Method for discovering Web intranet agent bugs

A technology of loopholes and intranets, applied in electrical digital data processing, instruments, computer security devices, etc., can solve the problem of impossible to achieve a high detection rate, and achieve the effect of improving Web security and reducing detection difficulty.

Inactive Publication Date: 2013-01-02
周耕辉
View PDF3 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Both methods are technically demanding, and at the same time, due to human factors, it is impossible to achieve a high recall rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for discovering Web intranet agent bugs
  • Method for discovering Web intranet agent bugs
  • Method for discovering Web intranet agent bugs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The invention uses a programmed method to discover and determine the loopholes of the intranet agent. When in use, the operator only needs to start the detection program.

[0022] The present invention takes black-box testing as a starting point, and summarizes the black-box testing process into two parts: URL discovery and loophole verification.

[0023] URL discovery is used to extract all pages from a web application. Considering the variation of URL parameters, a typical web application usually contains tens of thousands to hundreds of thousands of independent URLs. Analyzing each URL independently would take a lot of time. Therefore, applying a filtering strategy based on the extracted results reduces the number of analyzes required to make the analysis time acceptable. If the URL is not filtered, the web intranet proxy vulnerability can also be found, but the execution of the program will take more time.

[0024] In the black box testing method, vulnerability ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for discovering Web intranet agent bugs. Capture of intranet network pages is achieved and uniformed resource locators (URLs) of all pages are obtained through a network crawler technology; then filtering is performed twice to screen URLs possibly existing intranet agent bugs out based on UPL specifications and characteristics of parameter values; feature pages containing a section of message algorithm digest 5 (MD5) strings are constructed in a Web intranet; and for each filtered URL, original parameter content containing the URL is replaced with the URLs of the feature pages, the URLs after the replacement are requested, if request responses contain the MD5 strings in the feature pages, the intranet agent bugs exist in the page URLs, and otherwise, the intranet agent bugs do not exist in the page URLs. The defects in the artificial method are overcome by using the programmed intranet agent detection method, the intranet agent bugs in Web service can be discovered effectively and comprehensively, and the safety of the Web can be improved.

Description

Technical field [0001] The present invention involves a method of discovering vulnerabilities, which specializes in a method of discovering the Web inner network proxy vulnerability. Background technique [0002] Under normal circumstances, customers indirectly use the services provided by the proxy module through public web services.If the developer does not have any restrictions on the use of the proxy module, then the customer can directly access the agent module and construct the appropriate parameter to access any internal network resources, which makes the network isolation strategy bypassed.If the above possibilities exist, then the application logic of the website contains the internal network proxy vulnerability. [0003] At present, the detection method of internal network proxy vulnerabilities is mainly divided into two types: manual code review and black box discovery technology. [0004] (1) Artificial code review.By analyzing the problems that may occur in the code,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00
Inventor 周耕辉
Owner 周耕辉
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap