Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device and equipment for detecting service logic vulnerability and medium

A business logic and vulnerability technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems such as low efficiency of manual testing, missed reporting of vulnerabilities, and long time consumption

Active Publication Date: 2019-11-05
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
View PDF14 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1. Incomplete coverage of test scenarios and missed reports of vulnerabilities: Some business functions have many scenarios and complex business logic, such as the purchase of financial management transactions in online banking. Because there are various financial products and the processing logic of each product is different, security testers do not know enough about business functions. In-depth, relying entirely on one's own test experience to test, it is easy to lead to incomplete coverage of test scenarios and missed reports of vulnerabilities
[0004] 2. Manual testing is inefficient: For complex business functions, there are dozens or even hundreds of parameters in the interactive message. If the parameter values ​​in the message are manually tampered with, a business function will take a long time. Test efficiency is very low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and equipment for detecting service logic vulnerability and medium
  • Method, device and equipment for detecting service logic vulnerability and medium
  • Method, device and equipment for detecting service logic vulnerability and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] Hereinafter, embodiments of the present disclosure will be described with reference to the drawings. It should be understood, however, that these descriptions are exemplary only, and are not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Also, in the following description, descriptions of well-known structures and techniques are omitted to avoid unnecessarily obscuring the concepts of the present disclosure.

[0030] The terminology used herein is for the purpose of describing particular embodiments only, and is not intended to be limiting of the present disclosure. The terms "comprising", "comprising", etc. used herein indicate the presence of stated features,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for detecting a service logic vulnerability, which comprises the following steps: in response to obtaining a service message sent to a server by a client, determining service scene information based on the service message; determining a target parameter and a test case corresponding to the service scene information; replacing the value of the target parameter in theservice message with the value of the target parameter in the test case, generating a test message, and sending the test message to the server; receiving first response information for the test message from the server; processing the first response information to obtain a detection result of whether the service logic vulnerability exists or not; and outputting the detection result. The inventionfurther provides a device for detecting the service logic vulnerability, electronic equipment and a computer readable storage medium.

Description

technical field [0001] The present disclosure relates to the technical field of automated testing, and in particular to a method, device, equipment and medium for detecting business logic loopholes. Background technique [0002] Business logic loopholes refer to that some logic branches cannot be processed normally or handle errors due to lax control of program logic or too complex logic, such as arbitrary amount payment, unauthorized access, authentication bypass, etc. Different from traditional security vulnerabilities, logic vulnerabilities are complex and inconsistent in business scenarios. At present, there is no tool that can automatically detect logic vulnerabilities, and security testers can only detect them manually. The general test method for security testers is: intercept the interactive messages between the client and server through packet capture tools, construct test data outside the scope of normal business rules, tamper with the parameter values ​​in the int...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/034
Inventor 卓越程佩哲牟天宇吕博良
Owner INDUSTRIAL AND COMMERCIAL BANK OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products