CN104685477B - 应用程序安全测试 - Google Patents
应用程序安全测试 Download PDFInfo
- Publication number
- CN104685477B CN104685477B CN201280076151.4A CN201280076151A CN104685477B CN 104685477 B CN104685477 B CN 104685477B CN 201280076151 A CN201280076151 A CN 201280076151A CN 104685477 B CN104685477 B CN 104685477B
- Authority
- CN
- China
- Prior art keywords
- real time
- application program
- function
- aut
- leak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Quality & Reliability (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (15)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2012/057691 WO2014051597A1 (en) | 2012-09-28 | 2012-09-28 | Application security testing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104685477A CN104685477A (zh) | 2015-06-03 |
CN104685477B true CN104685477B (zh) | 2018-01-19 |
Family
ID=50388788
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201280076151.4A Expired - Fee Related CN104685477B (zh) | 2012-09-28 | 2012-09-28 | 应用程序安全测试 |
Country Status (7)
Country | Link |
---|---|
US (1) | US9438617B2 (zh) |
EP (1) | EP2901346A4 (zh) |
JP (1) | JP2015535997A (zh) |
KR (1) | KR20150063439A (zh) |
CN (1) | CN104685477B (zh) |
BR (1) | BR112015006653A2 (zh) |
WO (1) | WO2014051597A1 (zh) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104303189B (zh) | 2012-07-25 | 2018-07-20 | 安提特软件有限责任公司 | 用于确定应用程序漏洞的***及方法 |
US10032659B2 (en) * | 2012-12-28 | 2018-07-24 | Sunedison Semiconductor Limited (Uen201334164H) | Methods and systems for preventing unsafe operations |
CN104134034B (zh) * | 2013-06-13 | 2015-10-21 | 腾讯科技(深圳)有限公司 | 控制应用运行的方法和装置 |
US10515219B2 (en) | 2014-07-18 | 2019-12-24 | Micro Focus Llc | Determining terms for security test |
US10515220B2 (en) * | 2014-09-25 | 2019-12-24 | Micro Focus Llc | Determine whether an appropriate defensive response was made by an application under test |
EP3202090A4 (en) * | 2014-09-29 | 2018-06-13 | Hewlett-Packard Enterprise Development LP | Detection of email-related vulnerabilities |
EP3234791A4 (en) * | 2014-12-16 | 2018-07-11 | Entit Software LLC | Determining permissible activity based on permissible activity rules |
US9619372B2 (en) * | 2015-02-10 | 2017-04-11 | Wipro Limited | Method and system for hybrid testing |
US9767291B2 (en) * | 2015-10-06 | 2017-09-19 | Netflix, Inc. | Systems and methods for security and risk assessment and testing of applications |
US10419401B2 (en) | 2016-01-08 | 2019-09-17 | Capital One Services, Llc | Methods and systems for securing data in the public cloud |
US9473523B1 (en) | 2016-02-04 | 2016-10-18 | International Business Machines Corporation | Execution of test inputs with applications in computer security assessment |
US10122750B2 (en) * | 2017-01-30 | 2018-11-06 | XM Cyber Ltd | Setting-up penetration testing campaigns |
US10592677B2 (en) * | 2018-05-30 | 2020-03-17 | Paypal, Inc. | Systems and methods for patching vulnerabilities |
US11200154B2 (en) * | 2019-03-11 | 2021-12-14 | International Business Machines Corporation | Function modification for software application testing |
CN113722717B (zh) * | 2021-07-21 | 2024-04-05 | 中国科学院信息工程研究所 | 一种安全漏洞测试方法、装置、设备及可读存储介质 |
CN117411955A (zh) * | 2023-10-13 | 2024-01-16 | 中科驭数(北京)科技有限公司 | 健壮性测试方法、装置、电子设备及介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101571829A (zh) * | 2009-06-19 | 2009-11-04 | 北京航空航天大学 | 一种实时嵌入式软件自动化闭环测试方法 |
CN101901184A (zh) * | 2009-05-31 | 2010-12-01 | 西门子(中国)有限公司 | 检查应用程序漏洞的方法、装置和*** |
Family Cites Families (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5983348A (en) | 1997-09-10 | 1999-11-09 | Trend Micro Incorporated | Computer network malicious code scanner |
ATE414943T1 (de) * | 2000-03-03 | 2008-12-15 | Ibm | System zur bestimmung von schwächen von web- anwendungen |
JP2002328896A (ja) * | 2001-04-27 | 2002-11-15 | Nippon Telegr & Teleph Corp <Ntt> | 不正アクセス対処ルール自動設定装置 |
US20030056116A1 (en) * | 2001-05-18 | 2003-03-20 | Bunker Nelson Waldo | Reporter |
US7099663B2 (en) | 2001-05-31 | 2006-08-29 | Qualcomm Inc. | Safe application distribution and execution in a wireless environment |
US20040123117A1 (en) * | 2002-12-18 | 2004-06-24 | Symantec Corporation | Validation for behavior-blocking system |
JP2005134995A (ja) * | 2003-10-28 | 2005-05-26 | Recruit Co Ltd | セキュリティ管理システム及びセキュリティ管理方法ならびにセキュリティ管理プログラム |
US7207065B2 (en) * | 2004-06-04 | 2007-04-17 | Fortify Software, Inc. | Apparatus and method for developing secure software |
JP2006018765A (ja) * | 2004-07-05 | 2006-01-19 | Infocom Corp | ソフトウエアの一時的な修正方法およびプログラム |
US8185877B1 (en) | 2005-06-22 | 2012-05-22 | Jpmorgan Chase Bank, N.A. | System and method for testing applications |
US20070107057A1 (en) * | 2005-11-10 | 2007-05-10 | Docomo Communications Laboratories Usa, Inc. | Method and apparatus for detecting and preventing unsafe behavior of javascript programs |
US7652749B2 (en) * | 2006-02-14 | 2010-01-26 | Asml Netherlands B.V. | Software upgrades in a lithographic apparatus |
US20070203973A1 (en) * | 2006-02-28 | 2007-08-30 | Microsoft Corporation | Fuzzing Requests And Responses Using A Proxy |
JP2007241906A (ja) * | 2006-03-11 | 2007-09-20 | Hitachi Software Eng Co Ltd | Webアプリケーション脆弱性動的検査方法およびシステム |
US7814544B1 (en) | 2006-06-22 | 2010-10-12 | Symantec Corporation | API-profile guided unpacking |
US20080162687A1 (en) * | 2006-12-28 | 2008-07-03 | David Alan Scott | Data acquisition system and method |
WO2008109770A2 (en) * | 2007-03-06 | 2008-09-12 | Core Sdi, Incorporated | System and method for providing application penetration testing |
US20100064178A1 (en) * | 2008-09-10 | 2010-03-11 | Microsoft Corporation | World-Readiness and Globalization Testing Assemblies |
US8141158B2 (en) | 2008-12-31 | 2012-03-20 | International Business Machines Corporation | Measuring coverage of application inputs for advanced web application security testing |
US9262306B2 (en) * | 2010-01-27 | 2016-02-16 | Hewlett Packard Enterprise Development Lp | Software application testing |
US20110219449A1 (en) * | 2010-03-04 | 2011-09-08 | St Neitzel Michael | Malware detection method, system and computer program product |
JP5725529B2 (ja) * | 2010-07-21 | 2015-05-27 | 日本電気株式会社 | Web脆弱性補修システム、Web脆弱性補修方法、及びプログラム |
NL2007180C2 (en) * | 2011-07-26 | 2013-01-29 | Security Matters B V | Method and system for classifying a protocol message in a data communication network. |
US9143530B2 (en) * | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Secure container for protecting enterprise data on a mobile device |
JP4927231B1 (ja) * | 2011-12-22 | 2012-05-09 | 株式会社フォティーンフォティ技術研究所 | プログラム、情報機器、及び不正アクセス検出方法 |
US10296409B2 (en) * | 2012-05-15 | 2019-05-21 | International Business Machines Corporation | Forecasting workload transaction response time |
-
2012
- 2012-09-28 BR BR112015006653A patent/BR112015006653A2/pt not_active IP Right Cessation
- 2012-09-28 EP EP12885510.3A patent/EP2901346A4/en not_active Withdrawn
- 2012-09-28 US US14/431,996 patent/US9438617B2/en active Active
- 2012-09-28 CN CN201280076151.4A patent/CN104685477B/zh not_active Expired - Fee Related
- 2012-09-28 KR KR1020157009868A patent/KR20150063439A/ko not_active Application Discontinuation
- 2012-09-28 WO PCT/US2012/057691 patent/WO2014051597A1/en active Application Filing
- 2012-09-28 JP JP2015534445A patent/JP2015535997A/ja active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101901184A (zh) * | 2009-05-31 | 2010-12-01 | 西门子(中国)有限公司 | 检查应用程序漏洞的方法、装置和*** |
CN101571829A (zh) * | 2009-06-19 | 2009-11-04 | 北京航空航天大学 | 一种实时嵌入式软件自动化闭环测试方法 |
Also Published As
Publication number | Publication date |
---|---|
US9438617B2 (en) | 2016-09-06 |
JP2015535997A (ja) | 2015-12-17 |
EP2901346A1 (en) | 2015-08-05 |
EP2901346A4 (en) | 2016-06-08 |
WO2014051597A1 (en) | 2014-04-03 |
KR20150063439A (ko) | 2015-06-09 |
BR112015006653A2 (pt) | 2017-07-04 |
US20150264074A1 (en) | 2015-09-17 |
CN104685477A (zh) | 2015-06-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104685477B (zh) | 应用程序安全测试 | |
CN104272270B (zh) | 应用程序安全测试 | |
TWI575397B (zh) | 利用運行期代理器及動態安全分析之應用程式逐點保護技術 | |
Curphey et al. | Web application security assessment tools | |
Finifter | Exploring the relationship between web application development tools and security | |
US9846781B2 (en) | Unused parameters of application under test | |
CN110674506B (zh) | 快速验证应用程序漏洞状态的方法及*** | |
CN108595952A (zh) | 一种电力移动应用软件漏洞的检测方法及*** | |
TWI574173B (zh) | 決定受測應用程式安全活動之技術 | |
Zech et al. | Knowledge-based security testing of web applications by logic programming | |
Keng et al. | Graph-aided directed testing of android applications for checking runtime privacy behaviours | |
CN113158197A (zh) | 一种基于主动iast的sql注入漏洞检测方法、*** | |
Aloraini et al. | Evaluating state-of-the-art free and open source static analysis tools against buffer errors in android apps | |
US20230044951A1 (en) | Guided Micro-Fuzzing through Hybrid Program Analysis | |
Meghanathan | Identification and Removal of Software Security Vulnerabilities using Source Code Analysis: A Case Study on a Java File Writer Program with Password Validation Features. | |
Vimpari | An evaluation of free fuzzing tools | |
US10650148B2 (en) | Determine protective measure for data that meets criteria | |
Mohammadi et al. | Systematic Risk Assessment of Cloud Computing Systems using a Combined Model-based Approach. | |
WO2021250827A1 (ja) | セキュリティ検査装置、セキュリティ検査方法、及びプログラム | |
Dimov et al. | Classification of software security tools | |
Juhola | Security testing process for React Native applications | |
CN116756747A (zh) | 程序代码的漏洞检测方法、***、装置及存储介质 | |
김태훈 | Breaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps | |
CHAN et al. | Graph-aided directed testing of Android applications for checking runtime privacy behaviours.(2016) | |
Avancini | Security Testing of Web and Smartphone Applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20160930 Address after: American Texas Applicant after: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP Address before: American Texas Applicant before: Hewlett-Packard Development Company, Limited Liability Partnership |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20180608 Address after: American California Patentee after: Antite Software Co., Ltd. Address before: American Texas Patentee before: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180119 Termination date: 20200928 |