Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Permission vulnerability detection method and device

A vulnerability detection and permission technology, applied in the field of network security, can solve problems such as strong correlation of system permissions, omission of scenes, leakage of sensitive information, etc., and achieve the effect of reducing repeated detection work, improving accuracy, and improving detection efficiency

Pending Publication Date: 2021-07-16
BANK OF CHINA
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At present, in the detection of security vulnerabilities, permission issues are the most important thing in detection, because once there is a problem with permissions, it is likely to lead to large-scale sensitive information leakage, and the consequences are worse than one or two cross-site scripting attacks (XSS, Cross SiteScript) much more serious
Since the permission vulnerability is a kind of vulnerability that is highly related to the business, and security testers do not participate in the development of production tasks, business understanding mainly relies on manual communication between developers and the security test team, resulting in the need for communication between developers and security testers. Multiple rounds of communication require high time and cost but low detection efficiency; and the permissions of each system are highly correlated, and security testers are not familiar with the business, resulting in scene omissions or false positives during the detection process, resulting in low detection accuracy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Permission vulnerability detection method and device
  • Permission vulnerability detection method and device
  • Permission vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0056] The embodiment of the present invention provides a permission loophole detection method to improve detection efficiency and detection accuracy, such as figure 1 As shown, the method includes:

[0057] Step 101: Obtain all traffic data of the system to be detected;

[0058] Step 102: According to the pre-configured authority parameters, perform normalization processing for merging similar URLs on all traffic data, and sample the normalized...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a permission vulnerability detection method and device, and the method comprises the steps of carrying out the same type uniform resource positioning conformity normalization processing of all traffic data according to a pre-configured permission parameter, and carrying out the sampling to obtain deduplicated traffic data; classifying the de-duplicated traffic data according to the affiliated function module by utilizing a lifting tree model to obtain interface data under different function module types; according to the interface data under different functional module types, scanning the interfaces under each functional module type one by one, and determining a scanning result of the permission vulnerability; and receiving a vulnerability correction instruction, and correcting the scanning result of the permission vulnerability to obtain a permission vulnerability detection result. The detection efficiency is improved by removing the repeated flow data; and the vulnerability correction instruction is used for further correction, and long-time communication between developers and a security test team is not needed, so that the detection efficiency is improved, and the detection accuracy is improved. The invention is applied to the field of network security.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting authority loopholes. Background technique [0002] At present, in the detection of security vulnerabilities, permission issues are the most important thing in detection, because once there is a problem with permissions, it is likely to lead to large-scale sensitive information leakage, and the consequences are worse than one or two cross-site scripting attacks (XSS, Cross SiteScript) Much more serious. Since the permission vulnerability is a kind of vulnerability that is highly related to the business, and security testers do not participate in the development of production tasks, business understanding mainly relies on manual communication between developers and the security test team, resulting in the need for communication between developers and security testers. Multiple rounds of communication require high time and cost but low det...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F16/901G06F16/9035G06F16/906G06F16/955
CPCG06F21/577G06F16/9027G06F16/9035G06F16/906G06F16/955
Inventor 马晓亮
Owner BANK OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com