Method and system for dynamically detecting program third-party library and performing security assessment

A technology of security assessment and dynamic detection, which is applied in the field of network security, can solve the problems of difficult manual review, poor vulnerability finding effect, unfavorable secondary development, etc., shorten the software development cycle, reduce the cost of security assessment, and have good scalability Effect

Active Publication Date: 2020-11-20
SECZONE TECH CO LTD
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Manual review is difficult and costly; while in software review, the effect of finding vulnerabilities is relatively poor, the pertinence is not high, the scalability is low, and the flexibility is poor, which is not conducive to secondary development

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for dynamically detecting program third-party library and performing security assessment
  • Method and system for dynamically detecting program third-party library and performing security assessment
  • Method and system for dynamically detecting program third-party library and performing security assessment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] In order to describe the technical content, structural features, achieved goals and effects of the present invention in detail, the following will be described in detail in conjunction with the embodiments and accompanying drawings.

[0048] see figure 1 , figure 1 It is a flowchart of a method for dynamically detecting a program third-party library and performing security assessment in the first embodiment of the present invention.

[0049] This application provides a method for dynamically detecting a third-party library of a program and performing a security assessment. The method specifically includes the following steps:

[0050] Step S100, obtaining the authoritative information security vulnerability database and the vulnerability list of the custom information security vulnerability database;

[0051] Step S200, according to the vulnerability list of the authoritative information security vulnerability database and the custom information security vulnerability...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for dynamically detecting a program third-party library and carrying out security evaluation. The method specifically comprises the following steps: obtaining vulnerability lists of an authority information security vulnerability library and a custom information security vulnerability library; scanning the program third-party library according to the authority information security vulnerability library and the vulnerability list of the custom information security vulnerability library to obtain vulnerability information of the program third-party library; performing security assessment on the program third-party library according to the vulnerability information of the program third-party library, wherein the custom information security vulnerability librarycomprises a custom information security vulnerability library set for a non-open-source third-party library. The pertinence of the vulnerability list can be enhanced through the vulnerability list obtained by the custom information security vulnerability library; meanwhile, an interface can be set at will in the vulnerability list of the custom information security vulnerability library, so thatthe method is combined with user behaviors, convenient to expand, good in expansibility and high in flexibility; and the detection efficiency of the third-party library security evaluation based on the file system software review is improved.

Description

technical field [0001] The invention relates to a network security technology, in particular to a method and system for dynamically detecting a third-party program library and performing security assessment. Background technique [0002] With the vigorous development of the network, the number of application programs is correspondingly in the stage of blowout development. A large number of third-party library files are introduced into the current application program, and the third-party library files contain a large amount of open source code and more third-party library files. While the extensive use of open source codes brings great convenience to software development, it also has complex uncertainties. In the application development life cycle, developers often ignore the vulnerability check of third-party libraries, so after the application using insecure third-party libraries is officially launched, it is very easy to become the target of hackers. [0003] At this sta...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/566G06F21/577
Inventor 刘海涛万振华王颉李华董燕
Owner SECZONE TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap