Page loophole detection device and page loophole detection method

A vulnerability detection and page technology, which is applied in the field of webpage security, can solve problems such as insufficient coverage path, failure to achieve test results, insufficient PHP page source code path, etc., to achieve the effect of reducing false alarm rate and improving vulnerability coverage rate

Active Publication Date: 2013-12-18
SHENZHEN TENCENT COMP SYST CO LTD
View PDF5 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] First, its effect depends on the way of constructing use cases. If there are too few use cases, the source code path of the covered PHP page is not enough, and there will be a lot of false positives
If the use case structure is not comprehensive, the coverage path is still insufficient, and a large number of false positives
[0005] Second, the use case may require a specific pattern. For example, the PHP page starting with the "http" string will continue to be processed. Otherwise, all use cases will be discarded, and the inner logic cannot be entered, and the test effect cannot be achieved. There are still a lot of false positives.
[0006] Third, black box scanning relies on the returned page to judge the test results. If the PHP page is not returned, it will miss the report
[0007] Fourth, black-box scanning relies on the correct deployment of PHP pages. It can only test PHP pages that have been fully deployed and can be accessed normally. When the source code of an undeployed PHP page is given alone, black-box scanning cannot work
[0009] The disadvantage of the characteristic string matching method is that there are too many false positives, because if the input of the dangerous function is fixed and cannot be controlled by the attacker, the use of the dangerous function will not cause a loophole

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Page loophole detection device and page loophole detection method
  • Page loophole detection device and page loophole detection method
  • Page loophole detection device and page loophole detection method

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0038] refer to figure 1 , the first embodiment provides a page vulnerability detection device 100, which includes: a lexical syntax analysis module 11, an abstract syntax tree (Abstract Syntax Tree, AST) management module 12, a preprocessing module 13, a symbol table module 14, a function summary module 15 and the stain backtracking module 16.

[0039] The lexical and grammatical analysis module 11 is used to read in the program source code, convert the source code into AST through the lexical and grammatical analysis process of the compiling principle, and hand it over to the AST management module for management. For example, each statement in the program source code will correspond to a node converted into AST. refer to figure 2 , such as if(){} will be converted into an ifStmt node, and the corresponding source code information (such as row information) can be saved in the node. The conditional judgment statement (the part inside the parentheses in the first line) and ...

no. 2 example

[0055] refer to image 3 , the second embodiment provides a method for detecting page vulnerabilities, which includes the following steps:

[0056] Step 1. Provide the abstract syntax tree and symbol table information of the source code of the detected program;

[0057] Step 2, traversing the abstract syntax tree to obtain all trigger nodes;

[0058] Execute for each trigger node:

[0059] Step 3, extracting the set of all related variables according to the symbol table information; and

[0060] Step 4. Backtracking each related variable, if it is found that the related variable can be changed by an input controllable by the attacker, it is regarded as finding a vulnerability and outputting the vulnerability information.

[0061] The abstract syntax tree and symbol table information in step 1 can be prepared before step 1 is performed, or the abstract syntax tree and symbol table information that has been processed by other external programs can be directly used. The speci...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a page loophole detection device which comprises an abstract syntax tree management module, a symbol table module and a stain backtracking module. The abstract syntax tree management module is used for detecting an abstract syntax tree of a detected program source code, the symbol table module is used for managing symbol table information of the detected program source code, the stain backtracking module is used for reading the abstract syntax tree from the abstract syntax management module, traversing the abstract syntax tree to acquire a set of all pre-configured triggering nodes and backtracking all correlated variables of each triggering node according to the symbol table information, and if correlated variables can be input and changed by an attacker in a controllable manner, existence of loopholes at the triggering nodes is judged, and loophole information is output. By the page loophole detection device, loophole coverage rate can be increased, and false alarm rate can be lowered. In addition, the invention provides a page loophole detection method.

Description

technical field [0001] The present invention relates to web page security technology, in particular to a page loophole detection device and a detection method, in particular to a PHP page loophole detection device and a detection method. Background technique [0002] At present, the method for detecting vulnerabilities in various active pages such as PHP pages is mainly black-box scanning. By constructing a large number of deformed use cases, visit the PHP page, and then judge the content of the returned page. If there is specific data in the returned page, it is considered that the PHP page cannot handle the input correctly, and there is a loophole. [0003] The black box scanning method has the following disadvantages: [0004] First, its effect depends on the method of constructing use cases. If there are too few use cases, the source code path of the covered PHP page is not enough, and there will be a large number of false positives. If the use case construction is no...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
Inventor 钟同圣王金锭李佳
Owner SHENZHEN TENCENT COMP SYST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap