CN111680295A - Method for constructing security detection of firmware of Internet of things terminal equipment - Google Patents

Method for constructing security detection of firmware of Internet of things terminal equipment Download PDF

Info

Publication number
CN111680295A
CN111680295A CN202010298401.5A CN202010298401A CN111680295A CN 111680295 A CN111680295 A CN 111680295A CN 202010298401 A CN202010298401 A CN 202010298401A CN 111680295 A CN111680295 A CN 111680295A
Authority
CN
China
Prior art keywords
firmware
internet
meta
things
information data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010298401.5A
Other languages
Chinese (zh)
Inventor
孙歆
戴桦
李霁远
韩嘉佳
孙昌华
李沁园
汪自翔
吕磅
方磊
周辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd filed Critical Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202010298401.5A priority Critical patent/CN111680295A/en
Publication of CN111680295A publication Critical patent/CN111680295A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Medical Informatics (AREA)
  • Virology (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to the field of firmware package detection of an internet of things terminal device, and provides a method for establishing the safety detection of firmware of the internet of things terminal device, which has the following steps: collecting meta-information data of the internet of things terminal, and establishing a firmware list according to the meta-information data; establishing a firmware unpacking engine base, and establishing a mapping relation between a firmware list and the firmware unpacking engine base; step two: acquiring a firmware package to be tested, extracting meta-information data, matching a corresponding firmware unpacking engine, and converting the firmware package to be tested into a machine language code; step three: converting the machine language code of the firmware package to be tested into an assembly language code; step four: scanning and detecting the assembly language code; step five: generating a detection report; the meta-information data is multidimensional data; the method provides a basis for reasonable planning of the operation and maintenance scheme of the Internet of things, and provides possibility for reducing the safety risk of the terminal equipment of the Internet of things.

Description

Method for constructing security detection of firmware of Internet of things terminal equipment
Technical Field
The invention relates to the technical field of security detection of firmware packages of internet of things equipment, in particular to a method for constructing security detection of firmware of internet of things terminal equipment.
Background
The terminal equipment of the internet of things is usually a closed embedded system, and the function upgrade and the system update are carried out through firmware. As the system's lowest level software, the security of the firmware directly determines the security of the device, and the firmware becomes one of the main means for hacking IOT devices and systems.
According to the report of a certain organization, the number of the global IOT equipment (terminal equipment of the Internet of things) in 2020 is predicted to be as high as 260 hundred million, and people will own about 6 equipment in the future. However, due to the insufficient safety awareness of research and development personnel and the low transparency of the firmware, the content and the safety of the firmware are difficult to check and judge, and the safety evaluation and detection of the firmware of the terminal equipment of the internet of things cannot be performed efficiently. In the face of such a huge base number, how to quickly and efficiently perform security detection on the firmware of the terminal of the internet of things has become an urgent problem. Because the equipment models of the internet of things terminals are complicated, manufacturers are numerous, and unpacking (stripping) engines adopted by firmware packages of the internet of things terminals with different models of different manufacturers are different. Therefore, in the firmware package security detection process, a complicated firmware stripping (i.e. capable of quickly identifying and selecting the correct firmware stripping engine) process becomes a bottleneck that restricts the security detection efficiency.
In addition, because the machine language obtained after the firmware of the terminal equipment of the internet of things is stripped is obscure, after unpacking, a decompilation engine is needed to convert a machine language code into an easily-recognizable code such as assembly language, and the like, so that decompilation means (methods, approaches or software) selected by processors of different models during decompilation of the code are different, and a detection method for scanning and analyzing the firmware is also different. There is also a problem of inefficiency in decompilation and scanning for vulnerabilities.
Disclosure of Invention
The invention aims to solve the technical problem of overcoming the defect of low efficiency caused by complex firmware stripping in the prior art, and provides a method for constructing security detection of firmware of an internet of things terminal device, which can quickly and efficiently perform security detection on the firmware.
In order to achieve the purpose, the invention is realized by the following technical scheme: collecting meta-information data of an Internet of things terminal, and establishing a firmware list according to the meta-information data; establishing a firmware unpacking engine library, and establishing a first mapping relation between the firmware list and the firmware unpacking engine library according to an unpacking rule of a manufacturer of the Internet of things terminal equipment; step two: acquiring a firmware package to be tested, extracting meta-information data, matching a corresponding firmware unpacking engine according to a first mapping relation, and stripping a file system containing a machine language code from the firmware package to be tested by using the firmware unpacking engine; step three: converting machine language codes in a file system into assembly language codes through decompiling; step four: scanning the decompiled assembly language codes in the third step, and searching for bugs through comparison with the existing bug feature library and code detection analysis; step five: generating a firmware safety detection report according to the scanning and detection results in the step four; the meta-information data is multidimensional data for recording the related information of the internet of things terminal.
According to the technical scheme, the mapping relation is established between the firmware list of the internet of things equipment and the firmware unpacking engine library, and a correct unpacking (stripping) engine can be quickly selected for the firmware package to be detected, so that the safety detection of the firmware package of the internet of things terminal is possible.
The further preferable scheme of the invention is as follows: the meta-information data records the relevant information of the Internet of things terminal, including the version model and the manufacturer of the Internet of things terminal equipment; and in the second step, acquiring the firmware package to be tested, extracting the version model and the manufacturer data in the meta-information data, and matching the corresponding firmware unpacking engine according to the first mapping relation.
The further preferable scheme of the invention is as follows: in the first step, the meta-information data records the relevant information of the internet of things terminal and further comprises an instruction set architecture, a decompiling engine library is established, and a second mapping relation is established between the firmware list and the decompiling engine library according to a decompiling engine corresponding to the instruction set architecture; and in the third step, an instruction set architecture in the meta-information data of the firmware package to be tested is extracted, and a corresponding decompilation engine library is selected for decompilation according to the second mapping relation.
The further preferable scheme of the invention is as follows: in the first step, the meta-information data records the relevant information of the internet of things terminal and also includes a file system type, a firmware analysis engine library is established, and a third mapping relation is established between a firmware list and the firmware analysis engine library according to the file system type and a firmware analysis engine corresponding to the instruction architecture; and in the fourth step, extracting the instruction set architecture and the file system type in the meta-information data of the firmware package, and selecting a corresponding firmware analysis engine to analyze and detect the assembly language code according to the third mapping relation.
The further preferable scheme of the invention is as follows: in the first step, the meta-information data records the relevant information of the terminal of the internet of things and also comprises an encryption format, and the encryption format is identified by an extension; establishing a decryption engine library, and establishing a fourth mapping relation between the firmware list and the decryption engine library according to a decryption engine corresponding to the encryption format; in the second step, the firmware package to be tested needs to be decrypted before unpacking, and the corresponding decryption engine is selected for decryption according to the fourth mapping relation.
The further preferable scheme of the invention is as follows: the method for acquiring the firmware package to be tested comprises official website acquisition, upgrade path acquisition, serial port acquisition and equipment reading.
The further preferable scheme of the invention is as follows: and in the fourth step, the assembly language code of the firmware package to be tested is scanned, and the scanning method comprises the steps of matching the feature code, positioning the core function and extracting the associated file.
In conclusion, the invention has the following beneficial effects: the method comprises the steps that firstly, a universal firmware detection framework and a universal firmware detection method are established through systematic analysis of firmware, and the characteristics of the Internet of things industry, such as diversification of intelligent equipment, rapid rise of embedded equipment firmware types, high version updating speed and the like, can be effectively dealt with; the safety detection method constructed by the invention can be used for carrying out safety evaluation on the firmware of the terminal equipment of the Internet of things without depending on specific equipment and a platform; the safety analysis of the mass equipment and the firmware of each version of the mass equipment becomes possible; safety assessment can be continuously carried out on the equipment producer in the process of developing the firmware, potential safety risks are eliminated in the process of developing the firmware, and cost brought by firmware release upgrading, equipment maintenance and the like due to safety problems is effectively reduced; the firmware stripping engine is compatible with various formats (manufacturers), can unpack the firmware in a flow manner, has higher firmware unpacking rate, and provides a solid file foundation for the subsequent firmware analysis; and fifthly, the reverse operation can be carried out on the binary file in the firmware package file system, a proper disassembling module can be selected based on the kernel and CPU architecture, the lib file associated with the executable binary file is listed, the executable binary file and the lib file associated with the executable binary file can be disassembled, corresponding symbol information can be automatically extracted, a core function can be positioned, and support is provided for subsequent security detection.
Drawings
Fig. 1 is a flowchart of a method for constructing a security detection method of firmware of an internet of things terminal device according to the present invention.
Fig. 2 is a technical framework diagram of the method for detecting the security of the firmware of the terminal equipment of the internet of things according to the invention.
Fig. 3 is a detection output diagram of the method for constructing the firmware security detection of the internet of things terminal device according to the invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The present embodiment is only for explaining the present invention, and it is not limited to the present invention, and those skilled in the art can make modifications without inventive contribution to the present embodiment as needed after reading the present specification, but all of them are protected by patent law within the scope of the claims of the present invention.
As shown in fig. 1 to 3, the present invention provides a method for constructing a security check of firmware of an internet of things terminal device, which mainly includes the following steps.
Collecting meta-information data of the Internet of things terminal, and establishing a firmware list according to the meta-information data.
The meta-information data is multi-dimensional data for recording related information of the internet of things terminal, and comprises version models, manufacturers, instruction set architectures, file system types, encryption formats and the like of the internet of things terminal equipment. The instruction set architecture is generally ARM, MIPS and the like. File systems typically have Squashfs, Cramfs, etc. The file system formats are typically unsashfs, sasquatch, cramfsk, ext2, romfs, jffss2, ubi, wdk, etc.
And establishing a firmware unpacking engine library, and establishing a first mapping relation between the firmware list and the firmware unpacking engine library according to an unpacking rule of a manufacturer of the Internet of things terminal equipment. The unpacking rules of different equipment manufacturers are different and are obtained by searching and inquiring in advance (in a network).
And establishing a decompilation engine library, and establishing a second mapping relation between the firmware list and the decompilation engine library according to a decompilation engine corresponding to the instruction set architecture. Various decompilation engines are in the prior art, and the decompilation engine corresponding to the instruction set architecture also belongs to the prior art, and is not detailed.
And establishing a firmware analysis engine library, and establishing a third mapping relation between the firmware list and the firmware analysis engine library according to the file system type and the firmware analysis engine corresponding to the instruction architecture. The library of firmware analysis engines, and the manner in which the corresponding firmware analysis engine is determined by file system type and instruction architecture, are well established industry regulations (common general knowledge).
And establishing a decryption engine library, and establishing a fourth mapping relation between the firmware list and the decryption engine library according to the decryption engine corresponding to the encryption format.
Through the meta-information data, a firmware unpacking (stripping) engine, a decompiling engine, a firmware analysis engine and a decryption engine which are compatible with various formats can be utilized in the subsequent process, the firmware is unpacked in a flowing manner, a file system and relevant parameters are extracted, a file system tree and a main application module are obtained, and a solid file foundation is provided for firmware analysis.
Step two: the method comprises the steps of acquiring and extracting a firmware package to be detected, wherein the means for acquiring the firmware package to be detected comprises official website acquisition, upgrade path acquisition, serial port acquisition and equipment reading. And acquiring a firmware package to be tested, extracting meta-information data (version model and manufacturer), matching a corresponding firmware unpacking engine according to the first mapping relation and matching a corresponding firmware unpacking engine through a firmware list, carrying out firmware stripping operation, and stripping modules such as a file system containing machine language codes from the firmware package to be tested. And before unpacking, the firmware package to be tested needs to be decrypted, the encryption format in the meta-information data is extracted, and a corresponding decryption engine is selected (through a firmware list) according to the fourth mapping relation for decryption. The encrypted format (or compressed format) is identified by an extension, typically in the format gzip, 7z, bz2, tar, arj, unrar, lzop, srec, unstuff, etc.
Step three: and converting the machine language code of the firmware package to be tested into assembly language code and the like through decompiling. Specifically, information of an instruction set architecture contained in the meta-information data of the firmware package to be tested is extracted, (through a firmware list), and a corresponding decompilation engine library is selected according to the second mapping relation for decompilation. (selection of appropriate disassembling Module based on Kernel and CPU architecture)
Step four: and scanning the assembly language code of the firmware package to be tested, wherein the scanning method comprises matching the feature code and positioning the core function, and extracting the associated file. And detecting the bugs existing in the analysis codes according to the existing bug feature library. Specifically, information including an instruction set architecture and a file system type in the meta-information data of the firmware package to be tested is extracted, and a corresponding firmware analysis engine is selected (through a firmware list) according to the third mapping relation to analyze and detect the assembly language code. And performing static analysis on the reversed files, performing comprehensive analysis on the password files, the binary files, the configuration files, the script files, the sensitive keywords and the like through regular or semantic analysis, extracting the sensitive files and corresponding fields, such as hard coded information in firmware, SSL encrypted files and the like, searching possible vulnerabilities, comparing the vulnerabilities with a vulnerability library, and determining the existence, type and the like of the vulnerabilities.
Step five: and generating a firmware safety detection report according to the scanning and detection results in the step four.

Claims (7)

1. A method for constructing the safety detection of the firmware of the terminal equipment of the Internet of things is characterized by comprising the following steps,
collecting meta-information data of the Internet of things terminal, and establishing a firmware list according to the meta-information data; establishing a firmware unpacking engine library, and establishing a first mapping relation between the firmware list and the firmware unpacking engine library according to an unpacking rule of a manufacturer of the Internet of things terminal equipment;
step two: acquiring a firmware package to be tested, extracting meta-information data, matching a corresponding firmware unpacking engine according to a first mapping relation, and stripping a file system containing a machine language code from the firmware package to be tested by using the firmware unpacking engine;
step three: converting machine language codes in a file system into assembly language codes through decompiling;
step four: scanning the decompiled assembly language codes in the third step, and searching for bugs through comparison with the existing bug feature library and code detection analysis;
step five: generating a firmware safety detection report according to the scanning and detection results in the step four;
the meta-information data is multidimensional data for recording the related information of the internet of things terminal.
2. The method for building the safety detection of the firmware of the internet of things terminal equipment according to claim 1, wherein the meta-information data records that the relevant information of the internet of things terminal comprises the version model and the manufacturer of the internet of things terminal equipment; and in the second step, acquiring the firmware package to be tested, extracting the version model and the manufacturer data in the meta-information data, and matching the corresponding firmware unpacking engine according to the first mapping relation.
3. The method for constructing the security detection of the firmware of the internet of things terminal device according to claim 2, wherein in the first step, the meta-information data records the relevant information of the internet of things terminal and further includes an instruction set architecture, a decompilation engine library is established, and a second mapping relationship is established between the firmware list and the decompilation engine library according to a decompilation engine corresponding to the instruction set architecture; and in the third step, extracting the instruction set architecture in the meta-information data of the firmware package to be tested and selecting the corresponding decompilation engine library for decompilation according to the second mapping relation.
4. The method for constructing the firmware security check of the internet of things terminal device according to claim 3, wherein in the first step, the meta-information data records the relevant information of the internet of things terminal and further includes a file system type, a firmware analysis engine library is established, and a third mapping relationship is established between the firmware list and the firmware analysis engine library according to the file system type and a firmware analysis engine corresponding to the instruction architecture;
and in the fourth step, extracting the instruction set architecture and the file system type in the meta-information data of the firmware package to be detected, and selecting a corresponding firmware analysis engine to analyze and detect the assembly language code according to the third mapping relation.
5. The method for constructing the safety detection of the terminal firmware of the internet of things according to any one of claims 1 to 4, wherein in the first step, the meta-information data records the relevant information of the terminal of the internet of things and further comprises an encryption format, and the encryption format is identified by an extension; establishing a decryption engine library, and establishing a fourth mapping relation between the firmware list and the decryption engine library according to a decryption engine corresponding to the encryption format;
in the second step, the firmware package to be tested needs to be decrypted before unpacking, and the corresponding decryption engine is selected for decryption according to the fourth mapping relation.
6. The method for constructing the security detection of the firmware of the terminal of the internet of things according to claim 1, wherein the means for acquiring the firmware package to be detected comprises official website acquisition, upgrade path acquisition, serial port acquisition and device reading.
7. The method for constructing the security detection of the firmware of the terminal of the internet of things according to claim 1 or 4, wherein the assembly language code of the firmware package to be detected is scanned in the fourth step, and the scanning method comprises matching the feature code and positioning the core function to extract the associated file.
CN202010298401.5A 2020-04-16 2020-04-16 Method for constructing security detection of firmware of Internet of things terminal equipment Pending CN111680295A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010298401.5A CN111680295A (en) 2020-04-16 2020-04-16 Method for constructing security detection of firmware of Internet of things terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010298401.5A CN111680295A (en) 2020-04-16 2020-04-16 Method for constructing security detection of firmware of Internet of things terminal equipment

Publications (1)

Publication Number Publication Date
CN111680295A true CN111680295A (en) 2020-09-18

Family

ID=72451491

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010298401.5A Pending CN111680295A (en) 2020-04-16 2020-04-16 Method for constructing security detection of firmware of Internet of things terminal equipment

Country Status (1)

Country Link
CN (1) CN111680295A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112818357A (en) * 2021-03-11 2021-05-18 北京顶象技术有限公司 Automated batch IoT firmware risk assessment method and system
CN113688138A (en) * 2021-08-27 2021-11-23 华东师范大学 Key Map table reversing and positioning method for vehicle engine control unit
CN113821804A (en) * 2021-11-24 2021-12-21 浙江君同智能科技有限责任公司 Cross-architecture automatic detection method and system for third-party components and security risks thereof
CN114024995A (en) * 2021-11-24 2022-02-08 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 Internet of things terminal firmware safety analysis system
CN115544517A (en) * 2022-10-08 2022-12-30 上海安般信息科技有限公司 Firmware supply chain safety system based on static analysis

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109325353A (en) * 2018-11-01 2019-02-12 南京邮电大学 A kind of cluster leak analysis method for home router
CN110362966A (en) * 2019-07-11 2019-10-22 华东师范大学 A kind of cross-platform firmware homology safety detection method based on fuzzy Hash

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109325353A (en) * 2018-11-01 2019-02-12 南京邮电大学 A kind of cluster leak analysis method for home router
CN110362966A (en) * 2019-07-11 2019-10-22 华东师范大学 A kind of cross-platform firmware homology safety detection method based on fuzzy Hash

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李建春等: "基于固件分析的路由器 Web 页面安全评估技术", 《通信技术》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112818357A (en) * 2021-03-11 2021-05-18 北京顶象技术有限公司 Automated batch IoT firmware risk assessment method and system
CN113688138A (en) * 2021-08-27 2021-11-23 华东师范大学 Key Map table reversing and positioning method for vehicle engine control unit
CN113688138B (en) * 2021-08-27 2023-06-09 华东师范大学 Key Map table reversing and positioning method for vehicle engine control unit
CN113821804A (en) * 2021-11-24 2021-12-21 浙江君同智能科技有限责任公司 Cross-architecture automatic detection method and system for third-party components and security risks thereof
CN114024995A (en) * 2021-11-24 2022-02-08 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 Internet of things terminal firmware safety analysis system
CN115544517A (en) * 2022-10-08 2022-12-30 上海安般信息科技有限公司 Firmware supply chain safety system based on static analysis

Similar Documents

Publication Publication Date Title
CN111680295A (en) Method for constructing security detection of firmware of Internet of things terminal equipment
CN111797403B (en) Data processing method based on big data and Internet of things and cloud computing server center
CN111400719A (en) Firmware vulnerability distinguishing method and system based on open source component version identification
CN113821804B (en) Cross-architecture automatic detection method and system for third-party components and security risks thereof
CN107346284B (en) Application program detection method and detection device
CN109255241B (en) Android permission promotion vulnerability detection method and system based on machine learning
CN111181805B (en) Micro-service test baffle generation method and system based on test case
CN115062309B (en) Vulnerability mining method based on equipment firmware simulation in novel power system and storage medium
CN114386032A (en) Firmware detection system and method for power Internet of things equipment
CN112688966A (en) Webshell detection method, device, medium and equipment
CN109543409B (en) Method, device and equipment for detecting malicious application and training detection model
CN110287700B (en) iOS application security analysis method and device
CN112131120A (en) Source code defect detection method and device
CN110858247A (en) Android malicious application detection method, system, device and storage medium
CN111460448B (en) Malicious software family detection method and device
CN110334523B (en) Vulnerability detection method and device, intelligent terminal and storage medium
CN109670317B (en) Internet of things equipment inheritance vulnerability mining method based on atomic control flow graph
CN116932381A (en) Automatic evaluation method for security risk of applet and related equipment
CN116186716A (en) Security analysis method and device for continuous integrated deployment
CN115391230A (en) Test script generation method, test script penetration method, test script generation device, test penetration device, test equipment and test medium
CN112464237B (en) Static code security diagnosis method and device
CN115310087A (en) Website backdoor detection method and system based on abstract syntax tree
CN114201759A (en) Software vulnerability identification method and system based on software package naming matrix
CN115203674A (en) Automatic login method, system, device and storage medium for application program
CN110321130B (en) Non-repeatable compiling and positioning method based on system call log

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200918