Detection method and system of webpage bugs

A vulnerability detection and vulnerability technology, applied in the field of network security, can solve the problems of high maintenance cost, excessive occupation, and high false negative rate, and achieve the effect of low maintenance cost, low false negative rate, and strong preventive effect.

Active Publication Date: 2016-05-04
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of this, the object of the present invention is to provide a method and system for detecting webpage vulnerabilities, which can solve the problems of high false negative rate, excessive bandwidth occupation, and high maintenance cost of existing network scanners.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and system of webpage bugs
  • Detection method and system of webpage bugs
  • Detection method and system of webpage bugs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] See figure 2 , Shown is a schematic flow diagram of the method for detecting web page loopholes in the present invention. The method for detecting web page vulnerabilities includes:

[0047] In step S201, a vulnerability rule library is created to store the vulnerability rules, where the vulnerability rules include the name of the vulnerability function, the name of each execution function and its corresponding one or more vulnerability parameter structures.

[0048] The vulnerabilities in the vulnerability rules, according to common types, include: structured query language (SQL) injection vulnerability, auto-completion vulnerability, directory traversal vulnerability, hidden field manipulation vulnerability, buffer overflow vulnerability, cross-site scripting vulnerability, and rejection One or a combination of service attack vulnerabilities.

[0049] The method for creating the vulnerability rule base specifically includes: (1) analyzing the above known vulnerabilities ac...

Embodiment 2

[0067] See image 3 , Shown is a schematic diagram of modules of the web page vulnerability detection system of the present invention.

[0068] A detection system for web page vulnerabilities is applied to the server 30. It can be understood that: the server 30 may be a server host or a cloud server platform.

[0069] The web page vulnerability detection system is used to receive user requests, analyze whether there are web page vulnerabilities, and send risk warning information accordingly. The webpage vulnerability detection system includes at least: a vulnerability rule library 31, a preprocessing module 32, a matching module 33, and a risk warning module 34.

[0070] The vulnerability rule library 31 is used to store the vulnerability rules, where the vulnerability rules include the name of the vulnerability function, the name of each execution function and its corresponding one or more vulnerability parameter structures.

[0071] The vulnerabilities in the vulnerability rules, a...

Embodiment 3

[0092] See Figure 4 , Shown is a schematic diagram of the defense framework of the web page vulnerability detection system of the present invention. The webpage vulnerability detection system is explained from the perspective of defense architecture.

[0093] A web page vulnerability detection system includes a vulnerability analysis part 41 and a data support part 42.

[0094] It is understandable that the vulnerability analysis part 41 is generally located at figure 1 The analysis server 31 of the vulnerabilities, and the vulnerability rule generation part can be located on the analysis server 31, or located figure 1 The data is supported on the server 33.

[0095] The vulnerability analysis part 41 is used to receive user requests, analyze whether there are web page vulnerabilities, and send risk warning information accordingly. Specifically, the vulnerability analysis part includes: a preprocessing module 411, a matching module 412, a risk warning module 413, and a preset vulne...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method and a system of webpage bugs. The method includes: a user request is received, and an execution function name, a parameter structure, and an execution content are dynamically obtained from the user request; the execution function name or the parameter structure and a preset bug rule in a bug rule base are matched, wherein the bug rule comprises bug function names, and execution function names and corresponding one or more bug parameter structures thereof; and if the execution function name and the bug function name are successfully matched and / or the parameter structure and the bug parameter structure are successfully matched, risk warning information of the execution content is sent. According to the method and the system, the execution function name and the parameter structure are dynamically obtained and matched with the bug rule, the corresponding risk warning information is sent, the webpage bugs can be rapidly recognized, the expandability is high, and the prevention is good.

Description

Technical field [0001] The invention belongs to the field of network security, and particularly relates to a method and system for detecting web page loopholes. Background technique [0002] At present, Internet technology has penetrated into all aspects of daily life, bringing great convenience to production and life. At the same time, network security has also received more and more attention, especially the web pages (WEB) applications are facing the following security problems: 1. Computer software design and implementation loopholes; 2. Transmission control protocol / Internet protocol (TCP / IP (TransmissionControlProtocol / InternetProtocol) protocol was designed without full consideration of its security; 3. Misconfiguration and operation during system and network use. [0003] Vulnerabilities, also known as vulnerabilities, are defects and deficiencies in the specific implementation of hardware, software, and protocols or system security strategies in a computer system. Illega...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/57
Inventor 朱海星
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap