[go: nahoru, domu]

CN106856473A - The detection method and device of leak - Google Patents

The detection method and device of leak Download PDF

Info

Publication number
CN106856473A
CN106856473A CN201510906217.3A CN201510906217A CN106856473A CN 106856473 A CN106856473 A CN 106856473A CN 201510906217 A CN201510906217 A CN 201510906217A CN 106856473 A CN106856473 A CN 106856473A
Authority
CN
China
Prior art keywords
class
leak
executable program
measured
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510906217.3A
Other languages
Chinese (zh)
Other versions
CN106856473B (en
Inventor
胡晓明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201510906217.3A priority Critical patent/CN106856473B/en
Publication of CN106856473A publication Critical patent/CN106856473A/en
Application granted granted Critical
Publication of CN106856473B publication Critical patent/CN106856473B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses the detection method and device of a kind of leak.Wherein, the method includes:Decompiling is carried out to executable program to be measured, obtains specifying the specified class set of object;The class in the specified class set is traveled through, the implementation process to each class in the specified class set carries out repeated detection according to preset rules;Determine the leak type of the executable program to be measured jointly according to the testing result of the repeated detection.

Description

The detection method and device of leak
Technical field
The present invention relates to network safety filed, in particular to the detection method and device of a kind of leak.
Background technology
Detection currently for terminal leak is roughly divided into dynamic detection and Static Detection two ways, for example, in detection During the man-in-the-middle attack leak applied in iOS system, the implementation method of dynamic detection is manually to set up agency's clothes Business device, and agent IP address and the port of terminal are set manually, starting mobile phone application, the network of triggering application connects manually Behavior is connect, and checks whether that SSL HTTP (hypertext can be intercepted and captured on proxy server Transfer protocol over secure socket, referred to as https) Content of Communication, judged whether with this There is man-in-the-middle attack leak;And the implementation method of Static Detection is, to Proxy Method “connection:canAuthenticateAgainstProtectionSpace:" and its realize carrying out rule match inspection Survey.
As can be seen here, must be manual although the dynamic testing method in correlation technique can accurately find leak Change test, it is impossible to accomplish full automation, extremely inefficient, while needing to use proxy server and terminal, cost It is higher.And static detection method is only to Proxy Method “connection:canAuthenticateAgainstProtectionSpace:" and its realize being detected exist Wrong report higher and rate of failing to report, and detected iOS cannot be detected using the https man-in-the-middle attack leaks for existing Rank.
For above-mentioned problem, effective solution is not yet proposed at present.
The content of the invention
According to the one side of the embodiment of the present application, there is provided a kind of detection method of leak, including:Held to be measured Line program carries out decompiling, obtains specifying the specified class set of object;The class in the specified class set is traveled through, to institute The implementation process for stating each class in specified class set carries out repeated detection according to preset rules;According to the repeated detection Testing result determines the leak type of the executable program to be measured jointly.
According to the another aspect of the embodiment of the present application, a kind of detection means of leak is additionally provided, including:Decompiling mould Block, for carrying out decompiling to executable program to be measured, obtains specifying the specified class set of object;Detection module, uses Class in the specified class set is traveled through, to the implementation process of each class in the specified class set according to preset rules Carry out repeated detection;Identification module, described to be measured hold is determined for the testing result according to the repeated detection jointly The leak type of line program.
In the embodiment of the present application, by carrying out the specified class set that decompiling obtains specifying object to executable program to be measured Close, and repeated detection is carried out according to preset rules to the implementation process of each class in the specified class set, and according to many The testing result of secondary detection determines the leak type of executable program to be measured jointly, has reached Aulomatizeted Detect and has improved and has leaked The purpose of the efficiency of hole identification, and then solve the technical problem not high of leak recognition efficiency in correlation technique.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair Bright schematic description and description does not constitute inappropriate limitation of the present invention for explaining the present invention.In accompanying drawing In:
Fig. 1 is a kind of hardware block diagram of the terminal of the detection method of leak of the embodiment of the present invention;
Fig. 2 is the schematic diagram of the detection method of a kind of optional leak according to the embodiment of the present application;
Fig. 3 is the schematic diagram of the detection method of the optional leak of another kind according to the embodiment of the present application;
Fig. 4 is the detection method of the man-in-the-middle attack leak in a kind of optional iOS system of the embodiment of the present application Schematic diagram;
Fig. 5 is the schematic diagram one of the detection means of a kind of optional leak according to the embodiment of the present application;
Fig. 6 is the schematic diagram two of the detection means of the optional leak of another kind according to the embodiment of the present application;
Fig. 7 is the schematic diagram three of the detection means of the optional leak of another kind according to the embodiment of the present application;
Fig. 8 is a kind of structured flowchart of terminal according to embodiments of the present invention.
Specific embodiment
In order that those skilled in the art more fully understand application scheme, below in conjunction with the embodiment of the present application Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment The only embodiment of a present invention part, rather than whole embodiments.Based on the embodiment in the present invention, ability The every other embodiment that domain those of ordinary skill is obtained under the premise of creative work is not made, should all belong to The scope of protection of the invention.
It should be noted that term " first ", " in description and claims of this specification and above-mentioned accompanying drawing Two " it is etc. for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that this The data that sample is used can be exchanged in the appropriate case, so as to embodiments of the invention described herein can with except Here the order beyond those for illustrating or describing is implemented.Additionally, term " comprising " and " having " and they Any deformation, it is intended that covering is non-exclusive to be included, for example, containing process, the side of series of steps or unit Method, system, product or equipment are not necessarily limited to those steps clearly listed or unit, but may include unclear List or for these processes, method, product or other intrinsic steps of equipment or unit.
For convenience of description, the implication of some technical terms being now related in the embodiment of the present application is described below:
Man-in-the-middle attack (Man-in-the-MiddleAttack, referred to as " MITM attacks ") leak, is a kind of " indirect " Network Intrusion, this attack mode is to be put controlled by invader computer virtual by various technological means Put between two communication computers in network connection, this computer is known as " go-between ".
Man-in-the-middle attack leak is classified:
level1:It is useless to mobile phone in install attacker's certificate in the case of can carry out man-in-the-middle attack;
level2:Man-in-the-middle attack can be carried out in the case that attacker's certificate is installed in mobile phone;
level3:Man-in-the-middle attack cannot be carried out in the case that attacker's certificate is installed in mobile phone.
Embodiment 1
According to embodiments of the present invention, a kind of embodiment of the method for the detection method of leak is additionally provided, it is necessary to illustrate, Can be performed in the such as one group computer system of computer executable instructions the step of the flow of accompanying drawing is illustrated, And, although logical order is shown in flow charts, but in some cases, can be with suitable different from herein Sequence performs shown or described step.
The embodiment of the method that the embodiment of the present application one is provided can be in mobile terminal, terminal or similar fortune Calculate execution in device.As a example by running on computer terminals, Fig. 1 is a kind of detection of leak of the embodiment of the present invention The hardware block diagram of the terminal of method.As shown in figure 1, terminal 10 can include one or more (processor 102 can include but is not limited to Micro-processor MCV or can compile (one is only shown in figure) processor 102 The processing unit of journey logical device FPGA etc.), the memory 104 for data storage and for communication function Transmitting device 106.It will appreciated by the skilled person that the structure shown in Fig. 1 is only to illustrate, it is not right The structure of above-mentioned electronic installation causes to limit.For example, terminal 10 may also include it is more more than shown in Fig. 1 or Less component, or with the configuration different from shown in Fig. 1.
Memory 104 can be used to store the software program and module of application software, such as leak in the embodiment of the present invention The corresponding programmed instruction/module of detection method, processor 102 is by running software journey of the storage in memory 104 Sequence and module, so as to perform various function application and data processing, that is, realize the leak inspection of above-mentioned application program Survey method.Memory 104 may include high speed random access memory, may also include nonvolatile memory, such as one or Multiple magnetic storage devices, flash memory or other non-volatile solid state memories.In some instances, memory 104 The memory remotely located relative to processor 102 can be further included, these remote memories can be connected by network It is connected to terminal 10.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, shifting Dynamic communication network and combinations thereof.
Transmitting device 106 is used to that data to be received or sent via a network.Above-mentioned network instantiation may include The wireless network that the communication providerses of terminal 10 are provided.In an example, transmitting device 106 includes one Network adapter (Network Interface Controller, NIC), it can be by base station and other network equipments It is connected so as to be communicated with internet.In an example, transmitting device 106 can be radio frequency (Radio Frequency, RF) module, it is used to wirelessly be communicated with internet.
Under above-mentioned running environment, this application provides the detection method of leak as shown in Figure 2.Fig. 2 is according to this The flow chart of the detection method of the leak of inventive embodiments 1.As shown in Fig. 2 the method comprising the steps of S202-206: Step S202, decompiling is carried out to executable program to be measured, obtains specifying the specified class set of object;
It should be noted that executable program herein can be the executable program of systems soft ware, or application The executable program of software, but the not limited to this form of expression, wherein, for example can be Apple Inc. for systems soft ware The iOS system software of exploitation, or Android system software, WP systems soft wares of Microsoft's exploitation etc..
The acquisition modes of above-mentioned executable program to be measured have various, for example, can be carried out to systems soft ware or application software Parsing, to obtain above-mentioned executable program to be measured.
It is with the application program ipa files (installation kit can be shown as) in the iOS system of Apple Inc.'s exploitation below Example is illustrated:Installation kit to the ipa files is parsed, to obtain wherein comprising the binary system lattice for realizing code The executable program file (i.e. the file of macho forms) of formula.Certainly, can also be Android for above-mentioned application software (android) application in the WP systems that application or Microsoft in system is developed, however it is not limited to this.
The mode parsed to application program to be measured can have various, for example in one alternate embodiment, Ke Yitong Cross special analytical tool (such as interactive mode decompiler professional version IDA pro instruments) to be parsed, but be not limited to This.
Alternatively, the implementation of decompiling has various, it is, for example possible to use idapython or idc instruments are carried out Decompiling, but it is not limited to the above-mentioned form of expression.
It should be noted that for above-mentioned specified object and its specified class set, can be according to executable program institute to be measured System type determine, it is also possible to determine according to the leak to be detected.For example, soft for application in iOS system Part, in the detection between people attack leak when, it is possible to use the agency (delegate) of NSURLConnection objects Class set carries out the detection of leak.
Step S204, traversal specifies the class in class set, to specifying the implementation process of each class in class set according to default Rule carries out repeated detection.
Alternatively, " repeated detection " in the process step can be realized by following two processing procedures, but not limited In following several forms of expression:
First processing procedure
As shown in figure 3, the processing procedure includes step S204-1 and step S204-2:
Whether step S204-1, for specifying each class in class set, the first method of calibration is used in the above-mentioned class of detection Public key certificate to server is verified;If it is not, the first marker bit flag1 then is labeled as into false;If so, The checking procedure of the public key certificate is further verified according to preset rules then, when verification passes through, flag1 is marked True is designated as, flag1 is otherwise labeled as false.
Alternatively, first in executable program to be measured is IOS systems specifies the executable program and above-mentioned finger of application When determining class set and being combined into proxy class set, above-mentioned first method of calibration includes:The first agent of proxy class in proxy class set Method.
By taking the man-in-the-middle attack leak in detecting iOS system as an example, step S204-1 can be detected Whether Proxy Method is realized in agency (delegate) class of NSURLConnection objects “connection:willSendRequestForAuthenticationChallenge:" (equivalent to the first verification side Method), if it is not, record flag1=false, continues next step detection;If so, and transmission of the Proxy Method to challenging The challenge that person sends is verified using empty authority, that is, check whether the Proxy Method have invoked method “useCredential:forAuthenticationChallenge:" (" public key is demonstrate,proved according to preset rules The checking procedure of book is further verified " in checking procedure), and first parameter of the method be nil, record Flag1=true, otherwise records flag1=false, and proceed next step detection.
Step S204-2, to whether using the second method of calibration public key certificate local to client carrying out school in above-mentioned class Test, if it is not, the second marker bit flag2 is then labeled as false, if so, then obtaining the local public key certificate of client Information, and server public key certificate information, and in the local public key certificate information of client and the public key of server When certificate information is consistent, flag2 is labeled as true, in the local public key certificate information of client and the public affairs of server When key certificate is inconsistent, flag2 is labeled as false.Alternatively, in executable program to be measured is IOS systems First specify the executable program and above-mentioned specified class set of application when being combined into proxy class set, above-mentioned second method of calibration Including:Second agent's method of proxy class in proxy class set.
In one alternate embodiment, still by taking the man-in-the-middle attack leak applied in detecting iOS system as an example, detection should Whether proxy class realizes Proxy Method " connection:didReceiveAuthenticationChallenge:" (phase When in the second method of calibration), if it is not, record flag2=false, continues next step detection;If so, and in the method Strong certificate verification is locally being carried out to service end certificate, detection method is to first check for whether the Proxy Method calls Method " pathForResource:ofType:" one local resource of loading, and the method second parameter is@" cer ", And call method " dataWithContentsOfFile:" resource file of loading is converted into NSData objects, remember It is data_1;Secondly, whether the Proxy Method successively application method is checked “SecTrustGetCertificateAtIndex()”、“SecCertificateCopyData()”、 “CFDataGetBytePtr()”、“dataWithBytes:length:" transaction status of challenge are converted into NSData Object, is designated as data_2, and (the public key local equivalent to checking client is compared to data_1 and data_2 The certificate information checking procedure whether consistent with the public key certificate information of server), flag2=true is recorded, otherwise remember Record flag2=false.
Second processing process
Alternatively, " repeated detection " in the process step can also be realized by following processing procedure, but be not limited to This kind of form of expression below:For each class in the specified class set, whether using specified verification side in detection class Method is verified to the public key certificate of server.Alternatively, it is Android (android) system in executable program to be measured In second specify application executable program when, above-mentioned specified method of calibration includes:For in above-mentioned specified class set The method that the function of class is detected.It should be noted that " function " herein is when using different programming languages, Its title is also different:For example, the function in class is referred to as into method in object-oriented language;And in procedure-oriented Then it is referred to as function in language.
Step S206, the leak type of executable program to be measured is determined according to the testing result of repeated detection jointly.
Alternatively, determine that executable program to be measured has first kind leak when flag1 is true in step S206; When flag1 is false and flag2 is true, determine that executable program to be measured has Equations of The Second Kind leak;In flag1 When for false and flag2 being false, determine that executable program to be measured has the 3rd class leak.
Alternatively, the form of expression of above-mentioned first kind leak, Equations of The Second Kind leak and the 3rd class leak has various, for example, It is SSL HTTP (Hyper Text Transfer Protocol over Secure in leak Socket Layer, referred to as https) man-in-the-middle attack leak when, first kind leak can include but is not limited to: The man-in-the-middle attack leak of the second grade leve2;Equations of The Second Kind leak is included but is not limited to:In tertiary gradient level3 Between people attack leak;3rd class leak is included but is not limited to:The https man-in-the-middle attack leaks of the first estate level1. As can be seen here, using above-mentioned processing scheme, the type of leak can be not only recognized, the rank to leak can also be realized Identification.
Alternatively, in the second processing process using step S204, step S206 can be by following processing procedure Realize:For each class in above-mentioned specified class set, at least one is directed to above-mentioned public key certificate in method of calibration is specified Method of calibration to above-mentioned public key certificate verify it is obstructed out-of-date, it is determined that there is the leakage of specified type in executable program to be measured Hole.
By taking the man-in-the-middle attack leak applied in detecting Android system as an example:
Man-in-the-middle attack leak in android system, it is necessary to specify class setHostnameVerifier, The functions such as checkServerTrusted, setDefaultHostnameVerifier are detected.In android systems The reason for go-between's leak is formed in system may have following three kinds:
1. customized X509TrustManager does not verify certificate;
2. or the self-defined HostnameVerifier that realizes does not verify domain name and receives any domain name;
3. or using setHostnameVerifier (ALLOW_ALL_HOSTNAME_VERIFIER);
For the first Crack cause, whether detection checkServertrust () method realizes being sky, if it is empty, then It is whether credible using non-detection service device, form go-between's leak;
For second Crack cause, detection HostnameVerifier objects verify(Ljava/lang/String;Ljavax/net/ssl/SSLSession;) whether function directly return to true, If so, then application receives any domain name, go-between's leak is formed;
For the third Crack cause, whether not the suction parameter of setHostnameVerifier () function is detected SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER, if so, then application receives any domain name, shape Into go-between's leak.
In one alternate embodiment, the information such as above-mentioned executable program to be measured can be according to the leak type to be determined It is different and different, for example, in the executable program applied during executable program to be measured is IOS systems, it is determined that this During the leak type of executable program to be measured, above-mentioned specified object can be included but is not limited to:Request address connecting object (NS URLConnection), above-mentioned class is included but is not limited to:Proxy class.It is thus possible to according to the embodiment of the present invention In technical scheme leak type (such as go-between mentioned above that determines in iOS system existing for application software Attack leak).
It is alternatively possible to carry out different applications using the detection method of leak provided in an embodiment of the present invention, for example, exist After step S206, i.e., after being identified to the leak type of executable program to be measured, can according to leak type Corresponding recovery scenario is repaired to the executable program to be measured;And/or, it is determined that leak corresponding with leak type Generation position.It is, of course, also possible to the operations such as out of service or unloading are carried out to there is the leak application to be measured for identifying, Specific application strategy, can flexibly be set according to actual conditions.
Using technical scheme provided in an embodiment of the present invention, due to decompiling can be carried out according to executable program to be measured Obtain specifying the specified class set of object, and implementation process to each class in the specified class set is entered according to preset rules Row repeated detection, and the leak type of executable program to be measured is determined jointly according to the testing result of repeated detection, because This, it is possible to achieve to the Aulomatizeted Detect of leak, the accuracy and recognition speed of leak identification are improved, so as to improve right The recognition efficiency of the leak of specified type.
Illustrated by taking the man-in-the-middle attack leak of the application software ipa files in detecting iOS system as an example.Following reality Example is applied mainly by technological means such as decompiling and characteristic matchings, is realized for iOS platform applications static state Aulomatizeted Detect Man-in-the-middle attack leak, and to apply man-in-the-middle attack leak be classified.
Fig. 4 is the schematic diagram of the detection method of the man-in-the-middle attack leak in the iOS system according to the embodiment of the present application. As shown in figure 4, the method generally comprises three parts:First, information is obtained;2nd, detection process;3rd, result is generated. Specifically include following process step:
Step S402, unpacks ipa files, obtains macho formatted files, specifically, including following processing procedure: Unpacking treatment (parsing) is carried out to ipa files, is obtained wherein comprising the binary file for realizing code, this document is Macho formatted files (i.e. executable program file);
Step S404, parsing macho formatted file obtain symbolic information, and decompiling goes out assembly code, specifically includes Following processing procedure:Symbolic information is obtained from the macho files for obtaining, table, derived table, character string letter is such as imported Breath, category information, method name and corresponding address information etc., and decompiling goes out assembly code;
Step S406, obtains the set of agency (delegate) class of NSURLConnection objects, and travels through the collection All proxy class in conjunction are detected;Can include judging whether proxy class set is empty judgement step in the step, If sky, then terminate;If not being sky, continue to detect.
Step S408, detection Proxy Method 1 and its realization, and record result:Detect and whether realize in the proxy class " the connection of Proxy Method 1:willSendRequestForAuthenticationChallenge:", if it is not, Record flag1=false, continues next step detection;If so, and the Proxy Method to challenge sender send choose War is verified using empty authority, that is, check whether the Proxy Method have invoked method “useCredential:forAuthenticationChallenge:", and first parameter of the method is nil, note Record flag1=true, otherwise records flag1=false, and continue next step detection
Step S410, detection Proxy Method 2 and its realization, and record result:Detect whether the proxy class realizes agency " the connection of method 2:didReceiveAuthenticationChallenge:", if it is not, record Flag2=false, continues next step detection;If so, and locally carrying out strong certificate to service end certificate in the method Verification, detection method is to first check for whether the Proxy Method has call method " pathForResource:ofType:” One local resource of loading, and the method second parameter is@" cer ", and call method “dataWithContentsOfFile:" resource file of loading is converted into NSData objects, it is designated as data_1; Secondly, check the Proxy Method whether successively application method " SecTrustGetCertificateAtIndex () ", “SecCertificateCopyData()”、“CFDataGetBytePtr()”、“dataWithBytes:length:” The transaction status of challenge are converted into NSData objects, data_2 is designated as, and data_1 and data_2 are compared Compared with, flag2=true is recorded, flag2=false is otherwise recorded, continue next step detection
Step S412, travels through detection object set, all proxy class of cycle detection;
Step S414, according to testing result, generation result report can be included but is not limited in result report:Deposit The detail location and suggestion recovery scenario produced in https man-in-the-middle attacks leak, wherein, above-mentioned testing result is such as Under:
If flag1=true, the https man-in-the-middle attacks leak of the app is level2;
If flag1=false and flag2=true, the https man-in-the-middle attacks leak of the app is level3;
If flag1=false and flag2=false, the https man-in-the-middle attacks leak of the app is level1.
As can be seen here, the technical scheme for being provided based on the embodiment of the present application, it is possible to achieve rapid automatized detection iOS should Https man-in-the-middle attack leaks, and following technique effect can be reached:Aulomatizeted Detect, without prosthetic Participate in;Cost is relatively low, without proxy server and iPhone terminals;It can be found that the https go-betweens of different stage Attack leak;The reduction of high degree is failed to report and reported by mistake;There is the exact position of leak and detailed recovery scenario in offer.
It should be noted that the detection scheme of leak involved in above-described embodiment and its alternative embodiment can be applied Application software or systems soft ware in the Mobile operating systems such as Android operation system, iOS operating systems.
It should be noted that terminal involved in the above embodiments of the present application can be mobile phone, panel computer, calculating Machine etc., but not limited to this.
It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as one it is The combination of actions of row, but those skilled in the art should know, and the present invention is not limited by described sequence of movement System, because according to the present invention, some steps can sequentially or simultaneously be carried out using other.Secondly, art technology Personnel should also know that embodiment described in this description belongs to preferred embodiment, involved action and module Not necessarily necessary to the present invention.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but The former is more preferably implementation method in many cases.Based on such understanding, technical scheme substantially or Say that the part contributed to prior art can be embodied in the form of software product, the computer software product is deposited Storage is in a storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions are used to so that a station terminal Equipment (can be mobile phone, computer, server, or network equipment etc.) is performed described in each embodiment of the invention Method.
Embodiment 2
According to embodiments of the present invention, a kind of detection for implementing the leak of the detection method of above-mentioned leak is additionally provided to fill Put, as shown in figure 5, the device includes:
Decompiling module 50, for carrying out decompiling to executable program to be measured, obtains specifying the specified class set of object; The decompiling module 50 first to be measured can be held in Decompilation is carried out to above-mentioned executable program to be measured from above-mentioned The symbolic information such as the call relation between object, the subordinate relation between function and class are obtained in line program, for example, can To include but is not limited to:Import table, derived table, character string information, category information, method name and corresponding address information Deng.Above-mentioned executable program to be measured can be the executable program obtained after being parsed to systems soft ware or application software; Alternatively, above-mentioned executable program to be measured can show as executable file, for example, the macho lattice in iOS system Formula file.
Detection module 52, is connected to decompiling module 50, for traveling through the class in specified class set, to specifying class set In the implementation process of each class carry out repeated detection according to preset rules;The implication of " repeated detection " can be showed herein It is that above-mentioned implementation process is detected according to different rules, for example, can uses different rule according to pre-set priority Then carry out repeated detection, but the not limited to this form of expression.
Identification module 54, is connected to detection module 52, for according to repeated detection testing result determine jointly it is to be measured can The leak type of configuration processor.
Alternatively, as shown in fig. 6, detection module 52, including but not limited to following processing unit:
First detection unit 520, for for specifying each class in class set, whether the first school being used in detection class Proved recipe method is verified to the public key certificate of server;If it is not, the first marker bit flag1 is then labeled as false, If so, the checking procedure of the public key certificate is further verified according to preset rules then, when verification passes through, will Flag1 is labeled as true, and flag1 otherwise is labeled as into false;Alternatively, in iOS system, the first verification side Method can be to show as Proxy Method “connection:willSendRequestForAuthenticationChallenge:", based on this, the first detection The specific detection process of unit 540 can show as following processing procedure, but not limited to this:
Whether Proxy Method is realized in agency (delegate) class for detecting NSURLConnection objects “connection:willSendRequestForAuthenticationChallenge:" (equivalent to the first verification side Method), if it is not, record flag1=false, continues next step detection;If so, and transmission of the Proxy Method to challenging The challenge that person sends is verified using empty authority, that is, check whether the Proxy Method have invoked method “useCredential:forAuthenticationChallenge:" (" public key is demonstrate,proved according to preset rules The checking procedure of book is further verified " in checking procedure), and first parameter of the method be nil, record Flag1=true, otherwise records flag1=false, and proceed next step detection.
Alternatively, as shown in fig. 6, detection module 52 can also include following processing unit:Second detection unit 522, For after whether being verified to the public key certificate of server using the first method of calibration in detecting class, to being in class The no public key certificate local to client using the second method of calibration is verified, if it is not, then by the second marker bit flag2 Labeled as false, if so, then obtain the local public key certificate information of client, and server public key certificate information, And when the local public key certificate information of client is consistent with the public key certificate information of server, flag2 is labeled as True, when the public key certificate of the local public key certificate information of client and server is inconsistent, flag2 is labeled as false。
In one alternate embodiment, by taking the application software in iOS system as an example, the detection of the second detection unit 522 During involved the second method of calibration can be “connection:didReceiveAuthenticationChallenge:", based on this, the second detection unit 522 Detection process can show as implemented below form, but not limited to this:
Detect whether the proxy class realizes Proxy Method “connection:didReceiveAuthenticationChallenge:" (equivalent to above-mentioned second method of calibration), If it is not, record flag2=false, continues next step detection;If so, and locally to service end certificate in the method Strong certificate verification is carried out, detection method is to first check for whether the Proxy Method has call method “pathForResource:ofType:" one local resource of loading, and the method second parameter is@" cer ", and Call method " dataWithContentsOfFile:" resource file of loading is converted into NSData objects, it is designated as data_1;Secondly, whether the Proxy Method successively application method is checked “SecTrustGetCertificateAtIndex()”、“SecCertificateCopyData()”、 “CFDataGetBytePtr()”、“dataWithBytes:length:" transaction status of challenge are converted into NSData Object, is designated as data_2, and (the public key local equivalent to checking client is compared to data_1 and data_2 The certificate information checking procedure whether consistent with the public key certificate information of server), flag2=true is recorded, otherwise remember Record flag2=false.
In one alternate embodiment, identification module 54, the leakage for determining executable program to be measured in such a way Hole type:When flag1 is true, determine that executable program to be measured has first kind leak;It is false in flag1 And flag2 be true when, determine that executable program to be measured has Equations of The Second Kind leak;It is false and flag2 in flag1 During for false, determine that executable program to be measured has the 3rd class leak.Alternatively, above-mentioned first kind leak, second Class leak and the 3rd class leak can be different types of leak, it is also possible to show as the different brackets of same type leak Leak, for the latter, when above-mentioned three classes leak belongs to man-in-the-middle attack leak, first kind leak includes but does not limit In:The SSL HTTP https man-in-the-middle attack leaks of the second grade leve2;Equations of The Second Kind leaks Hole includes:The https man-in-the-middle attack leaks of tertiary gradient level3;3rd class leak includes:The first estate level1 Man-in-the-middle attack leak.
Alternatively, executable program to be measured is the application in IOS systems;Above-mentioned specified object is included but is not limited to:Request Address connecting object, above-mentioned class is included but is not limited to:Proxy class.
In addition, in an alternate embodiment of the present invention where, as shown in fig. 6, above-mentioned detection module 52 also includes:The Three detection units 524, for for each class in above-mentioned specified class set, whether using specified verification in detection class Method is verified to the public key certificate of server;Now, identification module 54, are additionally operable to every in specified class set Individual class, at least one method of calibration for being directed to the public key certificate is verified to the public key certificate in method of calibration is specified It is obstructed out-of-date, it is determined that the executable program to be measured has the leak of specified type.Alternatively, the specified type Leak can be https man-in-the-middle attack leaks.It should be noted that.3rd detection unit 524 and identification mould herein The function that block 54 is realized can be preferentially used for recognizing that the https go-betweens of the executable program to be measured in Android system attack Leak, but not limited to this are hit, for example, can be also used for recognizing the https of executable program to be measured in iOS operating systems Man-in-the-middle attack leak.
In an alternative embodiment of the application, as shown in fig. 7, the detection dress of the leak that the embodiment of the present application is provided Putting to include:Application module 70, for according to recovery scenario corresponding with leak type to executable program to be measured Repaired;And/or, it is determined that the generation position of leak corresponding with leak type.So, just realize to leak The application of the testing result of detection means output is, it is necessary to illustrate, the application to the testing result can be not limited to The above-mentioned form of expression, for example, can also carry out the operations such as out of service or unloading to there is the leak application to be measured for identifying, Specific application strategy, can flexibly be set according to actual conditions.
It should be noted that modules involved in above-described embodiment can be by software or the form of hardware is come Realize, for the latter, implemented below form, but not limited to this can be shown as:Decompiling module 50, detection mould Block 52 and identification module 54 are located in same processor;Or, decompiling module 50, detection module 52 and identification Module 54 is located in first processor, second processing device and the 3rd processor respectively;Or, above-mentioned modules with appoint The form for combining of anticipating is located in different processors.
Embodiment 3
Embodiments of the invention can provide a kind of terminal, the terminal can be terminal group in Any one computer terminal.Alternatively, in the present embodiment, above computer terminal can also be replaced with The terminal devices such as mobile terminal.
Alternatively, in the present embodiment, during above computer terminal may be located at multiple network equipments of computer network At least one network equipment.
In the present embodiment, above computer terminal can perform the program code of following steps in the detection method of leak: Decompiling is carried out to executable program to be measured, obtains specifying the specified class set of object;In traveling through the specified class set Class, the implementation process to specifying each class in class set carries out repeated detection according to preset rules;According to repeated detection Testing result determine the leak type of the executable program to be measured jointly.
Alternatively, Fig. 8 is a kind of structured flowchart of terminal according to embodiments of the present invention.As shown in figure 8, Terminal A can include:One or more (one is only shown in figure) processors 80, memory 82, with And transmitting device 84.
Wherein, memory 82 can be used to store software program and module, such as detection of the leak in the embodiment of the present invention Corresponding programmed instruction/the module of method and apparatus, processor is by running software program and mould of the storage in memory Block, so as to perform various function application and data processing, that is, realizes the detection method of above-mentioned leak.Memory can Including high speed random access memory, can also include nonvolatile memory, such as one or more magnetic storage device, Flash memory or other non-volatile solid state memories.In some instances, memory can be further included relative to place The remotely located memory of reason device, these remote memories can be by network connection to terminal A.The reality of above-mentioned network Example includes but is not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.
Processor 80 can call the information and application program of memory storage by transmitting device 84, following to perform Step:Decompiling is carried out to executable program to be measured, obtains specifying the specified class set of object;Traversal specifies class set In class, the implementation process to specifying each class in class set carries out repeated detection according to preset rules;According to repeatedly inspection The testing result of survey determines the leak type of executable program to be measured jointly.
Optionally, above-mentioned processor can also carry out the program code of following steps:For each in specified class set Whether class, verified using the first method of calibration in detection class to the public key certificate of server;If it is not, then by first Marker bit flag1 is labeled as false;If so, then entering one to the checking procedure of above-mentioned public key certificate according to preset rules Step verification, when verification passes through, true is labeled as by flag1, and flag1 otherwise is labeled as into false;To in class Whether verified using the second method of calibration public key certificate local to client, if it is not, then by the second marker bit Flag2 is labeled as false, if so, the local public key certificate information of client is then obtained, and the public key of server is demonstrate,proved Letter ceases, and when the local public key certificate information of client is consistent with the public key certificate information of server, by flag2 Labeled as true, when the public key certificate of the local public key certificate information of client and server is inconsistent, by flag2 Labeled as false.
Optionally, above-mentioned processor can also carry out the program code of following steps:When flag1 is true, it is determined that There is first kind leak in executable program to be measured;When it is true that flag1 is false and flag2, determine it is to be measured can There is Equations of The Second Kind leak in configuration processor;When flag1 is false and flag2 is false, determine to be measured executable There is the 3rd class leak in program.
Optionally, above-mentioned processor can also carry out the program code of following steps:For in above-mentioned specified class set Whether each class, verified using specified method of calibration in detection class to the public key certificate of server;For above-mentioned finger Determine each class in class set, at least one is directed to the method for calibration of above-mentioned public key certificate to above-mentioned in method of calibration is specified Public key certificate verification is obstructed out-of-date, it is determined that executable program to be measured has the leak of specified type.
Optionally, above-mentioned processor can also carry out the program code of following steps:Repaiied according to corresponding with leak type Compound case is repaired to executable program to be measured;And/or, it is determined that the generation position of leak corresponding with leak type.
Using the embodiment of the present invention, there is provided a kind of detection scheme of leak.Carried out instead by executable program to be measured Compiling obtains specifying the specified class set of object, and to the implementation process of each class in the specified class set according to default rule Then carry out repeated detection, and determine the leak type of executable program to be measured jointly according to the testing result of repeated detection, The purpose of leak recognition efficiency is improve so as to reach, and then leak recognition efficiency is not high in solving correlation technique Technical problem.
As shown in figure 8, any one in above computer terminal group can be with Website server 86 and scanner 88 Set up correspondence, the value order of the weblication that scanner 88 can be performed with php in scanning computer terminal
It will appreciated by the skilled person that the structure shown in Fig. 8 is only to illustrate, terminal can also be Smart mobile phone (such as Android phone, iOS mobile phones), panel computer, applause computer and mobile internet device The terminal device such as (Mobile Internet Devices, MID), PAD.Fig. 8 its not to above-mentioned electronic installation Structure causes to limit.For example, terminal 8 may also include components more more than shown in Fig. 8 or less (such as Network interface, display device etc.), or with the configuration different from shown in Fig. 8.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment can be Completed come the device-dependent hardware of command terminal by program, the program can be stored in a computer-readable storage medium In matter, storage medium can include:Flash disk, read-only storage (Read-Only Memory, ROM), deposit at random Take device (Random Access Memory, RAM), disk or CD etc..
Embodiment 4
Embodiments of the invention additionally provide a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium Can be used for preserving the program code performed by the detection method of the leak that above-described embodiment one is provided.
Alternatively, in the present embodiment, during above-mentioned storage medium may be located at computer network Computer terminal group In any one terminal, or in any one mobile terminal in mobile terminal group.
Alternatively, in the present embodiment, storage medium is arranged to storage for performing the program code of following steps: Decompiling is carried out to executable program to be measured, obtains specifying the specified class set of object;In traveling through the specified class set Class, the implementation process to specifying each class in class set carries out repeated detection according to preset rules;According to repeated detection Testing result determines the leak type of executable program to be measured jointly.
The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in certain embodiment The part of detailed description, may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, can be by other Mode realize.Wherein, device embodiment described above is only schematical, such as division of described unit, It is only a kind of division of logic function, there can be other dividing mode when actually realizing, for example multiple units or component Can combine or be desirably integrated into another system, or some features can be ignored, or do not perform.It is another, institute Display or the coupling each other for discussing or direct-coupling or communication connection can be by some interfaces, unit or mould The INDIRECT COUPLING of block or communication connection, can be electrical or other forms.
The unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to On multiple NEs.Some or all of unit therein can be according to the actual needs selected to realize the present embodiment The purpose of scheme.
In addition, during each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.It is above-mentioned integrated Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is to realize in the form of SFU software functional unit and as independent production marketing or when using, Can store in a computer read/write memory medium.Based on such understanding, technical scheme essence On all or part of the part that is contributed to prior art in other words or the technical scheme can be with software product Form is embodied, and the computer software product is stored in a storage medium, including some instructions are used to so that one Platform computer equipment (can be personal computer, server or network equipment etc.) performs each embodiment institute of the invention State all or part of step of method.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD Etc. it is various can be with the medium of store program codes.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improve and moisten Decorations also should be regarded as protection scope of the present invention.

Claims (21)

1. a kind of detection method of leak, it is characterised in that including:
Decompiling is carried out to executable program to be measured, obtains specifying the specified class set of object;
The class in the specified class set is traveled through, to the implementation process of each class in the specified class set according to pre- If rule carries out repeated detection;
Determine the leak type of the executable program to be measured jointly according to the testing result of the repeated detection.
2. method according to claim 1, it is characterised in that the realization to each class in the specified class set Journey carries out repeated detection according to preset rules, including:
Whether the first method of calibration is used for each class in the specified class set, in the detection class to clothes The public key certificate of business device is verified;
If it is not, the first marker bit flag1 then is labeled as into false;
If so, then further being verified to the checking procedure of the public key certificate according to preset rules, pass through in verification When, the flag1 is labeled as true, the flag1 is otherwise labeled as false.
3. method according to claim 2, it is characterised in that whether use the first verification side in the class is detected After method is verified to the public key certificate of server, methods described also includes:
To whether being verified using the second method of calibration public key certificate local to client in the class, if it is not, The second marker bit flag2 is then labeled as false, if so, then obtaining the local public key certificate letter of the client Breath, and server public key certificate information, and in the local public key certificate information of the client and the clothes When the public key certificate information of business device is consistent, the flag2 is labeled as true, in the local public affairs of the client When the public key certificate of key certificate information and the server is inconsistent, the flag2 is labeled as false.
4. method according to claim 3, it is characterised in that the testing result according to the repeated detection is jointly true The leak type of the fixed executable program to be measured, including:
When the flag1 is true, determine that the executable program to be measured has first kind leak;Described When flag1 is false and flag2 is true, determine that the executable program to be measured has Equations of The Second Kind leak; When the flag1 is false and the flag2 is false, determine that the executable program to be measured is present 3rd class leak.
5. method according to claim 4, it is characterised in that the first kind leak includes:Second grade leve2 SSL HTTP https man-in-the-middle attack leaks;The Equations of The Second Kind leak includes:The The https man-in-the-middle attack leaks of three grade level3;The 3rd class leak includes:The first estate level1 Https man-in-the-middle attack leaks.
6. method according to claim 4, it is characterised in that the executable program to be measured is the in IOS systems One executable program for specifying application;The specified object includes:Request address connecting object, the class includes: Proxy class.
7. method according to claim 2, it is characterised in that in the executable program to be measured is IOS systems When the executable program and the specified class set of the first specified application are combined into proxy class set, the first verification side Method includes:First agent's method of proxy class in the proxy class set.
8. method according to claim 3, it is characterised in that in the executable program to be measured is IOS systems When the executable program and the specified class set of the first specified application are combined into proxy class set, the second verification side Method includes:Second agent's method of proxy class in the proxy class set.
9. method according to claim 1, it is characterised in that
Implementation process to each class in the specified class set carries out repeated detection according to preset rules, including: Whether used for each class in the specified class set, in the detection class and specify method of calibration to server Public key certificate verified;
Determine the leak type of the executable program to be measured jointly according to the testing result of the repeated detection, wrap Include:For each class in the specified class set, at least one demonstrate,proves for the public key in method of calibration is specified It is obstructed out-of-date that the method for calibration of book is verified to the public key certificate, it is determined that the executable program presence to be measured refers to Determine the leak of type.
10. method according to claim 9, it is characterised in that in the executable program to be measured be Android android In system during the executable program of the second specified application, the specified method of calibration includes:For being specified to described The method that the function of class is detected in class set.
11. methods according to claim 9, it is characterised in that the leak of the specified type is https go-betweens Attack leak.
12. method according to any one of claim 1 to 11, it is characterised in that according to the inspection of the repeated detection Survey after result determines the leak type of the executable program to be measured jointly, methods described also include it is following at least One of:
The executable program to be measured is repaired according to recovery scenario corresponding with the leak type;With/ Or, determining the generation position of leak corresponding with the leak type.
A kind of 13. detection means of leak, it is characterised in that including:
Decompiling module, for carrying out decompiling to executable program to be measured, obtains specifying the specified class set of object Close;
Detection module, for traveling through the class in the specified class set, to each class in the specified class set Implementation process carries out repeated detection according to preset rules;
Identification module, the executable program to be measured is determined for the testing result according to the repeated detection jointly Leak type.
14. devices according to claim 13, it is characterised in that the detection module, including:
First detection unit, for for each class in the specified class set, whether being adopted in the detection class The public key certificate of server is verified with the first method of calibration;If it is not, then the first marker bit flag1 is marked False is designated as, if so, the checking procedure of the public key certificate is further verified according to preset rules then, When verification passes through, the flag1 is labeled as true, the flag1 is otherwise labeled as false.
15. devices according to claim 14, it is characterised in that the detection module also includes:
Second detection unit, in the class is detected whether using the first method of calibration to the public key of server After certificate is verified, to whether using the second method of calibration public key local to client in the class Certificate is verified, if it is not, the second marker bit flag2 is then labeled as false, if so, then obtaining the visitor The public key certificate information at family end, and server public key certificate information, it is and local in the client When public key certificate information is consistent with the public key certificate information of the server, the flag2 is labeled as true, When the public key certificate of the local public key certificate information of the client and the server is inconsistent, will be described Flag2 is labeled as false.
16. devices according to claim 15, it is characterised in that the identification module is used to determine in such a way The leak type of the executable program to be measured:
When the flag1 is true, determine that the executable program to be measured has first kind leak;Described When flag1 is false and flag2 is true, determine that the executable program to be measured has Equations of The Second Kind leak; When the flag1 is false and the flag2 is false, determine that the executable program to be measured is present 3rd class leak.
17. devices according to claim 14, it is characterised in that the executable program to be measured is the in IOS systems One executable program for specifying application;The specified object includes:Request address connecting object;The class includes: Proxy class.
18. devices according to claim 16, it is characterised in that the first kind leak includes:Second grade leve2 SSL HTTP https man-in-the-middle attack leaks;The Equations of The Second Kind leak includes:The The https man-in-the-middle attack leaks of three grade level3;The 3rd class leak includes:The first estate level1 Man-in-the-middle attack leak.
19. devices according to claim 13, it is characterised in that
The detection module also includes:3rd detection unit, for for each class in the specified class set, Detect whether use specifies method of calibration to verify the public key certificate of server in the class;
The identification module, is additionally operable to for each class in the specified class set, in method of calibration is specified extremely It is obstructed out-of-date that a few method of calibration for the public key certificate is verified to the public key certificate, it is determined that described There is the leak of specified type in executable program to be measured.
20. devices according to claim 19, it is characterised in that the leak of the specified type is https go-betweens Attack leak.
21. device according to any one of claim 14 to 20, it is characterised in that described device also includes:
Application module, for according to recovery scenario corresponding with the leak type to the executable program to be measured Repaired;And/or, it is determined that the generation position of leak corresponding with the leak type.
CN201510906217.3A 2015-12-09 2015-12-09 Vulnerability detection method and device Active CN106856473B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510906217.3A CN106856473B (en) 2015-12-09 2015-12-09 Vulnerability detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510906217.3A CN106856473B (en) 2015-12-09 2015-12-09 Vulnerability detection method and device

Publications (2)

Publication Number Publication Date
CN106856473A true CN106856473A (en) 2017-06-16
CN106856473B CN106856473B (en) 2021-04-20

Family

ID=59132672

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510906217.3A Active CN106856473B (en) 2015-12-09 2015-12-09 Vulnerability detection method and device

Country Status (1)

Country Link
CN (1) CN106856473B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109063490A (en) * 2018-08-31 2018-12-21 北京梆梆安全科技有限公司 A kind of method, device and equipment detecting host name loophole

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082659A (en) * 2009-12-01 2011-06-01 厦门市美亚柏科信息股份有限公司 Vulnerability scanning system oriented to safety assessment and processing method thereof
CN102693396A (en) * 2012-06-11 2012-09-26 中南大学 Flash bug detection method based on virtual execution mode
US8484460B1 (en) * 2010-12-29 2013-07-09 Amazon Technologies, Inc. Post attack man-in-the-middle detection
CN104933368A (en) * 2014-03-21 2015-09-23 腾讯科技(深圳)有限公司 Network security vulnerability detection method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082659A (en) * 2009-12-01 2011-06-01 厦门市美亚柏科信息股份有限公司 Vulnerability scanning system oriented to safety assessment and processing method thereof
US8484460B1 (en) * 2010-12-29 2013-07-09 Amazon Technologies, Inc. Post attack man-in-the-middle detection
CN102693396A (en) * 2012-06-11 2012-09-26 中南大学 Flash bug detection method based on virtual execution mode
CN104933368A (en) * 2014-03-21 2015-09-23 腾讯科技(深圳)有限公司 Network security vulnerability detection method and apparatus

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
JAMIN: "《IOS安全系列之一:HTTPS》", 《HTTP://ONCENOTE.COM/2014/10/21/SECURITY-1-HTTPS/》 *
轩夏: "《IOS环境下的中间人攻击风险浅析》", 《HTTP://DROPS.XMD5.COM/STATIC/DROPS/TIPS-9925.HTML》 *
魏松杰等: "基于分层API调用的Android恶意代码静态描述方法", 《计算机科学》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109063490A (en) * 2018-08-31 2018-12-21 北京梆梆安全科技有限公司 A kind of method, device and equipment detecting host name loophole

Also Published As

Publication number Publication date
CN106856473B (en) 2021-04-20

Similar Documents

Publication Publication Date Title
CN107797923B (en) Code coverage rate analysis method and application server
CN109976995B (en) Method and apparatus for testing
CN104933368B (en) A kind of detection method and device of cyberspace vulnerability
EP2976865B1 (en) Firewall testing
CN105787364B (en) Automatic testing method, device and system for tasks
CN106796635A (en) Determining device, determine method and determination program
CN107038354A (en) Code obfuscation method, code operation method and device
JP2019519008A (en) Method, apparatus, server and computer readable storage medium for information leak inspection
CN111796858A (en) Method, system and related equipment for access detection of application programs in Kubernetes cluster
CN110222510A (en) A kind of leak detection method, device and computer system
CN110929264A (en) Vulnerability detection method and device, electronic equipment and readable storage medium
CN108920359A (en) Test method, device, storage medium and the electronic device of application program
CN109818972B (en) Information security management method and device for industrial control system and electronic equipment
CN106856473A (en) The detection method and device of leak
CN104077158A (en) Plugin installation method and device
CN103916365B (en) The method and apparatus of the network behavior feature of export and verification malicious code
CN116015881B (en) Penetration test method, device, equipment and storage medium
CN107145342A (en) The treating method and apparatus of the channel information of application
CN105656727A (en) Method and device achieving application testing on mobile terminal
CN105162799A (en) Method for checking whether client is legal mobile terminal or not and server
CN104468861B (en) The method, apparatus and system of terminal recognition
CN106934290A (en) leak detection method and device
CN109981804A (en) Generation, recognition methods, system, equipment and the medium of terminal device identification id
CN106604264A (en) Application installation method and system, server, and mobile terminal
Lee et al. Collecting big data from automotive ECUs beyond the CAN bandwidth for fault visualization

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant