A vulnerability detection method, gateway device, browser and system

Abstract

The embodiment of the invention discloses a vulnerability detection method, gateway equipment, a browser and a system, a computer device, and a readable storage medium for realizing the vulnerability detection of the browser at one side of the intranet, thereby lowering security risk. The method disclosed by the embodiment of the invention comprises the following steps: acquiring HTTP request information issued by the browser; feeding back HTTP response information to the browser according to the HTTP request information so that the browser can use a detection script in the HTTP response information to perform the vulnerability detection, and return a detection result to the gateway equipment; receiving the detection result returned by the browser; judging whether the vulnerability is existent in the browser according to the detection result; and intercepting the HTTP request information if the vulnerability is existent.

Description

technical field [0001] The present invention relates to communication technology, in particular to a loophole detection method, gateway equipment, browser and system, computer device, and readable storage medium. Background technique [0002] At present, the targets of hacker attacks include not only servers, but also clients. For client-side attacks, exploiting browser vulnerabilities is an important means of intrusion. Although various manufacturers continue to strive to launch new, better-performing, and more secure Web browsers, such as Google's Chrome, attacks and vulnerabilities in Web browsers still exist. hanging by a thread. [0003] In practical applications, compared to Firefox, which is a highly secure browser, the security of Chrome or IE browser without Flash plug-in may be better, which shows that the current browser vulnerabilities are mainly caused by browser plug-ins , existing browsers integrate complex plug-ins such as ActiveX plug-ins, Flash Player plu...

AI Technical Summary

Problems solved by technology

[0003] In practical applications, compared to Firefox, which is a highly secure browser, the security of Chrome or IE browser without Flash plug-in may be better, which shows that the current browser vulnerabilities are mainly caused by browser plug-ins , existing browsers integrate complex plug-ins such as ActiveX plug-ins, Flash Player plug-ins, Java virtual machine plug-ins, Adobe Reader plug-ins, although these plug-ins can enhance browser functions, such as image processing, user-friendly interface and various Animations, etc., but these plug-ins may contain additional flaws and loopholes, which will increase the security risk of the client

[0004] In the existing solution, the vulnerability detection for the browser can only be performed locally through the client's security software, and cannot be remotely detected in batches. This depends on the security awareness of each client user. Users with high security awareness will regularly patch and update the client. The browser or browser plug-in on the client side may also restrict browser functions and configure security settings, such as prohibiting the automatic operation of Java applets, JavaScript, VBScript, and ActiveX, so as to improve the security of the client

However, not all client users have high security awareness, and if network administrators want to ensure the security performance of internal users' browsers, they can only detect them one by one, which is too inefficient

Images