Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for detecting cross-site scripting attack injection

A technology of cross-site scripting attack and script injection attack, applied in transmission systems, electrical components, etc., can solve the problems of heavy workload and high hardware configuration requirements, and achieve the effect of improving site security and reducing the risk of attacks

Active Publication Date: 2015-11-11
FUJIAN TQ DIGITAL
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This patent uses attack vectors to fuzz test each potential link, which requires a lot of work and requires high hardware configuration

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting cross-site scripting attack injection
  • Method and system for detecting cross-site scripting attack injection
  • Method and system for detecting cross-site scripting attack injection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to describe in detail the technical content, the achieved objectives and effects of the present invention, the following description will be given in conjunction with the embodiments and the accompanying drawings.

[0029] The most critical idea of ​​the present invention is to analyze and replace the cross-site scripting attack injection request, and send a second request to judge the response request to realize the detection of cross-site scripting attack injection into the system.

[0030] Please refer to figure 1 , Embodiment 1 of the present invention provides a method for detecting cross-site scripting attacks, including the following steps:

[0031] S1: The reverse proxy module records user access request logs;

[0032] S2: Group and classify the request logs, generate URL parameters, and save them;

[0033] S3: respectively detect the parameter name and parameter value in the URL parameters;

[0034] S4: Replace the parameter value with the corresponding c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for detecting cross-site scripting attack injection. The method comprises the following steps: recording request logs of user access by a reverse proxy module; grouping and classifying the request logs, and generate and saving a URL parameter; detecting a parameter name and a parameter value in the URL parameter, respectively; replacing the parameter value with corresponding content in a scripting injection attack dictionary list and generating a second request; sending a second request to a target server and receiving a response return request; judging whether the response return request contains attack content, and if so, adding the URL parameter to an injection risk list. In the way, the method for detecting the cross-site scripting attack injection is capable of detecting XSS bugs in a website more comprehensively, reducing the risk of attacks to users and improving the security of the website; besides, the URL detected by use of the method is more complete than the URL detected in a crawler way.

Description

Technical field [0001] The invention relates to a method and system for detecting cross-site scripting attack injection. Background technique [0002] The so-called cross-site scripting attack (CrossSiteScripting) is not to be confused with the abbreviation of Cascading Style Sheets (CSS), so the cross-site scripting attack is abbreviated as XSS. A malicious attacker inserts malicious html code into a Web page. When the user browses the page, the html code embedded in the Web will be executed, thereby achieving the special purpose of maliciously attacking the user. [0003] XSS is a computer security vulnerability that often appears in web applications. It allows malicious web users to implant code into pages that are provided to other users. For example, these codes include HTML code and client script. Attackers use XSS vulnerabilities to bypass access control-such as the same origin policy (sameorigin policy). This type of vulnerability has become widely known because it is use...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466
Inventor 陈丛亮刘德建毛新生
Owner FUJIAN TQ DIGITAL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com