Web unauthorization loophole detection method and system

A vulnerability detection and vulnerability technology, which is applied in the field of Web security, can solve problems such as low efficiency and increased testing costs, and achieve the effect of improving detection efficiency and avoiding increased testing costs

Inactive Publication Date: 2018-01-12
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF3 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide a method and system for detecting Web unauthorized vulnerabilities, aiming to solve the problem of low efficiency in t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web unauthorization loophole detection method and system
  • Web unauthorization loophole detection method and system
  • Web unauthorization loophole detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] In order to clearly illustrate the technical features of the present solution, the present invention will be described in detail below through specific implementation methods and in conjunction with the accompanying drawings. The following disclosure provides many different embodiments or examples for implementing different structures of the present invention. To simplify the disclosure of the present invention, components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and / or letters in different instances. This repetition is for the purpose of simplicity and clarity and does not in itself indicate a relationship between the various embodiments and / or arrangements discussed. It should be noted that components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted herein to avoid unnecessarily lim...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a Web unauthorization loophole detection method and system. The method comprises the steps that all HTTP requests in a Web page are acquired, and initial response information isrecorded; identity label information in the HTTP requests is replaced, the requests are submitted again, and latest response information is recorded; the initial response information and the latest response information are compared, and different terms are request terms which comprise suspected unauthorization loopholes. According to the method, by acquiring all the HTTP requests in the Web page,replacing the identity label information in the HTTP requests, submitting the requests again, comparing the HTTP response results in a Web system to be detected and outputting an HTTP request list which comprises the suspected unauthorization loopholes, the detection efficiency of loophole detection is greatly improved; meanwhile, by means of a Web site achieved through compatible use of all technologies, testing cost increase caused by repeated development of testing tools is avoided.

Description

technical field [0001] The invention relates to the field of Web security, in particular to a method and a system for detecting Web unauthorized loopholes. Background technique [0002] With the recent outbreak of various high-risk vulnerabilities, network security issues have attracted more and more attention. Privilege violation vulnerability, a common security vulnerability in web applications, means that due to the negligence of programmers, there is no strict restriction on the permissions / users required for an operation, so that users who should not have operation permissions can operate normally. The threat is that one account can control the user data of the entire site, that is, an attacker can use a legitimate account to perform illegal operations on other account data that has unauthorized flaws, such as query, insert, delete, modify and other routine database commands. [0003] Privilege violation vulnerability is a kind of business logic vulnerability, which ca...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57H04L29/06
Inventor 刘雁鸣
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap