Method and system for detecting security hole of application software

An application software and vulnerability detection technology, applied in the field of data security, can solve the problem of low security vulnerability detection efficiency, and achieve the effects of good security detection, improved detection efficiency, and improved security vulnerability detection efficiency.

Active Publication Date: 2017-08-11
PING AN TECH (SHENZHEN) CO LTD
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to provide a software security loophole detection method and system, aiming to solve the technical problem of low efficiency in security loophole detection of application software

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting security hole of application software
  • Method and system for detecting security hole of application software
  • Method and system for detecting security hole of application software

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0145] Further, refer to Figure 7 The second embodiment of the application software security vulnerability detection system of the present invention provides an application software security vulnerability detection system. Based on the above-mentioned first embodiment of the application software security vulnerability detection system of the present invention, the application software security vulnerability detection system further includes:

[0146] The taint module 50 is configured to input taint data at each external input point of the application software when the application software is running.

[0147] When the sensitive call points of the application software have been configured for instrumentation and start running, or during the running of the application software, the taint module 50 inputs taint data with pollution labels into the application software through each external input point of the application software .

[0148] After the tainted data is input into th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting a security hole of application software. The method comprises the steps of collecting data flow information which flows through a sensitive calling point in a running process of the application software based on a pitching pile configured on the sensitive calling point of the application software in advance; judging whether the sensitive calling point is polluted by tainted data according to the data flow information; if the sensitive calling point is polluted, reversibly finding out an external input point corresponding to the sensitive calling point according to a variable parameter of the sensitive calling point; and if the external input point corresponding to the sensitive calling point is successfully found out, determining the external input point as the security hole of the application software. The invention also discloses a system for detecting the security hole of the application software. According to the method and the system, the detection efficiency for the safety bug of the application software is greatly improved.

Description

technical field [0001] The invention relates to the technical field of data security, in particular to a method and a system for detecting application software security loopholes. Background technique [0002] There are various types of application software installed in smart phones, which bring great convenience to people's life, entertainment and work. Since the application software may involve the privacy and property security of each user, the security of the application software has always been the focus of attention. [0003] Existing application software security vulnerability detection is mostly implemented based on static rule scanning and fuzzy testing of application components, such as the Mobei system and Drozer tools, which realize software security detection through static scanning of application software codes. This kind of detection method is relatively rough. It is only based on the rule matching of code text, and there are a large number of false positives...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 王金锭
Owner PING AN TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products