Loophole detection method and device

A detection device and technology for detecting position, applied in the field of communication, can solve the problems of low efficiency and low accuracy of detecting loopholes, etc.

Active Publication Date: 2013-05-08
MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
View PDF3 Cites 53 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0021] Embodiments of the present invention provide a method and device for detecting loopholes, which are used to solve the problems of low accuracy and low efficiency in detecting loopholes in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Loophole detection method and device
  • Loophole detection method and device
  • Loophole detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] figure 2 The process of detecting vulnerabilities provided by the embodiments of the present invention specifically includes the following steps:

[0040] S201: The detection device obtains a URL to be detected, and adds a preset special character string to a parameter of the URL to be detected.

[0041] Wherein, the special character string includes a positioning character string and a detection character string.

[0042] In the embodiment of the present invention, after the detection device obtains the URL to be detected, it needs to modify the URL to be detected, that is, based on the preset special character string including the positioning character string and the detection character string, in the parameters of the URL to be detected Add that special string. Wherein, the function of the detection character string in the special character string is to detect whether the detection character string is contained in the HTML code of the page returned by the server s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a loop detection method and a device for solving the problems that a current technology of loophole detection is low in accuracy and efficiency. The method includes: adding special character strings including a positioning character string and a detection character string into uniform resource locator (URL) to be detected and hyper text transport protocol (HTTP) requests, using the HTTP request to visit the URL, and finally imitating a browser to load pages returned by a website server, and judging whether safety loop holes exist in the website server according to whether detection character strings are included in hypertext markup language (HTML) codes of a loaded page. Due to the fact that the detection device imitates the browser to load pages returned by the website server, dynamic document object model (dom) elements exist in the page, whether the website server has safety loopholes can still be judged according to whether detection character strings are included in HTML codes of the loaded page without manual participation during the detection process, and therefore accuracy and efficiency of loophole detection are improved.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for detecting loopholes. Background technique [0002] Document Object Model (Document Object Model, dom) cross-site scripting (Cross SiteScripting, xss) vulnerability is a common vulnerability in web pages. [0003] Since Dom allows programs or scripts to dynamically access and update document content, structure and style, some object properties and methods in dom can be directly manipulated by javascript, such as Uniform Resource Locator (Uniform Resource Locator, URL), location, write, etc. Moreover, the client script can dynamically check and modify the page content through the DOM, and does not depend on the page returned by the server. Therefore, if the data entered by the user is used to build the DOM of the page without strict confirmation, a DOM-type XSS vulnerability will occur. [0004] At present, when performing security vulnerability dete...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 罗诗尧
Owner MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap