Defense method and system for cross-site scripting attack

A cross-site scripting attack and defense system technology, applied in transmission systems, instruments, computing, etc., can solve problems such as low operating efficiency, detection of non-attack events, and non-detection of attack events, etc., to achieve high operating efficiency and good defense The effect of the function

Active Publication Date: 2019-03-29
ALIBABA GRP HLDG LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the embodiments of the present application is to provide a defense method and system for cross-site scripting attacks to solve the problem of detection of non-attack events, non-detection of attack events, and operating efficiency in the defense of cross-site scripting attacks in the prior art. Low and inaccurate detection problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Defense method and system for cross-site scripting attack
  • Defense method and system for cross-site scripting attack
  • Defense method and system for cross-site scripting attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0020] figure 1 It is a flow chart of the defense method for cross-site scripting attack provided by Embodiment 1 of the present application. This example is applicable to the processing scenario of web page data, and this embodiment can be executed by the client.

[0021] Such as figure 1 As shown, the defense method of cross-site scripting attack in this application specifically includes the following steps:

[0022] Step 101, receiving the web page data sent by the server, the web page data including the detection device script;

[0023] The client receives the web page data sent by the server. First, the client sends a request to the server, and then receives the webpage data that the server responds to. The difference between the webpage data here and ordinary webpage data is that the webpage data includes the detection device script.

[0024] Optionally, the detection device script is located in the first line after the header tag of the web page. For example, the ...

Embodiment 2

[0105] figure 2 It is a specific flow chart of the cross-site scripting attack defense method provided in Embodiment 2 of the present application. This example is applicable to the processing scenario of webpage data, and this embodiment can be executed by the client, and the same or similar points between the second embodiment and the first embodiment can be referred to.

[0106] Such as figure 2 As shown, the defense method of cross-site scripting attack in this application specifically includes the following steps:

[0107] Step 201, receiving the webpage data sent by the server, the webpage data includes the detection device script;

[0108] The detection device script is located in the first line after the header tag of the web page.

[0109] Step 202, when processing the webpage data, create the webpage data as a model according to the sequence of the webpage data;

[0110]Optionally, the creating the web page data as a model specifically further includes: adding c...

Embodiment 3

[0131] Corresponding to the cross-site scripting attack defense method provided in the first embodiment of the present application, the third embodiment of the present application also provides a cross-site scripting attack defense system, the system is a client, see image 3 , the system may specifically include: a receiving unit 301 , a creating unit 302 , an acquiring unit 303 , a processing unit 304 and a detecting unit 305 .

[0132] The receiving unit 301 is configured to receive webpage data sent by the server, the webpage data including the detection device script;

[0133] The creating unit 302 is configured to create the webpage data as a model according to the arrangement order of the webpage data when processing the webpage data;

[0134] An acquiring unit 303, configured to acquire the first attribute value of the first attribute event when it is detected that the model includes the first attribute event;

[0135] A processing unit 304, configured to send an alar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for defending a cross-station script attack. The method comprises the following steps: receiving webpage data sent by a server, wherein the webpage data comprises a detection apparatus script; when the webpage data is processed, according to an arrangement sequence of the webpage data, creating a model through the webpage data; when it is detected that the model comprises a first attribute event, obtaining a first attribute value of the first attribute event; when the length of the first attribute value is greater than a first threshold, giving an alarm and deleting the first attribute event; when it is detected that the model comprises a script label, detecting whether the script label comprises a source address attribute; and if the script label has the source address attribute, when it is detected that the path of the source address attribute does not belong to a first area, giving an alarm and deleting the script label. According to the invention, an attack event can be accurately detected, the attack event can be intercepted, processed and alarmed in real time, the operation efficiency is high, and a good defense function of a website is exhibited.

Description

technical field [0001] This application relates to the technical field of website security, in particular to a defense method and system for cross-site scripting attacks. Background technique [0002] Cross-site scripting (Cross Site Scripting, XSS), the attacker embeds malicious code into the webpage, and when the client obtains the webpage data, the embedded malicious code is executed to achieve the purpose of malicious attack. Use website vulnerabilities to steal information and conduct illegal operations, such as stealing online banking accounts, administrator accounts or business information, controlling corporate data (reading, tampering, adding, and deleting corporate sensitive data), illegal transfers, forced emails, or The website is linked to the horse and so on. It can be seen that XSS constitutes one of the biggest threats to network services, not only endangering the services themselves, but also affecting users accessing network services. Therefore, defending...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F21/51G06F21/56
Inventor 刘磊
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap