| 摘要 |
The invention provides a vulnerability detecting method and a device of an application program. The vulnerability detecting method of the application program comprises the following steps: a compiler compiles a source code of a to-be-detected professional hypertext preprocessor (PHP) application program to a virtual execution code; a virtual executor conducts vulnerability detecting in the process of executing the virtual execution code; according to a constant variable set stored in a storage, a constant function set reserves and cleans a function rule base, and the virtual executor recognizes currently generated constant variable; and according to the constant variable and a vulnerability rule base in the storage, the virtual executor detects whether vulnerability exists in a current PHP function required to be called. With adoption of the vulnerability detecting method or the device of the application program, vulnerability detecting of the source code of the PHP is complete and accurate, and the phenomenon that a computer system executing the application program is invaded or crashed due to the actual execution of the PHP application program can be avoided. |
