Web application test data flow tracking method and system

A technology of application testing and data flow, applied in the direction of electrical digital data processing, software testing/debugging, error detection/correction, etc., can solve the problem of inability to accurately locate code files, etc., and achieve the effect of accurate positioning

Active Publication Date: 2020-04-21
SECZONE TECH CO LTD
View PDF8 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This technology is mainly based on the system level and needs to obtain system instructions. For users who need to detect the security of web applications, it is impossible to accurately locate specific code files, line numbers or functions and parameters.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web application test data flow tracking method and system
  • Web application test data flow tracking method and system
  • Web application test data flow tracking method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to describe the technical content, structural features, achieved goals and effects of the present invention in detail, the following will be described in detail in conjunction with the embodiments and accompanying drawings.

[0038] The invention discloses a web application test data flow tracking method based on an IAST test platform, such as figure 1, which includes: S10, install an agent program on the server where the application program under test is located, and the agent program is used to communicate with the virtual machine (such as JVM) running the application program; S11, after the application program is started, insert the agent program and bytecode The stub tool inserts the monitoring code into the key functions in the input stage and the output stage of the application program, when inserting the stub monitoring code; S12, passing in the class file name, method name, method parameter and return of the function to be inserted in the monitoring code...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a web application test data flow tracking method and system based on an IAST test platform. The data flow tracking method comprises the following steps: installing an agent program on a server where the tested application program is located, wherein the agent program is used for communicating with a virtual machine running the application program; after the application program is started, inserting monitoring codes into key functions in the input stage and the output stage of the application program through the agent program and the byte code instrumentation tool; and when the monitoring code is instrumented, introducing a class file name, a method name, a method parameter and a return value of a to-be-instrumented function into the monitoring code, obtaining a propagation path of stain data in the application program through the monitoring code, wherein the stain data is data input by a user in the testing process. by adopting the data flow tracking method, real-time tracking of taint data can be realized, and an execution method chain in a request-response process can be accurately obtained based on an actual request.

Description

technical field [0001] The invention relates to the technical field of software testing, in particular to a method and system for tracking web application testing data flow based on an IAST testing platform. Background technique [0002] With the development of network technology, the data of web applications is also growing rapidly, and the number of application interfaces is also increasing. In order to ensure the normal operation of applications, products need to be fully tested before going online, including judging Whether there is an overreach vulnerability. Web application security testing technology Currently commonly used technologies in the industry include DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing) and IAST (Interactive Application Security Testing). In testing, data flow tracking is a variety of security The foundation of vulnerability detection (including SQL injection, command line injection, and directory traversal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F11/36
CPCG06F11/3672G06F21/577G06F2221/033
Inventor 胡娇娇万振华王颉李华董燕潘志祥
Owner SECZONE TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap