Software security vulnerability detection method based on runtime non-execution state mode

A vulnerability detection and software security technology, applied in the field of network security, can solve problems such as unstable vulnerability detection capability, leaving dirty data, etc., to achieve the effect of stable testing capability and low false negative rate

Pending Publication Date: 2020-09-29
杭州孝道科技有限公司
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] To address the above technical problems, the present invention provides a software security vulnerability detection method based on the runtime non-executa

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software security vulnerability detection method based on runtime non-execution state mode
  • Software security vulnerability detection method based on runtime non-execution state mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to better understand the technical solutions of the present invention, the embodiments will be described in detail below in conjunction with the accompanying drawings.

[0031] see figure 1 and figure 2 The illustrated embodiment: a method for detecting software security vulnerabilities based on the runtime non-executable state mode, the implementation process includes the following steps:

[0032] S1: Use the intermediate language editing and modification technology to modify the execution logic of the programming language method at runtime, that is, insert a call to the data collection method of the vulnerability detection program into the original execution logic. The data collection method described is a pre-collected method. When these methods are collected, some tags will be assigned to them, such as being controlled by the outside world, spreading the data content to another data object, filtering html tags and Special symbols, etc. can be filtered. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software security vulnerability detection method based on a runtime non-execution state mode, and relates to the technical field of network security. The implementation process comprises the following steps: modifying execution logic of a runtime programming language method by utilizing an intermediate language editing and modifying technology; when the modified method iscalled, triggering a data collection method, namely a vulnerability detection program; using the data collection method to collect and analyze the acquired data; and S4, judging whether the data transmission process conforms to vulnerability characteristics or not according to an analysis result in the step S3, and making a corresponding processing mechanism. According to the software security vulnerability detection method, the implementation program is always in a non-execution state during running, non-perceptual testing can be carried out on application software, and dirty data cannot begenerated; the technology does not depend on payload, the test capability is stable, and application software for data encryption and data signature verification can be tested.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a software security loophole detection method based on a running non-executable state mode. Background technique [0002] Today, computers have entered thousands of households and become an indispensable part of people's lives, and the security of software systems has increasingly become a technical issue that has attracted much attention. At present, application software security vulnerability detection includes artificial penetration, traditional black box detection, etc. These testing methods use certain means to detect whether the data input by the user can be transmitted to the code location where the vulnerability is executed. Artificial penetration is through artificially generated payload. Input testing is performed, while black-box detection simulates manual payload testing. [0003] At present, the artificial penetration and traditional black box d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57G06F21/56
CPCG06F21/562G06F21/566G06F21/577
Inventor 范丙华徐锋熊奎
Owner 杭州孝道科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products