XSS vulnerability detection method and device

A vulnerability detection and to-be-detected technology, applied in the field of XSS vulnerability detection, can solve problems such as poor accuracy of detection results, and achieve the effect of solving poor accuracy, avoiding missed judgments and misjudgments, and improving accuracy

Inactive Publication Date: 2016-01-27
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present invention provides a method and device for detecting an XSS vulnerability to at least solve the technical problem that the accuracy of the detection result obtained by the XSS vulnerability detection scheme based on the matching analysis of webpage files is poor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • XSS vulnerability detection method and device
  • XSS vulnerability detection method and device
  • XSS vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] According to an embodiment of the present invention, a method for detecting XSS vulnerabilities is provided, such as image 3 As shown, the method includes:

[0025] S102: Obtain the URL of the webpage to be detected and the executable script code of the web server where the webpage to be detected is located;

[0026] S104: updating the script code into the URL of the webpage to be detected;

[0027] S106: Use the updated URL to access the webpage to be detected;

[0028] S108: Determine whether the web server executes the script code;

[0029] S110: If the web server executes the script code, it is determined that the webpage to be detected has a cross-site scripting attack (XSS) vulnerability.

[0030] It should be clear that one of the problems to be solved by the embodiments of the present invention is to provide a method for effectively detecting XSS vulnerabilities.

[0031] XSS vulnerability is a computer security vulnerability that often appears in web pages...

Embodiment 2

[0074] According to an embodiment of the present invention, there is also provided a detection device for implementing the XSS vulnerability of the above detection method, such as Figure 9 As shown, the device includes:

[0075] 1) Acquisition unit 902, used to obtain the Uniform Resource Identifier URL of the webpage to be detected and the executable script code of the Web server where the webpage to be detected is located;

[0076] 2) update unit 904, for updating the script code in the URL of the webpage to be detected;

[0077] 3) an access unit 906, configured to use the updated URL to access the webpage to be detected;

[0078] 4) judging unit 908, used to judge whether the web server executes the script code;

[0079] 5) The output unit 910 is configured to determine that the webpage to be detected has a cross-site scripting attack (XSS) vulnerability when the web server executes the script code.

[0080] It should be clear that one of the problems to be solved by t...

Embodiment 3

[0123] According to an embodiment of the present invention, a storage medium for storing the process entities of the detection method described in Embodiment 1 is also provided, such as Figure 10 As shown, the storage medium is configured to store program code for performing the following steps:

[0124] S1002: Obtain the URL of the webpage to be detected and the executable script code of the web server where the webpage to be detected is located;

[0125] S1004: updating the script code into the URL of the webpage to be detected;

[0126] S1006: Use the updated URL to access the webpage to be detected;

[0127] S1008: Determine whether the web server executes the script code;

[0128] S1010: If the web server executes the script code, it is determined that the webpage to be detected has a cross-site scripting attack (XSS) vulnerability.

[0129] Optionally, in this embodiment, the above-mentioned storage medium can be located in such as figure 2 On the background server...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an XSS vulnerability detection method and device. The method comprises that a URL of a webpage to be detected and an executable script code of a Web server of the webpage to be detected are obtained; the script code is updated in the URL of the webpage to be detected; the updated URL is used to access the webpage to be detected; whether the Web server executes the script code is detected; and if the Web server executes the script code, it is determined that XSS vulnerability exists in the webpage to be detected. The method and device of the invention can be used to solve the technical problem that a detection result obtained via an XSS vulnerability detection scheme based on matching and analysis of webpage files is lower in accuracy.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method and device for detecting XSS vulnerabilities. Background technique [0002] XSS (CrossSiteScripting) vulnerability is a computer security vulnerability that often appears in Web pages, that is, web pages. Specifically, an XSS vulnerability usually refers to a situation in which a user can implant code into a web page or the web server where the web page is located due to a problem in the writing of the web page. Malicious users can use the XSS vulnerability in the webpage to bypass conventional access control, thereby endangering the web server, other clients accessing the webpage, and regular users. Therefore, in order to improve the security level and reliability of the network operating environment, how to effectively detect XSS vulnerabilities in web pages has become an urgent problem to be solved. [0003] Since the XSS vulnerability is usually caused by the imper...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L29/08G06F21/57
Inventor 罗嘉飞
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap