload and achieving accurate results.

Active Publication Date: 2018-05-04
PING AN TECH (SHENZHEN) CO LTD
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to provide a method and system for detecting application software security vulnerabilities, aiming to solve the technical problem that the application software code language affects the efficiency of security vulnerability detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Application software security vulnerability detection method and system
  • Application software security vulnerability detection method and system
  • Application software security vulnerability detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0046] refer to figure 1 The first embodiment of the application software security vulnerability detection method of the present invention provides an application software security vulnerability detection method, and the application software security vulnerability detection method includes:

[0047] Step S10, compiling the application software into a preset intermediate language code text.

[0048] In the present invention, by compiling the application software to be detected into an intermediate language text, one statement of the obtained application software code contains one semantic meaning, which will not cause ambiguity, and the language strength is relatively thinner than high-level languages, and thicker than low-level languages, which is suitable for static applications Software security vulnerability detec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method and system for detecting a security hole of application software, a device, and a computer-readable storage medium. The method comprises: compiling application software into a preset intermediate language code text (S10); obtaining a data association structure of the application software according to the code text (S20); backtracking to search for an external input point corresponding to a sensitive calling point according to a variable parameter of the sensitive calling point and the data association structure in the application software (S30); and if the external input point corresponding to the sensitive calling point is successfully found, determining the external input point as a security hole of the application software (S40). The method greatly improves the detection efficiency of a security hole of application software.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a method and system for detecting application software security vulnerabilities. Background technique [0002] Existing application software vulnerability static detection schemes are usually based on rule scanning of Android smali (Android compiler) or java (computer programming language) source code, and judge the code of application software by using predefined regular or character string feature matching check methods. Is there a problem with the pattern. [0003] Because this kind of static scanning is not associated with the program context data, it is only detected according to the established rules, which is prone to false positives of a large number of security risks; moreover, the language granularity of the Android smali code is relatively fine, and one semantic needs to be expressed by multiple statements. When detecting security vulnerabilities ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
CPCG06F11/3636
Inventor 王金锭
Owner PING AN TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap