Unauthorized detection method and auxiliary device
A detection method and detection system technology, applied in computer security devices, instruments, platform integrity maintenance, etc., can solve problems such as large demand for manpower and easy to miss unauthorized logic loopholes.
Pending Publication Date: 2020-07-14
SHANGHAI ZHONGTONGJI NETWORK TECH CO LTD
View PDF3 Cites 4 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0004] At present, the detection of unauthorized access in security testing mainly relies on manual testing. For some complex business systems, it is necessary to switch between different identities, and the process of analyzing a large number of requests not only requires a lot of manpower, but is also easy to miss. Some privilege logic loopholes
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0053] figure 1 It is a schematic flowchart of an unauthorized detection method provided by an embodiment of the present invention. refer to figure 1 , the unauthorized detection methods provided by this application include:
[0054] S101, presetting the system to be detected, so that the role information can be automatically authenticated when performing unauthorized detection;
[0055] It should be noted that for a system that accesses unified authentication, the administrator needs to perform certain pre-configurations in order to complete the automatic authentication of roles during scanning.
[0056] Specifically, if the system to be detected is a system connected to unified authentication, certain pre-configuration is performed through the administrator account, so as to complete the automatic authentication of the role during scanning.
[0057] Ways to achieve automatic authentication include:
[0058]Connect with the unified authentication system so that identity a...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to the related technical field of safety testing, in particular to an unauthorized detection method and an auxiliary device. The unauthorized detection method provided by the invention comprises the following steps: presetting a to-be-detected system, so that role information can be automatically authenticated during unauthorized detection; creating a work space for carryingout unauthorized detection; configuring the working space so as to determine a test range and perform role information replacement during unauthorized detection; obtaining test flow from the redis queue, and enabling the test flow to flow into a working space matched with the test flow, wherein the test flow is transmitted to a server through a flow transmission device when a tester clicks a to-be-tested function, and is stored in a redis server after identity verification; replaying the test flow in an impassable identity by using a working space to obtain response information; and storing the response information.
Description
technical field [0001] The invention relates to the technical field related to security testing, in particular to an unauthorized detection method and an auxiliary device. Background technique [0002] With the expansion of business, the number of applications is increasing, and the complexity of applications is also increasing. Among many security issues, logical loopholes are difficult to be covered by automated scanning tools, and unauthorized access is a common problem in logical loopholes. [0003] Privileges can be broadly divided into three types: unauthorized access, vertical privileges, and horizontal privileges. [0004] At present, the detection of unauthorized access in security testing mainly relies on manual testing. For some complex business systems, it is necessary to switch between different identities, and the process of analyzing a large number of requests not only requires a lot of manpower, but is also easy to miss. Some overreach logic loopholes. Co...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/60
CPCG06F21/552G06F21/604G06F2221/2141
Inventor 曹武迅
Owner SHANGHAI ZHONGTONGJI NETWORK TECH CO LTD