Unlock instant, AI-driven research and patent intelligence for your innovation.

Web application test data flow tracking method and system

A technology of application testing and data flow, applied in the direction of electrical digital data processing, software testing/debugging, error detection/correction, etc., can solve the problem of inability to accurately locate code files, etc., and achieve the effect of accurate positioning

Active Publication Date: 2020-07-17
SECZONE TECH CO LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This technology is mainly based on the system level and needs to obtain system instructions. For users who need to detect the security of web applications, it is impossible to accurately locate specific code files, line numbers or functions and parameters.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web application test data flow tracking method and system
  • Web application test data flow tracking method and system
  • Web application test data flow tracking method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] In order to describe the technical content, structural features, achieved goals and effects of the present invention in detail, the following will be described in detail in conjunction with the embodiments and accompanying drawings.

[0038] The invention discloses a web application test data flow tracking method based on an IAST test platform, such as figure 1, which includes: S10, install an agent program on the server where the application program under test is located, and the agent program is used to communicate with the virtual machine (such as JVM) running the application program; S11, after the application program is started, insert the agent program and bytecode The stub tool inserts the monitoring code into the key functions in the input stage and the output stage of the application program, when inserting the stub monitoring code; S12, passing in the class file name, method name, method parameter and return of the function to be inserted in the monitoring code...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a web application test data flow tracking method and system based on an IAST test platform, wherein the data flow tracking method includes: installing an agent program on the server where the application program under test is located, and the agent program is used to run the The virtual machine of the application program communicates. After the application program is started, the monitoring code is inserted into the key functions in the input phase and output phase of the application program through the agent program and the bytecode instrumentation tool. When monitoring the code, pass in the class file name, method name, method parameter and return value of the function to be inserted in the monitoring code, and obtain the propagation path of the tainted data in the application program through the monitoring code, and the The tainted data is the data input by the user during the testing process; sampling the above data flow tracking method can not only realize the real-time tracking of the tainted data, but also accurately obtain the execution method chain in the request-response process based on the actual request.

Description

technical field [0001] The invention relates to the technical field of software testing, in particular to a method and system for tracking web application testing data flow based on an IAST testing platform. Background technique [0002] With the development of network technology, the data of web applications is also growing rapidly, and the number of application interfaces is also increasing. In order to ensure the normal operation of applications, products need to be fully tested before going online, including judging Whether there is an overreach vulnerability. Web application security testing technology Currently commonly used technologies in the industry include DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing) and IAST (Interactive Application Security Testing). In testing, data flow tracking is a variety of security The foundation of vulnerability detection (including SQL injection, command line injection, and directory traversal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06F11/36
CPCG06F11/3672G06F21/577G06F2221/033
Inventor 胡娇娇万振华王颉李华董燕潘志祥
Owner SECZONE TECH CO LTD