Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security test method and device for Web API, electronic equipment and storage medium

A technology of security testing and storage paths, applied in the Internet field, can solve problems such as difficult to ensure no omissions, huge costs, and high risks

Inactive Publication Date: 2019-08-23
BEIJING BAIDU NETCOM SCI & TECH CO LTD
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, it is very difficult and costly to obtain relevant information of all Web APIs of different applications through packet capture analysis.
For example, the cost of asking each engineer to provide information about each Web API of each domain name is huge, and it is difficult to ensure that no information will be missed
It can be seen that using these conventional methods of obtaining Web APIs for security testing results in too high costs and huge risks
Therefore, it is necessary to overcome or avoid this problem as much as possible through a certain method, so as to improve the full coverage and security testing efficiency of Web API security testing, and reduce the cost of security testing, but there is no effective and effective method in the prior art. efficient solution

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security test method and device for Web API, electronic equipment and storage medium
  • Security test method and device for Web API, electronic equipment and storage medium
  • Security test method and device for Web API, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] figure 1 This is a schematic flow chart of the Web API security testing method provided by the first embodiment of the present invention. The method can be executed by a Web API security testing device or electronic equipment, which can be implemented by software and / or hardware. The device or electronic device can be integrated in any smart device with network communication function. Such as figure 1 As shown, the security testing method of Web API can include the following steps:

[0048] S101. Obtain the access log corresponding to each Web API to be tested from the Web server according to the storage path of the access log corresponding to all Web APIs to be tested.

[0049] In a specific embodiment of the present invention, the electronic device may obtain the access log corresponding to each Web API to be tested from the Web server according to the storage path of the access log corresponding to all Web APIs to be tested. Preferably, the access log corresponding to ea...

Embodiment 2

[0059] image 3 It is a schematic flow diagram of a Web API security testing method provided in the second embodiment of the present invention. Such as image 3 As shown, the security testing method of Web API can include the following steps:

[0060] S301. Obtain the access log corresponding to each Web API to be tested from the Web server according to the storage path of the access log corresponding to all Web APIs to be tested.

[0061] In a specific embodiment of the present invention, the electronic device may obtain the access log corresponding to each Web API to be tested from the Web server according to the storage path of the access log corresponding to all Web APIs to be tested. Preferably, the access log corresponding to each WebAPI to be tested may be an access_log log or other types of access logs, which is not limited here.

[0062] S302: Determine the offset position of the interface information corresponding to each Web API in the access log according to the log form...

Embodiment 3

[0071] Figure 4 It is a schematic flow diagram of a Web API security testing method provided in the third embodiment of the present invention. Such as Figure 4 As shown, the security testing method of Web API can include the following steps:

[0072] S401. Obtain the access log corresponding to each Web API to be tested from the Web server according to the storage path of the access log corresponding to all Web APIs to be tested.

[0073] In a specific embodiment of the present invention, the electronic device may obtain the access log corresponding to each Web API to be tested from the Web server according to the storage path of the access log corresponding to all Web APIs to be tested. Preferably, the access log corresponding to each WebAPI to be tested may be an access_log log or other types of access logs, which is not limited here.

[0074] S402: Determine the offset position of the interface information corresponding to each Web API in the access log according to the log for...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a safety testing method and device for a webpage interface Web API, electronic equipment and a storage medium. The method comprises the steps of obtaining access logs corresponding to Web APIs to be tested in a Web server according to storage paths of the access logs corresponding to all the Web APIs to be tested; according to the log formats of the interface information corresponding to all the Web APIs to be tested, extracting the interface information corresponding to each Web API to be tested from the access logs corresponding to each Web API to betested; and according to the interface information corresponding to each to-be-tested Web API, carrying out black box security test on each to-be-tested Web API. In the embodiment of the invention, not only can the testing efficiency of the Web API be improved, but also the labor cost and the time cost can be saved.

Description

Technical field [0001] The embodiments of the present invention relate to the field of Internet technology, and in particular to a method, device, electronic device, and storage medium for Web API security testing. Background technique [0002] The black box security test of the web interface Web API is a means of verifying the security of the interface by simulating an attacker's penetration test on the Web API with the help of the black box testing technology in the application scenario of the Web API. In the process of WebAPI black box security testing, test engineers do not need to understand the internal structure of the system under test, but mainly conduct security test cases by analyzing Web API definitions, parameters, parameter values, and business application scenarios that simulate interface calls. Design and execution, according to the execution result analysis of security test cases to verify the security of Web API, so as to achieve the purpose of security testing ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 彭义海
Owner BEIJING BAIDU NETCOM SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com