[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN107392033B - Android device penetration test system and automatic penetration test method thereof - Google Patents

Android device penetration test system and automatic penetration test method thereof Download PDF

Info

Publication number
CN107392033B
CN107392033B CN201710764166.4A CN201710764166A CN107392033B CN 107392033 B CN107392033 B CN 107392033B CN 201710764166 A CN201710764166 A CN 201710764166A CN 107392033 B CN107392033 B CN 107392033B
Authority
CN
China
Prior art keywords
vulnerability
android
android device
penetration testing
testing system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710764166.4A
Other languages
Chinese (zh)
Other versions
CN107392033A (en
Inventor
丁莹
范渊
张月明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Anheng Vehicle Network Security Technology Co ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201710764166.4A priority Critical patent/CN107392033B/en
Publication of CN107392033A publication Critical patent/CN107392033A/en
Application granted granted Critical
Publication of CN107392033B publication Critical patent/CN107392033B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to vulnerability scanning and security rating technology of android equipment, and aims to provide an android equipment penetration testing system and an automatic penetration testing method thereof. The android device penetration testing system comprises an information identification and processing module, an android vulnerability identification module, a background data analysis module and a front-end effect display module. Any android device can acquire the number of high-risk, medium-risk and low-risk leaks, the device safety coefficient, the repair scheme and the safety suggestion of the current device within a few seconds only by connecting a data line with the penetration test system. The penetration testing system is efficient, high in compatibility and plug-and-play, can be automatically executed and output effective safety analysis results, and enables common users to master the current situation of the android equipment within a few seconds.

Description

Android device penetration test system and automatic penetration test method thereof
Technical Field
The invention relates to the technical field of vulnerability scanning and security rating of android equipment, in particular to an android equipment penetration testing system and an automatic penetration testing method thereof.
Background
With the popularization of android devices (mobile phones, smart homes, remote controls, enterprise management and the like), if the android devices have potential safety hazards such as privacy disclosure or real-time monitoring, if attackers make malicious use, personal information of users and even most android devices face safety risks.
With the android devices which are widely used, people pay more and more attention to the safety of the android devices, and the requirements of detecting more and more security vulnerabilities of the android devices are met. The development of the application program can perform security audit and scanning aiming at the code, the android system can also receive externally submitted bugs and provide patches, and various large security companies can also provide various virus scanning tools to pay security insurance. However, the above method consumes manpower and time, and still cannot allow a general user to know the security status of the android device itself, specifically what bugs, security factors, security operations that need attention, and solutions to problems. The safety scanning tool is short, is plug-and-play for common user groups, and is high in compatibility, good in universality and capable of meeting requirements.
In summary, in the prior art, the penetration testing method is a penetration testing system that is used for enabling a general user to quickly learn the current safety situation of the android device for personnel with a certain technical foundation or for the service of user service safety. In addition, in the conventional scanning mode, a large amount of time is consumed for tests such as vulnerability discovery and vulnerability utilization, the tests are run for many times, and manual command input and one-step configuration environments using different tools are required for penetration tests.
Disclosure of Invention
The invention mainly aims to overcome the defects in the prior art and provide an infiltration testing system and an automatic infiltration testing method thereof, wherein the infiltration testing system can realize plug-and-play and efficiently display the defects of equipment and can automatically update an infiltration library in real time. In order to solve the technical problem, the solution of the invention is as follows:
the android device penetration testing system comprises an information identification and processing module, an android vulnerability identification module, a background data analysis module and a front-end effect display module;
the information identification and processing module is used for collecting and sampling the latest android vulnerability at fixed time and analyzing an ID, a vulnerability category, a vulnerability name, a vulnerability grade, a vulnerability description, an optimal repair scheme, a detection scheme and a user operation suggestion field; inserting a background database table (the background database table of the penetration test system) through ID duplication removal, and generating a corresponding scanning rule java file (namely a code corresponding to the scanning rule);
the android vulnerability recognition module is used for transmitting a local vulnerability detection result of the android device (namely a detection result of vulnerability scanning application on the android device; and an android device penetration test system can automatically install the vulnerability scanning application) back to a server (the server of the penetration test system);
the background data analysis module is used for receiving an android device application program return file (a file returned to the penetration system server by the android device application program), analyzing keywords corresponding to the file, extracting vulnerability description, a repair scheme and vulnerability scoring information corresponding to the vulnerability from a background database table, and outputting an analysis result; the analysis result comprises a vulnerability ID, a vulnerability hazard grade, a vulnerability influence range, vulnerability influence, a vulnerability repair scheme, a vulnerability security suggestion, vulnerability high-low-risk distribution, vulnerability number and corresponding android equipment overall score information;
the front-end effect display module is used for displaying the analysis result of the background data analysis module after information processing, and the displayed content comprises: the number of equipment vulnerabilities (the number of equipment high-risk and medium-risk and low-risk vulnerabilities), equipment scoring and safety suggestions can be clicked to check vulnerability details.
In the invention, the front-end effect display module displays the analysis result of the background data analysis module on a computer end by a web page, and displays the analysis result of the background data analysis module on a mobile phone end by an HTML5 page.
In the invention, the information processing in the front-end effect display module refers to that the analysis results of the background data analysis module, including vulnerability ID, vulnerability hazard registration, vulnerability influence range, vulnerability influence, vulnerability repair scheme, vulnerability safety suggestion, vulnerability high-low-risk distribution, vulnerability number and corresponding android device overall score information, are summarized and sorted and then output to be in a text or webpage form.
In the invention, the database adopts MYSQL database.
The automatic penetration testing method based on the android device penetration testing system comprises the following steps:
the method comprises the following steps: after the android device penetration test system is installed on a machine (a computer or a raspberry pie), a user only needs to open usb debugging (the usb debugging is a function provided by the android device and used for development work, and by using the function, data copying, application program installation on mobile equipment, data reading and other operations can be carried out between the computer or the raspberry pie and the android device), and the android device needing to be scanned is connected to the machine through a data line;
step two: the android device penetration testing system can automatically install a vulnerability scanning android application program (the vulnerability scanning android application program adopts an autonomously developed vulnerability scanning android application program), collect vulnerability information of android devices to be scanned, and transmit the vulnerability information back to a server of the android device penetration testing system for processing, and the server extracts vulnerability corresponding description, a repairing scheme and vulnerability scoring data from a background database, matches vulnerabilities and returns an analysis result; the analysis result comprises a vulnerability ID, a vulnerability hazard grade, a vulnerability influence range, vulnerability influence, a vulnerability repair scheme, a vulnerability security suggestion, vulnerability high-low-risk distribution, vulnerability number and corresponding android equipment overall score information;
the vulnerability detection item of the android device penetration testing system on the android device comprises the following steps: man-machine environment inspection, short message forgery vulnerability, remote code execution vulnerability, man-in-the-middle information forgery vulnerability, man-in-the-middle input verification vulnerability, multimedia file serialization vulnerability, device manager vulnerability, call record override vulnerability, broadcast bypass vulnerability, Bluetooth Pin code remote command execution vulnerability, denial-of-service, unlock password bypass vulnerability, unlock password tampering vulnerability, camera authorization vulnerability, input method drive information disclosure, listener authorization vulnerability, message push SQL injection vulnerability, memory management resource exhaustion vulnerability, malformed font cycle restart, contact override creation vulnerability, Bluetooth command injection vulnerability, cross signature denial of service vulnerability, broadcast component authorization bypass vulnerability, identity verification secret key vulnerability, startup component authorization vulnerability, Samsung message module code execution vulnerability, Hua Wifi denial of service vulnerability, application presence of advertising codes, The method comprises the following steps that a component opens a vulnerability to the outside, a browser address bar cheating vulnerability, a mailbox opening redirection vulnerability, a reader code execution vulnerability and an application certificate verification vulnerability;
the android device penetration testing system can automatically collect latest vulnerability data on a network for vulnerability detection items of the android device at a background of the penetration testing system, and analyze and update a background database of the penetration testing system in real time;
step three: outputting by a data analysis module of the android device penetration testing system: the method comprises the following steps of (1) vulnerability ID, vulnerability hazard level, vulnerability influence range, vulnerability influence, vulnerability repair scheme, vulnerability security suggestion, vulnerability high-low-risk distribution, vulnerability number and corresponding android device overall score information;
step four: vulnerability scanning analysis results of the android device penetration testing system are respectively displayed on an android device application program and a webpage of a machine (computer or raspberry) connection display, and after the vulnerability scanning analysis results of the penetration testing system are displayed, the application program installed on the android device can be selected to be automatically unloaded.
In the invention, the android device penetration test system does not need root permission of the android device to be scanned.
Compared with the prior art, the invention has the beneficial effects that:
any android device can acquire the number of high-risk, medium-risk and low-risk leaks, the device safety coefficient, the repair scheme and the safety suggestion of the current device within a few seconds only by connecting a data line with the penetration test system. The penetration testing system is efficient, high in compatibility and plug-and-play, can be automatically executed and output effective safety analysis results, and enables common users to master the current situation of the android equipment within a few seconds.
Drawings
Fig. 1 is a schematic usage flow diagram of an android device penetration testing system.
Fig. 2 is a schematic diagram of each module in the android device penetration testing system.
FIG. 3 is a schematic diagram of the permeation test flow in the example.
Detailed Description
The invention relates to an information security attack and defense automation technology, and is an application of a computer technology in the field of information security. In the implementation process of the invention, the application of a plurality of software functional modules is involved. The applicant believes that it is fully possible for one skilled in the art to utilize the software programming skills in his or her own practice to implement the invention, as well as to properly understand the principles and objectives of the invention, in conjunction with the prior art, after a perusal of this application. The aforementioned software functional modules include but are not limited to: the android vulnerability recognition system comprises an information recognition and processing module, an android vulnerability recognition module, a background data analysis module and a front-end effect display module, and the applicant does not enumerate one by one as all the information mentioned in the application document of the invention belongs to the category.
The invention is described in further detail below with reference to the following detailed description and accompanying drawings:
in the android device penetration test system shown in fig. 2, the detailed description of each module is as follows:
1. information identification and processing module
The system can be used on different operating system platforms by using python development. And (4) regularly collecting and sampling the latest android vulnerability every day, and analyzing an ID, a vulnerability category, a vulnerability name, a vulnerability grade, a vulnerability description, a detection scheme, an optimal repair scheme and a user operation suggestion field. And inserting the background database table through ID deduplication. And generating a java file corresponding to the scanning rule.
2. Android vulnerability identification module
The module is developed by java, is an application program installed at a mobile phone end of a user, adds java files of scanning rules automatically generated by the information identification and processing module into an application program project, can install the application program once the user connects a data line and grants usb debugging permission, prints a vulnerability detection file in a jason format, and transmits the vulnerability detection file back to the server.
3. Background data analysis module
The module is developed by java, receives the application program return file, analyzes the output in the jar format, and extracts the description, the repair scheme and the score corresponding to the vulnerability from the database. The following contents are analyzed and output: (1) the total number of loopholes and high-risk and medium-risk low-risk pie charts; (2) safety factors of android equipment; (3) the system bug suggests upgrading to a secure version of the system and prompts for operational precautions. Prompting the application name to be upgraded by the application bug; (4) and a vulnerability details button which can click in and check the specific technical details of each vulnerability. And returning the processing result to the mobile phone terminal in an HTML format.
4. Front end effect display module
The module is used for displaying the result of the background data analysis module. The computer side is shown by a web page, and the mobile phone side is shown by an HTML5TML5 page. And displaying the number of the high-risk and medium-risk and low-risk vulnerabilities of the equipment, grading the equipment and safety suggestions, and clicking to view vulnerability details.
As shown in fig. 1, the automated penetration testing method based on the penetration testing system of the android device specifically includes the following steps:
the method comprises the following steps: after the invention deploys the vulnerability detection system on the machine, the user only needs to turn on the usb for debugging and plug in the android device to be scanned.
Step two: the vulnerability detection system can automatically install the vulnerability scanning apk, collect the current equipment vulnerability information and transmit the current equipment vulnerability information back to the background for processing, and the background can automatically extract the data matching vulnerability from the database and return the scanning result.
The detection items comprise: man-machine environment inspection, short message forgery vulnerability, remote code execution vulnerability, man-in-the-middle information forgery vulnerability, man-in-the-middle input verification vulnerability, multimedia file serialization vulnerability, device manager vulnerability, call record override vulnerability, broadcast bypass vulnerability, Bluetooth Pin code remote command execution vulnerability, denial-of-service, unlock password bypass vulnerability, unlock password tampering vulnerability, camera authorization vulnerability, input method drive information disclosure, listener authorization vulnerability, message push SQL injection vulnerability, memory management resource exhaustion vulnerability, malformed font cycle restart, contact override creation vulnerability, Bluetooth command injection vulnerability, cross signature denial of service vulnerability, broadcast component authorization bypass vulnerability, identity verification secret key vulnerability, startup component authorization vulnerability, Samsung message module code execution vulnerability, Hua Wifi denial of service vulnerability, application presence of advertising codes, The method comprises the following steps of component external opening vulnerability, browser address bar cheating vulnerability, mailbox opening redirection vulnerability, reader code execution vulnerability, application certificate verification vulnerability and the like.
Wherein the detection rules automatically collect updates in the background.
Types of penetration testing include human-machine environment inspection, short message forgery vulnerability, remote code execution vulnerability, man-in-the-middle information forgery vulnerability, man-in-the-middle input verification vulnerability, multimedia file serialization vulnerability, device manager vulnerability, call record override vulnerability, broadcast bypass vulnerability, Bluetooth Pin code remote command execution vulnerability, denial of service, unlock password bypass vulnerability, unlock password tampering vulnerability, camera authorization vulnerability, input method drive information disclosure, listener authorization vulnerability, message push SQL injection vulnerability, memory management resource exhaustion, malformed font cycle vulnerability, contact override creation, Bluetooth command injection vulnerability, cross signature denial of service vulnerability, broadcast component authorization vulnerability, identity verification secret key disclosure vulnerability, startup component authorization vulnerability, samsung message module code execution vulnerability, Hua Wifi denial of service vulnerability, etc, The method comprises the steps of applying an advertisement code, opening a component to the outside, opening a browser address bar cheating bug, opening a mailbox for redirection, opening a reader code execution bug and applying a certificate verification bug.
Step three: the user vulnerability list, the equipment security score and the vulnerability solution can be returned in only a few seconds. The user can quickly know the current equipment safety condition and the solution within a few seconds.
Step four: the effects are respectively displayed on the device application and the webpage, and the scanning can be selected to be automatically unloaded.
The following examples are presented to enable those skilled in the art to more fully understand the present invention and are not intended to limit the invention in any way.
Fig. 3 is a schematic diagram of a vulnerability scanning process in an embodiment of the present invention, which includes the steps of:
1) the user opens the usb debugging permission of the android device, plugs in a data line and agrees to usb link;
2) a computer installs a scanning application program on a user android;
3) the program scans and returns data to the computer;
4) carrying out formatting information processing on the result, and converting the format into a format visible for a user;
5) the background feeds back the display information to the mobile phone in an HTML5 format;
4) and displaying the scanning results at the front end of the computer webpage and the mobile phone end.
Finally, it should be noted that the above-mentioned list is only a specific embodiment of the present invention. It is obvious that the present invention is not limited to the above embodiments, but many variations are possible. All modifications which can be derived or suggested by a person skilled in the art from the disclosure of the present invention are to be considered within the scope of the invention.

Claims (5)

1. An android device penetration test system is characterized by comprising an information identification and processing module, an android vulnerability identification module, a background data analysis module and a front-end effect display module;
the information identification and processing module is used for collecting and sampling the latest android vulnerability at fixed time and analyzing an ID, a vulnerability category, a vulnerability name, a vulnerability grade, a vulnerability description, an optimal repair scheme, a detection scheme and a user operation suggestion field; inserting the background database table through ID duplication removal, and generating a corresponding scanning rule java file;
the android vulnerability identification module is used for returning a local vulnerability detection result of the android device to the server;
the background data analysis module is used for receiving the application program return file of the android device, analyzing the keywords corresponding to the application program return file of the android device, extracting vulnerability description, repairing scheme and vulnerability scoring information corresponding to the vulnerability from a background database table, and outputting an analysis result; the analysis result comprises a vulnerability ID, a vulnerability hazard grade, a vulnerability influence range, vulnerability influence, a vulnerability repair scheme, a vulnerability security suggestion, vulnerability high-low-risk distribution, vulnerability number and corresponding android equipment overall score information;
the front-end effect display module is used for displaying the analysis result of the background data analysis module after information processing: the analysis results of the background data analysis module, including vulnerability ID, vulnerability hazard registration, vulnerability influence range, vulnerability influence, vulnerability repair scheme, vulnerability safety suggestion, vulnerability high-low-risk distribution, vulnerability number and corresponding android equipment overall score information, are summarized and sorted and then output to be in a text or webpage form; the displayed content comprises: the number of the equipment vulnerabilities, equipment scoring and safety suggestions can be clicked to check vulnerability details.
2. The android device penetration testing system of claim 1, wherein the front-end effect presentation module presents the analysis result of the background data analysis module on a computer side by a web page and presents the analysis result of the background data analysis module on a mobile phone side by an HTML5 page.
3. The android device penetration test system of claim 1, wherein the database is a MYSQL database.
4. The automated penetration testing method of the penetration testing system of the android device of claim 1, comprising the following steps:
the method comprises the following steps: after the android device penetration test system is installed on the machine, usb debugging is started, and the android device to be scanned is connected to the machine through a data line;
step two: the android device penetration testing system can automatically install a loophole scanning android application program, collect loophole information of android devices to be scanned, and transmit the loophole information to a server of the android device penetration testing system for processing, and the server extracts loophole corresponding description, a repairing scheme and loophole grading data from a background database, matches loopholes and returns an analysis result; the analysis result comprises a vulnerability ID, a vulnerability hazard grade, a vulnerability influence range, vulnerability influence, a vulnerability repair scheme, a vulnerability security suggestion, vulnerability high-low-risk distribution, vulnerability number and corresponding android equipment overall score information;
the vulnerability detection item of the android device penetration testing system on the android device comprises the following steps: man-machine environment inspection, short message forgery vulnerability, remote code execution vulnerability, man-in-the-middle information forgery vulnerability, man-in-the-middle input verification vulnerability, multimedia file serialization vulnerability, device manager vulnerability, call record override vulnerability, broadcast bypass vulnerability, Bluetooth Pin code remote command execution vulnerability, denial-of-service, unlock password bypass vulnerability, unlock password tampering vulnerability, camera authorization vulnerability, input method drive information disclosure, listener authorization vulnerability, message push SQL injection vulnerability, memory management resource exhaustion vulnerability, malformed font cycle restart, contact override creation vulnerability, Bluetooth command injection vulnerability, cross signature denial of service vulnerability, broadcast component authorization bypass vulnerability, identity verification secret key vulnerability, startup component authorization vulnerability, Samsung message module code execution vulnerability, Hua Wifi denial of service vulnerability, application presence of advertising codes, The method comprises the following steps that a component opens a vulnerability to the outside, a browser address bar cheating vulnerability, a mailbox opening redirection vulnerability, a reader code execution vulnerability and an application certificate verification vulnerability;
the android device penetration testing system can automatically collect latest vulnerability data on a network for vulnerability detection items of the android device at a background of the penetration testing system, and analyze and update a background database of the penetration testing system in real time;
step three: outputting by a data analysis module of the android device penetration testing system: the method comprises the following steps of (1) vulnerability ID, vulnerability hazard level, vulnerability influence range, vulnerability influence, vulnerability repair scheme, vulnerability security suggestion, vulnerability high-low-risk distribution, vulnerability number and corresponding android device overall score information;
step four: vulnerability scanning analysis results of the penetration testing system of the android device are displayed on the application program of the android device and the webpage of the machine connection display respectively, and after the vulnerability scanning analysis results of the penetration testing system are displayed, the application program installed on the android device can be selected to be automatically unloaded.
5. The automated penetration testing method of claim 4, wherein the android device penetration testing system does not require root permissions of android devices to be scanned.
CN201710764166.4A 2017-08-30 2017-08-30 Android device penetration test system and automatic penetration test method thereof Active CN107392033B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710764166.4A CN107392033B (en) 2017-08-30 2017-08-30 Android device penetration test system and automatic penetration test method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710764166.4A CN107392033B (en) 2017-08-30 2017-08-30 Android device penetration test system and automatic penetration test method thereof

Publications (2)

Publication Number Publication Date
CN107392033A CN107392033A (en) 2017-11-24
CN107392033B true CN107392033B (en) 2019-12-31

Family

ID=60348679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710764166.4A Active CN107392033B (en) 2017-08-30 2017-08-30 Android device penetration test system and automatic penetration test method thereof

Country Status (1)

Country Link
CN (1) CN107392033B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107766062B (en) * 2017-12-08 2021-02-09 北京小米移动软件有限公司 Method and system for installing software and first terminal
CN111027074B (en) * 2019-12-05 2022-03-15 国网浙江省电力有限公司电力科学研究院 Vulnerability automatic utilization method and system
CN112887945B (en) * 2021-01-11 2022-12-09 公安部第三研究所 Penetration testing method for Internet of vehicles network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103227992A (en) * 2013-04-01 2013-07-31 南京理工大学常熟研究院有限公司 Android terminal-based vulnerability scanning system
CN104200167A (en) * 2014-08-05 2014-12-10 杭州安恒信息技术有限公司 Automatic penetration testing method and system
CN105069357A (en) * 2015-08-06 2015-11-18 福建天晴数码有限公司 Vulnerability scanning method, cloud server and system
CN105930273A (en) * 2016-05-04 2016-09-07 云南电网有限责任公司信息中心 Mobile application automation security testing platform
CN106921731A (en) * 2017-01-24 2017-07-04 北京奇虎科技有限公司 Leak restorative procedure and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9015847B1 (en) * 2014-05-06 2015-04-21 Synack, Inc. Computer system for distributed discovery of vulnerabilities in applications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103227992A (en) * 2013-04-01 2013-07-31 南京理工大学常熟研究院有限公司 Android terminal-based vulnerability scanning system
CN104200167A (en) * 2014-08-05 2014-12-10 杭州安恒信息技术有限公司 Automatic penetration testing method and system
CN105069357A (en) * 2015-08-06 2015-11-18 福建天晴数码有限公司 Vulnerability scanning method, cloud server and system
CN105930273A (en) * 2016-05-04 2016-09-07 云南电网有限责任公司信息中心 Mobile application automation security testing platform
CN106921731A (en) * 2017-01-24 2017-07-04 北京奇虎科技有限公司 Leak restorative procedure and device

Also Published As

Publication number Publication date
CN107392033A (en) 2017-11-24

Similar Documents

Publication Publication Date Title
CN106572117B (en) A kind of detection method and device of WebShell file
CN104077531B (en) System vulnerability appraisal procedure, device and system based on open vulnerability assessment language
CN111835756B (en) APP privacy compliance detection method and device, computer equipment and storage medium
CN110460612B (en) Security test method, device, storage medium and apparatus
CN105303109A (en) Malicious code information analysis method and system
CN104520871A (en) Vulnerability vector information analysis
CN105653947B (en) The method and device of data safety risk is applied in a kind of assessment
Karlsson et al. Android anti-forensics: Modifying cyanogenmod
CN107392033B (en) Android device penetration test system and automatic penetration test method thereof
CN105141647A (en) Method and system for detecting Web application
CN110929264A (en) Vulnerability detection method and device, electronic equipment and readable storage medium
CN109614203B (en) Android application cloud data evidence obtaining and analyzing system and method based on application data simulation
CN111563015A (en) Data monitoring method and device, computer readable medium and terminal equipment
CN113434400A (en) Test case execution method and device, computer equipment and storage medium
CN109460653B (en) Rule engine based verification method, verification device, storage medium and apparatus
CN104640105A (en) Method and system for mobile phone virus analyzing and threat associating
CN107769958A (en) Server network security event automated analysis method and system based on daily record
CN106953874B (en) Website falsification-proof method and device
CN109657462B (en) Data detection method, system, electronic device and storage medium
CN115827610A (en) Method and device for detecting effective load
KR20160090566A (en) Apparatus and method for detecting APK malware filter using valid market data
CN112822210B (en) Vulnerability management system based on network assets
CN105069357A (en) Vulnerability scanning method, cloud server and system
CN110334523B (en) Vulnerability detection method and device, intelligent terminal and storage medium
CN118036009A (en) Method and device for processing security vulnerabilities and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310051 No. 188 Lianhui Street, Xixing Street, Binjiang District, Hangzhou City, Zhejiang Province

Applicant after: Dbappsecurity Co.,Ltd.

Address before: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310051 and 15 layer

Applicant before: Dbappsecurity Co.,ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220908

Address after: Room 709, 7th Floor, No. 188, Lianhui Street, Xixing Street, Binjiang District, Hangzhou City, Zhejiang Province 310000

Patentee after: Hangzhou Anheng Vehicle Network Security Technology Co.,Ltd.

Address before: No. 188, Lianhui street, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province

Patentee before: Dbappsecurity Co.,Ltd.