The invention provides a method for using a virtual machine to improve the performance in software-testing based on fault injection. Based on the EAI (environment-application interaction) model put forward by WENLIANG DU, Syracuse University (US), the fault injection is carried out on the interaction point of the application program and the environment thereof in the invention to disturb the environment and further test the software vulnerability, thus reducing the semantic difference between the injected fault and the actual fault, reducing the number of test cases and respectively achieving the two functional parts of the test tool at the host and guest of the virtual machine; and based on the shared files between the virtual machine and the guest, and the backup and recovery mechanism of the virtual machine, the invention can improve the robustness and flexibility of the test tool. The tool generated by the method comprises an application program configuration file (10), a fault test case generator (5), a security analysis module (6), a graphical user interface (7), an environment recovery module (9), a fault injector (11) and a data collector (12), wherein the tool further comprises software (13) to be tested and shared memory auxiliary modules (14), (15) and (16) of the virtual machine for sharing the data related to the tests. The method of the invention is capable of effectively detecting and simulating the security breaches in the software and improving the security of the software.