Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cross-site scripting attack defense method and device, application server

A cross-site scripting attack and application server technology, which is applied in the computer field, can solve problems such as low efficiency and heavy workload, and achieve the effect of reducing workload and improving efficiency

Inactive Publication Date: 2018-05-15
NEW FOUNDER HLDG DEV LLC +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because the existing technology needs to hard-code each form of each web page, the workload is relatively large, so the existing cross-site scripting attack defense method is inefficient

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-site scripting attack defense method and device, application server
  • Cross-site scripting attack defense method and device, application server
  • Cross-site scripting attack defense method and device, application server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] figure 1 A schematic flowchart of a cross-site scripting attack defense method provided by an embodiment of the present invention, as shown in figure 1 shown, including:

[0022] 101. The application server receives the access request sent by the terminal.

[0023] Wherein, the access request is used to request access to the application program in the application server.

[0024] Before step 101, the application server analyzes the malicious codes of historical XSS attacks, obtains the keywords of the malicious codes, and establishes a feature library storing the keywords of the malicious codes.

[0025] 102. The application server parses the access request to obtain the request header.

[0026] Wherein, the request header includes the target information input by the terminal through the form of the Web page.

[0027] 103. The application server uses a regular expression to match the keywords in the feature library with the target information in the request header. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a cross-site scripting attack defense method and device and an application server. The method comprises the following steps: receiving an access request sent by a terminal through the application server; resolving the access request to obtain a request header; matching keywords in a feature library with target information in the request header by using a regular expression; and if keywords matched with the target information in the request header exist in the feature library, determining that a malicious code exists in the target information in the request header through the application server, and denying the access request through the application server in order to defense cross-site scripting attacks. Through uniform detection of the access requests sent by the terminal on the application server, hard coding of each Web page is avoided; the workload is lowered; and the cross-site scripting attack defense efficiency is increased.

Description

technical field [0001] The invention relates to computer technology, in particular to a cross-site scripting attack defense method and device, and an application server. Background technique [0002] Cross-site scripting attack is a network attack method that exploits web page vulnerabilities. The attack terminal sends an access request containing malicious code to the application program in the application server by inputting information containing malicious code in the web page, so that the application program generates a web page containing malicious code after receiving the access request. Thereby inserting malicious code in the Web page. When the user terminal opens the web page, the malicious code in the web page is executed, and the malicious code is often used to implement network attacks such as maliciously stealing information from the user terminal, so that the attack terminal completes the network attack on the user terminal. [0003] In the prior art, the form...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 蔡林
Owner NEW FOUNDER HLDG DEV LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com