Offline detection method and system for cross-site scripting vulnerability

A technology for cross-site scripting vulnerabilities and vulnerabilities, applied in software testing/debugging and other directions, it can solve the problems of uncontrollable crawling rate of crawler, reduce business logic coverage, consume a lot of time, etc., and achieve the effect of improving coverage and automation.

Active Publication Date: 2015-07-08
MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
View PDF3 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] 1. The crawler may grab a large number of useless pages, and the pages cannot be customized; in this way, using multiple vulnerability verification scripts will generate a large amount of garbage data and delete normal content; this not only consumes a lot of time, but also reduces business logic coverage
[0012] 2

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Offline detection method and system for cross-site scripting vulnerability
  • Offline detection method and system for cross-site scripting vulnerability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] figure 1 It is a functional block diagram of an offline detection system for cross-site scripting vulnerabilities based on resource isolation according to an embodiment of the present invention. Such as figure 1 As shown, the system includes: an automated detection system front-end control device 110 , an automated testing environment resource isolation device 120 , a network traffic forwarding device 130 , a distributed scheduling device 140 , and a cross-site scripting vulnerability security testing device 150 .

[0039] The front-end control device 110 of the automatic detection system is used to receive the security test instruction, and obtain the IP of the function test server and the function test item HOST (virtualized website). During specific implementation, the front-end control device 110 of the automated detection system receives instructions from safety testers, and inputs the IP of the function test server, function test item HOST, and safety test item n...

Embodiment 2

[0051] Embodiments of the present invention provide an offline detection method for cross-site scripting vulnerabilities based on resource isolation, thereby automatically completing offline security testing.

[0052] figure 2 It is a flowchart of an offline detection method for cross-site scripting vulnerabilities based on resource isolation according to an embodiment of the present invention. combined reference figure 1 and figure 2 , the method includes the following processing steps:

[0053] Step 210: the front-end control device of the automatic detection system receives the safety test instruction, and obtains the IP of the functional test server and the functional test item HOST (virtualized website);

[0054] Specifically, in this step, the function tester will input the item number of the function test of the program, the HOST of the test environment and the server IP into the front-end control device of the automatic detection system.

[0055] Step 220: The au...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an offline detection method and system for a cross-site scripting vulnerability. The offline detection method includes that a control device acquires the IP of a function test server and a function test project virtualization website HOST; a resource isolating device carries out resource isolation on a target function test environment, packs standard resource isolating mirror images and deploys in a safety test environment; a transmitting device deployed in the target function test environment transmits network flow which conforms to the function test project to a scheduling device; the scheduling device carries out data encapsulation on the transmitted network flow and sends the encapsulated test data to a test device; the test device sends a safety test request to the safety test environment, analyzes the page returned from the safety test environment to find out the cross-site scripting safety vulnerability, and sends to the control device; the control device confirms the safety test project of the safety vulnerability according to the IP of the function test server and the function test project HOST. The offline detection method and system for the cross-site scripting vulnerability enable the coverage and automatic degree of the safety test to be improved.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method and a system for detecting cross-site scripting vulnerabilities (XSS). Background technique [0002] At present, in the security testing of Web program projects, security testers not only need to conduct security tests on the program, but also have a full understanding of the logic of the program in order to cover the security test of the program as much as possible. The coverage rate of security testing is always lower than that of functional testing, resulting in the inability to test all possible program branches and online security vulnerabilities. [0003] The technical scheme of prior art one is as follows: [0004] Obtain the source code of the target page and extract the script code in it, traverse all the script codes, and use the predefined dirty data entry to obtain all the dirty data entries in the script code and the variables passed by the dirty ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36
Inventor 姜楠
Owner MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap