漏洞挖掘通过模拟攻击者的行为,对应用程序进行测试和漏洞挖掘的方法。主要针对应用软件、中间件的可执行程序,利用模糊测试、逆向工程等方法挖掘软件中可能存在的未知安全漏洞。主要方法包括:
(1) Input and output testing: a method to find possible security holes and code defects by inputting malicious data and observing the output results. For example, SQL injection testing by inputting malicious data, or XSS testing by inputting malicious JavaScript scripts.
(2) Abnormal testing: By inputting abnormal data and observing the response of the application, possible security holes and code defects are found. For example, test the exception handling capability of the application by inputting an overlong character string, illegal data format, etc.
(3) Boundary testing: By testing boundary values and boundary conditions, possible security vulnerabilities and code defects are discovered. For example, discover possible problems in the code by testing maximum values, minimum values, boundary conditions, etc.
(4) Security testing: By simulating the attacker's behavior, possible security loopholes and code defects are discovered. For example, by simulating common attack methods, such as SQL injection, XSS, CSRF, etc., it is possible to discover security holes that may exist in the application.