Detection method and scanning engine of web pages

A detection method and scanning engine technology, which are applied in the field of web page detection methods and scanning engines, can solve the problems of false positives and false positives, and reduce user experience, so as to avoid false positives and improve user experience.

Inactive Publication Date: 2012-10-17
BEIJING QIHOO TECH CO LTD +1
View PDF3 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present invention provides a web page detection method and a scanning engine to solve the problem that the existing technology cannot accurately determine whether a vulnerability exists, or is an error page or a 404 page, which leads to misidentification and false reporting of vulnerabilities and reduces user experience. question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and scanning engine of web pages
  • Detection method and scanning engine of web pages
  • Detection method and scanning engine of web pages

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] Reference figure 1 , Shows a flow chart of the steps of a webpage detection method according to the first embodiment of the present invention.

[0031] The webpage detection method of this embodiment includes the following steps:

[0032] Step S10: Grab the URL or content of the target website, determine that it is a webpage based on the returned result, and visit the webpage.

[0033] The crawling of the URL (Uniform Resource Locator) or content of the target website can be realized by spider or crawler technology. The result returned by the spider or crawler is used to determine whether it is a web page of the website, and if it is determined to be a web page, the web page is visited.

[0034] Step S20: Determine whether the visited webpage meets at least one of the following rules: general abnormal page rules, custom abnormal page rules, and custom abnormal page behavior rules;

[0035] Among them, the general abnormal page rule is used to determine whether a web page is an ab...

Embodiment 2

[0039] Reference figure 2 , Shows a flowchart of the steps of a webpage detection method according to the second embodiment of the present invention.

[0040] This embodiment is a further preferred solution of embodiment 1. In this embodiment, the abnormal page includes other error pages other than the 404 page of the 404 page. Correspondingly, the general exception page rules include general 404 page rules and custom exceptions. Page rules include custom 404 page rules, custom error page rules, custom abnormal page behavior rules, and custom 404 page behavior rules.

[0041] The webpage detection method of this embodiment includes the following steps:

[0042] Step S102: Visit the webpage, and determine whether the visited webpage meets at least one of the following rules: general 404 page rules, custom 404 page rules, custom 404 page behavior rules, and custom error page rules.

[0043] Among them, the general 404 page rule is used to determine whether the web page is a 404 page ac...

Embodiment 3

[0048] Reference image 3 , Shows a flow chart of the steps of a webpage detection method according to the third embodiment of the present invention.

[0049] The webpage detection method of this embodiment includes the following steps:

[0050] Step S202: Collect at least one of general 404 page rules, custom 404 page rules, custom 404 page behavior rules, and custom error page rules.

[0051] In this embodiment, all of the foregoing rules can be set to collect, and in actual applications, only part of the foregoing rules can also be collected as required. When collecting the above rules, you can collect and set up and use it once, and then update the previously collected rules uniformly at an interval setting; you can also dynamically collect the rules and update them in real time.

[0052] The collected general 404 page rules may include: judging whether the webpage status code is 404, and / or judging whether the webpage content includes 404 page content, such as "404NOTFOUND", "404...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a detection method and a scanning engine of web pages. The detection method of the web pages comprises the following steps of: crawling the URL (Uniform Resource Locator) or content of a target website, determining the web pages of the website by the returned result, and accessing the web pages; judging whether the accessed web pages conform to at least one of the following rules or not: a general exception page rule, a custom exception page rule and a custom exception page behavior rule; if so, determining the accessed pages as exception pages; wherein the general exception page rule is used for determining whether the web pages are exception pages or not according to the status codes of the web pages or the web contents, the custom exception page rule is used for determining whether the web pages are exception pages or not according to the key words of the exception pages extracted from the web pages, and the custom exception page behavior rule is used for determining whether the web pages are exception pages or not according to the set behavior of accessing the exception pages. Through the embodiment of the invention, the effect of accurately judging the exception pages can be realized.

Description

Technical field [0001] The embodiment of the present invention relates to the technical field of website security, in particular to a webpage detection method and a scanning engine. Background technique [0002] Vulnerability scanning usually refers to a security detection behavior that detects the security vulnerabilities of specified remote or local computer systems through scanning and other means based on the vulnerability database, and discovers exploitable vulnerabilities. Through vulnerability scanning, the security risks of computer systems or other network equipment and vulnerabilities that may be exploited by hackers can be discovered in time. [0003] However, existing vulnerability scanning products often mistake some network error pages as vulnerabilities when scanning for vulnerabilities. For example, mistaken 404 pages or error pages intercepted by firewalls or other error pages as vulnerabilities, resulting in vulnerabilities. Sense false positives. The 404 page i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCG06F17/30861H04L67/02H04L29/06G06F16/957G06F16/951
Inventor 赵武龙专
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap