Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Path traversal vulnerability detection method

A vulnerability detection and path technology, applied in the computer field, can solve problems such as high time cost, low scene coverage, large and dirty data, etc., and achieve the effect of improving efficiency

Pending Publication Date: 2021-12-31
杭州孝道科技有限公司
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Black-box detection technology needs to send a large number of data packets with characteristic strings for vulnerability detection, so this technology will generate a large amount of dirty data and dirty operations during the test process, and cannot Construct data packets, so black box detection technology also has problems such as low scene coverage
Code audit technology requires in-depth analysis of the source code of the application, which consumes a lot of time and cost, and because the technology analyzes the data when the simulation program is running, the rate of false positives for vulnerabilities is high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Path traversal vulnerability detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0025] Such as figure 1 As shown, a path traversal vulnerability detection method of the present invention comprises the following steps:

[0026] Step 1: Inserting the Java EE program through the bytecode enhancement method;

[0027] Step 2: The instrumentation program traces the propagation path of the data acquired by the Java EE program from the outside in the program;

[0028] Step 3: When the instrumentation program finds that the external data is directly transmitted to the path traversal risk method without passing through the security filtering method, it will make a logical judgment on the vulnerability detection; exist.

[0029] The vulnerability detection logic judgment described in Step 3 includes the following:

[0030] When the JDK version is less than 7U40, it is judged that the vulnerability is more harmful and can ac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a path traversal vulnerability detection method. The method comprises the following steps of 1, performing program instrumentation on a Java EE program through a byte code enhancement method; 2, by the instrumentation program, tracking the propagation path of data, obtained from the outside by the Java EE program, in the program; 3, when the instrumentation program finds that external data is directly propagated to the path traversal risk method without passing through a security filtering method, performing vulnerability detection logic judgment; and when the instrumentation program finds that the external data is propagated through the security filtering method, determining that the vulnerability does not exist. According to the method, the data flow direction during running of the application program can be tracked in real time during running of the Java EE program, the real forming process of the vulnerability and the specific code position of the vulnerability can be detected, and online, real-time, comprehensive and accurate vulnerability detection is achieved. Meanwhile, whether the vulnerability exists or not can be determined by analyzing the propagation paths of the stains in different scenes, and the possible utilization harm of the vulnerability can be given separately.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a path traversal vulnerability detection method. Background technique [0002] Existing technologies are mainly divided into two categories for PHP Web application vulnerability detection. One is black-box detection technology, which simulates hacker attacks to test applications, replays data packets with characteristic strings, and analyzes application responses according to the vulnerability principles of different types of vulnerabilities to detect vulnerabilities; the second category is code Auditing technology is to analyze the syntax and semantics of the application source code, and analyze the vulnerability of the program at the code level by simulating the data flow when the program is running, so as to achieve the purpose of vulnerability detection. Black-box detection technology needs to send a large number of data packets with characteristic strings for vulnerabilit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 范丙华徐锋刘永瑞
Owner 杭州孝道科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com