WEB application vulnerability detection method and system

A vulnerability detection and vulnerability technology, which is applied in the field of network security, can solve the problems of high rate of vulnerability false positives and low path coverage, and achieve the effect of increasing the probability of triggering vulnerabilities, improving detection accuracy, and improving vulnerability detection capabilities

Active Publication Date: 2022-03-01
NAT UNIV OF DEFENSE TECH
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to solve the above technical problems, the present invention proposes a technical solution for WEB application vulnerability detection to solve the problem of low path coverage in the existing technology of vulnerability dynamic detection technology and the problem of high vulnerability false negative rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WEB application vulnerability detection method and system
  • WEB application vulnerability detection method and system
  • WEB application vulnerability detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0052] The first aspect of the present invention discloses a WEB application loophole detection method. figure 1 It is a flowchart of a method for detecting WEB application vulnerabilities according to an embodiment of the present invention, such as figure 1 As shown, the method includes: step S1, obtaining the program identification of the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a WEB application vulnerability detection method and system, and the method comprises the steps: S1, obtaining a program identifier of a target WEB application, and obtaining a source code of the target WEB application according to the program identifier; s2, performing command injection vulnerability detection on the source code of the target WEB application; s3, a feedback code is inserted into a source code of the target WEB application according to a command injection vulnerability detection result; s4, sending a vulnerability test sample to the target WEB application to trigger a potential vulnerability; step S5, if the potential vulnerability is successfully triggered, generating a vulnerability test script; and step S6, if the potential vulnerability fails to trigger, obtaining a feedback result generated by the target WEB application, and adjusting the vulnerability test sample according to the feedback result. According to the method, a test feedback mechanism is added based on a basic flow of penetration testing, and a next-round test sample is dynamically modified according to test feedback information of each time, so that the vulnerability detection capability is improved, the detection accuracy of Web vulnerabilities is improved, and the vulnerability false alarm rate is reduced.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method and system for detecting WEB application loopholes. Background technique [0002] In recent years, my country's cloud computing, big data, Internet of Things, industrial Internet, artificial intelligence and other new technologies and applications have developed on a large scale, and network security risks have converged and superimposed and evolved rapidly. The application of Internet technology continues to blur the boundary between the physical world and the virtual world, and its integration, penetration, and driving effects on the development of the entire economy and society are becoming more and more obvious. The risks and challenges it brings are also increasing, and threats and risks in cyberspace are increasing. Among them, web application security is an important part of network security issues. Web applications play an important role in d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/563G06F21/577G06F2221/034
Inventor 陆余良赵家振黄晖刘京菊杨国正于璐钟晓峰戚兰兰
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap