Security test method and device, computer equipment and storage medium

Abstract

The invention relates to a security test method and device, computer equipment and a storage medium. The method relates to the technical field of information security, and comprises the following steps: generating a simulation network message according to an input parameter of a to-be-tested application program, and transmitting the simulation network message to a virtual server program in a user terminal; intercepting the analog network message in the process of transmitting the analog network message to the virtual server program; processing the analog network message, and performing a security test based on the processed analog network message. That is, in the embodiment of the invention, the simulation network environment can be established locally at the user terminal, the problem that the security test cannot be carried out due to the fact that the man-in-the-middle test module cannot acquire the input parameters due to direct interaction between the application program and the server can be avoided, and the simulation network message is generated through the simulation network environment; and the security test on the to-be-tested application program is realized by processing the simulation network message, so that the security test efficiency is improved.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a security testing method, device, computer equipment and storage medium. Background technique [0002] With the popularization of smart terminals, a large amount of mobile phone software (application, APP for short) emerges in the application market for downloading and using by user terminals. In order to ensure the security of the APP installed on the user terminal, before the APP is released, it is necessary to conduct a security inspection on the APP to identify vulnerabilities. [0003] In traditional technologies, security detection is usually performed through an intermediary agent. The intermediary agent method refers to hijacking the APP traffic of the user terminal through an intermediary agent detection tool, and analyzing the hijacked APP traffic to achieve security detection. [0004] However, with the continuous improvement of the security re...

AI Technical Summary

Problems solved by technology

[0004] However, with the continuous improvement of the security resistance capabilities of user terminals, more and more APPs have adopted security measures against intermediate agent detection tools (for example, user terminals usually directly use message encryption, secure tunnels, etc. to communicate with the server communication without forwarding traffic through an intermediate agent), the intermediate agent detection tool cannot successfully obtain the unencrypted APP traffic of the user terminal, and thus cannot perform security detection on the APP installed on the user terminal, resulting in low efficiency of security detection

Images