Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability detection method and device

A vulnerability detection and vulnerability technology, applied in the computer field, can solve the problem of low vulnerability detection efficiency, and achieve the effect of improving vulnerability detection efficiency and saving development costs.

Active Publication Date: 2020-11-24
ALIBABA GRP HLDG LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] This application provides a loophole detection method and device to solve the problem of low efficiency of loophole detection in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection method and device
  • Vulnerability detection method and device
  • Vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0088] image 3 It is a schematic flow chart of Embodiment 1 of the vulnerability detection method of this application. The vulnerability detection method of this embodiment is applied to a vulnerability detection system, which includes a browser / client, a web proxy, a first conversion module, and a vulnerability scanner. engine and a second conversion module; wherein, the first conversion module is used to convert JSON to URL format, and the second conversion module is used to convert URL format to JSON format, and the first conversion module and the second conversion module can be deployed on the web agent It can also be deployed independently, and this application does not limit it; wherein, the vulnerability scanner engine is a vulnerability scanner engine based on the URL format, that is, it can only recognize request messages in the URL format, and when adding a test load, based on URL format is added; Browser / client and server communicate based on JSON format, the metho...

Embodiment 2

[0142] Figure 4 It is a schematic flow chart of Embodiment 2 of the vulnerability detection method of this application. The difference between Embodiment 2 and Embodiment 1 is that the way to obtain the first response message is that the vulnerability scanner engine obtains it without adding a load. image 3 The same steps as in , see image 3 A detailed description of the same steps in , Figure 4 will not repeat them, such as Figure 4 Shown:

[0143] S401: The browser / client sends a first request message to the web proxy.

[0144] S402: The web agent acquires the first request message.

[0145] S403: The web proxy sends a first request message to the first transformation module.

[0146] S404: The first converting module converts the fields in the JSON format in the first request message into the fields in the URL format.

[0147] S405: The first converting module sends the format-converted first request message to the vulnerability scanner engine.

[0148] S406: Th...

Embodiment 3

[0165] Embodiment 3 is based on Embodiment 1 or Embodiment 2. Further, after the first conversion module performs format conversion, it also includes adding a format conversion identifier in the first request message; before the second conversion module performs format conversion, it also includes: It includes determining that the first request message contains the format conversion identifier.

[0166] In this embodiment, the format conversion flag is used to identify whether the format conversion has been performed before adding the test load, so as to facilitate another format conversion after adding the test load to ensure normal communication.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application provides a vulnerability detection method and device. According to the vulnerability detection method and device of the invention, a step for converting a field of the JSON format in a first request message to a field of the URL format is added in a vulnerability detection process, and therefore, with an existing URL format-based vulnerability scanner engine unmodified, a test load is added to the field of the URL format, and the test load-added field in the URL format is converted into a field of the JSON format; a second request message is generated and is sent to a server, so that the server can identify the second request message; a second response message which is corresponding to the second request message and returned by the server is directly compared with afirst response message which is returned by the server after a first request message is sent to the server; and a vulnerability detection result is obtained on the basis of vulnerability judgment reset rules in a vulnerability knowledge base; and thus, JSON format-based automatic vulnerability detection is realized, development costs are saved, and vulnerability detection efficiency can be improved.

Description

technical field [0001] The present application relates to computer technology, in particular to a vulnerability detection method and device. Background technique [0002] JavaScript Object Notation (JavaScript Object Notation, referred to as: JSON) is a lightweight data exchange format that is easy for humans to read and write, and is also easy for machines to parse and generate. [0003] Web vulnerability detection is to obtain the request message sent by the browser or client of the web application to the server, according to the type of vulnerability to be tested, add the test load corresponding to the vulnerability type in the request message, and send the request message after adding the test load To the server, according to the response message corresponding to the request message after adding the test load returned by the server, determine whether there is a vulnerability corresponding to the vulnerability type in the web application; for a certain type of vulnerabili...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433
Inventor 李翼
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products