Vulnerability detection method and device based on background RPC interface

A technology of vulnerability detection and interface configuration, applied in the field of big data, can solve the problems of lagging test progress, waste of manpower, low efficiency, etc., and achieve the effect of lowering the threshold of security testing and reducing the false positive rate

Pending Publication Date: 2021-10-29
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At present, there are a large number of RPC service interfaces for data transmission in application business scenarios, and the widely used testing tools in the prior art are all automated tests for the http interface, and there is a lack of automated testing methods for the RPC interface. Therefore, in the prior art, only Use manual testing methods to test the RPC interface, specifically: the existing solutions basically rely on manpower, waste manpower, and cannot efficiently mine and predict security vulnerabilities, often only when a component has exposed clear vulnerability characteristics , only to manually construct and run the payload to check for vulnerabilities, the efficiency is relatively low, and the test progress is obviously lagging behind

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection method and device based on background RPC interface
  • Vulnerability detection method and device based on background RPC interface
  • Vulnerability detection method and device based on background RPC interface

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0050]Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of big data, and provides a vulnerability detection method and device based on a background RPC interface, and the method comprises the steps: receiving RPC interface configuration data sent by a user; collecting data of a to-be-detected system according to the RPC interface configuration data; and carrying out a payload attack on the collected data, and generating a test result of the to-be-detected system. According to the method and device, the security test threshold can be greatly reduced, manual test by development testers is not needed, the security index condition of the system, finer-grained vulnerability description, specific vulnerability detailed information and a vulnerability rectification scheme can be obtained, the obtained data can be subjected to overall data analysis and data mining, and manual inspection and analysis of the security vulnerability test are not needed.

Description

technical field [0001] This application can be used in the field of big data technology, and specifically relates to a method and device for detecting vulnerabilities based on a background RPC interface. Background technique [0002] At present, there are a large number of RPC service interfaces for data transmission in application business scenarios, and the widely used testing tools in the prior art are all automated tests for the http interface, and there is a lack of automated testing methods for the RPC interface. Therefore, in the prior art, only Use manual testing methods to test the RPC interface, specifically: the existing solutions basically rely on manpower, waste manpower, and cannot efficiently mine and predict security vulnerabilities, often only when a component has exposed clear vulnerability characteristics , only to artificially adopt the method of manually constructing and running the payload for vulnerability investigation, which is relatively inefficient...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57H04L29/06
CPCG06F21/577H04L63/1433H04L63/1441H04L67/133
Inventor 郭雷娟杨卓俊勾志营
Owner INDUSTRIAL AND COMMERCIAL BANK OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap