Application program vulnerability detection method and device
A vulnerability detection and application technology, applied in the computer field, can solve problems such as ineffective detection of vulnerabilities, high false negative rate, and inability to exclude entry filtering logic, etc., to achieve the effect of reducing the false positive rate of vulnerabilities
Active Publication Date: 2018-08-28
TENCENT TECH (SHENZHEN) CO LTD
View PDF9 Cites 11 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, the current automated PHP white-box audit technology is mainly based on static scanning. In the analysis process, only regular matching is used, the source code will not be executed, and there is no contextual execution environment association. Usually, the logic of interfaces such as entry filtering and database interaction cannot be ruled out. As a result, false positives are caused, and some vulnerabilities that require complex logic cannot be effectively detected, resulting in a high rate of false negatives
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0021] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.
[0022] figure 1 It is a schematic diagram of the internal structure of the server in one embodiment. like figure 1 As shown, the server includes a processor connected through a system bus, a non-volatile storage medium, an internal memory, and a network interface. Among them, the non-volatile storage medium of the server stores an operating system, a database, and an application program vulnerability detection device, and the database stores relevant data about the operation of scanning tools and relevant vulnerability detection rules. The application program vulnerability detection device is use...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to an application program vulnerability detection method. The method includes: obtaining a configured detection range of to-be-detected code; reading vulnerability detection logic which is in a preset rule library and corresponds to the to-be-detected code; and inserting a detection function in the to-be-detected code, executing the to-be-detected code in which the detectionfunction is inserted, in a code execution process, detecting, according to the vulnerability detection logic, whether vulnerability exists in the to-be-detected code, and if yes, outputting a detection result. By using the method, a false positive rate of application program vulnerability detection can be decreased. In addition, the invention also provides an application program vulnerability detection device.
Description
technical field [0001] The present invention relates to the field of computer technology, in particular to a method and device for detecting application loopholes. Background technique [0002] An application program refers to a computer program developed to run on an operating system in order to complete one or several specific tasks. A PHP (Hypertext Preprocessor, hypertext markup language) application is one of many application programs. As more and more websites are developed using PHP, it has become an essential link to perform security performance testing on websites developed with PHP. In traditional technologies, PHP white-box auditing technology is mainly used for security vulnerability detection for PHP applications. PHP white box audit, also known as PHP code audit, is an important part of security testing. Testers can analyze and read the code through manual identification or automated tools, and find hidden security holes in the code. However, the current aut...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
CPCG06F11/3644G06F21/563
Inventor 王放胡珀郑兴郭晶张强范宇河唐文韬杨勇
Owner TENCENT TECH (SHENZHEN) CO LTD