Static code security diagnosis method and device

A technology of static codes and diagnostic methods, applied in the field of security diagnosis, can solve problems affecting function/process/performance testing, increased test time, system downtime, etc.

Pending Publication Date: 2021-03-09
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The above methods all require testers to manually crawl the application link and make some kind of modification to the request. However, the modification of the request may cause some irreversible damage to the system at the same time, such as system downtime and persistent data in the database. Deletion will affect the normal function / process / performance test, etc., which will undoubtedly cause a great burden on the testers, and the test time will be greatly increased; at the same time, after the problem is fixed during the development, the tester needs to iteratively test again, and the test cost will be greatly increased.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Static code security diagnosis method and device
  • Static code security diagnosis method and device
  • Static code security diagnosis method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention more clear, the embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings. Here, the exemplary embodiments and descriptions of the present invention are used to explain the present invention, but not to limit the present invention. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

[0040] figure 1 is a schematic flowchart of a static code security diagnosis method in an embodiment of the present invention, as shown in figure 1 shown, including:

[0041] S1: Obtain the static code of the program to be diagnosed; the static code includes multiple word segmentations;

[0042] S2: Perform lexical analysis on each word segmentation to obtain a word segmentation symbol table...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A static code security diagnosis method and device provided by the embodiment of the invention can be applied to the technical field of information security. The method comprises the steps of obtaining a static code of a to-be-diagnosed program; performing lexical analysis on each segmented word to obtain a segmented word symbol table; and performing vulnerability detection on the segmented wordsunder each entry according to the feature information of each segmented word, determining vulnerability segmented words under each entry, and further diagnosing vulnerability codes. On the basis of atext analysis technology, a lexical analyzer is constructed, lexical analysis is carried out on static codes to obtain a symbol table corresponding to the codes, and under the condition that developers do not need to carry out manual operation, the security index condition of application codes, finer-grained vulnerability description, specific vulnerability detailed information and a vulnerabilityrectification scheme are obtained, the obtained data can be subjected to vulnerability overall data analysis and data mining, and security code vulnerability test inspection and analysis do not needto be conducted manually.

Description

technical field [0001] The invention relates to the technical field of safety diagnosis, in particular to a static code safety diagnosis method and device. Background technique [0002] In the era of rapid development of Internet business. Each project team adopts agile, iterative and other development methods to ensure development efficiency. In this fast-online and fast-delivery mode, how to use efficient testing methods to ensure the safety testing process in the project and shorten the project testing cycle is particularly important. At present, there are many conventional methods for security testing of Java web applications, such as using AppScan tool for black-box scanning, and using some penetration testing tools such as Nessus to conduct security analysis on data by tampering with requests. But without exception, they all belong to the security inspection after the completion of the project coding stage, but the earlier the security problems are found in the projec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57G06F40/284G06K9/62
CPCG06F21/563G06F40/284G06F21/577G06F18/241
Inventor 郭雷娟杨卓俊勾志营李麦琪
Owner INDUSTRIAL AND COMMERCIAL BANK OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap