Java deserialization vulnerability detection method and Java deserialization vulnerability detection part

A technology of deserialization and vulnerability detection, which is applied in the field of computer security, can solve the problems of unknown vulnerabilities without detection ability, and achieve the effect of improving detection accuracy, expanding detection ability, and expanding detection range

Pending Publication Date: 2020-11-13
SANGFOR TECH INC
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This scheme cannot construct POC for unknown vulnerabilities, so this scheme has no detection ability for unknown vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Java deserialization vulnerability detection method and Java deserialization vulnerability detection part
  • Java deserialization vulnerability detection method and Java deserialization vulnerability detection part
  • Java deserialization vulnerability detection method and Java deserialization vulnerability detection part

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0044] At present, the detection accuracy of the solution for detecting Java deserialization vulnerabilities is low, and it does not have the ability to detect unknown vulnerabilities. Therefore, the present application provides a Java deserialization vulnerability detection solution, which can improve the detection accuracy of Java deserialization vulnerabilities and the detection capability of the detection solution.

[0045] see figure 1 As shown, the embodiment of the present a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Java deserialization vulnerability detection method and a Java deserialization vulnerability detection part. The method disclosed by the invention comprises the following steps: collecting dependent resources in a server, wherein the dependent resources comprise resources quoted by Java middleware of the server in a root path; decompiling the dependent resources into a Java file; determining method information corresponding to the Java file; and detecting the Java deserialization vulnerability according to the method information. The Java deserialization vulnerabilitydetection method and device can improve the detection accuracy of the Java deserialization vulnerability and the detection capability of the detection scheme. Correspondingly, the Java deserialization vulnerability detection assembly provided by the invention also has the above technical effects.

Description

technical field [0001] The application relates to the technical field of computer security, in particular to a Java deserialization vulnerability detection method and components. Background technique [0002] At present, Java deserialization vulnerabilities are generally detected by using application version information or public POC (Proof of Concept) 0day vulnerabilities. Among them, POC can conduct verification tests for specific applications, and can usually be understood as a data request for harmless vulnerability verification of the server. 0day vulnerabilities refer to a type of vulnerabilities that have been discovered or have not been disclosed, but there are no related repair patches. [0003] The specific solution for detecting Java deserialization vulnerabilities with application version information includes: detecting the current version information of the web application running on the server. It is determined that there is a Java deserialization vulnerabili...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 辛佳橼
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap