Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A vulnerability detection and to-be-detected technology, applied in the field of vulnerability detection
Active Publication Date: 2022-04-22
杭州默安科技有限公司
View PDF8 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0004] IAST is implemented based on bytecode insertion, and this technical solution is only applicable to JAVA language
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0071] Embodiment 1. A method for detecting vulnerabilities, which is used to detect vulnerabilities in node.JS applications, comprising the following steps:
[0072] S100, start-up phase:
[0073] Weave agent vulnerability detection logic code into the application to be detected;
[0074] The agent vulnerability detection logic code includes the first logic code, the second logic code and the detection code, wherein the detection code is used for vulnerability detection, refer to figure 1 , the specific weaving method includes the following steps:
[0075] S110. Weaving into the first logic code:
[0076] S111. Add a plug-in startup parameter when the application to be detected is started, and load an agent tool;
[0077] The plug-in startup parameter is used to indicate that the application to be detected starts with a plug-in;
[0078] The agent tool is an agent tool.
[0079] S112. The agent tool redefines the entry function of the application to be detected;
[0080...
Embodiment 2
[0121] Embodiment 2, a kind of vulnerability detection system, is used for carrying out vulnerability detection to node.JS application, and it comprises Agent end and IAST service end 300, such as figure 2As shown, the Agent side includes:
[0122] Weaving module 100, for weaving detection code in the application to be detected;
[0123] The running module 200 is configured to run the application to be detected woven with the detection code, and generate corresponding vulnerability data when the detection code is executed.
[0124] The weaving module 100 includes a first execution module 110 and a second execution module 120:
[0125] The first execution module 110 is configured to load a configuration file, the configuration file includes several pieces of rule data mapped with a third-party library;
[0126] refer to image 3 , the second execution module 120 includes:
[0127] A loading unit 121, configured to acquire loading data, the loading data is used to indicate ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention discloses a loophole detection method and system for weaving a detection code into the application to be detected during the startup phase of the application to be detected; wherein, the specific steps of weaving the detection code into the application to be detected are: loading a configuration file , the configuration file includes several pieces of rule data mapped with the third-party library; the loading data is obtained, and the loading data is used to indicate the third-party library used by the application to be tested; based on the loading data, from the configuration file Extract corresponding rule data to obtain target rule data; generate and weave corresponding detection code based on the target rule data. The invention can weave detection codes into the application to be detected, and in the application running stage, by running the woven detection code, the vulnerability detection of the application to be detected based on IAST is realized.
Description
technical field [0001] The invention relates to the field of software testing, in particular to a vulnerability detection technology for node.JS applications. Background technique [0002] node.JS is a JavaScript runtime platform based on the Chrome V8 engine, which is used for fast-response and easy-to-extend network applications. In this manual, applications developed using node.JS are called node.JS applications. [0003] IAST (Interactive Application Security Testing) is a technology for automatically identifying and diagnosing software vulnerabilities in applications. Compared with DAST (Dynamic Application Security Testing, black box) and SAST (Static Application Security Testing, white box), it has low false positives , The advantage of low false positives. [0004] IAST is implemented based on bytecode instrumentation, and this technical solution is only applicable to the JAVA language. Contents of the invention [0005] The present invention aims at the lack of ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more