A vulnerability detection method and device

A vulnerability detection and vulnerability technology, applied in computer security devices, instruments, computing, etc., can solve problems such as server hangs, slow test speed, and easy false negatives.

Active Publication Date: 2020-11-06
BEIJING QIHOO TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the process of security testing the application program through the existing security testing method, the inventor found that there are at least the following problems in the prior art: the black box test is very dependent on the payload and the collected request connection, the test accuracy is low, and it is prone to false positives In addition, a large number of abnormal requests will be generated when using tools to scan, which will easily cause the server to hang up; while in white box testing, the manual method is too costly and the test speed is too slow, while the tool method has less support for the dynamic characteristics of the scripting language. Poor and very poor detection of logical vulnerabilities Very high false positives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A vulnerability detection method and device
  • A vulnerability detection method and device
  • A vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0018] The embodiment of the present invention provides a vulnerability detection method, which can be applied to various occasions that require vulnerability detection, such as malicious code analysis, vulnerability mining, real-time monitoring of application security vulnerabilities, monitoring of website backdoors, and interception of malicious requests.

[0019] figure 1 It is a schematic flow chart of the vulnerability detection method in Embodiment 1 of the present invention, see figure 1 As shown, the vulnerability detection method includes:

[0020] S101: obtain a request;

[0021] Here, the request is used to run the application.

[0022] In practical applications, when it is necessary to test the security vulnerabilities of the application in the development phase, QA, security testing phase, etc., the request can be generated manually or by a crawler, so as to automatically detect the vulnerability of the application to determine whether the application is There ...

Embodiment 2

[0065] Based on the same inventive concept, as the implementation of the above method, the embodiment of the present invention provides a vulnerability detection device, the device embodiment corresponds to the aforementioned method embodiment, for the sake of easy reading, this device embodiment does not repeat the aforementioned method embodiment The details in the present invention will be described one by one, but it should be clear that the device in this embodiment can correspondingly implement all the content in the foregoing method embodiments.

[0066] figure 2 It is a schematic structural diagram of the vulnerability detection device in Embodiment 2 of the present invention, see figure 2 As shown, the vulnerability detection device 20 includes: an obtaining unit 201, a response unit 202, an obtaining unit 203, and a detection unit 204, wherein the obtaining unit 201 is used to obtain a request; the response unit 202 is used to respond to the request and run the cor...

Embodiment 3

[0081] Based on the same inventive concept, an embodiment of the present invention provides a vulnerability detection device. image 3 It is a schematic structural diagram of the vulnerability detection device in Embodiment 3 of the present invention, see image 3 As shown, the vulnerability detection device 30 includes: a memory 301, a processor 302, and a computer program 303 stored on the memory 301 and operable on the processor 302. When the processor executes the program 303, the following steps are implemented: obtaining a request; responding to the request , run the application corresponding to the request, and start the pollution program; obtain the execution information generated when the application is running through the taint tracking technology; based on the execution information, use the preset security analysis model to detect the vulnerability of the application.

[0082] In the embodiment of the present invention, when the above-mentioned processor executes th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Embodiments of the invention provide a vulnerability detection method and apparatus. The method comprises the steps of obtaining a request; in response to the request, running an application corresponding to the request; through a stain tracking technology, obtaining executive information generated during application running; and based on the executive information, performing vulnerability detection on the application by using a preset security analysis model. The security analysis is performed through the executive information of the application, so that the vulnerability detection speed andprecision can be improved at the same time.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a loophole detection method and device. Background technique [0002] With the development of informatization and the popularization of computer technology and Internet technology, a large number of application programs with various functions have emerged. Through these application programs, people can enjoy the convenience brought by the network. However, these applications often have some security loopholes. If these security loopholes are exploited maliciously, there may be security risks such as data loss or tampering, and user privacy leakage. Or bring economic losses to users. In order to prevent vulnerabilities from being exploited maliciously and cause security risks, it is usually necessary to detect security vulnerabilities of applications from time to time so that developers can repair them in time. [0003] At present, the existing security testing methods are mainl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 宋君易
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap