Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

XSS and CSRF based Web attack defense system and method

A defense system, the technology of this system, applied in transmission systems, electrical components, etc., can solve problems such as hindering technological development, and achieve the effects of low false positive rate, reduced false positive rate, and high accuracy

Inactive Publication Date: 2017-05-31
WUHAN HONGXU INFORMATION TECH
View PDF4 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

On the one hand, WEB technology is convenient, interactive, and versatile, so it is adopted by more and more industries; hindered the development of the technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • XSS and CSRF based Web attack defense system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] Below in conjunction with accompanying drawing and embodiment describe in detail:

[0034] 1. System

[0035] 1. Overall

[0036] Such as figure 1 , the system includes a user 100 and a Web server 300;

[0037] An attack defense server 200 is provided, and the attack defense server 200 includes a filtering module 210, a whitelist module 220 and a token interception module 230;

[0038] Its interaction relationship is:

[0039] The user 100, the filtering module 210, the token intercepting module 230 and the Web server 300 interact in sequence;

[0040] The whitelist module module 220 interacts with the filter module 210 and the token intercept module 230 respectively.

[0041] 2. Function block

[0042] 1) User 100

[0043] User 100 is a mobile terminal, including a mobile phone and a notebook.

[0044] 2) Attack defense server 200

[0045] It is embedded with a filter module 210 , a whitelist module 220 and a token interception module 230 .

[0046] (1) Filtr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an XSS and CSRF based Web attack defense system and method, and relates to the field of network security. The system comprises a filtering module, a white list module and a token interception module. The method comprises the following steps: (1) the filtering module filters user input by using the following four manners: verifying the validity of the user input, processing special characters, performing cookie anti-theft and performing recursive purification on sensitive words; (2) for HTML script injection, the white list module uses an HTML parsing library to traverse all nodes so as to obtain original label attributes of the data therein, and reconstructs an HTML element tree through labels in the white list module to prevent HTML script injection attacks fundamentally; and (3) the token interception module intercepts HTTP requests not satisfying the requirements through a Token verification function. The XSS and CSRF based Web attack defense system disclosed by the invention has the characteristics of high accuracy, low false alarm rate and expandability.

Description

technical field [0001] The invention relates to the field of network security, in particular to an XSS and CSRF-based Web attack defense system and method thereof, which have the characteristics of high precision and low misjudgment rate. Background technique [0002] With the rapid development of the Internet industry, the importance of network and information security is increasing day by day. As large as military, national defense, government, banking and other key industries, as small as ordinary enterprises and even individuals, they are all facing risks such as network attacks, worms, and privacy leaks. . As more and more systems of enterprises and governments use WEB services, hackers' attacks on WEB services are also increasing rapidly. On the one hand, WEB technology has convenience, interactivity and versatility, so it is adopted by more and more industries; hinder the development of this technology. Among all WEB attacks, CSS and CSRF technical attacks are the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1466
Inventor 匡红保永武叶猛
Owner WUHAN HONGXU INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com