Method and system for scanning cross-site vulnerability

A vulnerability scanning and vulnerability technology, applied in the field of cross-site vulnerability scanning methods and systems, can solve the problems of being unable to target deformed cross-site code cross-site attack methods, unable to detect DOM-type cross-site vulnerabilities, and unable to detect cross-site vulnerabilities, etc. To achieve the effect of ensuring website security, saving time, and saving time

Inactive Publication Date: 2015-06-03
XINGHUA YONGHENG BEIJING TECH CO LTD
View PDF3 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The cross-site code belongs to the scripting language and runs in the client (browser). It adopts a dynamic operation mechanism. Static scanning technology cannot detect DOM-type cross-site vulnerabilities.
[0006] (2) Rule base comparison technology cannot target deformed cross-site codes and new cross-site attack methods
[0007] In summary, the conventional cross-site vulnerability detection technology has the defects of high false negative rate and high false negative rate
Moreover, the existing cross-site vulnerability scanning tools are based on single-thread or single-thread, which is inefficient and can only target a single URL, not the entire site to detect cross-site vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for scanning cross-site vulnerability
  • Method and system for scanning cross-site vulnerability
  • Method and system for scanning cross-site vulnerability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] Embodiments of the present invention are described in detail below, and examples of the embodiments are shown in the drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary and are intended to explain the present invention and should not be construed as limiting the present invention.

[0041] The invention provides a cross-site vulnerability scanning method and system with high efficiency, low false alarm rate and comprehensive scanning, which can support the scanning of various cross-site vulnerabilities. For example, Reflected-XSS, Stored-XSS, and DOM (DOM-XSS) cross-site vulnerabilities.

[0042] Such as figure 1 As shown, the cross-site vulnerability scanning method of the embodiment of the present invention includes the following steps:

[0043]Step S1, crawling the links of the whole site or ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a system for scanning a cross-site vulnerability. The method comprises the following steps of crawling the links of the full site or the single page of a target site; filtering the links obtained by crawling according to a preset condition, so as to obtain a plurality of potential cross-site vulnerability links; carrying out a fuzzy test on each potential cross-site vulnerability link by adopting an attack vector; in the process of the fuzzy test, dynamically analyzing the webpage source code of each potential cross-site vulnerability link by adopting the inner core of a browser, so as to judge whether the potential cross-site vulnerability link has the cross-site vulnerability or not; storing the link having the cross-site vulnerability and the attack vector loaded correspondingly in a database. By using the method and the system for scanning the cross-site vulnerability, a method and a system, which are high in efficiency, low in false alarm rate and complete in scanning, for detecting the cross-site vulnerability can be provided.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a cross-site vulnerability scanning method and system. Background technique [0002] In recent years, with the rapid development of Internet technology, more and more users base their key business on Web applications. While displaying all kinds of information and interacting with Web servers through the use of browsers, security threats to these key businesses also follow. In addition, due to the complexity of the user's business system and the variability of the network environment, more and more users pay attention to Web security issues. [0003] Cross-site vulnerabilities and SQL injection vulnerabilities have become the two top vulnerabilities that threaten Web security. Cross-site vulnerabilities can be used to hang horses, steal accounts of various systems, tamper with or delete background data, steal system sensitive data, phishing attacks, etc., endangering us...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433
Inventor 何永强邓易陈川
Owner XINGHUA YONGHENG BEIJING TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap