Android平台被动式漏洞扫描系统的设计与实现
首发时间:2018-09-19
摘要:随着Android移动智能终端的普及应用,其在充分发挥优越性的同时,也暴露出一些应用的弊端。应用程序在访问网络资源时容易出现各种漏洞,以往的渗透测试方法和工具大多针对于Web系统层面的漏洞,而忽略了Android移动终端同样会出现Web系统存在的漏洞,诸如SQL注入、XSS攻击等。本文通过对Android应用漏洞检测技术的研究,提出并实现了一套基于Android平台的被动式漏洞扫描系统APPVS。系统利用自动化测试的思想对请求触发模块进行了设计,并且实现对多个应用同时进行检测。针对SQL盲注提出二分查找和循环神经网络相结合的技术,设计实现了SQL注入漏洞检测模块。经实验表明,该系统可以更加全面快速的检测Android应用中存在的漏洞。
关键词: Android SQL注入 appium iptables
For information in English, please click here
Design and implementation of passive vulnerability scanning system based on Android platform
Abstract:With the popularization and application of Android mobile intelligent terminal, while fully exploiting its superiority, it also exposes the drawbacks of some applications. Applications are prone to various vulnerabilities when accessing network resources. Previous penetration testing methods and tools are mostly directed at vulnerabilities at the Web system level, and Android mobile applications are also overlooked with vulnerabilities in Web systems, such as SQL injection and XSS attacks. Based on the research of Android application vulnerability detection technology, this paper proposes and implements a passive vulnerability scanning system APPVS based on Android platform. The system uses the idea of automated testing to design the request trigger module and implement simultaneous detection for multiple applications. Aiming at the combination of binary search and cyclic neural network for SQL blind injection, the SQL injection vulnerability detection module is designed and implemented. Experiments show that the system can detect the vulnerabilities in Android applications more comprehensively and quickly.?
Keywords: Android SQL injection appium iptables
基金:
引用
No.****
同行评议
共计0人参与
勘误表
Android平台被动式漏洞扫描系统的设计与实现
评论
全部评论0/1000