Website attack verification method and device

A verification method and verification device technology, applied in the field of information security, can solve the problems of large number of attacks, high labor costs, and untimely response, and achieve the effects of improving accuracy and reliability, saving labor costs, and accelerating speed.

Active Publication Date: 2015-04-29
GUANGZHOU PINWEI SOFTWARE
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the number of attacks that the website receives every day is very large, and as the popularity rises, the number of attacks will increase
Existing methods for manually verifying the effectiveness of attacks have shortcomings such as time-consuming, untimely response, low accuracy, and high labor costs.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Website attack verification method and device
  • Website attack verification method and device
  • Website attack verification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The specific implementation of the website attack verification method of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0021] Such as figure 1 As shown, a website attack verification method includes steps:

[0022] S110, collecting various attack logs of the website;

[0023] S120. Perform keyword matching and HTTP status code matching according to the information recorded in each attack log, and determine the attack corresponding to the attack log matching the preset keyword or preset HTTP status code as non-threatening;

[0024] S130, submit the URL of an attack that has not yet been determined to have a threat through the python urllib library, and obtain each HTTP return packet information and each webpage source code;

[0025] S140. Match the source code of each webpage with the characteristic keyword of the preset sensitive information file. If the source code of the webpage matches the characteristic ke...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a website attack verification method and device. Keyword matching and HTTP state code matching are conducted through attack logs, attacks which can be graded without having access to a webpage are filtered out in advance, URLs of remaining attacks are automatically submitted, HTTP return packet information and webpage source codes corresponding to the remaining attacks are acquired by having access to the webpage, and the remaining attacks are determined to be with threats and without threats and to be manually verified according to the HTTP return packet information and the webpage source codes. The attack effectiveness can be automatically verified, the manual verification quantity is greatly reduced, responses can be made to the attacks in time, the attack verification time is saved, accuracy and reliability of attack verification are improved, and labor cost is saved.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a website attack verification method and a website attack verification device. Background technique [0002] Online sites experience tens of thousands of attacks every day. Attackers hope to obtain illegal benefits through the loopholes of the website, such as buying goods without paying, defrauding normal users to remit money, transferring money, stealing sensitive information and using reselling, etc. Most attackers scan websites with a vulnerability scanner. The vulnerability scanner will replace or change normal paths or parameters with malicious attack loads (Payload) to find website vulnerabilities. Because the attacker has no way of knowing the specific configuration of the website server, nor can he predict the vulnerability of the website, such attacks are often untargeted. And because vulnerability scanners often work concurrently, this causes the websit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor孟诚李康
OwnerGUANGZHOU PINWEI SOFTWARE