Application program security test method and related device

An application program and security testing technology, applied in computer security devices, software testing/debugging, error detection/correction, etc., can solve problems such as error-prone and inaccurate application program security testing methods, and reduce the dependence on request response Effect

Pending Publication Date: 2021-06-22
TENCENT TECH (SHENZHEN) CO LTD
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the above-mentioned application program security testing method relies heavily on the application program’s request response to the scanning request. In the case of network delays, algorithm de

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Application program security test method and related device
  • Application program security test method and related device
  • Application program security test method and related device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] Embodiments of the present application are described below in conjunction with the accompanying drawings.

[0030] In related technologies, application A is deployed under a server that provides network services to build a security testing environment for application A; all external requests received by application A are collected and forwarded to the DAST scanner, which generates scanning requests. The scanning request is used to scan the application A, and the application A responds to the scanning request, and returns the request response to the DAST scanner. The DAST scanner judges whether there is a vulnerability in the application A according to the request response, and realizes the security test of the application A.

[0031] However, the above-mentioned application A security testing method relies heavily on the request response obtained by the application A responding to the scanning request. In the case of network delays, algorithm defects, etc., it is easy to...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses an application program security test method and a related device, and the method comprises the steps: obtaining an external request of an application program, and generating a scanning request carrying a scanning mark through a preset scanning strategy; in the process of scanning the application program by using the scanning request, detecting whether the parameter information used by the sensitive function called by the application program comprises the scanning mark, and if so, reporting the parameter information used by the sensitive function; and analyzing the reported parameter information used by the sensitive function by using a preset vulnerability analysis strategy corresponding to the sensitive function. According to the method, the request response of the application program to the scanning request does not need to be waited, in the scanning process, it is detected that the parameter information used by the sensitive function called by the application program comprises the scanning mark which indicates that the sensitive function is the sensitive function possibly having the vulnerability, and vulnerability analysis is further performed on the parameter information used by the sensitive function; therefore, whether the application program has vulnerabilities or not is judged, and application program security testing is achieved.

Description

technical field [0001] The present application relates to the field of security testing, in particular to an application program security testing method and related devices. Background technique [0002] With the rapid development of the application program, after the application program is developed, due to negligence during the development process, limitations of the programming language used or compilation defects, etc., any application program will inevitably have certain loopholes, which will affect the application. The security of the program; therefore, it is necessary to carry out security testing on the application program and determine the vulnerabilities of the application program for subsequent vulnerability repair to improve the security of the application program. [0003] At present, the application security testing method is to collect the external request of the application and submit it to the Dynamic Application Security Testing (DAST) scanner. The DAST sc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57G06F11/36
CPCG06F11/3688G06F21/577G06F2221/033
Inventor 牛保龙
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap