android漏洞扫描,Android平台被动式漏洞扫描系统的设计与实现

Design and implementation of passive vulnerability scanning system based on Android platform

Li Chao

1

李超(1993-)，男，硕士，渗透测试

Xin Yang

1

辛阳(1977-)男，副教授，博导，网络安全与人工智能融合、灾备技术

1、School of Cyber Space Security, Beijing University of Posts and Telecommunications, Beijing, 100876

Abstract：With the popularization and application of Android mobile intelligent terminal, while fully exploiting its superiority, it also exposes the drawbacks of some applications. Applications are prone to various vulnerabilities when accessing network resources. Previous penetration testing methods and tools are mostly directed at vulnerabilities at the Web system level, and Android mobile applications are also overlooked with vulnerabilities in Web systems, such as SQL injection and XSS attacks. Based on the research of Android application vulnerability detection technology, this paper proposes and implements a passive vulnerability scanning system APPVS based on Android platform. The system uses the idea of automated testing to design the request trigger module and implement simultaneous detection for multiple applications. Aiming at the combination of binary search and cyclic neural network for SQL blind injection, the SQL injection vulnerability detection module is designed and implemented. Experiments show that the system can detect the vulnerabilities in Android applications more comprehensively and quickly.?