Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for preventing cross-site scripting attacks

A cross-site scripting attack and scripting technology, applied in the defense of cross-site scripting attacks, method systems, and a field of defense attacks, can solve problems such as failure to find problems, increase server pressure and complexity, and improve security, The effect of defending against cross-site scripting attacks

Inactive Publication Date: 2018-03-27
JINAN INSPUR HIGH TECH TECH DEV CO LTD
View PDF3 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing defense technology is to filter on the server after the attack occurs to prevent the attack from causing harm to the server. This method increases the pressure and complexity of the server
In addition, vulnerability scanning is performed on web pages to detect potential vulnerabilities. Scanning can only be performed after the code is online. After a vulnerability is found, it will take a certain period of time to be repaired. There is a lag, and vulnerability scanning is a black-box mechanism that cannot find all problems.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for preventing cross-site scripting attacks
  • Method and system for preventing cross-site scripting attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention provides a method for defending against cross-site scripting attacks:

[0034] According to the specific structure of the website, a keyword blacklist is established for JavaScript events and JavaScript script content, which is convenient for filtering and reviewing.

[0035] For the three stages of the standard browser event model, use the filtering module to filter and review the content in the page element tag in the capture stage of the event model to prevent the triggering of sensitive events.

[0036] By detecting changes in the DOM tree of the page, monitor each static script file loaded on the page, and use the filtering module to filter and review script files to prevent suspicious scripts from being executed.

[0037] Upload all intercepted suspicious events and suspicious script information to the server.

[0038] At the same time, a system for defending against cross-site scripting attacks corresponding to the above method is provided,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for preventing cross-site scripting attacks, relating to the field of website security. The method includes the following steps: establishing a keyword blacklist for JavaScript events and JavaScript script contents according to a specific architecture of a website to facilitate filtering review, using a filtering module to perform filtering review on contents of a page element tag in a capture stage of an event model for three stages of a standard browser event model, preventing the trigger of sensitive events, detecting the changes in a page DOM tree, monitoring each static script file loaded on the page, performing filtering review on the script files by using the filtering module, preventing the execution of suspicious scripts, and uploading all intercepted suspicious events and suspicious script information to a server. According to the scheme of the invention, the execution of the sensitive events and attack scripts can be effectively prevented in the case that a Web page has vulnerabilities or the attack scripts are injected into the Web page, the security of the system can be improved, and the cross-site scripting attacks can be effectively prevented.

Description

technical field [0001] The invention discloses a method and system for defending against attacks, and relates to the field of website security, in particular to a method and system for defending against cross-site scripting attacks. Background technique [0002] Among various website security vulnerabilities, cross-site scripting attack (Cross Site Script, that is, CSS attack) is a common network security problem. Specifically, a cross-site scripting attack means that an attacker embeds malicious executable scripts or HTML codes in a web page, and when a user visits the page, the embedded malicious scripts or codes will be executed. Attackers can harm users in a variety of ways, including obtaining user session information to pretend to be users to access authorized websites, stealing user information and accounts, reading, tampering, adding, and deleting companies, and stealing important and commercially valuable assets of companies. data, resulting in significant losses. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0236H04L63/1433H04L63/145H04L63/1466
Inventor 周祥龙李秀芳展召磊郑彬
Owner JINAN INSPUR HIGH TECH TECH DEV CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com