Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Code-free process visualization vulnerability detection method and system

A vulnerability detection and process technology, applied in the field of system security, to achieve the effect of simple and convenient testing and debugging, improving development and debugging efficiency, and reducing development capability requirements

Active Publication Date: 2022-05-31
成都无糖信息技术有限公司
View PDF14 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the need to manually write script codes or compile scanning rule configuration files in the existing technology; and writing scanning rule configuration files also needs to be based on fixed templates, compile process and logic rules, and also need to learn and manually insert custom functions in the engine, To solve the problem of learning specific processes and grammatical specifications, the present invention proposes a code-free process visualization vulnerability detection method and system. form, to realize the customized development of complex vulnerability scanning process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code-free process visualization vulnerability detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] Such as figure 1 As shown (the dotted line box in the drawing is an unnecessary process), the present invention proposes a code-free process visualization vulnerability detection method, including:

[0048] S1: Firstly, abstract and encapsulate the testing process of various tests in vulnerability scanning into an interface, and build different system variables for different testing processes to bind the result data of the testing process with the next testing process and logical judgment Medium; also includes setting global variables: users create global variables through the visual form, and assign values ​​to global variables, and support adding processing rules to global variables. The processing rules include: prefix, suffix, reverse, interception, encoding string and decoding string. The processing rules take effect before the global variable is referenced.

[0049] The present invention can insert global variables through a visual interface in creating test pro...

Embodiment 2

[0077] Embodiment 2: as figure 1 As shown (the dotted line frame in the accompanying drawing is a non-essential process flow), the specific steps of the present invention include:

[0078] 1. Test process encapsulation: abstract and encapsulate the test process in the vulnerability test process into an interface, and encapsulate vulnerabilities such as sending HTTP requests, delaying waiting for a specified time, identifying and extracting verification codes, extracting data from responses, and processing data, etc. Commonly used test procedures in scanning, and more test procedures can be expanded through the interface.

[0079] 2. System variable design: Most of the test processes will generate corresponding execution results after the execution is completed, so the program encapsulates some system variables such as: binding R-type variables that send HTTP request results, binding identification and extraction verification The Y type variable of the code result, the E type ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a code-free process visualization vulnerability detection method and system. In the prior art, script codes or scanning rule configuration files need to be compiled manually; in order to solve the problems that in the prior art, a scanning rule configuration file needs to be written on the basis of a fixed template, a programming process and a logic rule, a user-defined function in an engine needs to be learned and manually inserted, and a specific process and a grammar specification need to be learned, the technical scheme comprises the steps that firstly, a program automatically completes a test process packaging operation; when a user creates a vulnerability detection method, a program automatically completes system variable initialization, and meanwhile it is guaranteed that variables of different detection methods do not affect one another; then, a user can customize a global variable to be quoted in subsequent operation; then, a test process is newly built, the global variable and the system variable which are created before can be quoted in the process, and a result is bound to the unused system variable; and finally, adding a judgment rule set, and carrying out logic synthesis to judge whether vulnerabilities exist or not.

Description

technical field [0001] The invention belongs to the technical field of system security, and in particular relates to a codeless process visualization loophole detection method and system. Background technique [0002] With the development of network technology, people pay more and more attention to information security. If there is a security loophole in the application program of the website or server, it will not only affect the normal use of the function, but also cause the leakage of data and confidentiality in severe cases. Cause serious economic loss and harm. Therefore, the detection of loopholes is particularly important. [0003] In the prior art, vulnerabilities are usually detected by a vulnerability scanner. In the related products of vulnerability scanners, there are usually three forms in the processing of vulnerability scanning rules: the first is to hard-code the vulnerability scanning and judgment mechanism in the scanning engine; the second is to separat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F21/56G06F11/36
CPCG06F21/577G06F21/562G06F11/3668
Inventor 李维张瑞冬童永鳌朱鹏
Owner 成都无糖信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com