Method and device for detecting horizontal permission vulnerabilities

A detection method and permission technology, applied in the computer field, can solve problems such as low execution efficiency, reduce the false detection rate and false negative rate, improve the detection performance, and ensure the efficiency of vulnerability detection.

Inactive Publication Date: 2017-10-24
ALIBABA GRP HLDG LTD
View PDF7 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Using the manual code audit method, it is necessary to manually read the code to find the level of authority loopholes, and there is a problem of low execution efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting horizontal permission vulnerabilities
  • Method and device for detecting horizontal permission vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to improve the detection accuracy of horizontal authority loopholes and improve detection efficiency, in the embodiment of the present application, a new detection method for horizontal authority loopholes is designed. The specified parameters in the scanned uniform resource locator (Uniform Resource Locator, URL) are replaced by preset rules, and whether there is a horizontal authority vulnerability is judged according to the returned result.

[0050] Preferred embodiments of the present application will be described in further detail below in conjunction with the accompanying drawings.

[0051] In the embodiment of the present application, the detection device used to detect the level authority vulnerability can be a centralized server specially used for testing, or a server cluster built with a distributed architecture, as long as it can realize the technology of the embodiment of the present application All the devices in the scheme can be adopted. In the s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application relates to a computer technology, and especially relates to a method and a device for detecting horizontal permission vulnerabilities. The method and the device are used to improve the detection accuracy of horizontal permission vulnerabilities and improve the detection efficiency. The method includes the following steps: replacing original user identity information carried in a target request message with corresponding test user identity information; accessing a corresponding target address based on the test user identity information carried in the target request message; and determining whether a service function corresponding to the target request message has horizontal permission vulnerabilities according to whether a received response message contains sensitive information corresponding to the original user identity information. Thus, no additional operation processing burden is placed on the system, and the efficiency of vulnerability detection is guaranteed. Meanwhile, as vulnerability detection is carried out based on the nature of horizontal permission vulnerabilities during operation, the accuracy and credibility of detection results are ensured. The false detection rate and missing report rate are reduced, and the detection performance is improved.

Description

technical field [0001] The present application relates to computer technology, in particular to a method and device for detecting horizontal authority loopholes. Background technique [0002] Now more and more companies' business is displayed to Internet users in the form of browser / server (Browser / Server, B / S), and these users have some private sensitive data, including personal information (ID card, mobile phone , address), etc. Unscrupulous users can take advantage of the horizontal permission loopholes of the B / S website to cause the user's private and sensitive data to leak. [0003] The so-called horizontal permission vulnerability refers to a security vulnerability that appears on the B / S application layer website, when presenting sensitive data associated with users, without user attribution verification, one user can access the sensitive data of another user. [0004] Horizontal authority vulnerability detection has always been a relatively difficult problem in th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/57
CPCG06F21/577H04L63/1433
Inventor 杨宁
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap