Application software security vulnerability detection method and system

A technology for application software and vulnerability detection, applied in the field of data security, can solve the problems of low efficiency of security vulnerability detection, achieve good security detection, no false positives, and improve the efficiency of security vulnerability detection

Active Publication Date: 2018-06-26
PING AN TECH (SHENZHEN) CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to provide a software security loophole detection method and system, aiming to solve the technical problem of low efficiency in security loophole detection of application software

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Application software security vulnerability detection method and system
  • Application software security vulnerability detection method and system
  • Application software security vulnerability detection method and system

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0145] Further, refer to Figure 7 The second embodiment of the application software security vulnerability detection system of the present invention provides an application software security vulnerability detection system. Based on the above-mentioned first embodiment of the application software security vulnerability detection system of the present invention, the application software security vulnerability detection system further includes:

[0146] The taint module 50 is configured to input taint data at each external input point of the application software when the application software is running.

[0147] When the sensitive call points of the application software have been configured for instrumentation and start running, or during the running of the application software, the taint module 50 inputs taint data with pollution labels into the application software through each external input point of the application software .

[0148] After the tainted data is input into th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Disclosed is a method for detecting a security hole of application software. The method comprises: acquiring, on the basis of instrumentation configured on a sensitive calling point of application software in advance, information of data flow which flows through the sensitive calling point during a running process of the application software; determining, according to the information of data flow, whether the sensitive calling point is polluted by tainted data; if the sensitive calling point is polluted, backtracking to search for an external input point corresponding to the sensitive calling point according to a variable parameter of the sensitive calling point; and if the external input point corresponding to the sensitive calling point is successfully found, determining the external input point as a security hole of the application software. Also disclosed are a system for detecting a security hole of application software, a device, and a computer-readable storage medium. The present invention greatly improves the detection efficiency of a security hole of application software.

Description

technical field [0001] The invention relates to the technical field of data security, in particular to a method and a system for detecting application software security loopholes. Background technique [0002] There are various types of application software installed in smart phones, which bring great convenience to people's life, entertainment and work. Since the application software may involve the privacy and property security of each user, the security of the application software has always been the focus of attention. [0003] Existing application software security vulnerability detection is mostly implemented based on static rule scanning and fuzzy testing of application components, such as the Mobei system and Drozer tools, which realize software security detection through static scanning of application software codes. This kind of detection method is relatively rough. It is only based on the rule matching of code text, and there are a large number of false positives...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 王金锭
Owner PING AN TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap