Method and system for detecting web page vulnerabilities

A vulnerability detection and webpage technology, which is applied in the field of network security, can solve the problems of high false negative rate, high maintenance cost, and excessive occupancy, and achieve the effects of low false positive rate, low maintenance cost, and strong preventiveness

Active Publication Date: 2020-05-12
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of this, the object of the present invention is to provide a method and system for detecting webpage vulnerabilities, which can solve the problems of high false negative rate, excessive bandwidth occupation, and high maintenance cost of existing network scanners.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting web page vulnerabilities
  • Method and system for detecting web page vulnerabilities
  • Method and system for detecting web page vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] see figure 2 , which is a schematic flow chart of the method for detecting webpage vulnerabilities in the present invention. The method for detecting webpage vulnerabilities includes:

[0047] In step S201, a vulnerability rule library is created for storing vulnerability rules, wherein the vulnerability rules include vulnerability function names, execution function names and one or more corresponding vulnerability parameter structures.

[0048] Vulnerabilities in the vulnerability rules include, according to common types: structured query language (SQL) injection vulnerabilities, auto-completion vulnerabilities, directory traversal vulnerabilities, hidden field manipulation vulnerabilities, buffer overflow vulnerabilities, cross-site scripting vulnerabilities, and denial of One or more combinations of service attack vulnerabilities.

[0049] The creation method of the vulnerability rule base specifically includes: (1) analyzing the above-mentioned known vulnerabilit...

Embodiment 2

[0067] see image 3 , which is a block diagram of the system for detecting web page loopholes of the present invention.

[0068] A webpage vulnerability detection system is applied to a server 30. It can be understood that: the server 30 may be a server host, or a cloud server platform.

[0069] The webpage loophole detection system is used to receive user requests, analyze whether there are webpage loopholes, and send risk warning information accordingly. The web page vulnerability detection system at least includes: a vulnerability rule base 31 , a preprocessing module 32 , a matching module 33 , and a risk warning module 34 .

[0070] Vulnerability rule library 31 is used to store the vulnerability rules, wherein the vulnerability rules include the name of the vulnerability function, the name of each execution function and one or more corresponding vulnerability parameter structures.

[0071] Vulnerabilities in the vulnerability rules include, according to common types: ...

Embodiment 3

[0092] see Figure 4 , which is a schematic diagram of the defense framework of the webpage vulnerability detection system of the present invention. From the perspective of defense architecture, the webpage vulnerability detection system is explained.

[0093] A webpage vulnerability detection system includes a vulnerability analysis part 41 and a data support part 42.

[0094] It can be understood that: the vulnerability analysis part 41 is generally located at figure 1 on the analysis server 31, and the vulnerability rule generation part can be located on the analysis server 31, also can be located at figure 1 The data is supported on the server 33.

[0095] The vulnerability analysis part 41 is used to receive user requests, analyze whether there are webpage vulnerabilities, and send risk warning information accordingly. Specifically, the vulnerability analysis part includes: a preprocessing module 411 , a matching module 412 , a risk warning module 413 , and a preset v...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method and a system of webpage bugs. The method includes: a user request is received, and an execution function name, a parameter structure, and an execution content are dynamically obtained from the user request; the execution function name or the parameter structure and a preset bug rule in a bug rule base are matched, wherein the bug rule comprises bug function names, and execution function names and corresponding one or more bug parameter structures thereof; and if the execution function name and the bug function name are successfully matched and / or the parameter structure and the bug parameter structure are successfully matched, risk warning information of the execution content is sent. According to the method and the system, the execution function name and the parameter structure are dynamically obtained and matched with the bug rule, the corresponding risk warning information is sent, the webpage bugs can be rapidly recognized, the expandability is high, and the prevention is good.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to a method and system for detecting web page loopholes. Background technique [0002] At present, Internet technology has penetrated into all aspects of daily life, bringing great convenience to production and life. At the same time, network security has also received more and more attention, especially the webpage (WEB) applications in which are facing the following security issues: 1. Vulnerabilities in computer software design and implementation; 2. Transmission Control Protocol / Internet Protocol (TCP / IP, Transmission Control Protocol / Internet Protocol) protocol design did not fully consider its security; 3. Misconfiguration and operation during system and network use. [0003] Vulnerabilities, also known as vulnerabilities, are defects and deficiencies in the specific implementation of hardware, software and protocols of computer systems or system security policies...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F21/57
Inventor 朱海星
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap