METHOD FOR AUTOMATICALLY TESTING HORIZONTAL OVER-PERMISSION VULNERABILITIES AND RELATED DEVICE

摘要

Disclosed are a method for automatically testing horizontal over-permission vulnerabilities and a related device, relating to the field of comparison testing. The method comprises: creating a first account and a second account with the same account operation permission list, wherein the account operation permission list shows all account operation permissions owned by a corresponding account (S100); using the first account to execute a reference test request for each of the account operation permissions, so as to obtain a corresponding reference test request URL (S110); based on the reference test request URL, using the second account to execute a contrast test request for each of the account operation permissions, so as to obtain a corresponding contrast test request result (S120); and based on the corresponding contrast test request result, determining whether there are horizontal over-permission vulnerabilities (S130). The method improves the efficiency for testing horizontal unauthorized vulnerabilities.