CN107885995A - 小程序的安全扫描方法、装置以及电子设备 - Google Patents
小程序的安全扫描方法、装置以及电子设备 Download PDFInfo
- Publication number
- CN107885995A CN107885995A CN201710929306.9A CN201710929306A CN107885995A CN 107885995 A CN107885995 A CN 107885995A CN 201710929306 A CN201710929306 A CN 201710929306A CN 107885995 A CN107885995 A CN 107885995A
- Authority
- CN
- China
- Prior art keywords
- small routine
- target small
- target
- security
- security sweep
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
- User Interface Of Digital Computer (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (11)
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710929306.9A CN107885995A (zh) | 2017-10-09 | 2017-10-09 | 小程序的安全扫描方法、装置以及电子设备 |
PCT/CN2018/099570 WO2019072008A1 (zh) | 2017-10-09 | 2018-08-09 | 小程序的安全扫描方法、装置以及电子设备 |
SG11202000895SA SG11202000895SA (en) | 2017-10-09 | 2018-08-09 | Security scanning method and apparatus for mini program, and electronic device |
EP18865893.4A EP3647981B1 (en) | 2017-10-09 | 2018-08-09 | Security scanning method and apparatus for mini program, and electronic device |
ES18865893T ES2881318T3 (es) | 2017-10-09 | 2018-08-09 | Método y aparato de escaneo de seguridad para mini programa, y dispositivo electrónico |
PL18865893T PL3647981T3 (pl) | 2017-10-09 | 2018-08-09 | Sposób i aparat do skanowania bezpieczeństwa dla mini programu i urządzenie elektroniczne |
TW107127801A TW201915809A (zh) | 2017-10-09 | 2018-08-09 | 小程式的安全掃描方法、裝置以及電子設備 |
US16/737,766 US10846402B2 (en) | 2017-10-09 | 2020-01-08 | Security scanning method and apparatus for mini program, and electronic device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710929306.9A CN107885995A (zh) | 2017-10-09 | 2017-10-09 | 小程序的安全扫描方法、装置以及电子设备 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107885995A true CN107885995A (zh) | 2018-04-06 |
Family
ID=61781132
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710929306.9A Pending CN107885995A (zh) | 2017-10-09 | 2017-10-09 | 小程序的安全扫描方法、装置以及电子设备 |
Country Status (8)
Country | Link |
---|---|
US (1) | US10846402B2 (zh) |
EP (1) | EP3647981B1 (zh) |
CN (1) | CN107885995A (zh) |
ES (1) | ES2881318T3 (zh) |
PL (1) | PL3647981T3 (zh) |
SG (1) | SG11202000895SA (zh) |
TW (1) | TW201915809A (zh) |
WO (1) | WO2019072008A1 (zh) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019072008A1 (zh) * | 2017-10-09 | 2019-04-18 | 阿里巴巴集团控股有限公司 | 小程序的安全扫描方法、装置以及电子设备 |
CN109976922A (zh) * | 2019-03-04 | 2019-07-05 | 上海连尚网络科技有限公司 | 小程序平台间的发现方法、设备和计算机存储介质 |
WO2020042086A1 (zh) * | 2018-08-30 | 2020-03-05 | 深圳市互盟科技股份有限公司 | 一种实现DevOps的方法及*** |
CN111143204A (zh) * | 2019-12-19 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | 一种小程序代码扫描方法和装置 |
CN111241496A (zh) * | 2020-04-24 | 2020-06-05 | 支付宝(杭州)信息技术有限公司 | 确定小程序特征向量的方法、装置和电子设备 |
CN111324370A (zh) * | 2020-02-19 | 2020-06-23 | 支付宝(杭州)信息技术有限公司 | 用于对待上线小程序进行风险处理的方法及装置 |
CN111400722A (zh) * | 2020-03-25 | 2020-07-10 | 深圳市腾讯网域计算机网络有限公司 | 扫描小程序的方法、装置、计算机设备和存储介质 |
CN111611590A (zh) * | 2020-05-22 | 2020-09-01 | 支付宝(杭州)信息技术有限公司 | 涉及应用程序的数据安全的方法及装置 |
CN111783095A (zh) * | 2020-07-28 | 2020-10-16 | 支付宝(杭州)信息技术有限公司 | 小程序恶意代码的识别方法、装置和电子设备 |
CN112148603A (zh) * | 2020-09-18 | 2020-12-29 | 支付宝(杭州)信息技术有限公司 | 小程序风险识别方法及装置 |
CN113342639A (zh) * | 2021-05-19 | 2021-09-03 | 国家计算机网络与信息安全管理中心 | 小程序安全风险评估方法和电子设备 |
WO2021243555A1 (zh) * | 2020-06-02 | 2021-12-09 | 深圳市欢太科技有限公司 | 一种快应用检测方法、装置、设备及存储介质 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20210091327A (ko) | 2020-06-28 | 2021-07-21 | 베이징 바이두 넷컴 사이언스 앤 테크놀로지 코., 엘티디. | 애플릿의 배치 처리방법, 장치, 전자 기기 및 판독가능 저장매체 |
CN114579969B (zh) * | 2022-05-05 | 2022-08-23 | 北京邮电大学 | 漏洞检测方法、装置、电子设备及存储介质 |
CN116502238B (zh) * | 2023-06-26 | 2023-10-10 | 中汽智联技术有限公司 | 一种基于车联网产品安全漏洞专业库cavd的防护方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102789502A (zh) * | 2012-07-17 | 2012-11-21 | 北京奇虎科技有限公司 | 网站的扫描方法和装置 |
CN103473381A (zh) * | 2013-10-13 | 2013-12-25 | 陈志德 | 数据库安全评估方法 |
CN103984697A (zh) * | 2014-04-08 | 2014-08-13 | 百度在线网络技术(北京)有限公司 | 条码信息的处理方法、装置及*** |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5276816A (en) | 1990-12-31 | 1994-01-04 | International Business Machines Corporation | Icon object interface system and method |
US5287447A (en) * | 1991-06-28 | 1994-02-15 | International Business Machines Corporation | Method and system for providing container object attributes to a non-container object |
US5754174A (en) * | 1992-08-27 | 1998-05-19 | Starfish Software, Inc. | User interface with individually configurable panel interfaces for use in a computer system |
US5838910A (en) * | 1996-03-14 | 1998-11-17 | Domenikos; Steven D. | Systems and methods for executing application programs from a memory device linked to a server at an internet site |
US6698018B1 (en) * | 2000-05-10 | 2004-02-24 | Microsoft Corporation | System and method of multiple-stage installation of a suite of applications |
US6918091B2 (en) * | 2000-11-09 | 2005-07-12 | Change Tools, Inc. | User definable interface system, method and computer program product |
US7546543B2 (en) * | 2004-06-25 | 2009-06-09 | Apple Inc. | Widget authoring and editing environment |
US7680758B2 (en) * | 2004-09-30 | 2010-03-16 | Citrix Systems, Inc. | Method and apparatus for isolating execution of software applications |
WO2007076624A1 (en) * | 2005-12-30 | 2007-07-12 | Intel Corporation | Virtual machine to detect malicious code |
US8549656B2 (en) | 2011-02-11 | 2013-10-01 | Mocana Corporation | Securing and managing apps on a device |
US8713684B2 (en) * | 2012-02-24 | 2014-04-29 | Appthority, Inc. | Quantifying the risks of applications for mobile devices |
US9152784B2 (en) * | 2012-04-18 | 2015-10-06 | Mcafee, Inc. | Detection and prevention of installation of malicious mobile applications |
CN103377341A (zh) | 2012-04-28 | 2013-10-30 | 北京网秦天下科技有限公司 | 一种安全检测的方法和*** |
US20160142437A1 (en) * | 2014-11-17 | 2016-05-19 | Samsung Electronics Co., Ltd. | Method and system for preventing injection-type attacks in a web based operating system |
CN104462971B (zh) | 2014-12-17 | 2017-10-03 | 北京奇虎科技有限公司 | 根据应用程序声明特征识别恶意应用程序的方法和装置 |
CN104573515A (zh) * | 2014-12-19 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | 一种病毒处理方法、装置和*** |
US9483644B1 (en) * | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US9880735B2 (en) * | 2015-08-10 | 2018-01-30 | Apple Inc. | Devices, methods, and graphical user interfaces for manipulating user interface objects with visual and/or haptic feedback |
CN106503548B (zh) | 2015-09-08 | 2019-08-27 | 阿里巴巴集团控股有限公司 | 漏洞检测方法、装置及*** |
WO2017126786A1 (ko) * | 2016-01-19 | 2017-07-27 | 삼성전자 주식회사 | 악성 코드 분석을 위한 전자 장치 및 이의 방법 |
CN106548074A (zh) | 2016-12-09 | 2017-03-29 | 江苏通付盾科技有限公司 | 应用程序分析监测方法及*** |
CN106682561B (zh) * | 2016-12-28 | 2020-09-01 | 深圳市全智达科技有限公司 | 一种扫描功能使用方法及装置 |
CN106850209A (zh) * | 2017-02-28 | 2017-06-13 | 苏州福瑞思信息科技有限公司 | 一种身份认证方法及装置 |
CN107045609A (zh) | 2017-04-28 | 2017-08-15 | 努比亚技术有限公司 | 检测***安全性的方法、存储介质和移动终端 |
CN107885995A (zh) * | 2017-10-09 | 2018-04-06 | 阿里巴巴集团控股有限公司 | 小程序的安全扫描方法、装置以及电子设备 |
-
2017
- 2017-10-09 CN CN201710929306.9A patent/CN107885995A/zh active Pending
-
2018
- 2018-08-09 EP EP18865893.4A patent/EP3647981B1/en active Active
- 2018-08-09 SG SG11202000895SA patent/SG11202000895SA/en unknown
- 2018-08-09 WO PCT/CN2018/099570 patent/WO2019072008A1/zh unknown
- 2018-08-09 PL PL18865893T patent/PL3647981T3/pl unknown
- 2018-08-09 TW TW107127801A patent/TW201915809A/zh unknown
- 2018-08-09 ES ES18865893T patent/ES2881318T3/es active Active
-
2020
- 2020-01-08 US US16/737,766 patent/US10846402B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102789502A (zh) * | 2012-07-17 | 2012-11-21 | 北京奇虎科技有限公司 | 网站的扫描方法和装置 |
CN103473381A (zh) * | 2013-10-13 | 2013-12-25 | 陈志德 | 数据库安全评估方法 |
CN103984697A (zh) * | 2014-04-08 | 2014-08-13 | 百度在线网络技术(北京)有限公司 | 条码信息的处理方法、装置及*** |
Non-Patent Citations (1)
Title |
---|
天下雪: "微信小程序开发有哪些安全漏洞", 《HTTPS://WWW.WXAPP-UNION.COM/ARTICLE-1147-1.HTML》 * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019072008A1 (zh) * | 2017-10-09 | 2019-04-18 | 阿里巴巴集团控股有限公司 | 小程序的安全扫描方法、装置以及电子设备 |
US10846402B2 (en) | 2017-10-09 | 2020-11-24 | Advanced New Technologies Co., Ltd. | Security scanning method and apparatus for mini program, and electronic device |
WO2020042086A1 (zh) * | 2018-08-30 | 2020-03-05 | 深圳市互盟科技股份有限公司 | 一种实现DevOps的方法及*** |
CN109976922A (zh) * | 2019-03-04 | 2019-07-05 | 上海连尚网络科技有限公司 | 小程序平台间的发现方法、设备和计算机存储介质 |
CN111143204A (zh) * | 2019-12-19 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | 一种小程序代码扫描方法和装置 |
TWI768343B (zh) * | 2019-12-19 | 2022-06-21 | 大陸商支付寶(杭州)信息技術有限公司 | 小程式碼掃描方法和裝置 |
WO2021120538A1 (zh) * | 2019-12-19 | 2021-06-24 | 支付宝(杭州)信息技术有限公司 | 一种小程序代码扫描方法和装置 |
CN111324370A (zh) * | 2020-02-19 | 2020-06-23 | 支付宝(杭州)信息技术有限公司 | 用于对待上线小程序进行风险处理的方法及装置 |
CN111324370B (zh) * | 2020-02-19 | 2022-10-18 | 支付宝(杭州)信息技术有限公司 | 用于对待上线小程序进行风险处理的方法及装置 |
CN111400722A (zh) * | 2020-03-25 | 2020-07-10 | 深圳市腾讯网域计算机网络有限公司 | 扫描小程序的方法、装置、计算机设备和存储介质 |
CN111241496A (zh) * | 2020-04-24 | 2020-06-05 | 支付宝(杭州)信息技术有限公司 | 确定小程序特征向量的方法、装置和电子设备 |
CN111611590A (zh) * | 2020-05-22 | 2020-09-01 | 支付宝(杭州)信息技术有限公司 | 涉及应用程序的数据安全的方法及装置 |
CN111611590B (zh) * | 2020-05-22 | 2023-10-27 | 支付宝(杭州)信息技术有限公司 | 涉及应用程序的数据安全的方法及装置 |
WO2021243555A1 (zh) * | 2020-06-02 | 2021-12-09 | 深圳市欢太科技有限公司 | 一种快应用检测方法、装置、设备及存储介质 |
CN111783095A (zh) * | 2020-07-28 | 2020-10-16 | 支付宝(杭州)信息技术有限公司 | 小程序恶意代码的识别方法、装置和电子设备 |
CN112148603A (zh) * | 2020-09-18 | 2020-12-29 | 支付宝(杭州)信息技术有限公司 | 小程序风险识别方法及装置 |
CN113342639A (zh) * | 2021-05-19 | 2021-09-03 | 国家计算机网络与信息安全管理中心 | 小程序安全风险评估方法和电子设备 |
Also Published As
Publication number | Publication date |
---|---|
EP3647981B1 (en) | 2021-04-28 |
PL3647981T3 (pl) | 2021-10-25 |
ES2881318T3 (es) | 2021-11-29 |
WO2019072008A1 (zh) | 2019-04-18 |
SG11202000895SA (en) | 2020-02-27 |
EP3647981A1 (en) | 2020-05-06 |
US10846402B2 (en) | 2020-11-24 |
EP3647981A4 (en) | 2020-05-06 |
US20200143051A1 (en) | 2020-05-07 |
TW201915809A (zh) | 2019-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107885995A (zh) | 小程序的安全扫描方法、装置以及电子设备 | |
CN105068932B (zh) | 一种Android应用程序加壳的检测方法 | |
US7502939B2 (en) | Software virus detection methods and apparatus | |
US8578174B2 (en) | Event log authentication using secure components | |
US9607145B2 (en) | Automated vulnerability and error scanner for mobile applications | |
CN104517054B (zh) | 一种检测恶意apk的方法、装置、客户端和服务器 | |
US9811661B1 (en) | System and method for protecting computers from unauthorized remote administration | |
WO2017116525A2 (en) | Assessing effectiveness of cybersecurity technologies | |
CN105701423B (zh) | 应用于云端支付业务的数据存储方法及装置 | |
US11151252B2 (en) | Just in time memory analysis for malware detection | |
CN106326731B (zh) | 防止不良程序的安装和执行的***和方法 | |
CN106548076A (zh) | 检测应用漏洞代码的方法和装置 | |
CN107454053A (zh) | 在分布式网络中检测虚拟机上的恶意文件的***和方法 | |
EP3029595B1 (en) | Apparatuses, mobile devices, methods and computer programs for evaluating runtime information of an extracted set of instructions based on at least a part of a computer program | |
CN109558207A (zh) | 在虚拟机中形成用于进行文件的防病毒扫描的日志的***和方法 | |
CN108470126B (zh) | 数据处理方法、装置及存储介质 | |
US20190243976A1 (en) | System and method for categorization of .net applications | |
WO2020192179A1 (zh) | 一种基于iOS应用的安全检测方法、装置及*** | |
US9189629B1 (en) | Systems and methods for discouraging polymorphic malware | |
Dubin | Content disarm and reconstruction of RTF files a zero file trust methodology | |
CN107479874A (zh) | 一种基于Windows平台的DLL注入方法及*** | |
Vella et al. | Volatile memory-centric investigation of SMS-hijacked phones: a Pushbullet case study | |
CN107066886A (zh) | 一种Android加固脱壳的检测方法 | |
Niu et al. | Clone analysis and detection in android applications | |
CN110321702A (zh) | 检测网络资源的修改的***和方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1251685 Country of ref document: HK |
|
TA01 | Transfer of patent application right |
Effective date of registration: 20201019 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20201019 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Applicant before: Alibaba Group Holding Ltd. |
|
TA01 | Transfer of patent application right | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180406 |
|
RJ01 | Rejection of invention patent application after publication |