A Web Application Security Vulnerability Prediction Method Based on Execution Flow Graph

A web application and vulnerability technology, applied in the field of network security, can solve problems such as heavy workload and not intuitive enough, and achieve the effect of small generation and calculation workload and intuitive expression
CN109101820BActive Publication Date: 2021-09-07BEIJING INSTITUTE OF TECHNOLOGYGY
6 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN ยท China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING INSTITUTE OF TECHNOLOGYGY
Publication Date
2021-09-07

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a web application security loophole prediction method based on the execution flow graph. According to the data dependency and control dependency of the web application, the execution flow graph EFG is constructed; the node S where the security-sensitive statement is located is extracted from the EFG k as the end point, with S k The associated user input node U I is the subgraph of the starting point, and extracts the metric element for each subgraph; the specific value of the metric element of the subgraph is used as input, and the S corresponding to the subgraph is k With or without vulnerabilities as the output, a vulnerability prediction model is constructed to realize the prediction of web application security vulnerabilities. The invention includes judgment nodes in the extraction of metric elements, and compared with directly analyzing program slices, the workload is greatly reduced.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of network security, in particular to a method for predicting Web application security vulnerabilities based on an execution flow graph. Background technique

[0002] Web applications have been widely used in all aspects of our daily life, such as social networks, online shopping, email, order systems, registration systems, etc. Most of these systems are developed based on the web. In these systems, a large number of security loopholes have been found. Attackers can easily gain system root privileges by exploiting these loopholes, causing sensitive information to leak and causing great harm.

[0003] Software vulnerability prediction can know in advance the possibility, quantity or specific types of vulnerabilities existing in software source code modules. According to the prediction results, software manufacturers can invest limited time and funds in a targeted manner to those vulnerabilities with high prob...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More