CN104519007A - Loophole detection method and server - Google Patents
Loophole detection method and server Download PDFInfo
- Publication number
- CN104519007A CN104519007A CN201310445045.5A CN201310445045A CN104519007A CN 104519007 A CN104519007 A CN 104519007A CN 201310445045 A CN201310445045 A CN 201310445045A CN 104519007 A CN104519007 A CN 104519007A
- Authority
- CN
- China
- Prior art keywords
- data file
- flash data
- parameter
- leak
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a loophole detection method and a server, and discloses a loophole detection method. The method comprises: detecting a control source of a parameter of a high-risk function in a flash data file; when it is detected that the parameter is controlled by external input, determining that a loophole exists in the high-risk function; and giving a restoration suggestion for the loophole, and outputting the instruction and the restoration suggestion of the loophole. According to the loophole detection method provided by the embodiment of the invention, through detecting the parameter of the high-risk function in the flash data file, the loophole in the flash data file can be quickly detected, and the detection efficiency of the flash data file is improved.
Description
Technical field
The present invention relates to Internet technical field, be specifically related to a kind of method and server of Hole Detection.
Background technology
Along with the rise of Web2.0, the Internet has be unable to do without Web miscellaneous application, as online game, electronic emporium and various social activity application.Flash data file, as third party's plug-in unit of a browser, contains abundant function when page presentation, has been the requisite element of Web, is also the implementation of numerous game.
But meanwhile, flash data file also brings unsafe factor, flash data file security leak has become current urgent problem.
To in the research and practice process of prior art, the present inventor finds, leak in current detection flash data file, usually the function in flash data file can only be analyzed one by one, leak is found from the function of flash data file, the scheme of this Functional Analysis one by one causes detection efficiency low, can not leak in Timeliness coverage flash data file, causes flash data file to there is very large potential safety hazard.
Summary of the invention
The embodiment of the present invention provides a kind of method of Hole Detection, can by detecting the method for the parameter of high-risk function in flash data file, and the leak in fast detecting flash data file, improves the detection efficiency of flash data file.The embodiment of the present invention additionally provides corresponding server.
First aspect present invention provides a kind of method of Hole Detection, comprising:
Detect the control source of the parameter of high-risk function in flash data file;
When detecting described parameter by outside input control, determine to there is leak in described high-risk function;
Make for described leak and repair suggestion, and export explanation and the described reparation suggestion of described leak.
In conjunction with first aspect, in the implementation that the first is possible, the control source of the parameter of high-risk function in described detection flash data file, comprising:
Whether the value detecting described parameter changes with the change of outside input;
When changing when the change that the value of described parameter inputs with outside, confirm that described parameter is by outside input control.
In conjunction with the first possible implementation of first aspect, in the implementation that the second is possible, described making for described leak repairs suggestion, comprising:
For described leak, from pre-configured reparation suggestion, the reparation of corresponding described leak is selected to advise.
In conjunction with the implementation that first aspect, first aspect the first or the second are possible, in the implementation that the third is possible, in described detection flash data file the control source of the parameter of high-risk function step before, described method also comprises:
Each function in function in described flash data file and pre-configured high-risk function set is compared;
When the comparison arbitrary function gone out in described flash data file is present in described high-risk function set, confirm that described arbitrary function is high-risk function.
In conjunction with the implementation that first aspect, first aspect the first or the second are possible, in the 4th kind of possible implementation, described method also comprises:
According to the web page address of described flash data file or the list comprising described flash data file chaining, obtain described flash data file.
In conjunction with the implementation that first aspect, first aspect the first or the second are possible, in the 5th kind of possible implementation, described method also comprises:
Adopt Message Digest 5, calculate the digest value of described flash data file;
When described digest value changes, again detect the control source of the parameter of the high-risk function in described flash data file.
Second aspect present invention provides a kind of server, comprising:
Detecting unit, for detecting the control source of the parameter of high-risk function in flash data file;
Determining unit, for when described detecting unit detects described parameter by outside input control, determines to there is leak in described high-risk function;
Processing unit, the leak for determining for described determining unit is made and is repaired suggestion;
Output unit, the reparation suggestion that explanation and described processing unit for exporting described leak are made.
In conjunction with second aspect, in the implementation that the first is possible, described detecting unit comprises:
Whether detection sub-unit, change with the change of outside input for the value detecting described parameter;
Confirm subelement, when changing for detecting the change that the value of described parameter inputs with outside when described detection sub-unit, confirm that described parameter is by outside input control.
In conjunction with the first possible implementation of second aspect, in the implementation that the second is possible,
Described processing unit, for for described leak, selects the reparation of corresponding described leak to advise from pre-configured reparation suggestion.
In conjunction with the implementation that second aspect, second aspect the first or the second are possible, in the implementation that the third is possible, described server also comprises:
Comparing unit, for comparing each function in the function in described flash data file and pre-configured high-risk function set;
Confirmation unit, for when the described comparing unit comparison arbitrary function gone out in described flash data file is present in described high-risk function set, confirms that described arbitrary function is high-risk function.
In conjunction with the implementation that second aspect, second aspect the first or the second are possible, in the 4th kind of possible implementation, described server also comprises:
Acquiring unit, for according to the web page address of described flash data file or the list comprising described flash data file chaining, obtains described flash data file.
In conjunction with the implementation that second aspect, second aspect the first or the second are possible, in the 5th kind of possible implementation, described server also comprises:
Computing unit, for adopting Message Digest 5, calculates the digest value of described flash data file;
Described detecting unit, for when the digest value that described computing unit calculates changes, detects the control source of the parameter of the high-risk function in described flash data file again.
The embodiment of the present invention detects the control source of the parameter of high-risk function in flash data file; When detecting described parameter by outside input control, determine to there is leak in described high-risk function; Make for described leak and repair suggestion, and export explanation and the described reparation suggestion of described leak.With one by one analysis is carried out to the function in flash data file in prior art and searches compared with leak, the method of the Hole Detection that the embodiment of the present invention provides, can by detecting the method for the parameter of high-risk function in flash data file, leak in fast detecting flash data file, improves the detection efficiency of flash data file.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those skilled in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is an embodiment schematic diagram of the method for Hole Detection in the embodiment of the present invention;
Fig. 2 is another embodiment schematic diagram of the method for Hole Detection in the embodiment of the present invention;
Fig. 3 is another embodiment schematic diagram of the method for Hole Detection in the embodiment of the present invention;
Fig. 4 is an embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 5 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 6 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 7 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 8 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 9 is another embodiment schematic diagram of server in the embodiment of the present invention.
Embodiment
The embodiment of the present invention provides a kind of method of Hole Detection, can by detecting the method for the parameter of high-risk function in flash data file, and the leak in fast detecting flash data file, improves the detection efficiency of flash data file.The embodiment of the present invention additionally provides corresponding server.Below be described in detail respectively.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those skilled in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Consult Fig. 1, an embodiment of the method for the Hole Detection that the embodiment of the present invention provides comprises:
101, the control source of the parameter of high-risk function in flash data file is detected.
Flash data file refers to third party's plug-in card program of browser, interactive polar plot and Web animation, for creating the content of PowerPoint, application program and other permission user interactions, simple animation, video content, complicated PowerPoint and application program and any content between them can be comprised.
In the embodiment of the present invention, high-risk function: be namely the function that degree of danger is higher.In a program, the triggering of leak is always from the input of malice, and when running to some function, these functions can perform the input of these malice, and cause certain ill effect.These functions are exactly dangerous function.Wherein can cause and compare significant consequences, be exactly high-risk function.
The Data Source that program performs can be divided into two classes, and a kind of is data fixing in program, and a kind of is receive outside input.Control source can comprise fixing control source and outside input control source.
102, when detecting described parameter by outside input control, determine to there is leak in described high-risk function.
103, make reparation suggestion for described leak, and export explanation and the described reparation suggestion of described leak.
The embodiment of the present invention detects the control source of the parameter of high-risk function in flash data file; When detecting described parameter by outside input control, determine to there is leak in described high-risk function; Make for described leak and repair suggestion, and export explanation and the described reparation suggestion of described leak.With one by one analysis is carried out to the function in flash data file in prior art and searches compared with leak, the method of the Hole Detection that the embodiment of the present invention provides, can by detecting the method for the parameter of high-risk function in flash data file, leak in fast detecting flash data file, improves the detection efficiency of flash data file.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 1, in an embodiment of the method for the Hole Detection that the embodiment of the present invention provides, the control source of the parameter of high-risk function in described detection flash data file, can comprise:
Whether the value detecting described parameter changes with the change of outside input;
When changing when the change that the value of described parameter inputs with outside, confirm that described parameter is by outside input control.
Outside input control refers to and can be able to be controlled by external control or outside.If the value of a parameter depends on outside input, that this parameter is by outside input control, and namely this parameter is outside controlled parameter.
When described parameter can be outside controlled, then think that this place exists leak, this high-risk function is the trigger point of leak.
Alternatively, on the basis of an embodiment corresponding to above-mentioned Fig. 1, in another embodiment of the method for the Hole Detection that the embodiment of the present invention provides, described making for described leak repairs suggestion, comprising:
For described leak, from pre-configured reparation suggestion, the reparation of corresponding described leak is selected to advise.
In the embodiment of the present invention, when described parameter can be outside controlled, then think that this place exists leak, can pre-set for different leak and repair suggestion, like this, after detecting leak, just can find should the reparation suggestion of leak, then export the reparation suggestion of the explanation of described leak and the described leak of correspondence.
Alternatively, on the basis of arbitrary embodiment corresponding to above-mentioned Fig. 1 and Fig. 1, in another embodiment of the method for the Hole Detection that the embodiment of the present invention provides, in described detection flash data file the control source of the parameter of high-risk function step before, described method also comprises:
Each function in function in described flash data file and pre-configured high-risk function set is compared;
When the comparison arbitrary function gone out in described flash data file is present in described high-risk function set, confirm that described arbitrary function is high-risk function.
In the embodiment of the present invention, can pre-configured high-risk function set, this high-risk function set can in advance by setting up the analysis of multiple function, such as: 100 or more high-risk function in high-risk function set, can be comprised, when a flash data file will be detected, need first the function in this each function of flash data file kind and high-risk function set to be carried out comparison one by one, when the comparison arbitrary function gone out in described flash data file is present in described high-risk function set, just can confirm that this arbitrary function is high-risk function.
Alternatively, on the basis of arbitrary embodiment corresponding to above-mentioned Fig. 1 and Fig. 1, in an embodiment of the method for the Hole Detection that the embodiment of the present invention provides, described method also comprises:
According to the web page address of described flash data file or the list comprising described flash data file chaining, obtain described flash data file.
In the embodiment of the present invention, can be obtained by the web page address of this flash data file for single flash data file, when there being batch flash data file to detect, can the link of all flash data files that will detect be write in list, then detect the flash data file that in this list, each link is corresponding.
Alternatively, on the basis of arbitrary embodiment corresponding to above-mentioned Fig. 1 and Fig. 1, in an embodiment of the method for the Hole Detection that the embodiment of the present invention provides, described method can also comprise:
Adopt Message Digest 5, calculate the digest value of described flash data file;
When described digest value changes, again detect the control source of the parameter of the high-risk function in described flash data file.
In the embodiment of the present invention, tested flash data file is after being modified, also security breaches may be there are, can by adopting Message Digest Algorithm 5 (Message Digest Algorithm, md5) digest value of flash data file is calculated, when digest value changes, illustrate that this flash data file is modified, need the control source of the parameter of the high-risk function again detected in flash data file.
Alternatively, on the basis of arbitrary embodiment corresponding to above-mentioned Fig. 1 and Fig. 1, in an embodiment of the method for the Hole Detection that the embodiment of the present invention provides, the described testing result of described output and repair suggestion, can comprise:
The form of work order or mail is adopted to export described testing result and repair suggestion.
In the embodiment of the present invention, server can send work order or mail to the interface IP address of correspondence, work order or mail illustrate testing result and repairs suggestion, like this, interface director, after checking work order or mail, just according to testing result and can repair suggestion this flash data file of reparation in time.
For convenience of explanation, below for application scenarios, the process of data processing in the embodiment of the present invention is described:
Consult Fig. 2, whole audit program can be divided into development and testing by flash life cycle, issue and reach the standard grade and operation maintenance three phases.Also set forth respectively by these three aspects below.
In the development and testing stage, confirm whether the flash data file developed meets safety standard requirements, needs to carry out safety test to this flash data file in test environment.
In test process, can directly with URL(uniform resource locator) (Uniform Resource Locator, url), namely web page address, or the formal freedom of local flash data file submits scanning to, immediately provides scanning result.Also can fill out contact person, scan and at once notified related personnel's result with mail he.
Batch flash data file submitted to by the script can also submitted to by a unified interface and batch, detects the end for process by directly returning to business, and is distributed to relevant director by mail or work order, promote the reparation of leak.This whole process, confirms, except reparation, not need other human resources except developing waiting.
Result: on the mail mailing to director or work order, enclose detailed Vulnerability Description, analysis of cases and restorative procedure, even enclose security application DLL (dynamic link library) (the ApplicationProgramming Interface that some are common, API), as linked the inspection of parameter in getUrl, the parameter filtration etc. of externalEnterface.call function.Ensure that major part exploitation can be self-service and complete repair easily---only need copy corresponding safe API, add a line and call.Also ensure that the quality of repair, be still bypassed easily after being unlikely to filtration.Flash after reparation is scanned or test platform by web terminal again, carries out reparation checking again.
In the process of Safety assessment personnel process leak, find that this leak is for wrong report, extracts this wrong report point patterns, adds white list, avoid this wrong report again to occur by optimization system logic OR.So take turns operation through several, rate of false alarm will reduce gradually.
Reach the standard grade the stage in issue, for the flash data file of magnanimity on line, portion flash data listed files online can be arranged by point man.Carry out centralized detecting for the flash data file in list, and return to service contact person by disposable for result, by the process of business side waiting.
For not after testing, or the file be modified again after being detected, then audited by full dose and check.
The available links of all flash under designated domain name is collected in full dose audit in several ways, is calculated the digest value of this flash data file, when digest value changes, determine that this flash data file is modified by md5.Server every day is scanned newly-increased or that digest value changes flash data file, promotes exploitation reparation to the leak result of flash data file by work order.The same with the process in development and testing stage after this step.
After the scanning of the first two stage, substantially remove the leak that major part can detect, and by operation, rate of false alarm is controlled at tolerance interval.
Consult Fig. 3, server, by modules such as interface, web, special project and full doses, downloads the flash file that will check, and recording-related information.Decompiling is carried out to each flash file, obtains its source code or intermediate code.
The core of whole auditing system is the configuration of rule.Strictly all rules all exists with collocation form, conveniently revises and fast adds in real time.Audit Module binds with script, can meet business demand rapidly.Neither lose the stability of Audit Module itself, also do not lose the portability of system.Reparation upgrade cost can be reduced simultaneously.
Stain follows the trail of Audit Module, can complete the inspection of most of flash data file leak.It carries out parameter tracking to the high-risk function used in flash data file, if parameter is outside controlled parameter, then confirms as and can utilize leak.The parameter position that associated profile is mainly configured with high-risk function and need checks, security application interface (Application Programming Interface, API) list etc., when there is new dangerous function or safe API, only need modify to this configuration file, need not system logic be changed.
Black list module is mainly in order to improve the situation of failing to report.Stain tracing module is difficult to the leak point realizing or be not easy to realizing, carries out the rule exploitation of lightweight.
Else Rule is similar with black list module, is utilize script advantage, quick and precisely customizes some rule.Be easy to safeguard and additions and deletions.
White list module is system self-teaching, reduces the Main Means of rate of false alarm.Wrong report is always difficult to balance with failing to report, and the reparation sometimes reported by mistake will certainly cause the increase of rate of failing to report, and vice versa.Blacklist and white list are just added to this situation.With strong points because of them, can not cause and fail to report in a large number, and change minimum, as long as increase the feature code of leak point and affiliated file.Be much reusable because Company File has, so generally force place's white list, the wrong report of multiple file leak can be avoided for a long time.By repeatedly runing, misreport of system rate reduces gradually.
E-mail module and work order module can according to user's needs, mode result pushed out.Can free customized push mode.It is a step important in automatic flow.
In concrete processing procedure, the two methods scene of often encountering below consulting is understood:
User A can be placed on test platform test it before the new flash game of issue, and detection of platform, to renewal, is automatically submitted to detection system, has found that several leak.So the file director A registered when system proposes survey to platform sends leak object information.A receives work order, after consulting subsidiary leak harm explanation, according to the restorative procedure provided in work order, increases a safe function, done filtration to dangerous spot in code.In order to be confirmed whether that amendment is correct as early as possible, again have submitted the flash file just revised.Found that there is no leak.So A has issued the game of oneself relievedly.
Have a lot of flash file under B business, in order to service security, director determines access testing system.So by under all online flash data file chainings arranged a uploading detection system.Detection system read list, does once unified detection to the file in list, then result is returned to director.Repair according to reparation suggestion and safe API, he reaches the standard grade after repair again.Full dose module detects that this part of flash data file there occurs change, and automatically scan it, result have passed a bit, and some is but also repaired not exclusively, still leaky.To this part leaky file, automatically send work order, notice exploitation is repaired in time.
Consult Fig. 4, an embodiment of the server that the embodiment of the present invention provides comprises:
Detecting unit 201, for detecting the control source of the parameter of high-risk function in flash data file;
Determining unit 202, for when described detecting unit 201 detects described parameter by outside input control, determines to there is leak in described high-risk function;
Processing unit 203, the leak for determining for described determining unit 202 is made and is repaired suggestion;
Output unit 204, the reparation suggestion that explanation and described processing unit 203 for exporting described leak are made.
In the embodiment of the present invention, detecting unit 201 detects the control source of the parameter of high-risk function in flash data file; Determining unit 202, when described detecting unit 201 detects described parameter by outside input control, determines to there is leak in described high-risk function; Processing unit 203 is made for the leak that described determining unit 202 is determined and is repaired suggestion; Output unit 204 exports the reparation suggestion that the explanation of described leak and described processing unit 203 are made.With one by one analysis is carried out to the function in flash data file in prior art and searches compared with leak, the server that the embodiment of the present invention provides, can by detecting the method for the parameter of high-risk function in flash data file, leak in fast detecting flash data file, improves the detection efficiency of flash data file.
On the basis of embodiment corresponding to above-mentioned Fig. 4, consult Fig. 5, in another embodiment of the server that the embodiment of the present invention provides,
Described detecting unit 201 comprises:
Whether detection sub-unit 2011, change with the change of outside input for the value detecting described parameter;
Confirm subelement 2012, when changing for detecting the change that the value of described parameter inputs with outside when described detection sub-unit 2011, confirm that described parameter is by outside input control.
On the basis of embodiment corresponding to above-mentioned Fig. 5, in another embodiment of the server that the embodiment of the present invention provides,
Described processing unit 203, for for described leak, selects the reparation of corresponding described leak to advise from pre-configured reparation suggestion.
On the basis of embodiment corresponding to above-mentioned Fig. 4, consult Fig. 6, in another embodiment of the server that the embodiment of the present invention provides, described server also comprises:
Comparing unit 205, for comparing each function in the function in described flash data file and pre-configured high-risk function set;
Confirmation unit 206, for when the described comparing unit 205 comparison arbitrary function gone out in described flash data file is present in described high-risk function set, confirms that described arbitrary function is high-risk function.
On the basis of embodiment corresponding to above-mentioned Fig. 4, consult Fig. 7, in another embodiment of the server that the embodiment of the present invention provides, described server also comprises:
Acquiring unit 207, for according to the web page address of described flash data file or the list comprising described flash data file chaining, obtains described flash data file.
On the basis of embodiment corresponding to above-mentioned Fig. 4, consult Fig. 8, in another embodiment of the server that the embodiment of the present invention provides, described server also comprises:
Computing unit 208, for adopting Message Digest 5, calculates the digest value of described flash data file;
Described detecting unit 201, for when the digest value that described computing unit 208 calculates changes, detects the control source of the parameter of the high-risk function in described flash data file again.
The embodiment of the present invention also provides a kind of computer-readable storage medium, and this storage medium has program stored therein, and comprises the some or all of step of the method for above-mentioned troubleshooting when this program performs.
Consult Fig. 9, Fig. 9 is the structural representation of embodiment of the present invention server 20.Server 20 can comprise input equipment 210, output equipment 220, processor 230 and memory 240.
Memory 240 can comprise read-only memory and random access memory, and provides instruction and data to processor 230.A part for memory 240 can also comprise nonvolatile RAM (NVRAM).
Memory 240 stores following element, executable module or data structure, or their subset, or their superset:
Operational order: comprise various operational order, for realizing various operation.
Operating system: comprise various system program, for realizing various basic business and processing hardware based task.
In embodiments of the present invention, the operational order (this operational order can store in an operating system) that processor 230 stores by calling memory 240, performs and operates as follows:
Detect the control source of the parameter of high-risk function in flash data file;
When detecting described parameter by outside input control, determine to there is leak in described high-risk function;
Make for described leak and repair suggestion, and export explanation and the described reparation suggestion of described leak.
With one by one analysis is carried out to the function in flash data file in prior art and searches compared with leak, the server that the embodiment of the present invention provides, can by detecting the method for the parameter of high-risk function in flash data file, leak in fast detecting flash data file, improves the detection efficiency of flash data file.
The operation of processor 230 Control Server 20, processor 230 can also be called CPU(CentralProcessing Unit, CPU).Memory 240 can comprise read-only memory and random access memory, and provides instruction and data to processor 230.A part for memory 240 can also comprise nonvolatile RAM (NVRAM).In concrete application, each assembly of server 20 is coupled by bus system 250, and wherein bus system 250 is except comprising data/address bus, can also comprise power bus, control bus and status signal bus in addition etc.But for the purpose of clearly demonstrating, in the drawings various bus is all designated as bus system 250.
The method that the invention described above embodiment discloses can be applied in processor 230, or is realized by processor 230.Processor 230 may be a kind of integrated circuit (IC) chip, has the disposal ability of signal.In implementation procedure, each step of said method can be completed by the instruction of the integrated logic circuit of the hardware in processor 230 or software form.Above-mentioned processor 230 can be general processor, digital signal processor (DSP), application-specific integrated circuit (ASIC) (ASIC), ready-made programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic, discrete hardware components.Can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.The processor etc. of general processor can be microprocessor or this processor also can be any routine.Step in conjunction with the method disclosed in the embodiment of the present invention directly can be presented as that hardware decoding processor is complete, or combines complete by the hardware in decoding processor and software module.Software module can be positioned at random asccess memory, flash memory, read-only memory, in the storage medium of this area maturations such as programmable read only memory or electrically erasable programmable memory, register.This storage medium is positioned at memory 240, and processor 230 reads the information in memory 240, completes the step of said method in conjunction with its hardware.
Alternatively, whether the value that processor 230 specifically can detect described parameter changes with the change of outside input; When changing when the change that the value of described parameter inputs with outside, confirm that described parameter is by outside input control.
Alternatively, processor 230 specifically can, for described leak, select the reparation of corresponding described leak to advise from pre-configured reparation suggestion.
Alternatively, each function in the function in described flash data file and pre-configured high-risk function set also can be compared by output equipment 220; When the comparison arbitrary function gone out in described flash data file is present in described high-risk function set, confirm that described arbitrary function is high-risk function.
Alternatively, processor 230 also according to the web page address of described flash data file or the list comprising described flash data file chaining, can obtain described flash data file.
Alternatively, processor 230 also can adopt Message Digest 5, calculates the digest value of described flash data file; When described digest value changes, again detect the control source of the parameter of the high-risk function in described flash data file.
Alternatively, output equipment 220 adopts the form of work order or mail export described testing result and repair suggestion.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is that the hardware that can carry out instruction relevant by program has come, this program can be stored in a computer-readable recording medium, and storage medium can comprise: ROM, RAM, disk or CD etc.
Above the method for the Hole Detection that the embodiment of the present invention provides and server are described in detail, apply specific case herein to set forth principle of the present invention and execution mode, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (12)
1. a method for Hole Detection, is characterized in that, comprising:
Detect the control source of the parameter of high-risk function in flash data file;
When detecting described parameter by outside input control, determine to there is leak in described high-risk function;
Make for described leak and repair suggestion, and export explanation and the described reparation suggestion of described leak.
2. method according to claim 1, is characterized in that, the control source of the parameter of high-risk function in described detection flash data file, comprising:
Whether the value detecting described parameter changes with the change of outside input;
When changing when the change that the value of described parameter inputs with outside, confirm that described parameter is by outside input control.
3. method according to claim 2, is characterized in that, described making for described leak repairs suggestion, comprising:
For described leak, from pre-configured reparation suggestion, the reparation of corresponding described leak is selected to advise.
4., according to the arbitrary described method of claim 1-3, it is characterized in that, in described detection flash data file the control source of the parameter of high-risk function step before, described method also comprises:
Each function in function in described flash data file and pre-configured high-risk function set is compared;
When the comparison arbitrary function gone out in described flash data file is present in described high-risk function set, confirm that described arbitrary function is high-risk function.
5., according to the arbitrary described method of claim 1-3, it is characterized in that, described method also comprises:
According to the web page address of described flash data file or the list comprising described flash data file chaining, obtain described flash data file.
6., according to the arbitrary described method of claim 1-3, it is characterized in that, described method also comprises:
Adopt Message Digest 5, calculate the digest value of described flash data file;
When described digest value changes, again detect the control source of the parameter of the high-risk function in described flash data file.
7. a server, is characterized in that, comprising:
Detecting unit, for detecting the control source of the parameter of high-risk function in flash data file;
Determining unit, for when described detecting unit detects described parameter by outside input control, determines to there is leak in described high-risk function;
Processing unit, the leak for determining for described determining unit is made and is repaired suggestion;
Output unit, the reparation suggestion that explanation and described processing unit for exporting described leak are made.
8. server according to claim 7, is characterized in that, described detecting unit comprises:
Whether detection sub-unit, change with the change of outside input for the value detecting described parameter;
Confirm subelement, when changing for detecting the change that the value of described parameter inputs with outside when described detection sub-unit, confirm that described parameter is by outside input control.
9. server according to claim 8, is characterized in that,
Described processing unit, for for described leak, selects the reparation of corresponding described leak to advise from pre-configured reparation suggestion.
10., according to the arbitrary described server of claim 7-9, it is characterized in that, described server also comprises:
Comparing unit, for comparing each function in the function in described flash data file and pre-configured high-risk function set;
Confirmation unit, for when the described comparing unit comparison arbitrary function gone out in described flash data file is present in described high-risk function set, confirms that described arbitrary function is high-risk function.
11. according to the arbitrary described server of claim 7-9, and it is characterized in that, described server also comprises:
Acquiring unit, for according to the web page address of described flash data file or the list comprising described flash data file chaining, obtains described flash data file.
12. according to the arbitrary described server of claim 7-9, and it is characterized in that, described server also comprises:
Computing unit, for adopting Message Digest 5, calculates the digest value of described flash data file;
Described detecting unit, for when the digest value that described computing unit calculates changes, detects the control source of the parameter of the high-risk function in described flash data file again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310445045.5A CN104519007A (en) | 2013-09-26 | 2013-09-26 | Loophole detection method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310445045.5A CN104519007A (en) | 2013-09-26 | 2013-09-26 | Loophole detection method and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104519007A true CN104519007A (en) | 2015-04-15 |
Family
ID=52793748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310445045.5A Pending CN104519007A (en) | 2013-09-26 | 2013-09-26 | Loophole detection method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104519007A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295346A (en) * | 2015-05-20 | 2017-01-04 | 深圳市腾讯计算机***有限公司 | A kind of application leak detection method, device and the equipment of calculating |
| CN109491912A (en) * | 2018-11-09 | 2019-03-19 | 北京知道创宇信息技术有限公司 | A kind of code audit method, apparatus and storage medium |
| CN109871693A (en) * | 2019-02-21 | 2019-06-11 | 北京百度网讯科技有限公司 | Method and apparatus for detecting loophole |
| CN113297584A (en) * | 2021-07-28 | 2021-08-24 | 四川大学 | Vulnerability detection method, device, equipment and storage medium |
| CN113806736A (en) * | 2021-08-23 | 2021-12-17 | 北京天融信网络安全技术有限公司 | Vulnerability detection method and system based on mimicry invasion and storage medium thereof |
| CN114143110A (en) * | 2021-12-08 | 2022-03-04 | 湖北天融信网络安全技术有限公司 | Vulnerability processing method, device and system of mimicry equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070107057A1 (en) * | 2005-11-10 | 2007-05-10 | Docomo Communications Laboratories Usa, Inc. | Method and apparatus for detecting and preventing unsafe behavior of javascript programs |
| CN101692267A (en) * | 2009-09-15 | 2010-04-07 | 北京大学 | Method and system for detecting large-scale malicious web pages |
| CN102592080A (en) * | 2011-12-26 | 2012-07-18 | 北京奇虎科技有限公司 | Flash malicious file detection method and flash malicious file detection device |
| CN102609654A (en) * | 2012-02-08 | 2012-07-25 | 北京百度网讯科技有限公司 | Method and device for detecting malicious flash files |
| US20120317647A1 (en) * | 2011-05-26 | 2012-12-13 | Carnegie Mellon University | Automated Exploit Generation |
| CN102955914A (en) * | 2011-08-19 | 2013-03-06 | 百度在线网络技术(北京)有限公司 | Method and device for detecting security flaws of source files |
| US20130167238A1 (en) * | 2011-12-23 | 2013-06-27 | Mcafee, Inc. | System and method for scanning for computer vulnerabilities in a network environment |
-
2013
- 2013-09-26 CN CN201310445045.5A patent/CN104519007A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070107057A1 (en) * | 2005-11-10 | 2007-05-10 | Docomo Communications Laboratories Usa, Inc. | Method and apparatus for detecting and preventing unsafe behavior of javascript programs |
| CN101692267A (en) * | 2009-09-15 | 2010-04-07 | 北京大学 | Method and system for detecting large-scale malicious web pages |
| US20120317647A1 (en) * | 2011-05-26 | 2012-12-13 | Carnegie Mellon University | Automated Exploit Generation |
| CN102955914A (en) * | 2011-08-19 | 2013-03-06 | 百度在线网络技术(北京)有限公司 | Method and device for detecting security flaws of source files |
| US20130167238A1 (en) * | 2011-12-23 | 2013-06-27 | Mcafee, Inc. | System and method for scanning for computer vulnerabilities in a network environment |
| CN102592080A (en) * | 2011-12-26 | 2012-07-18 | 北京奇虎科技有限公司 | Flash malicious file detection method and flash malicious file detection device |
| CN102609654A (en) * | 2012-02-08 | 2012-07-25 | 北京百度网讯科技有限公司 | Method and device for detecting malicious flash files |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295346A (en) * | 2015-05-20 | 2017-01-04 | 深圳市腾讯计算机***有限公司 | A kind of application leak detection method, device and the equipment of calculating |
| CN109491912A (en) * | 2018-11-09 | 2019-03-19 | 北京知道创宇信息技术有限公司 | A kind of code audit method, apparatus and storage medium |
| CN109871693A (en) * | 2019-02-21 | 2019-06-11 | 北京百度网讯科技有限公司 | Method and apparatus for detecting loophole |
| CN113297584A (en) * | 2021-07-28 | 2021-08-24 | 四川大学 | Vulnerability detection method, device, equipment and storage medium |
| CN113806736A (en) * | 2021-08-23 | 2021-12-17 | 北京天融信网络安全技术有限公司 | Vulnerability detection method and system based on mimicry invasion and storage medium thereof |
| CN113806736B (en) * | 2021-08-23 | 2023-08-29 | 北京天融信网络安全技术有限公司 | Vulnerability detection method, system and storage medium based on mimicry intrusion |
| CN114143110A (en) * | 2021-12-08 | 2022-03-04 | 湖北天融信网络安全技术有限公司 | Vulnerability processing method, device and system of mimicry equipment |
| CN114143110B (en) * | 2021-12-08 | 2024-04-26 | 湖北天融信网络安全技术有限公司 | Vulnerability processing method, device and system of mimicry equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104519007A (en) | Loophole detection method and server | |
| He et al. | Understanding and detecting evolution-induced compatibility issues in Android apps | |
| US10489283B2 (en) | Software defect reporting | |
| Gupta et al. | PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications | |
| CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
| US8572747B2 (en) | Policy-driven detection and verification of methods such as sanitizers and validators | |
| CN104537308B (en) | System and method using security audit function is provided | |
| CN104618178A (en) | Website bug online evaluation method and device | |
| CN105631341B (en) | Blind detection method and device for vulnerability | |
| CN104462983B (en) | A kind of PHP source code processing method and system | |
| CN104618177A (en) | Website bug examination method and device | |
| CN105164691A (en) | Optimizing test data payload selection for testing computer software applications using computer networks | |
| CN104506541A (en) | Website loophole alarming method and device | |
| US20160321069A1 (en) | Effective feature location in large legacy systems | |
| CN105100065B (en) | Webshell attack detection methods, device and gateway based on cloud | |
| Román Muñoz et al. | Enlargement of vulnerable web applications for testing | |
| CN113595997A (en) | File uploading safety detection method and device and electronic equipment | |
| CN103368927A (en) | Security configuration inspecting device and method | |
| CN103647652A (en) | Method, device and server for achieving data transmission | |
| CN109543409B (en) | Method, device and equipment for detecting malicious application and training detection model | |
| CN109522723B (en) | POC script generation method and device, electronic equipment and storage medium | |
| EP3477523B1 (en) | System, method and computer program product for detecting infeasible events in dynamic programs | |
| CN112131127B (en) | Interface testing method, device and system and electronic equipment | |
| CN104216930A (en) | Method and device for detecting skipping type phishing webpage | |
| Elsayed et al. | IFCaaS: information flow control as a service for cloud security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150415 |