Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Website XSS vulnerability detection method and equipment

A vulnerability detection and website technology, applied in the field of network security, can solve the problems of detecting a large amount of website data, determining the specific situation and parameters of the vulnerability, manually sending packages and analyzing and responding difficult testing, etc., to achieve accurate and comprehensive detection and evaluation, saving manpower The effect of resources

Active Publication Date: 2015-04-22
QI-ANXIN LEGENDSEC INFORMATION TECH (BEIJING) INC +1
View PDF4 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this way of sending packets and other responses requires specific conditions to complete the detection. For example, the webpage with the test script added will not necessarily be displayed or displayed immediately, which leads to the fact that the detection vulnerabilities in the existing technology cannot be completely covered.
[0005] In addition, the XSS vulnerability detection in the prior art performs the packet sending operation and response analysis through timing or manual triggering by the user. On the one hand, due to the existence of human subjective factors, it is difficult to accurately determine the specific situation and the specific situation of the vulnerability based on the response. On the other hand, due to the large amount of data on the testing website, it is difficult to complete the test in a timely and effective manner by manually sending out packages and analyzing responses

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Website XSS vulnerability detection method and equipment
  • Website XSS vulnerability detection method and equipment
  • Website XSS vulnerability detection method and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] In order to understand the above-mentioned purpose, features and advantages of the present invention more clearly, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments can be combined with each other.

[0054] In the following description, many specific details are set forth in order to fully understand the present invention. However, the present invention can also be implemented in other ways different from those described here. Therefore, the protection scope of the present invention is not limited by the specific details disclosed below. EXAMPLE LIMITATIONS.

[0055]Those skilled in the art will understand that unless otherwise stated, the singular forms "a", "an", "said" and "the" used herein may also include plural forms. It should be further understood...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a website XSS vulnerability detection method and equipment. The method comprises the following steps that a to-be-detected link of a website is acquired; an XSS test character string is added into the to-be-detected link to form a test link, wherein the test character string comprises remote access codes, and the remote access codes are carried out to send an access request to a specified address; a hypertext transfer protocol request is sent according to the test link; if the specified address acquires the access request from the website, the fact that an XSS vulnerability exists in the website can be determined. According to the technical scheme of the website XSS vulnerability detection method and equipment, when a webpage corresponding to any detected link is displayed, the specified address can receive the access request of the website, and the fact that the XSS vulnerability exists in the website can be determined; a packet does not need to be sent for a specified link to wait for the response of the specified link, and the large-scale link vulnerability detection can be achieved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a website XSS vulnerability detection method and a website XSS vulnerability detection device. Background technique [0002] XSS is a cross-site scripting attack. When a website has an XSS vulnerability, the attacker can insert code into the page of the website, such as inserting malicious html code into the page of the website. When the user browses the page, the The html code will be executed, and these codes include HTML code and client-side script. The attacker uses the XSS vulnerability to bypass the access control, so as to achieve the special purpose of maliciously attacking the user. [0003] The XSS vulnerability problem will further lead to security problems of user data. Therefore, website visitors want to know the security level of the website, and naturally tend to use relatively safe websites, while website managers hope to fix the loopholes in time, overc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L43/04H04L63/1433
Inventor 赵武
Owner QI-ANXIN LEGENDSEC INFORMATION TECH (BEIJING) INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products