Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (11): 3470-3478.DOI: 10.11772/j.issn.1001-9081.2023101531
• Cyber security • Previous Articles Next Articles
Yixi LIU, Jun HE(), Bo WU, Bingtong LIU, Ziyu LI
Received:
2023-11-13
Revised:
2024-01-09
Accepted:
2024-01-12
Online:
2024-01-12
Published:
2024-11-10
Contact:
Jun HE
About author:
LIU Yixi, born in 1993, M. S. candidate. His research interests include network security.通讯作者:
何俊
作者简介:
刘羿希(1993—),男,湖北襄阳人,硕士研究生,主要研究方向:网络安全CLC Number:
Yixi LIU, Jun HE, Bo WU, Bingtong LIU, Ziyu LI. Survey of software security testing techniques in DevSecOps[J]. Journal of Computer Applications, 2024, 44(11): 3470-3478.
刘羿希, 何俊, 吴波, 刘丙童, 李子玉. DevSecOps中软件安全性测试技术综述[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3470-3478.
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2023101531
名称 | 支持平台 | 可视化界面 | 优势 | 开源否 |
---|---|---|---|---|
Nessus | 支持主流操作系统,包括Windows、Linux等 | 有 | 功能强大,支持广泛的漏洞扫描和安全策略审计,具备高度可定制性和 灵活性。包含大量漏洞签名,并针对不同操作系统和应用程序持续更新 | 闭源 |
AppScan | Windows | 有 | 具备全面的漏洞检测和漏洞修复建议能力。它支持多种Web应用程序 技术和编程语言,具有广泛的应用范围 | 闭源 |
AWVS | 使用Web浏览器 独立于操作系统运行 | 有 | 专注于Web应用程序安全扫描,能够发现常见和高级的Web漏洞,并提供 详细的报告和修复建议 | 闭源 |
Wapiti | Windows、Linux | 无,主要通过 命令行进行操作 | 一款轻量级的Web应用程序漏洞扫描工具,适用于中小型项目,具备高度 可定制性 | 开源 |
OWASP ZAP | Linux、Mac OS、 Windows | 有 | 适用于发现Web应用程序中的常见和高级漏洞 | 开源 |
Tab. 1 Common vulnerability scanning tools
名称 | 支持平台 | 可视化界面 | 优势 | 开源否 |
---|---|---|---|---|
Nessus | 支持主流操作系统,包括Windows、Linux等 | 有 | 功能强大,支持广泛的漏洞扫描和安全策略审计,具备高度可定制性和 灵活性。包含大量漏洞签名,并针对不同操作系统和应用程序持续更新 | 闭源 |
AppScan | Windows | 有 | 具备全面的漏洞检测和漏洞修复建议能力。它支持多种Web应用程序 技术和编程语言,具有广泛的应用范围 | 闭源 |
AWVS | 使用Web浏览器 独立于操作系统运行 | 有 | 专注于Web应用程序安全扫描,能够发现常见和高级的Web漏洞,并提供 详细的报告和修复建议 | 闭源 |
Wapiti | Windows、Linux | 无,主要通过 命令行进行操作 | 一款轻量级的Web应用程序漏洞扫描工具,适用于中小型项目,具备高度 可定制性 | 开源 |
OWASP ZAP | Linux、Mac OS、 Windows | 有 | 适用于发现Web应用程序中的常见和高级漏洞 | 开源 |
渗透攻击类别 | 方法 | 描述 |
---|---|---|
SQL注入 | 机器学习[ | 利用基于逻辑回归SQL注入攻击检测模型 |
语义学习[ | 将来自SQL语句的句子级语义信息显式嵌入至嵌入向量中,提出了一种基于语义 学习的检测模型 | |
Web应用程序 防火墙[ | 基于软件定义网络(Software Defined Network, SDN)的Web应用程序防火墙(Web Application Firewall, WAF),使用签名和正则表达式2种检测方法 | |
XSS(Cross-Site Scripting)注入 | 神经网络[ | 利用AST转化漏洞数据,利用注意力机制提取语义特征 |
防御框架[ | 通过测量请求和响应URL与XSS攻击字符串的相似性来检测以前的攻击,用于 保护IoT网络中的用户隐私 | |
分布式拒绝服务攻击 (Distributed Denial of Service, DDoS) | 随机森林[ | 提出涉及IP源流熵率、流量熵率、ICMP (Internet Control Message Protocol)目的地 不可达数据包数量等异构数据包特征向量 |
深度学习[ | 基于LSTM的模型,用于检测DDoS |
Tab. 2 Summary of penetration testing techniques
渗透攻击类别 | 方法 | 描述 |
---|---|---|
SQL注入 | 机器学习[ | 利用基于逻辑回归SQL注入攻击检测模型 |
语义学习[ | 将来自SQL语句的句子级语义信息显式嵌入至嵌入向量中,提出了一种基于语义 学习的检测模型 | |
Web应用程序 防火墙[ | 基于软件定义网络(Software Defined Network, SDN)的Web应用程序防火墙(Web Application Firewall, WAF),使用签名和正则表达式2种检测方法 | |
XSS(Cross-Site Scripting)注入 | 神经网络[ | 利用AST转化漏洞数据,利用注意力机制提取语义特征 |
防御框架[ | 通过测量请求和响应URL与XSS攻击字符串的相似性来检测以前的攻击,用于 保护IoT网络中的用户隐私 | |
分布式拒绝服务攻击 (Distributed Denial of Service, DDoS) | 随机森林[ | 提出涉及IP源流熵率、流量熵率、ICMP (Internet Control Message Protocol)目的地 不可达数据包数量等异构数据包特征向量 |
深度学习[ | 基于LSTM的模型,用于检测DDoS |
阶段 | 目的 | 使用工具 | 软件介绍 |
---|---|---|---|
信息收集阶段 | 口令破解 | Hydra | 一款开源暴力破解工具,一种基于字典的密码破解工具,支持多种协议密码的破解 |
漏洞分析阶段 | SQL注入 | sqlmap | 扫描、发现并利用给定URL的SQL注入漏洞,内置了很多绕过插件,支持的数据库是MySQL、Oracle、PostgreSQL、Microsoft SQL Server多种数据库,具有数据库指纹识别、数据库枚举、 数据提取、访问目标文件系统多种强大功能 |
Web网站信息 泄露测试 | dirb | 基于字典的Web目录扫描工具,采用递归的方式获取更多的目录,可以查找到已知的和 隐藏的目录,用来测试Web网页是否存在信息泄露 | |
漏洞利用阶段 | 拒绝服务攻击 | Slowhttptest | 缓慢发送不完整的http请求,服务器等待并保持连接,使得服务器完全无法接受新的请求 |
抓包、改包 | BurpSuite | 以拦截代理的方式拦截所有通过代理的网络流量,如客户端的请求数据、服务端的返回信息等 | |
各阶段 可选择应用 | 综合渗透 | Metasploit | 集成了数百个针对主流操作系统平台上不同网络服务于应用软件安全漏洞的渗透攻击模块,可以由用户在渗透攻击场景中根据漏洞扫描结果进行选择,并能够自由装配该平台上适用的具有指定功能的攻击载荷,然后通过自动化编码机制绕过攻击限制与检测,对目标系统实施远程攻击,获取系统的访问控制权 |
Tab. 3 Commonly used penetration attack tools
阶段 | 目的 | 使用工具 | 软件介绍 |
---|---|---|---|
信息收集阶段 | 口令破解 | Hydra | 一款开源暴力破解工具,一种基于字典的密码破解工具,支持多种协议密码的破解 |
漏洞分析阶段 | SQL注入 | sqlmap | 扫描、发现并利用给定URL的SQL注入漏洞,内置了很多绕过插件,支持的数据库是MySQL、Oracle、PostgreSQL、Microsoft SQL Server多种数据库,具有数据库指纹识别、数据库枚举、 数据提取、访问目标文件系统多种强大功能 |
Web网站信息 泄露测试 | dirb | 基于字典的Web目录扫描工具,采用递归的方式获取更多的目录,可以查找到已知的和 隐藏的目录,用来测试Web网页是否存在信息泄露 | |
漏洞利用阶段 | 拒绝服务攻击 | Slowhttptest | 缓慢发送不完整的http请求,服务器等待并保持连接,使得服务器完全无法接受新的请求 |
抓包、改包 | BurpSuite | 以拦截代理的方式拦截所有通过代理的网络流量,如客户端的请求数据、服务端的返回信息等 | |
各阶段 可选择应用 | 综合渗透 | Metasploit | 集成了数百个针对主流操作系统平台上不同网络服务于应用软件安全漏洞的渗透攻击模块,可以由用户在渗透攻击场景中根据漏洞扫描结果进行选择,并能够自由装配该平台上适用的具有指定功能的攻击载荷,然后通过自动化编码机制绕过攻击限制与检测,对目标系统实施远程攻击,获取系统的访问控制权 |
平台名称 | 情况介绍 |
---|---|
HackerOne[ | 全球最大的网络安全平台之一,连接了来自全球的安全研究人员和组织。它提供漏洞披露和奖励计划,帮助组织发现并解决网络安全漏洞 |
Bugcrowd[ | 专注于安全众测的平台,提供全球范围内的众测服务。它与许多知名公司合作,为客户提供对系统和应用程序的安全测试和评估 |
Synack | 致力于通过黑客测试发现安全漏洞,连接了全球的精英黑客团队,为企业提供安全众测和漏洞管理服务 |
360网盾 安全众测[ | 360旗下的安全众测平台,针对网站、应用、硬件设备等进行全方位安全测试 |
安全客 | 提供安全咨询、漏洞发现、社工钓鱼等多种服务,可支持PC、手机和IoT设备安全测试 |
Tab. 4 Security crowdsourced testing platforms
平台名称 | 情况介绍 |
---|---|
HackerOne[ | 全球最大的网络安全平台之一,连接了来自全球的安全研究人员和组织。它提供漏洞披露和奖励计划,帮助组织发现并解决网络安全漏洞 |
Bugcrowd[ | 专注于安全众测的平台,提供全球范围内的众测服务。它与许多知名公司合作,为客户提供对系统和应用程序的安全测试和评估 |
Synack | 致力于通过黑客测试发现安全漏洞,连接了全球的精英黑客团队,为企业提供安全众测和漏洞管理服务 |
360网盾 安全众测[ | 360旗下的安全众测平台,针对网站、应用、硬件设备等进行全方位安全测试 |
安全客 | 提供安全咨询、漏洞发现、社工钓鱼等多种服务,可支持PC、手机和IoT设备安全测试 |
1 | GOKARNA M, SINGH R. DevOps: a historical review and future works[C]// Proceedings of the 2021 International Conference on Computing, Communication, and Intelligent Systems. Piscataway: IEEE, 2021: 366-371. |
2 | RAJAPAKSE R N, ZAHEDI M, BABAR M A, et al. Challenges and solutions when adopting DevSecOps: a systematic review[J]. Information and Software Technology, 2022, 141: No.106700. |
3 | 国家信息安全漏洞共享平台.漏洞信息月度通报[DB/OL]. [2024-01-08]. . |
China National Vulnerability Database. Monthly vulnerability information bulletin[DB/OL]. [2024-01-08]. . | |
4 | MacDONALD N, HEAD I. DevSecOps: how to seamlessly integrate security into DevOps[EB/OL]. [2023-11-08]. . |
5 | HANNA S, AL-SAID AHMAD A. Web applications testing techniques: a systematic mapping study[J]. International Journal of Web Engineering and Technology, 2022, 17(4): 372-412. |
6 | ALTULAIHAN E A, ALISMAIL A, FRIKHA M. A survey on web application penetration testing[J]. Electronics, 2023, 12(5): No.1229. |
7 | TRAUTSCH A, ERBEL J, HERBOLD S, et al. What really changes when developers intend to improve their source code: a commit-level study of static metric value and static analysis warning changes[J]. Empirical Software Engineering, 2023, 28(2): No.30. |
8 | BEAMAN C, REDBOURNE M, MUMMERY J D, et al. Fuzzing vulnerability discovery techniques: survey, challenges and future directions[J]. Computers and Security, 2022, 120: No.102813. |
9 | 刘剑,苏璞睿,杨珉,等. 软件与网络安全研究综述[J]. 软件学报, 2018, 29(1):42-68. |
LIU J, SU P R, YANG M, et al. Software and cyber security — a survey[J]. Journal of Software, 2018, 29(1): 42-68. | |
10 | 戴启铭,毛润丰,黄璜,等. DevSecOps: DevOps下实现持续安全的实践探索[J]. 软件学报, 2021, 32(10): 3014-3035. |
DAI Q M, MAO R F, HUANG H, et al. DevSecOps: exploring practices of realizing continuous security in DevOps[J]. Journal of Software, 2021, 32(10): 3014-3035. | |
11 | 网易科技报道.美国谷歌2021年向网络安全研究人员发放870万美元漏洞悬赏[EB/OL]. [2023-12-08]. . |
NetEase Technology Report. Google in the United States issued a $8.7 million vulnerability reward to cybersecurity researchers in 2021[EB/OL]. [2023-12-08]. . | |
12 | OpenText. OpenText Fortify静态代码分析器[CP/OL]. [2024-01-11]. . |
OpenText. OpenText Fortify static code analyzer[CP/OL]. [2024-01-11]. . | |
13 | 新思.Coverity静态分析[CP/OL].[2023-11-15]. . |
Synopsys. Coverity static analysis[CP/OL]. [2023-11-15]. . | |
14 | GAO Q, MA SEN, SHAO S, et al. CoBOT: static C/C++ bug detection in the presence of incomplete code[C]// Proceedings of the ACM/IEEE 26th International Conference on Program Comprehension. New York: ACM, 2018: 385-388. |
15 | KAUR A, NAYYAR R. A comparative study of static code analysis tools for vulnerability detection in C/C++ and JAVA source code[J]. Procedia Computer Science, 2020, 171: 2023-2029. |
16 | AMANKWAH R, CHEN J, SONG H, et al. Bug detection in Java code: an extensive evaluation of static analysis tools using Juliet Test Suites[J]. Software: Practice and Experience, 2023, 53(5): 1125-1143. |
17 | MA L, YANG H, XU J, et al. Code analysis with static application security testing for Python program[J]. Journal of Signal Processing Systems, 2022, 94(11): 1169-1182. |
18 | 陈肇炫,邹德清,李珍,等.基于抽象语法树的智能化漏洞检测系统[J].信息安全学报,2020,5(4):1-13. |
CHEN Z X, ZOU D Q, LI Z, et al. Intelligent vulnerability detection system based on abstract syntax trees[J]. Journal of Cyber Security, 2020, 5(4): 1-13. | |
19 | CAO D, HUANG J, ZHANG X, et al. FTCLNet: convolutional LSTM with Fourier transform for vulnerability detection[C]// Proceedings of the IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications. Piscataway: IEEE, 2020: 539-546. |
20 | GUO J, WANG Z, LI H, et al. Detecting vulnerability in source code using CNN and LSTM network[J]. Soft Computing, 2023, 27(2): 1131-1141. |
21 | MICROSOFT. Microsoft安全Copilot[CP/OL]. [2023-09-06]. . |
MICROSOFT. Microsoft Copilot for security[CP/OL]. [2023-09-06]. . | |
22 | 肖芫莹,游耀东,向黎希.代码审计系统的误报率成因和优化[J].电信科学,2020,36(12):155-162. |
XIAO Y Y, YOU Y D, XIANG L X. Causes and optimization of the false alarm rate of code review system[J]. Telecommunications Science, 2020, 36(12): 155-162. | |
23 | ZAMPETTI F, MUDBHARI S, ARNAOUDOVA V, et al. Using code reviews to automatically configure static analysis tools[J]. Empirical Software Engineering, 2022, 27(1): No.28 |
24 | 牛胜杰,李鹏,张玉杰.模糊测试技术研究综述[J].计算机工程与科学,2022,44(12):2173-2186. |
NIU S J, LI P, ZHANG Y J. Survey on fuzzy testing technologies[J]. Computer Engineering and Science, 2022, 44(12): 2173-2186. | |
25 | ZALEWSKI M. American fuzzy lop[CP/OL]. [2024-01-08]. . |
26 | 赵栖栖.模糊测试工具AFL变异策略优化[D].大连:大连理工大学,2021. |
ZHAO Q Q. Optimization of fuzzing tool AFL mutation strategy[D]. Dalian: Dalian University of Technology, 2021. | |
27 | FENG T, LIU J. Optimization research of directed fuzzing based on AFL[J]. Electronics, 2022, 11(24): No.4066. |
28 | LIU Z, QIAN P, YANG J, et al. Rethinking smart contract fuzzing: fuzzing with invocation ordering and important branch revisiting[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 1237-1251. |
29 | QU S, ZHANG Z, MA B, et al. Optimization method of Web fuzzy test cases based on genetic algorithm[J]. Journal of Physics: Conference Series, 2021, 2078: No.012015. |
30 | ZOU Y, ZOU W, ZHAO J, et al. PosFuzz: augmenting greybox fuzzing with effective position distribution[J]. Cybersecurity, 2023, 6: No.11. |
31 | YUN J, RUSTAMOV F, KIM J, et al. Fuzzing of embedded systems: a survey[J]. ACM Computing Surveys, 2023, 55(7): No.137. |
32 | SHEN Y, XU Y, SUN H, et al. Tardis: coverage-guided embedded operating system fuzzing[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2022, 41(11): 4563-4574. |
33 | ECEIZA M, FLORES J L, ITURBE M. Fuzzing the internet of things: a review on the techniques and challenges for efficient vulnerability discovery in embedded systems[J]. IEEE Internet of Things Journal, 2021, 8(13): 10390-10411. |
34 | GAO Z, DONG W, CHANG R, et al. Fw‐fuzz: a code coverage‐guided fuzzing framework for network protocols on firmware[J]. Concurrency and Computation: Practice and Experience, 2022, 34(16): No.e5756. |
35 | 任泽众,郑晗,张嘉元,等.模糊测试技术综述[J].计算机研究与发展,2021,58(5):944-963. |
REN Z Z, ZHENG H, ZHANG J Y, et al. A review of fuzzy testing techniques[J]. Journal of Computer Research and Development, 2021, 58(5): 944-963. | |
36 | LIANG H, YU X, CHENG X, et al. Multiple targets directed greybox fuzzing[J]. IEEE Transactions on Dependable and Secure Computing, 2024, 21(1): 325-339. |
37 | 崔展齐,张家铭,郑丽伟,等.覆盖率制导的灰盒模糊测试研究综述[J].计算机学报,2024,47(7):1665-1696. |
CUI Z Q, ZHANG J M, ZHENG L W, et al. Review of gray box fuzzy testing for coverage guidance[J].Chinese Journal of Computers, 2024, 47(7): 1665-1696. | |
38 | 绿盟. 绿盟远程安全评估系统 RSAS[CP/OL]. [2024-01-08]. . |
NSFOCUS. NSFOCUS Remote Security Assessment System RSAS[CP/OL]. [2024-01-08]. . | |
39 | AMANKWAH R, CHEN J, KUDJO P K, et al. An empirical comparison of commercial and open-source Web vulnerability scanners[J]. Software: Practice and Experience, 2020, 50(9): 1842-1857. |
40 | YIN Z, XU Y, MA F, et al. Scanner++: enhanced vulnerability detection of Web applications with attack intent synchronization[J]. ACM Transactions on Software Engineering and Methodology, 2023, 32(1): No.7. |
41 | BRITO T, LOPES P, SANTOS N, et al. Wasmati: an efficient static vulnerability scanner for WebAssembly[J]. Computers and Security, 2022, 118: No.102745. |
42 | The PTES Team. The penetration testing execution standard documentation: release 1.1[EB/OL]. [2023-05-22]. . |
43 | OWASP. 2021 OWASP TOP 10: where we've been and where we are[EB/OL]. [2023-07-08]. . |
44 | CRESPO-MARTÍNEZ I S, CAMPAZAS-VEGA A, GUERRERO-HIGUERAS Á M, et al. SQL injection attack detection in network flow data[J]. Computers and Security, 2023, 127: No.103093. |
45 | LU D, FEI J, LIU L. A semantic learning-based SQL injection attack detection technology[J]. Electronics, 2023, 12(6): No.1344. |
46 | ALOTAIBI F M, VASSILIOS V G. Toward an SDN-based Web application firewall: defending against SQL injection attacks[J]. Future Internet, 2023, 15(5): No.170. |
47 | TAN X, XU Y, WU T, et al. Detection of reflected XSS vulnerabilities based on paths-attention method[J]. Applied Sciences, 2023, 13(13): No.7895. |
48 | CHAUDHARY P, GUPTA B, SINGH A K. XSS Armor: constructing XSS defensive framework for preserving big data privacy in Internet-of-Things (IoT) networks[J]. Journal of Circuits, Systems and Computers, 2022, 31: No. 2250222 . |
49 | ZHOU L, ZHU Y, XIANG Y, et al. A novel feature-based framework enabling multi-type DDoS attacks detection[J]. World Wide Web, 2023, 26(1): 163-185. |
50 | KUMAR D, PATERIYA R K, GUPTA R V, et al. DDoS detection using deep learning[J]. Procedia Computer Science, 2023, 218: 2420-2429. |
51 | ZHOU T Y, ZANG Y C, ZHU J H, et al. NIG-AP: a new method for automated penetration testing[J]. Frontiers of Information Technology and Electronic Engineering, 2019, 20(9): 1277-1288. |
52 | ZHANG Y, LIU J, ZHOU S, et al. Improved deep recurrent Q‑network of POMDPS for automated penetration testing[J]. Applied Sciences, 2022, 12(20): No.10339. |
53 | RAK M, SALZILLO G, GRANATA D. ESSecA: an automated expert system for threat modelling and penetration testing for IoT ecosystems[J]. Computers and Electrical Engineering, 2022, 99: No.107721. |
54 | WANG P, LIU J, ZHONG X, et al. A cybersecurity knowledge graph completion method for penetration testing[J]. Electronics, 2023, 12(8): No.1837. |
55 | ŠVÁBENSKÝ V, ČELEDA P, VYKOPAL J, et al. Cybersecurity knowledge and skills taught in capture the flag challenges[J]. Computers and Security, 2021, 102: No.102154. |
56 | KARAYAT R, JADHAV M, KONDAKA L S, et al. Web application penetration testing & patch development using Kali Linux[C]// Proceedings of the 8th International Conference on Advanced Computing and Communication Systems. Piscataway: IEEE, 2022: 1392-1397. |
57 | ALBAHAR M, ALANSARI D, JURCUT A. An empirical comparison of pen-testing tools for detecting vulnerabilities[J]. Electronics, 2022, 11(19): No.2991. |
58 | HackerOne. Overview of HackerOne[CP/OL]. [2023-05-08]. . |
59 | Bugcrowd. How Bugcrowd works[CP/OL]. [2023-06-11]. . |
60 | 三六零数字安全科技集团有限公司.360漏洞云安全众测服务平台[CP/OL]. [2023-10-15]. [CP/OL]. [2023-08-13]. . |
61 | AKBAR M A, SMOLANDER K, MAHMOOD S, et al. Toward successful DevSecOps in software development organizations: a decision-making framework[J]. Information and Software Technology, 2022, 147: No.106894. |
62 | PRATES L, FAUSTINO J, SILVA M, et al. DevSecOps metrics[C]// Proceedings of the 2019 SIGSAND/PLAIS EuroSymposium on Digital Transformation, LNBIP 359. Cham: Springer, 2019: 77-90. |
63 | ZHOU X, MAO R, ZHANG H, et al. Revisit security in the era of DevOps: an evidence‐based inquiry into DevSecOps industry[J]. IET Software, 2023, 17(4): 435-454. |
64 | 李馥娟,王群.网络靶场及其关键技术研究[J].计算机工程与应用,2022,58(5):12-22. |
LI F J, WANG Q. Research on cyber ranges and their key technologies[J]. Computer Engineering and Applications, 2022, 58(5): 12-22. | |
65 | 沈斌,柳中华,杨豪璞,等.装备网络安全靶场架构设计研究[J].现代防御技术,2022,50(2):61-66. |
SHEN B, LIU Z H, YANG H P, et al. Research on the architecture design of equipment network security range[J]. Modern Defence Technology, 2022, 50(2):61-66. |
[1] | Hang XU, Zhi YANG, Xingyuan CHEN, Bing HAN, Xuehui DU. Coverage-guided fuzzing based on adaptive sensitive region mutation [J]. Journal of Computer Applications, 2024, 44(8): 2528-2535. |
[2] | Jinhui CAI, Zhongxu YIN, Guoxiao ZONG, Junru LI. Integrated method of inference and taint analysis for nested branch breakthrough [J]. Journal of Computer Applications, 2024, 44(12): 3823-3830. |
[3] | NI Ping, CHEN Wei. Reflective cross-site scripting vulnerability detection based on fuzzing test [J]. Journal of Computer Applications, 2021, 41(9): 2594-2601. |
[4] | ZHANG Hanfang, ZHOU Anmin, JIA Peng, LIU Luping, LIU Liang. Directed fuzzing method for binary programs [J]. Journal of Computer Applications, 2019, 39(5): 1389-1393. |
[5] | . Automatic generation method for penetration test programs based on attack graph [J]. Journal of Computer Applications, 2010, 30(8): 2146-2150. |
[6] | . ActiveX vulnerability exploiting technique based on Fuzzing [J]. Journal of Computer Applications, 2008, 28(9): 2252-2254. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||