CN112560045A - Application program vulnerability detection method and device, computer equipment and storage medium - Google Patents
Application program vulnerability detection method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112560045A CN112560045A CN202011443470.7A CN202011443470A CN112560045A CN 112560045 A CN112560045 A CN 112560045A CN 202011443470 A CN202011443470 A CN 202011443470A CN 112560045 A CN112560045 A CN 112560045A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- function
- taint
- code
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application relates to a big data processing technology in artificial intelligence, and provides an application program vulnerability detection method, an application program vulnerability detection device, computer equipment and a storage medium. The method comprises the following steps: acquiring a program code of an application program to be tested; generating a code attribute graph according to the program code, and acquiring a function test request inlet of the application program to be tested; vulnerability searching is carried out on the code attribute graph according to the function test request inlet and a preset static taint analysis rule, and vulnerability searching results are obtained; generating a static analysis attack vector according to the vulnerability search result; performing dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet to obtain a dynamic test result; and carrying out vulnerability triggering detection on the dynamic test result to obtain a vulnerability detection result. By adopting the method, the false alarm rate of the loophole can be greatly reduced, and the accuracy rate of the security test is improved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for detecting an application vulnerability, a computer device, and a storage medium.
Background
With the development of computer technology, a security testing technology appears, and the security testing mainly refers to testing whether an application program has a security vulnerability.
In the conventional technology, a common security testing method includes static analysis and dynamic analysis, wherein the static analysis method includes regular matching, syntax semantic analysis and the like, and the dynamic analysis refers to performing instrumentation on a key function in a program, acquiring a running state of the program, and checking running logic of the program and whether a bug exists through an incoming attack vector.
However, the traditional application program vulnerability detection method has the problems of high vulnerability false alarm rate and low security test accuracy rate.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an application vulnerability detection method, apparatus, computer device and storage medium capable of improving security test accuracy.
A method for application vulnerability detection, the method comprising:
acquiring a program code of an application program to be tested;
generating a code attribute graph according to the program code, and acquiring a function test request inlet of the application program to be tested;
vulnerability searching is carried out on the code attribute graph according to the function test request inlet and a preset static taint analysis rule, and vulnerability searching results are obtained;
generating a static analysis attack vector according to the vulnerability search result;
performing dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet to obtain a dynamic test result;
and carrying out vulnerability triggering detection on the dynamic test result to obtain a vulnerability detection result.
An application vulnerability detection apparatus, the apparatus comprising:
the acquisition module is used for acquiring a program code of an application program to be tested;
the first processing module is used for generating a code attribute graph according to the program code and acquiring a function test request inlet of the application program to be tested;
the vulnerability searching module is used for searching vulnerabilities on the code attribute graph according to the function test request inlet and a preset static taint analysis rule to obtain vulnerability searching results;
the second processing module is used for generating a static analysis attack vector according to the vulnerability search result;
the test module is used for carrying out dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet to obtain a dynamic test result;
and the vulnerability detection module is used for carrying out vulnerability trigger detection on the dynamic test result to obtain a vulnerability detection result.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring a program code of an application program to be tested;
generating a code attribute graph according to the program code, and acquiring a function test request inlet of the application program to be tested;
vulnerability searching is carried out on the code attribute graph according to the function test request inlet and a preset static taint analysis rule, and vulnerability searching results are obtained;
generating a static analysis attack vector according to the vulnerability search result;
performing dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet to obtain a dynamic test result;
and carrying out vulnerability triggering detection on the dynamic test result to obtain a vulnerability detection result.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring a program code of an application program to be tested;
generating a code attribute graph according to the program code, and acquiring a function test request inlet of the application program to be tested;
vulnerability searching is carried out on the code attribute graph according to the function test request inlet and a preset static taint analysis rule, and vulnerability searching results are obtained;
generating a static analysis attack vector according to the vulnerability search result;
performing dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet to obtain a dynamic test result;
and carrying out vulnerability triggering detection on the dynamic test result to obtain a vulnerability detection result.
According to the application program vulnerability detection method, the application program vulnerability detection device, the computer equipment and the storage medium, a code attribute graph is generated according to a program code of an application program to be detected, a function test request inlet of the application program to be detected is obtained, vulnerability search can be carried out on the code attribute graph according to a preset static taint analysis rule by taking the function test request inlet as an inlet, a vulnerability search result is obtained, a static analysis attack vector is generated according to the vulnerability search result, dynamic test can be carried out by utilizing the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet, a dynamic test result is obtained, vulnerability trigger detection can be carried out on the dynamic test result, and a vulnerability detection result is obtained. In the whole process, the static analysis attack vector obtained by static taint analysis can be verified by using dynamic test, and meanwhile, the preset dynamic analysis attack vector is used for dynamic test, so that the false alarm rate of the bug can be greatly reduced, and the accuracy rate of the safety test is improved.
Drawings
FIG. 1 is a flowchart illustrating a method for vulnerability detection in an application in one embodiment;
FIG. 2 is a diagram of an application scenario for a method for vulnerability detection in an application in one embodiment;
FIG. 3 is a diagram of a method for application vulnerability detection in one embodiment;
FIG. 4 is a flowchart illustrating a method for vulnerability detection in an application in accordance with another embodiment;
FIG. 5 is a diagram illustrating a static analysis method in the application vulnerability detection method in one embodiment;
FIG. 6 is a diagram illustrating a dynamic analysis method in the application vulnerability detection method in one embodiment;
FIG. 7 is a flowchart illustrating a method for vulnerability detection in an application program according to yet another embodiment;
FIG. 8 is a block diagram of an apparatus for application vulnerability detection in one embodiment;
FIG. 9 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
The present application relates to the art of artificial intelligence, which is a theory, method, technique and application system that uses a digital computer or a machine controlled by a digital computer to simulate, extend and expand human intelligence, perceive the environment, acquire knowledge and use the knowledge to obtain optimal results. In other words, artificial intelligence is a comprehensive technique of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can react in a manner similar to human intelligence. Artificial intelligence is the research of the design principle and the realization method of various intelligent machines, so that the machines have the functions of perception, reasoning and decision making.
The artificial intelligence technology is a comprehensive subject and relates to the field of extensive technology, namely the technology of a hardware level and the technology of a software level. The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like. The application mainly relates to big data processing technology. The big data refers to a data set which cannot be captured, managed and processed by a conventional software tool within a certain time range, and is a massive, high-growth-rate and diversified information asset which can have stronger decision-making power, insight discovery power and flow optimization capability only by a new processing mode. With the advent of the cloud era, big data has attracted more and more attention, and the big data needs special technology to effectively process a large amount of data within a tolerance elapsed time. The method is suitable for the technology of big data, and comprises a large-scale parallel processing database, data mining, a distributed file system, a distributed database, a cloud computing platform, the Internet and an extensible storage system.
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In an embodiment, as shown in fig. 1, an application vulnerability detection method is provided, and this embodiment is exemplified by applying the method to a terminal, it is to be understood that the method may also be applied to a server, may also be applied to a system including the terminal and the server, and is implemented through interaction between the terminal and the server. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, CDN, big data and artificial intelligence platform. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The interaction between the terminal and the server means that the terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein. In this embodiment, the method includes the steps of:
step 102, obtaining a program code of an application program to be tested.
The application program to be tested refers to an application program which needs to be tested whether a security vulnerability exists or not.
Specifically, before the test, the developer uploads the program code of the application program to be tested to the code repository, and the terminal can directly obtain the program code of the application program to be tested from the code repository. For example, the code repository may specifically be a git library, before the test is performed, a developer may upload the program code of the application program to be tested to the git library, and the terminal may directly pull the program code of the application program to be tested from the git library.
And 104, generating a code attribute graph according to the program code, and acquiring a function test request inlet of the application program to be tested.
The code attribute graph is an attribute graph formed by fusing a code generation call graph, a control flow graph and an abstract syntax tree of a program code, and the attribute of the program code is described through nodes and edges. The nodes in the code attribute graph mainly comprise class nodes, function nodes and statement nodes, the class nodes are mainly used for representing classes in the program codes, the function nodes are mainly used for representing functions in the program codes, the function nodes comprise function starting statements, function data flow trends and the like, and the statement nodes are mainly used for representing statements in the program codes. The edges in the code attribute graph mainly comprise call relation edges and control flow relations, wherein the call relation edges are used for representing call relations among functions, and the control flow relations are used for representing data flow relations among nodes. The function test refers to testing the service function which can be realized by the application program to be tested, and the function test request entry refers to a program entry during the function test.
Specifically, after obtaining the program code, the terminal generates a call graph, a control flow graph and an abstract syntax tree according to the program code, generates the call graph, the control flow graph and the abstract syntax tree by fusing the code, generates a code attribute graph, monitors a function test request of the application program to be tested, obtains a function test request execution path when monitoring the function test request of the application program to be tested, and obtains a function test request entry according to the function test request execution path.
And 106, searching for vulnerabilities on the code attribute graph according to the function test request entry and a preset static taint analysis rule to obtain vulnerability search results.
Wherein, the stain refers to a data pollution point. The preset static taint analysis rule refers to a preset static taint analysis rule which comprises a taint introduction rule, a taint processing rule and a preset vulnerability triggering rule, the taint introduction rule refers to a restriction rule for taint introduction, the taint processing rule comprises a taint merging rule, a taint deleting rule and a taint spreading rule, is used for carrying out taint treatment when searching for vulnerabilities on the code attribute graph, presetting vulnerability triggering rules for presetting the condition of triggerable vulnerabilities, for example, the preset vulnerability triggering rule may specifically be a preset vulnerability triggering function which may trigger a vulnerability, the vulnerability searching is performed to search whether a vulnerability exists on the code attribute map, the vulnerability searching result is a vulnerability existence condition on the code attribute map determined according to the preset vulnerability triggering rule, and the vulnerability searching result includes a vulnerability type and a vulnerability triggering path.
Specifically, after the functional test request entry is obtained, the terminal introduces a taint into the functional test request entry according to a taint introduction rule in the preset static taint analysis rules, and performs vulnerability search on the code attribute graph according to the taint, a taint processing rule in the preset static taint analysis rules and a preset vulnerability triggering rule to obtain a vulnerability search result.
And step 108, generating a static analysis attack vector according to the vulnerability search result.
The vulnerability search result comprises a vulnerability type and a vulnerability triggering path, the vulnerability type comprises vulnerability types common in the security test of the application program, such as SQL (Structured Query Language) injection vulnerability, cross-site script vulnerability, weak password vulnerability and the like, and the vulnerability triggering path refers to an execution path for triggering vulnerability generation in the code attribute graph. The static analysis attack vector refers to a vector which is generated by static analysis and attacks the application program to be tested. For example, the static analysis attack vector may be specifically a character sequence.
Specifically, the terminal determines a vulnerability type and a vulnerability trigger path corresponding to the vulnerability type according to the vulnerability search result, and generates a static analysis attack vector according to the vulnerability type and the vulnerability trigger path.
And step 110, performing dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the function test request entrance to obtain a dynamic test result.
The preset dynamic analysis attack vector refers to a vector which is set in advance according to a common vulnerability type and attacks the application program to be tested during dynamic analysis. For example, the dynamic analysis attack vector may specifically be a character sequence preset according to an SQL injection vulnerability, a cross-site scripting vulnerability, a weak password vulnerability, and the like. The dynamic test result refers to the execution result of the static analysis attack vector and the preset dynamic analysis attack vector in the application program to be tested.
Specifically, the terminal inputs a static analysis attack vector and a preset dynamic analysis attack vector into the application program to be tested according to the function test request entry in sequence to perform dynamic test, obtains a first test result corresponding to the static analysis attack vector and a second test result corresponding to the preset dynamic analysis attack vector, and obtains a dynamic test result according to the first test result and the second test result.
And 112, performing vulnerability triggering detection on the dynamic test result to obtain a vulnerability detection result.
The dynamic test result comprises a dynamic test execution path, wherein the dynamic test execution path refers to an execution path of the application program to be tested after the static analysis attack vector and the preset dynamic analysis attack vector are sequentially input into the application program to be tested for dynamic test, and the execution path comprises an execution function, a function parameter and the like. The vulnerability triggering detection is to detect whether the execution function in the dynamic test execution path is a vulnerability trigger function defined by a preset vulnerability trigger rule, and the vulnerability trigger function includes a static analysis attack vector and/or a dynamic analysis attack vector. The vulnerability detection result refers to a result of vulnerability detection on the application program to be tested, and the vulnerability detection result comprises a function capable of triggering the vulnerability and a corresponding vulnerability type.
Specifically, the terminal performs vulnerability trigger detection on the dynamic test result according to a preset vulnerability trigger rule, detects whether a target execution function corresponding to the vulnerability trigger function in the preset vulnerability trigger rule exists in the execution function of the dynamic test result, and whether a function parameter of the target execution function relates to a static analysis attack vector and/or a dynamic analysis attack vector, so as to obtain a vulnerability detection result.
According to the application program vulnerability detection method, the code attribute graph is generated according to the program code of the application program to be detected, the function test request inlet of the application program to be detected is obtained, vulnerability search can be carried out on the code attribute graph according to the preset static taint analysis rule by taking the function test request inlet as the inlet, a vulnerability search result is obtained, the static analysis attack vector is generated according to the vulnerability search result, dynamic test can be carried out by utilizing the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet, a dynamic test result is obtained, vulnerability trigger detection can be carried out on the dynamic test result, and a vulnerability detection result is obtained. In the whole process, the static analysis attack vector obtained by static taint analysis can be verified by using dynamic test, and meanwhile, the preset dynamic analysis attack vector is used for dynamic test, so that the false alarm rate of the bug can be greatly reduced, and the accuracy rate of the safety test is improved.
In one embodiment, generating a code property graph from program code comprises:
obtaining a code generation call graph, a control flow graph and an abstract syntax tree corresponding to the program code according to the program code;
and fusing the codes to generate a call graph, a control flow graph and an abstract syntax tree, and generating a code attribute graph.
The code generation call graph is used for representing call relations among the program codes, the control flow graph is used for representing data flow trends of the program codes, and the abstract syntax tree is used for representing the structure of each statement in the program codes.
Specifically, the terminal performs semantic syntax analysis on the program code to obtain a code generation call graph, a control flow graph and an abstract syntax tree corresponding to the program code, and then fuses the code generation call graph, the control flow graph and the abstract syntax tree to generate a code attribute graph. The fusion may be performed by using a sentence node as a combining point, and this embodiment is not limited in this respect.
In this embodiment, the code attribute graph can be obtained by obtaining a corresponding code generation call graph, a control flow graph and an abstract syntax tree according to a program code, fusing the code generation call graph, the control flow graph and the abstract syntax tree, and generating the code attribute graph.
In one embodiment, after generating the code attribute map, the method further includes:
performing hash operation on the function block in the program code to obtain hash information corresponding to the function block;
when the program code is updated, acquiring an updated program code, and determining an update function block according to the hash information and the updated program code;
and performing incremental updating on the code attribute graph according to the updating function block to obtain a code attribute graph corresponding to the updated program code.
The hash operation is to convert an input of an arbitrary length into an output of a fixed length by a hash algorithm, and the output is a hash value. This transformation is a kind of compression mapping, i.e. the space of hash values is usually much smaller than the space of inputs, different inputs may hash to the same output, so it is not possible to determine a unique input value from a hash value. The hash information is a hash value corresponding to the function block obtained by the hash operation. An update function block is a function block in which a program code is updated with a change.
Specifically, after the code attribute map is generated, the terminal performs hash operation on the function block in the program code to obtain hash information corresponding to the function block in the program code, so that the hash information is used to uniquely represent the function block in the sequence code. When the program code is updated, the terminal acquires the updated program code from the git library, hashes function blocks in the updated program code to obtain hash information corresponding to the function blocks in the updated program code, compares the hash information of the program code and the hash information of the same function blocks in the updated program code to determine the updated function blocks with different hash information, and performs incremental updating on the code attribute map according to the updated function blocks to obtain the code attribute map corresponding to the updated program code.
The same function block refers to a function block that implements the same data processing function in the program code and the update program code, and implementing the same data processing function is understood herein to mean that the input data processed are the same and implement the same processing logic. The incremental updating of the code attribute graph according to the updating function block means that only nodes and edges related to the updating function block in the code attribute graph are updated.
In the embodiment, by using the hash operation, when the program code is updated, the update function block is determined, and the code attribute map is incrementally updated according to the update function block to obtain the code attribute map corresponding to the updated program code, so that the incremental update of the code attribute map can be realized, all the program codes do not need to be analyzed again, and the vulnerability detection efficiency can be effectively improved.
In one embodiment, obtaining the functional test request entry of the application to be tested comprises:
acquiring a link interface of an application program to be tested;
performing pile insertion on the application program to be tested according to the link interface;
when the function test request is monitored, acquiring a function test request execution path corresponding to the function test request;
and determining a functional test request inlet according to the functional test request execution path.
The link interface is an interface for establishing connection with an application program to be tested. The instrumentation means that some probes (also called as "detectors") are inserted into the program on the basis of ensuring the original logic integrity of the application program to be tested, which is essentially a code segment for information acquisition, and can be assignment statements or function calls for acquiring coverage information, characteristic data of program operation are thrown out through the execution of the probes, and through the analysis of the data, control flow and data flow information of the program can be obtained, and further dynamic information such as logic coverage and the like can be obtained, thereby realizing the test purpose. In this embodiment, the instrumentation means that some probes are inserted at the function start statement and the function end (before the function return statement) of the function block of the application program to be tested, so as to determine the function executed in the functional test. The functional test request refers to a request for performing a functional test on an application program to be tested, which is initiated by a user, and can be specifically implemented by operating the application program to be tested, which is set on the terminal. The functional test request execution path refers to a code path involved in performing a functional test.
Specifically, the terminal can obtain a link interface of an application program to be tested, establish a link with the application program to be tested through the link interface, further perform instrumentation on the application program to be tested according to the link interface, monitor the application program to be tested in a function test mode through the instrumentation, obtain a function test request execution path corresponding to the function test request after the function test is completed when the function test request is monitored, and determine a function test request entry according to the function test request execution path.
In this embodiment, the application program to be tested is instrumented to monitor the function test request, obtain the execution path of the function test request, determine the entry of the function test request according to the execution path of the function test request, and determine the entry of the function test request, so that the entry of the function test request can be used as a starting point for static analysis and dynamic analysis, instead of analyzing all program codes in the application program to be tested, so that vulnerability detection can be efficiently completed according to the function test requirement, and vulnerability detection efficiency is improved.
In one embodiment, the vulnerability search is performed on the code attribute graph according to the functional test request entry and the preset static taint analysis rule, and the obtaining of the vulnerability search result comprises:
introducing a taint at a functional test request inlet according to a taint introduction rule in preset static taint analysis rules;
performing taint analysis on the code attribute graph according to taints and taint processing rules in preset static taint analysis rules to obtain taint paths;
and obtaining a vulnerability search result according to the taint path and a preset vulnerability triggering rule in the preset static taint analysis rule.
The taint introduction rule is a rule for introducing taints, and the taint introduction is a rule for inputting taints at the entrance of the functional test request. For example, introducing taint may specifically refer to inputting contaminated source data at a functional test request portal. The taint processing rules comprise taint merging rules, taint deleting rules and taint propagation rules and are used for taint processing when vulnerability searching is carried out on the code attribute graph. The taint merging rule is mainly used for judging whether taint merging is performed or not. For example, the taint merging rule may specifically be that when branch merging exists and a branch includes a non-taint branch and a taint branch, the branch is merged into a taint branch, and the taint branch refers to a branch including a taint. The taint deletion rule is mainly used for judging whether taints are deleted or not, and the taint propagation rule is a basis for propagating taints in the code attribute graph. The taint path refers to an execution path of the taint in the code attribute graph, namely a data stream of taint propagation.
Specifically, the terminal generates a stain according to a stain introduction rule in a preset static stain analysis rule, introduces the stain into a function test request inlet, analyzes the stain on a code attribute graph according to the stain and a stain processing rule in the preset static stain analysis rule, obtains a stain path by performing stain propagation, stain combination and stain deletion on the code attribute graph, determines a function node related to the stain according to the stain path, and compares the function node related to the stain with a vulnerability trigger function in the preset vulnerability trigger rule to obtain a vulnerability search result.
When determining a function node related to a taint according to a taint path, mainly judging whether a function parameter of the function node relates to the taint, namely whether the function parameter is polluted by the taint, and when the function parameter is polluted by the taint, determining that the function node is the function node related to the taint. Comparing the function nodes related to the taint with the vulnerability trigger functions in the preset vulnerability trigger rules, and obtaining vulnerability search results specifically can be as follows: comparing the function name of the function node related to the stain with the function name of a vulnerability triggering function in a preset vulnerability triggering rule, when the function name of the function node related to the stain is the same as the function name of the vulnerability triggering function, acquiring a function execution path corresponding to the function node related to the stain with the same function name, taking the function execution path as a vulnerability triggering path, determining a vulnerability type according to the vulnerability triggering function with the same function name, and obtaining a vulnerability searching result according to the vulnerability type and the vulnerability triggering path.
In this embodiment, a taint is introduced into a functional test request entry according to a taint introduction rule, taint analysis is performed on a code attribute graph according to the taint and a taint processing rule to obtain a taint path, a vulnerability search result is obtained according to the taint path and a preset vulnerability triggering rule, and static analysis of an application program to be tested can be achieved.
In one embodiment, generating the static analysis attack vector according to the vulnerability search result comprises:
determining a vulnerability type and a vulnerability triggering path corresponding to the vulnerability type according to the vulnerability searching result;
and generating a static analysis attack vector according to the vulnerability type, the vulnerability triggering path and a preset vulnerability attack vector generation rule.
The vulnerability triggering path refers to a path which may trigger the vulnerability. The preset vulnerability attack vector generation rule refers to a preset attack vector generation rule, and includes attack vectors corresponding to common vulnerability types and the like. It should be noted that the attack vector corresponding to each common vulnerability type herein refers to an unadjusted attack load, and specifically, when the static analysis attack vector is generated, the attack vector needs to be adjusted according to the vulnerability trigger path.
Specifically, the terminal determines a vulnerability type and a vulnerability trigger path corresponding to the vulnerability type according to a vulnerability search result, determines an attack load corresponding to the vulnerability type according to the vulnerability type and a preset vulnerability attack vector generation rule, acquires a filter function according to the vulnerability trigger path, performs constraint solving according to the filter function, adjusts the attack load, and generates a static analysis attack vector. The filtering function is a function which needs to be bypassed in the vulnerability triggering path and can affect the attack. For example, the filtering function may specifically refer to a logic judgment function that needs to be bypassed and may affect attack, and since a certain logic judgment result of the logic judgment function in the vulnerability triggering path may make attack of the attack vector unsuccessful, it may be ensured that attack may be successfully implemented by adjusting the attack load according to the logic judgment function.
In the embodiment, the static analysis attack vector is generated according to the vulnerability type, the vulnerability trigger path and the preset vulnerability attack vector generation rule, so that the static analysis attack vector can be obtained.
In one embodiment, the vulnerability triggering detection is performed on the dynamic test result, and the obtaining of the vulnerability detection result includes:
determining a target execution function corresponding to a vulnerability trigger function in a preset vulnerability trigger rule according to an execution function in a dynamic test result;
acquiring function parameters of a target execution function, and determining target function nodes according to the function parameters, wherein the target function nodes are target execution functions of which the function parameters relate to static analysis attack vectors and/or dynamic analysis attack vectors;
and obtaining a vulnerability detection result according to the target function node.
The execution function refers to a function executed in a dynamic test process. The target execution function refers to an execution function corresponding to the vulnerability trigger function. Because each function has a function name, the target execution function corresponding to the vulnerability trigger function in the execution functions can be determined by comparing the function names of the execution functions and the vulnerability trigger function.
Specifically, the dynamic test result includes a dynamic test execution path, the dynamic test execution path includes an execution function and corresponding function parameters, and the terminal can determine a target execution function having the same function name as the vulnerability trigger function by comparing the execution function in the dynamic test result with the function name of the vulnerability trigger function in the preset vulnerability trigger rule. After the target execution function is determined, the terminal also obtains function parameters of the target execution function, detects the function parameters, determines whether the function parameters relate to static analysis attack vectors and/or dynamic analysis attack vectors, selects target function nodes from the target execution function, and obtains a vulnerability detection result according to the target function nodes. Further, after the vulnerability detection result is obtained, the terminal can output a vulnerability report friendly to developers according to the vulnerability detection result.
Further, when detecting the function parameters and determining whether the function parameters relate to static analysis attack vectors and/or dynamic analysis attack vectors, the adopted method may be as follows: and comparing the function parameters with all the static analysis attack vectors and the dynamic analysis attack vectors, determining the first vector coverage rate of the function parameters and the static analysis attack vectors and the second vector coverage rate of the function parameters and the dynamic analysis attack vectors, and determining that the function parameters relate to the static analysis attack vectors and/or the dynamic analysis attack vectors when the first vector coverage rate and/or the second vector coverage rate reach a preset coverage rate threshold value. Wherein, the preset coverage rate threshold value can be set according to the requirement.
In this embodiment, a target execution function corresponding to a vulnerability trigger function in a preset vulnerability trigger rule is determined according to an execution function in a dynamic test result, a function parameter of the target execution function is obtained, a target function node is determined according to the function parameter, a vulnerability detection result is obtained according to the target function node, and vulnerability detection can be achieved by means of vulnerability trigger detection.
The application also provides an application scene, and the application scene applies the application program vulnerability detection method. Specifically, as shown in fig. 2, the application scenario includes a running host (terminal-1) installed with an application to be tested, a terminal (terminal-2) executing the vulnerability detection method in the present application, and a terminal (terminal-3) used as a storage module for data storage. The vulnerability detection method is applied to the application scene as follows:
the method comprises the steps that a terminal (terminal-2) obtains a program code of an application program to be tested, which is arranged on an operating host (terminal-1), generates a code attribute graph according to the program code, obtains a function test request inlet of the application program to be tested, conducts vulnerability search on the code attribute graph according to the function test request inlet and a preset static taint analysis rule to obtain a vulnerability search result, generates a static analysis attack vector according to the vulnerability search result, conducts dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet to obtain a dynamic test result, conducts vulnerability trigger detection on the dynamic test result, and obtains a vulnerability detection result. As shown in fig. 3, the terminal (terminal-3) used as the storage module for storing data may store intermediate data and preset data generated in the vulnerability detection process, where the terminal used as the storage module for storing data includes a graph database and a relational database, the graph database is used for storing a code attribute graph, and the relational database is used for storing data related to a function test request (including a function test request execution path, a function test request entry, and the like), an attack vector (including a static analysis attack vector and a preset dynamic analysis attack vector), a correlation rule (including a preset static taint analysis rule, and the like), system information, and the like.
In an embodiment, as shown in fig. 4, a flowchart is further provided to explain the application bug detection method of the present application, where the application bug detection method specifically includes the following steps:
firstly, performing system initialization and task initialization on a terminal, acquiring a program code of an application program to be tested, generating a code attribute graph according to the program code, after the application program to be tested runs, dynamically injecting (namely, inserting piles) the application program to be tested, acquiring a function test request execution path corresponding to a function test request when the function test request is monitored, determining a function test request inlet of the application program to be tested according to the function test request execution path, performing static analysis according to the function test request inlet to generate a static analysis attack vector, (namely, performing vulnerability search on the code attribute graph according to the function test request inlet and a preset static taint analysis rule to obtain a vulnerability search result, generating the static analysis attack vector according to the vulnerability search result), and dynamically verifying the static analysis attack vector, and performing dynamic analysis to obtain a vulnerability detection result (namely performing dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the functional test request inlet to obtain a dynamic test result, and performing vulnerability trigger detection on the dynamic test result to obtain a vulnerability detection result).
In an embodiment, as shown in fig. 5, a flow diagram is used to describe a static analysis method involved in the application vulnerability detection method of the present application, where the static analysis method mainly includes the following steps:
firstly, generating a code attribute graph, acquiring a program code of an application program to be tested by a terminal, obtaining a code generation call graph, a control flow graph and an abstract syntax tree corresponding to the program code according to the program code, fusing the code generation call graph, the control flow graph and the abstract syntax tree, generating and storing the code attribute graph;
secondly, static taint analysis, a terminal acquires a link interface of an application program to be tested, piles are inserted into the application program to be tested according to the link interface, when a function test request is monitored, a function test request execution path corresponding to the function test request is acquired, a function test request inlet is determined according to the function test request execution path, taint is introduced into the function test request inlet according to a taint introduction rule in a preset static taint analysis rule (taint initialization), taint analysis is carried out on a code attribute graph according to the taint and a taint processing rule in the preset static taint analysis rule to obtain a taint path (taint propagation), a vulnerability search result is obtained according to the taint path and a preset vulnerability triggering rule in the preset static taint analysis rule, and a vulnerability type and a vulnerability triggering path corresponding to the vulnerability type are determined according to the vulnerability search result, and generating and storing a static analysis attack vector (namely, filtering function acquisition, constraint solution and attack vector output) according to the vulnerability type, the vulnerability triggering path and a preset vulnerability attack vector generation rule, and dynamically verifying the generated static analysis attack vector during dynamic analysis to obtain a vulnerability detection result corresponding to static taint analysis.
In an embodiment, as shown in fig. 6, a flowchart is used to describe a dynamic analysis method involved in the application vulnerability detection method of the present application, where the dynamic analysis method mainly includes the following steps:
the method comprises the steps of firstly, acquiring a function test request inlet of an application program to be tested, acquiring a link interface of the application program to be tested by a terminal, performing instrumentation on the application program to be tested according to the link interface (namely, instrumentation rule acquisition, dynamic injection and dynamic instrumentation), acquiring a function test request execution path corresponding to the function test request (namely, callback information acquisition) when the function test request is monitored, and determining and storing the function test request inlet (namely, executing path reconstruction, executing variable reconstruction and output storage) according to the function test request execution path.
And secondly, performing dynamic test, wherein the terminal acquires the stored static analysis attack vector, performs dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector and the functional test request inlet to obtain a dynamic test result (namely initialization request, request execution, execution path analysis and execution information generation), and performs vulnerability trigger detection on the dynamic test result to obtain a vulnerability detection result.
It should be noted that, in the process of performing dynamic analysis, it is necessary to perform dynamic verification on the generated static analysis attack vector, so a schematic flow diagram including generating a static analysis attack vector and performing dynamic verification on the static analysis attack vector is also given in fig. 6, that is, the flow of detecting vulnerability of an application program based on static analysis is started, request information acquisition, controllable variable acquisition, rule installation, attack vector generation, simulation test, vulnerability trigger detection, and result storage.
In an embodiment, as shown in fig. 7, a flowchart is further provided to explain the application bug detection method of the present application, where the application bug detection method specifically includes the following steps:
step 702, acquiring a program code of an application program to be tested;
step 704, obtaining a code generation call graph, a control flow graph and an abstract syntax tree corresponding to the program code according to the program code;
step 706, merging the code to generate a call graph, a control flow graph and an abstract syntax tree, and generating a code attribute graph;
step 708, performing hash operation on the function block in the program code to obtain hash information corresponding to the function block;
step 710, when the program code is updated, acquiring an updated program code, and determining an update function block according to the hash information and the updated program code;
step 712, performing incremental updating on the code attribute graph according to the updating function block to obtain a code attribute graph corresponding to the updated program code;
step 714, acquiring a link interface of the application program to be tested;
step 716, performing instrumentation on the application program to be tested according to the link interface;
step 718, when the function test request is monitored, acquiring a function test request execution path corresponding to the function test request;
step 720, determining a function test request entry according to the function test request execution path;
step 722, introducing a taint at a functional test request inlet according to taint introduction rules in preset static taint analysis rules;
step 724, performing taint analysis on the code attribute graph according to taints and taint processing rules in preset static taint analysis rules to obtain taint paths;
step 726, obtaining a vulnerability search result according to the taint path and a preset vulnerability triggering rule in the preset static taint analysis rules;
step 728, determining a vulnerability type and a vulnerability triggering path corresponding to the vulnerability type according to the vulnerability searching result;
step 730, generating a static analysis attack vector according to the vulnerability type, the vulnerability trigger path and a preset vulnerability attack vector generation rule;
step 732, performing dynamic testing according to the static analysis attack vector, the preset dynamic analysis attack vector and the function test request entry to obtain a dynamic test result;
step 734, determining a target execution function corresponding to the vulnerability trigger function in the preset vulnerability trigger rule according to the execution function in the dynamic test result;
step 736, obtaining function parameters of the target execution function, and determining target function nodes according to the function parameters, wherein the target function nodes are the target execution function of which the function parameters relate to static analysis attack vectors and/or dynamic analysis attack vectors;
and step 738, obtaining a vulnerability detection result according to the target function node. It should be understood that, although the steps in the flowcharts related to the above embodiments are shown in sequence as indicated by the arrows, the steps are not necessarily executed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in each flowchart related to the above embodiments may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a part of the steps or stages in other steps.
In one embodiment, as shown in fig. 8, an apparatus for detecting an application program vulnerability is provided, and the apparatus may be a part of a computer device using a software module or a hardware module, or a combination of the two modules, and specifically includes: an obtaining module 802, a first processing module 804, a vulnerability searching module 806, a second processing module 808, a testing module 810, and a vulnerability detecting module 812, wherein:
an obtaining module 802, configured to obtain a program code of an application program to be tested;
the first processing module 804 is configured to generate a code attribute map according to the program code, and obtain a function test request entry of the application program to be tested;
the vulnerability searching module 806 is configured to perform vulnerability searching on the code attribute graph according to the functional test request entry and a preset static taint analysis rule to obtain a vulnerability searching result;
the second processing module 808 is configured to generate a static analysis attack vector according to the vulnerability search result;
the test module 810 is configured to perform a dynamic test according to the static analysis attack vector, the preset dynamic analysis attack vector, and the functional test request entry, so as to obtain a dynamic test result;
and a vulnerability detection module 812, configured to perform vulnerability trigger detection on the dynamic test result to obtain a vulnerability detection result.
According to the application program vulnerability detection device, the code attribute graph is generated according to the program code of the application program to be detected, the function test request inlet of the application program to be detected is obtained, vulnerability search can be carried out on the code attribute graph according to the preset static taint analysis rule by taking the function test request inlet as the inlet, a vulnerability search result is obtained, the static analysis attack vector is generated according to the vulnerability search result, dynamic test can be carried out by utilizing the static analysis attack vector, the preset dynamic analysis attack vector and the function test request inlet, a dynamic test result is obtained, vulnerability trigger detection can be carried out on the dynamic test result, and the vulnerability detection result is obtained. In the whole process, the static analysis attack vector obtained by static taint analysis can be verified by using dynamic test, and meanwhile, the preset dynamic analysis attack vector is used for dynamic test, so that the false alarm rate of the bug can be greatly reduced, and the accuracy rate of the safety test is improved.
In one embodiment, the first processing module is further configured to obtain a code generation call graph, a control flow graph and an abstract syntax tree corresponding to the program code according to the program code, fuse the code generation call graph, the control flow graph and the abstract syntax tree, and generate a code attribute graph.
In an embodiment, the application program vulnerability detection apparatus further includes an update module, where the update module is configured to perform hash operation on a function block in the program code to obtain hash information corresponding to the function block, obtain the updated program code when the program code is updated, determine an update function block according to the hash information and the updated program code, and perform incremental update on the code attribute map according to the update function block to obtain a code attribute map corresponding to the updated program code.
In an embodiment, the first processing module is further configured to obtain a link interface of the application program to be tested, perform instrumentation on the application program to be tested according to the link interface, obtain a functional test request execution path corresponding to the functional test request when the functional test request is monitored, and determine a functional test request entry according to the functional test request execution path.
In an embodiment, the vulnerability search module is further configured to introduce a vulnerability at the functional test request entry according to a vulnerability introduction rule in the preset static vulnerability analysis rule, perform vulnerability analysis on the code attribute graph according to the vulnerability and a vulnerability processing rule in the preset static vulnerability analysis rule to obtain a vulnerability path, and obtain a vulnerability search result according to the vulnerability path and a preset vulnerability triggering rule in the preset static vulnerability analysis rule.
In one embodiment, the second processing module is further configured to determine a vulnerability type and a vulnerability trigger path corresponding to the vulnerability type according to the vulnerability search result, and generate a static analysis attack vector according to the vulnerability type, the vulnerability trigger path and a preset vulnerability attack vector generation rule.
In an embodiment, the application program vulnerability detection module is further configured to determine a target execution function corresponding to a vulnerability trigger function in a preset vulnerability trigger rule according to an execution function in the dynamic test result, obtain a function parameter of the target execution function, determine a target function node according to the function parameter, where the target function node is a target execution function whose function parameter relates to a static analysis attack vector and/or a dynamic analysis attack vector, and obtain a vulnerability detection result according to the target function node.
For specific limitations of the application bug detection apparatus, reference may be made to the above limitations of the application bug detection method, which are not described herein again. All or part of the modules in the application program bug detection device can be realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a method for application vulnerability detection. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, in which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In one embodiment, a computer program product or computer program is provided that includes computer instructions stored in a computer-readable storage medium. The computer instructions are read by a processor of a computer device from a computer-readable storage medium, and the computer instructions are executed by the processor to cause the computer device to perform the steps in the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011443470.7A CN112560045A (en) | 2020-12-11 | 2020-12-11 | Application program vulnerability detection method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011443470.7A CN112560045A (en) | 2020-12-11 | 2020-12-11 | Application program vulnerability detection method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112560045A true CN112560045A (en) | 2021-03-26 |
Family
ID=75062805
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011443470.7A Pending CN112560045A (en) | 2020-12-11 | 2020-12-11 | Application program vulnerability detection method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112560045A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113158191A (en) * | 2021-05-26 | 2021-07-23 | 北京安普诺信息技术有限公司 | Vulnerability verification method based on intelligent probe and related IAST method and system |
| CN113254931A (en) * | 2021-05-28 | 2021-08-13 | 平安普惠企业管理有限公司 | Block chain based code system updating method, device, equipment and storage medium |
| CN113342673A (en) * | 2021-06-25 | 2021-09-03 | 深圳前海微众银行股份有限公司 | Vulnerability detection method, device and readable storage medium |
| CN113672919A (en) * | 2021-08-05 | 2021-11-19 | 支付宝(杭州)信息技术有限公司 | Risk detection method, device and equipment based on small program dynamic and static analysis |
| CN114021123A (en) * | 2021-11-02 | 2022-02-08 | 中国联合网络通信集团有限公司 | Construction method, safety inspection method, device and medium of behavior baseline library |
| CN114157507A (en) * | 2021-12-10 | 2022-03-08 | 哈尔滨双邦智能科技有限公司 | Cloud service vulnerability analysis method and artificial intelligence system adopting big data analysis |
| CN114969759A (en) * | 2022-06-07 | 2022-08-30 | 中国软件评测中心(工业和信息化部软件与集成电路促进中心) | Asset safety assessment method, device, terminal and medium for industrial robot system |
| CN115033892A (en) * | 2022-08-10 | 2022-09-09 | 北京安普诺信息技术有限公司 | Component vulnerability analysis method and device, electronic equipment and storage medium |
| CN115168847A (en) * | 2022-07-27 | 2022-10-11 | 中国电信股份有限公司 | Application patch generation method and device, computer equipment and readable storage medium |
| CN115277069A (en) * | 2022-06-17 | 2022-11-01 | 江苏通付盾信息安全技术有限公司 | Application software network security detection platform and method |
| CN115296895A (en) * | 2022-08-02 | 2022-11-04 | 中国电信股份有限公司 | Request response method and device, storage medium and electronic equipment |
| CN116028941A (en) * | 2023-03-27 | 2023-04-28 | 天聚地合(苏州)科技股份有限公司 | Vulnerability detection method and device of interface, storage medium and equipment |
| CN116204892A (en) * | 2023-05-05 | 2023-06-02 | 中国人民解放军国防科技大学 | Vulnerability processing method, device, equipment and storage medium |
| CN116226871A (en) * | 2023-05-08 | 2023-06-06 | 中汽智联技术有限公司 | Vulnerability verification method, device and medium based on static and dynamic combination |
| US20230336580A1 (en) * | 2022-04-18 | 2023-10-19 | Armis Security Ltd. | System and method for detecting cybersecurity vulnerabilities via device attribute resolution |
| CN118094255A (en) * | 2024-04-29 | 2024-05-28 | 杭州默安科技有限公司 | A filter function identification method, device, equipment and storage medium |
| CN119323027A (en) * | 2024-12-19 | 2025-01-17 | 深圳开源互联网安全技术有限公司 | Stain source identification method, device, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120311711A1 (en) * | 2011-05-31 | 2012-12-06 | International Business Machines Corporation | Detecting persistent vulnerabilities in web applications |
| US20130312102A1 (en) * | 2012-05-18 | 2013-11-21 | International Business Machines Corporation | Verifying application security vulnerabilities |
| CN107590388A (en) * | 2017-09-12 | 2018-01-16 | 南方电网科学研究院有限责任公司 | Malicious code detection method and device |
| CN107832619A (en) * | 2017-10-10 | 2018-03-23 | 电子科技大学 | Vulnerability of application program automatic excavating system and method under Android platform |
| US20180330102A1 (en) * | 2017-05-10 | 2018-11-15 | Checkmarx Ltd. | Using the Same Query Language for Static and Dynamic Application Security Testing Tools |
| CN111859380A (en) * | 2019-04-25 | 2020-10-30 | 北京九州正安科技有限公司 | A Zero False Positive Detection Method for Android App Vulnerabilities |
-
2020
- 2020-12-11 CN CN202011443470.7A patent/CN112560045A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120311711A1 (en) * | 2011-05-31 | 2012-12-06 | International Business Machines Corporation | Detecting persistent vulnerabilities in web applications |
| US20130312102A1 (en) * | 2012-05-18 | 2013-11-21 | International Business Machines Corporation | Verifying application security vulnerabilities |
| US20180330102A1 (en) * | 2017-05-10 | 2018-11-15 | Checkmarx Ltd. | Using the Same Query Language for Static and Dynamic Application Security Testing Tools |
| CN107590388A (en) * | 2017-09-12 | 2018-01-16 | 南方电网科学研究院有限责任公司 | Malicious code detection method and device |
| CN107832619A (en) * | 2017-10-10 | 2018-03-23 | 电子科技大学 | Vulnerability of application program automatic excavating system and method under Android platform |
| CN111859380A (en) * | 2019-04-25 | 2020-10-30 | 北京九州正安科技有限公司 | A Zero False Positive Detection Method for Android App Vulnerabilities |
Non-Patent Citations (1)
| Title |
|---|
| 印鸿吉等: "采用图遍历算法的服务端请求伪造漏洞检测", 《计算机工程与应用》, 30 December 2019 (2019-12-30), pages 114 - 119 * |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113158191A (en) * | 2021-05-26 | 2021-07-23 | 北京安普诺信息技术有限公司 | Vulnerability verification method based on intelligent probe and related IAST method and system |
| CN113158191B (en) * | 2021-05-26 | 2022-01-07 | 北京安普诺信息技术有限公司 | Vulnerability verification method based on intelligent probe and related IAST method and system |
| CN113254931A (en) * | 2021-05-28 | 2021-08-13 | 平安普惠企业管理有限公司 | Block chain based code system updating method, device, equipment and storage medium |
| CN113254931B (en) * | 2021-05-28 | 2024-02-06 | 深圳点链科技有限公司 | Block chain-based code system updating method, device, equipment and storage medium |
| CN113342673A (en) * | 2021-06-25 | 2021-09-03 | 深圳前海微众银行股份有限公司 | Vulnerability detection method, device and readable storage medium |
| CN113672919A (en) * | 2021-08-05 | 2021-11-19 | 支付宝(杭州)信息技术有限公司 | Risk detection method, device and equipment based on small program dynamic and static analysis |
| CN114021123A (en) * | 2021-11-02 | 2022-02-08 | 中国联合网络通信集团有限公司 | Construction method, safety inspection method, device and medium of behavior baseline library |
| CN114157507A (en) * | 2021-12-10 | 2022-03-08 | 哈尔滨双邦智能科技有限公司 | Cloud service vulnerability analysis method and artificial intelligence system adopting big data analysis |
| US20230336580A1 (en) * | 2022-04-18 | 2023-10-19 | Armis Security Ltd. | System and method for detecting cybersecurity vulnerabilities via device attribute resolution |
| US12346487B2 (en) * | 2022-04-18 | 2025-07-01 | Armis Security Ltd. | System and method for detecting cybersecurity vulnerabilities via device attribute resolution |
| CN114969759A (en) * | 2022-06-07 | 2022-08-30 | 中国软件评测中心(工业和信息化部软件与集成电路促进中心) | Asset safety assessment method, device, terminal and medium for industrial robot system |
| CN114969759B (en) * | 2022-06-07 | 2024-04-05 | 中国软件评测中心(工业和信息化部软件与集成电路促进中心) | Asset security assessment method, device, terminal and medium of industrial robot system |
| CN115277069A (en) * | 2022-06-17 | 2022-11-01 | 江苏通付盾信息安全技术有限公司 | Application software network security detection platform and method |
| CN115168847A (en) * | 2022-07-27 | 2022-10-11 | 中国电信股份有限公司 | Application patch generation method and device, computer equipment and readable storage medium |
| CN115296895A (en) * | 2022-08-02 | 2022-11-04 | 中国电信股份有限公司 | Request response method and device, storage medium and electronic equipment |
| CN115296895B (en) * | 2022-08-02 | 2024-02-23 | 中国电信股份有限公司 | Request response method and device, storage medium and electronic equipment |
| CN115033892A (en) * | 2022-08-10 | 2022-09-09 | 北京安普诺信息技术有限公司 | Component vulnerability analysis method and device, electronic equipment and storage medium |
| CN116028941A (en) * | 2023-03-27 | 2023-04-28 | 天聚地合(苏州)科技股份有限公司 | Vulnerability detection method and device of interface, storage medium and equipment |
| CN116028941B (en) * | 2023-03-27 | 2023-08-04 | 天聚地合(苏州)科技股份有限公司 | Vulnerability detection method and device of interface, storage medium and equipment |
| CN116204892A (en) * | 2023-05-05 | 2023-06-02 | 中国人民解放军国防科技大学 | Vulnerability processing method, device, equipment and storage medium |
| CN116204892B (en) * | 2023-05-05 | 2023-08-08 | 中国人民解放军国防科技大学 | Vulnerability handling method, device, equipment and storage medium |
| CN116226871B (en) * | 2023-05-08 | 2023-08-01 | 中汽智联技术有限公司 | Vulnerability verification method, device and medium based on static and dynamic combination |
| CN116226871A (en) * | 2023-05-08 | 2023-06-06 | 中汽智联技术有限公司 | Vulnerability verification method, device and medium based on static and dynamic combination |
| CN118094255A (en) * | 2024-04-29 | 2024-05-28 | 杭州默安科技有限公司 | A filter function identification method, device, equipment and storage medium |
| CN119323027A (en) * | 2024-12-19 | 2025-01-17 | 深圳开源互联网安全技术有限公司 | Stain source identification method, device, equipment and storage medium |
| CN119323027B (en) * | 2024-12-19 | 2025-05-09 | 深圳开源互联网安全技术有限公司 | Stain source identification method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112560045A (en) | Application program vulnerability detection method and device, computer equipment and storage medium | |
| Battista et al. | Identification of Android Malware Families with Model Checking. | |
| KR101972825B1 (en) | Method and apparatus for automatically analyzing vulnerable point of embedded appliance by using hybrid analysis technology, and computer program for executing the method | |
| Huang et al. | Uchecker: Automatically detecting php-based unrestricted file upload vulnerabilities | |
| CN113158197B (en) | SQL injection vulnerability detection method and system based on active IAST | |
| CN110225029B (en) | Injection attack detection method, device, server and storage medium | |
| CN108459954B (en) | Application program vulnerability detection method and device | |
| US20240121261A1 (en) | Automated Security Analysis of Software Libraries | |
| CN108694320B (en) | Method and system for measuring sensitive application dynamic under multiple security environments | |
| CN111291377B (en) | A method and system for detecting application vulnerabilities | |
| CN108256322B (en) | Security testing method and device, computer equipment and storage medium | |
| CN113849817B (en) | Method and device for detecting JavaScript prototype chain pollution vulnerability | |
| CN112817877B (en) | Abnormal script detection method and device, computer equipment and storage medium | |
| CN104615542A (en) | Vulnerability correlation analysis assisted vulnerability mining method based on function calling | |
| CN105787365A (en) | Malicious application detection method and device | |
| CN114968750A (en) | Test case generation method, device, equipment and medium based on artificial intelligence | |
| CN119603031B (en) | Network malicious attack monitoring method and system based on deep neural model | |
| CN116361793A (en) | Code detection method, device, electronic equipment and storage medium | |
| CN111949992A (en) | Automatic safety monitoring method and system for WEB application program | |
| Ngan et al. | Nowhere to hide: Detecting obfuscated fingerprinting scripts | |
| CN117009972A (en) | Vulnerability detection method, vulnerability detection device, computer equipment and storage medium | |
| CN117579395B (en) | Method and system for scanning network security vulnerabilities by applying artificial intelligence | |
| CN114117426B (en) | WEB application vulnerability detection method and system | |
| HK40041372A (en) | Application vulnerability detection method, device, computer equipment and storage medium | |
| CN115455415B (en) | WebShell detection method, computer equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40041372 Country of ref document: HK |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210326 |