Nothing Special   »   [go: up one dir, main page]

CN114491559A - System testing method, device, equipment and storage medium - Google Patents

System testing method, device, equipment and storage medium Download PDF

Info

Publication number
CN114491559A
CN114491559A CN202210099953.2A CN202210099953A CN114491559A CN 114491559 A CN114491559 A CN 114491559A CN 202210099953 A CN202210099953 A CN 202210099953A CN 114491559 A CN114491559 A CN 114491559A
Authority
CN
China
Prior art keywords
tested
access
user
test
identity data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210099953.2A
Other languages
Chinese (zh)
Inventor
张少辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202210099953.2A priority Critical patent/CN114491559A/en
Publication of CN114491559A publication Critical patent/CN114491559A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a system testing method, a system testing device, system testing equipment and a storage medium. The method comprises the following steps: acquiring identity verification data generated when all users to be tested log in a system to be tested; forming a test identity data set of each user to be tested according to each identity verification data; controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set; and when the access result set contains the access result of successful access, determining that the system to be tested has the risk of unauthorized access. The invention can effectively detect the user login safety of the system to be tested.

Description

System testing method, device, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of software testing, in particular to a system testing method, a system testing device, system testing equipment and a storage medium.
Background
With the development of the internet technology, people can use different application systems in various scenes of daily life, the application systems are generally separated from one another at the front end and the back end at present, the front end uses the vue, React, and enterprise technologies, and the back end provides an interface, so that the front end and the back end are more clearly subjected to role-sharing, and better guarantee is provided for the research and development quality of system projects.
Generally, a front end of an application system corresponds to a plurality of back ends, each back end provides an access interface, login verification is performed when a user enters the access interface of the back end in the process of accessing the system, and effective cookies are returned to the user after the verification is passed.
In some fields, security issues are of paramount importance, such as the operation of banking and other financial services, and whether the used system is secure is a major concern. If some users illegally acquire valid cookies of other users for system access in the process of using the bank system, serious economic loss can be caused, and therefore, detection of user security access in the process of using the system is essential.
Disclosure of Invention
The invention provides a system testing method, a system testing device, system testing equipment and a storage medium, which are used for effectively detecting the user login security of a system to be tested.
In a first aspect, an embodiment of the present invention provides a system testing method, including:
acquiring identity verification data generated when all users to be tested log in a system to be tested;
forming a test identity data set of each user to be tested according to each identity verification data;
controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set;
and when the access result set contains the access result of successful access, determining that the system to be tested has the risk of unauthorized access.
Optionally, the forming a test identity data set of each user to be tested according to each identity verification data includes:
selecting a target user from all the users to be tested, and taking other users to be tested except the target user as candidate users;
parameterizing the identity verification data of the target user based on the identity verification data of the candidate user in sequence to generate corresponding test identity data and form a test identity data set of the target user;
and returning to re-select the target user until all the users to be tested are selected.
Optionally, the controlling each user to be tested to execute an access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set includes:
selecting a target test identity data from a test identity data set corresponding to each user to be tested;
controlling the user to be tested to access the system to be tested based on the target test identity data to obtain an access result, and adding the access result to an access result set;
and returning to reselect the target test identity data until all the test identity data in the test identity data set corresponding to the user to be tested are selected.
Optionally, after obtaining the authentication data generated when all users to be tested log in the system to be tested, the method further includes:
and setting each identity verification data as an environment variable of the system to be tested.
Optionally, after determining that there is an unauthorized access risk in the system to be tested, the method further includes:
and determining the unauthorized access category of the system to be tested according to the access test operation with the access result of successful access.
Optionally, the determining the unauthorized access category of the system to be tested according to the access test operation with the access result being successful access includes:
determining an access test operation with an access result of successful access as an unauthorized access operation, wherein a user to be tested corresponding to the unauthorized access operation is an unauthorized access user;
determining the test identity data used when the unauthorized access user executes unauthorized access operation as unauthorized identity data, and determining a user to be tested corresponding to the identity verification data of the unauthorized identity data as an information leakage user;
and determining the unauthorized access category of the system to be tested according to the user authority levels of the unauthorized access user and the information disclosure user.
Optionally, after determining the unauthorized access category of the system to be tested, the method further includes:
and carrying out corresponding alarm prompt according to the unauthorized access category of the system to be tested.
In a second aspect, an embodiment of the present invention further provides a system test apparatus, where the apparatus includes:
the identity authentication data acquisition module is used for acquiring identity authentication data generated when all users to be tested log in the system to be tested;
the test identity data generation module is used for forming a test identity data set of each user to be tested according to each identity verification data;
the access test operation execution module is used for controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set;
and the unauthorized access risk judging module is used for determining that the system to be tested has unauthorized access risk when the access result set contains the access result of successful access.
In a third aspect, an embodiment of the present invention further provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the system testing method according to any embodiment of the present invention.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a system testing method according to any of the embodiments of the present invention.
The method comprises the steps of acquiring identity verification data generated when all users to be tested log in a system to be tested; forming a test identity data set of each user to be tested according to each identity verification data; controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set; and when the access result set contains the access result of successful access, determining that the system to be tested has the risk of unauthorized access, and effectively detecting the user login security of the system to be tested.
Drawings
Fig. 1 is a flowchart of a system testing method according to an embodiment of the present invention;
fig. 2 is a block diagram of a system test apparatus according to a second embodiment of the present invention;
fig. 3 is a block diagram of a computer device according to a third embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only a part of the structures related to the present invention, not all of the structures, are shown in the drawings, and furthermore, embodiments of the present invention and features of the embodiments may be combined with each other without conflict.
Example one
Fig. 1 is a flowchart of a system testing method according to an embodiment of the present invention, where the method is applicable to detecting a user login security of a system to be tested, and the method may be executed by a system testing apparatus, and the apparatus may be implemented by software and/or hardware.
As shown in fig. 1, the method specifically includes the following steps:
and step 110, acquiring identity verification data generated when all users to be tested log in the system to be tested.
The system to be tested can be any application system requiring user login verification. The authentication data may be cookie data of a small text file generated when the user logs in the system to be tested.
In this embodiment, all registered users of the system to be tested may be selected as the users to be tested to perform the system security test. Specifically, the user to be tested can be sequentially controlled to log in the system to be tested, and after the user to be tested passes the authentication of the system to be tested, the system to be tested can generate effective authentication data to return to the user client. The system testing device provided by the embodiment can acquire and store the authentication data of all the users to be tested. The mode of acquiring the authentication data can be any data capture mode.
Optionally, after step 110, the system testing method provided in this embodiment may further include the following steps:
and setting each identity verification data as an environment variable of the system to be tested.
In practical applications, a system front-end may be connected to a plurality of backend, and for security reasons, each backend interface may make some login restrictions, and a user needs to perform authentication when accessing different backend interfaces. In order to facilitate the detection, the authentication data of the user to be tested, which passes the authentication, may be set as the environment variable of the system to be tested. For example, setting a valid cookie for the user as an environment variable can avoid the problem of repeated login authentication for accessing different interfaces.
And step 120, forming a test identity data set of each user to be tested according to each identity verification data.
Wherein the test identity data set may comprise a plurality of test identity data.
Specifically, for a certain user to be tested, the authentication data of the user to be tested can be modified according to the authentication data of other users to be tested, so as to generate a plurality of test identity data, and form a test identity data set of the user to be tested.
Optionally, step 120 may be implemented according to the following steps:
s1201, selecting a target user from the users to be tested, and taking the other users to be tested except the target user as candidate users.
S1202, parameterizing the identity verification data of the target user on the basis of the identity verification data of the candidate user in sequence, generating corresponding test identity data, and forming a test identity data set of the target user.
S1203, judging whether all the users to be tested are selected, if not, returning to S1201 to select the target user again.
Specifically, the users to be tested may be sequentially selected as target users, and a test identity data set of the target users may be generated. For a certain target user, the authentication data of the target user can be modified according to the authentication data of any other user to be tested, so as to obtain corresponding test identity data.
And step 130, controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set.
In this embodiment, the user to be tested may be controlled to access the system to be tested in sequence according to different test identity data in the corresponding test identity data set, and the access result of each time is recorded and stored to form an access result set.
Optionally, step 130 may be implemented according to the following steps:
s1301, aiming at each user to be tested, selecting target test identity data from a test identity data set corresponding to the user to be tested.
S1302, controlling the user to be tested to access the system to be tested based on the target test identity data to obtain an access result, and adding the access result to an access result set.
And S1303, judging whether all the test identity data in the test identity data set corresponding to the user to be tested are selected, and if not, returning to S1301 to re-select the target test identity data.
Specifically, the access test operation may be performed on the users to be tested in sequence, and for each user to be tested, multiple tests may be performed based on different test identity data, where the number of tests may be the number of test identity data included in the test identity data set. The testing method can be used for controlling the user to be tested to access the system to be tested based on the target testing identity data and judging whether the user can normally access the system to be tested. For each access test of each user to be tested, there is one access result. The access result can be divided into a successful access and a failed access.
And step 140, when the access result set contains the access result of successful access, determining that the system to be tested has the risk of unauthorized access.
Generally, a user can only normally access the system according to valid authentication data of the user, and when the authentication data of the user is illegally modified, the user cannot normally access the system. When the access result set contains the access result of successful access, the identity verification data of the user to be tested can still be considered to normally access the system to be tested after being modified, and therefore the system to be tested can be determined to have the risk of unauthorized access.
According to the technical scheme of the embodiment, identity verification data generated when all users to be tested log in a system to be tested is obtained; forming a test identity data set of each user to be tested according to each identity verification data; controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set; and when the access result set contains the access result of successful access, determining that the system to be tested has the risk of unauthorized access, and effectively detecting the user login security of the system to be tested.
On the basis of the above technical solution, the system testing method provided in this embodiment may further include the following steps:
and determining the unauthorized access category of the system to be tested according to the access test operation with the access result of successful access.
In the present embodiment, the unauthorized access category may be classified into a horizontal override and a vertical override. Generally, after logging in the system, the user can only view or operate the related information within the scope of the personal authority. A user may be considered to have unauthorized access behavior when the user may view or manipulate information to others. If the user can view or operate the information of the same-level user, the horizontal override can be defined; a vertical override may be defined if a user can view or manipulate information to a superior user.
Optionally, the unauthorized access category of the system to be tested is determined according to the access test operation in which the access result is successful access, which may be specifically implemented through the following steps:
1) determining that the access test operation with the access result of successful access is an unauthorized access operation, wherein a user to be tested corresponding to the unauthorized access operation is an unauthorized access user;
2) determining test identity data used when the unauthorized access user executes unauthorized access operation as unauthorized identity data, and determining a user to be tested corresponding to identity verification data for generating the unauthorized identity data as an information leakage user;
3) and determining the unauthorized access category of the system to be tested according to the user authority levels of the unauthorized access user and the information disclosure user.
Optionally, after determining the unauthorized access category existing in the system to be tested, the system testing method provided in this embodiment may further implement: and carrying out corresponding alarm prompt according to the unauthorized access category of the system to be tested.
Specifically, when there is an unauthorized access risk in the system to be tested, the system testing apparatus provided in this embodiment may perform risk classification on the unauthorized access categories in the system to be tested, where in general, the horizontal unauthorized risk level is lower, and the vertical unauthorized risk level is higher. After the risk level is determined, relevant test information of unauthorized access can be sent to a designated terminal user according to the risk level, and corresponding alarm prompt is carried out.
Example two
The system testing device provided by the embodiment of the invention can execute the system testing method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method. Fig. 2 is a block diagram of a system testing apparatus according to a second embodiment of the present invention, and as shown in fig. 2, the apparatus includes: an authentication data acquisition module 210, a test identity data generation module 220, an access test operation execution module 230, and an unauthorized access risk determination module 240.
The authentication data obtaining module 210 is configured to obtain authentication data generated when all users to be tested log in the system to be tested.
The test identity data generating module 220 is configured to form a test identity data set of each user to be tested according to each identity verification data.
And the access test operation executing module 230 is configured to control each user to be tested to execute an access test operation according to the test identity data in the corresponding test identity data set, so as to obtain an access result set.
And the unauthorized access risk judging module 240 is configured to determine that the system to be tested has an unauthorized access risk when the access result set includes an access result of successful access.
According to the technical scheme of the embodiment, identity verification data generated when all users to be tested log in a system to be tested is obtained; forming a test identity data set of each user to be tested according to each identity verification data; controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set; and when the access result set contains the access result of successful access, determining that the system to be tested has the risk of unauthorized access, and effectively detecting the user login security of the system to be tested.
Optionally, the test identity data generating module 220 includes:
the first candidate user selecting unit is used for selecting a target user from all the users to be tested and taking other users to be tested except the target user as candidate users;
the test identity data generating unit is used for parameterizing the identity verification data of the target user on the basis of the identity verification data of the candidate user in sequence to generate corresponding test identity data and form a test identity data set of the target user;
and the second candidate user selecting unit is used for returning to reselect the target user until all the users to be tested are selected.
Optionally, the access test operation executing module 230 includes:
the first target data selection unit is used for selecting one target test identity data from the test identity data set corresponding to each user to be tested;
the access test operation execution unit is used for controlling the user to be tested to access the system to be tested based on the target test identity data to obtain an access result, and adding the access result to an access result set;
and the second target data selection unit is used for returning to reselect the target test identity data until all the test identity data in the test identity data set corresponding to the user to be tested are selected.
Optionally, the apparatus further includes an environment variable setting module, configured to:
after obtaining the authentication data generated when all users to be tested log in the system to be tested, setting the authentication data as the environment variables of the system to be tested.
Optionally, the apparatus further includes an unauthorized access category determining module, configured to:
after the system to be tested is determined to have the risk of unauthorized access, according to the access test operation with the access result of successful access, the unauthorized access category of the system to be tested is determined.
Optionally, the unauthorized access category determining module includes:
the unauthorized access user determining unit is used for determining that the access test operation with the access result of successful access is unauthorized access operation, and the user to be tested corresponding to the unauthorized access operation is an unauthorized access user;
the information disclosure user determining unit is used for determining the test identity data used by the unauthorized access user when executing the unauthorized access operation as the unauthorized identity data, and determining the user to be tested corresponding to the identity verification data of the unauthorized identity data as the information disclosure user;
and the unauthorized access type determining unit is used for determining the unauthorized access type of the system to be tested according to the user permission levels of the unauthorized access user and the information disclosure user.
Optionally, the apparatus further includes an alarm prompting module, configured to:
and after the unauthorized access category of the system to be tested is determined, carrying out corresponding alarm prompt according to the unauthorized access category of the system to be tested.
EXAMPLE III
Fig. 3 is a block diagram of a computer apparatus according to a third embodiment of the present invention, as shown in fig. 3, the computer apparatus includes a processor 310, a memory 320, an input device 330, and an output device 340; the number of the processors 310 in the computer device may be one or more, and one processor 310 is taken as an example in fig. 3; the processor 310, the memory 320, the input device 330 and the output device 340 in the computer apparatus may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 3.
The memory 320 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the system test method in the embodiment of the present invention (for example, the authentication data obtaining module 210, the test identity data generating module 220, the access test operation executing module 230, and the unauthorized access risk determining module 240 in the system test apparatus). The processor 310 executes various functional applications of the computer device and data processing by executing software programs, instructions and modules stored in the memory 320, that is, implements the system test method described above.
The memory 320 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 320 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 320 can further include memory located remotely from the processor 310, which can be connected to a computer device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 330 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the computer apparatus. The output device 340 may include a display device such as a display screen.
Example four
A fourth embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a system test method, the method including:
acquiring identity verification data generated when all users to be tested log in a system to be tested;
forming a test identity data set of each user to be tested according to each identity verification data;
controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set;
and when the access result set contains the access result of successful access, determining that the system to be tested has the risk of unauthorized access.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the system test method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the system test apparatus, the included units and modules are only divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing description is only exemplary of the invention and that the principles of the technology may be employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in some detail by the above embodiments, the invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the invention, and the scope of the invention is determined by the scope of the appended claims.

Claims (10)

1. A method for system testing, comprising:
acquiring identity verification data generated when all users to be tested log in a system to be tested;
forming a test identity data set of each user to be tested according to each identity verification data;
controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set;
and when the access result set contains the access result of successful access, determining that the system to be tested has the risk of unauthorized access.
2. The method for system testing according to claim 1, wherein said forming a testing identity data set for each of said users to be tested according to each of said authentication data comprises:
selecting a target user from all the users to be tested, and taking other users to be tested except the target user as candidate users;
parameterizing the identity verification data of the target user based on the identity verification data of the candidate user in sequence to generate corresponding test identity data and form a test identity data set of the target user;
and returning to re-select the target user until all the users to be tested are selected.
3. The system testing method of claim 1, wherein the controlling each user to be tested to perform an access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set comprises:
selecting a target test identity data from a test identity data set corresponding to each user to be tested;
controlling the user to be tested to access the system to be tested based on the target test identity data to obtain an access result, and adding the access result to an access result set;
and returning to reselect the target test identity data until all the test identity data in the test identity data set corresponding to the user to be tested are selected.
4. The system testing method of claim 1, after obtaining the authentication data generated when all users to be tested log in the system to be tested, further comprising:
and setting each identity verification data as an environment variable of the system to be tested.
5. The system testing method of claim 1, after determining that the system under test is at risk of unauthorized access, further comprising:
and determining the unauthorized access category of the system to be tested according to the access test operation with the access result of successful access.
6. The method for testing the system according to claim 5, wherein the determining the unauthorized access category of the system to be tested according to the access test operation with the access result being successful access comprises:
determining an access test operation with an access result of successful access as an unauthorized access operation, wherein a user to be tested corresponding to the unauthorized access operation is an unauthorized access user;
determining the test identity data used when the unauthorized access user executes unauthorized access operation as unauthorized identity data, and determining a user to be tested corresponding to the identity verification data of the unauthorized identity data as an information leakage user;
and determining the unauthorized access category of the system to be tested according to the user authority levels of the unauthorized access user and the information disclosure user.
7. The system testing method of claim 5, after determining the unauthorized access category that exists for the system under test, further comprising:
and performing corresponding alarm prompt according to the unauthorized access category of the system to be tested.
8. A system test apparatus, comprising:
the identity authentication data acquisition module is used for acquiring identity authentication data generated when all users to be tested log in the system to be tested;
the test identity data generation module is used for forming a test identity data set of each user to be tested according to each identity verification data;
the access test operation execution module is used for controlling each user to be tested to execute access test operation according to the test identity data in the corresponding test identity data set to obtain an access result set;
and the unauthorized access risk judgment module is used for determining that the system to be tested has unauthorized access risk when the access result set contains the access result of successful access.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the system test method of any one of claims 1 to 7 when executing the program.
10. A storage medium containing computer-executable instructions for performing the system testing method of any one of claims 1-7 when executed by a computer processor.
CN202210099953.2A 2022-01-27 2022-01-27 System testing method, device, equipment and storage medium Pending CN114491559A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210099953.2A CN114491559A (en) 2022-01-27 2022-01-27 System testing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210099953.2A CN114491559A (en) 2022-01-27 2022-01-27 System testing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114491559A true CN114491559A (en) 2022-05-13

Family

ID=81476124

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210099953.2A Pending CN114491559A (en) 2022-01-27 2022-01-27 System testing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114491559A (en)

Similar Documents

Publication Publication Date Title
US10992659B2 (en) Multi-factor authentication devices
US11003773B1 (en) System and method for automatically generating malware detection rule recommendations
CN109743315B (en) Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website
CN106845240A (en) A kind of Android malware static detection method based on random forest
RU2017141988A (en) METHOD AND DEVICE FOR MANAGING SECURITY IN A COMPUTER NETWORK
US20190373011A1 (en) Detection of scripted activity
CN112560045A (en) Application program vulnerability detection method and device, computer equipment and storage medium
CN111416811A (en) Unauthorized vulnerability detection method, system, equipment and storage medium
US11481478B2 (en) Anomalous user session detector
CN110912855A (en) Block chain architecture security assessment method and system based on permeability test case set
CN109271807A (en) The data safety processing method and system of database
CN110135162A (en) The recognition methods of the back door WEBSHELL, device, equipment and storage medium
CN113132329A (en) WEBSHELL detection method, device, equipment and storage medium
Brindavathi et al. An Analysis of AI-based SQL Injection (SQLi) Attack Detection
CN109426961B (en) Card binding risk control method and device
JP6258189B2 (en) Specific apparatus, specific method, and specific program
CN114491559A (en) System testing method, device, equipment and storage medium
US20230177142A1 (en) Detecting sharing of passwords
CN116094808A (en) Access control vulnerability detection method and system based on RBAC mode Web application security
CN111639033B (en) Software security threat analysis method and system
US20210209067A1 (en) Network activity identification and characterization based on characteristic active directory (ad) event segments
US9172719B2 (en) Intermediate trust state
CN105868636B (en) A kind of method and device detecting permission loophole
CN115085956A (en) Intrusion detection method and device, electronic equipment and storage medium
Wang et al. A design of security assessment system for e-commerce website

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination