Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cross-site scripting attack defense method, device, apparatus and storage medium

A cross-site scripting attack and variant technology, applied in the field of network security, can solve problems such as inability to dynamically defend against XSS attacks, and achieve the effect of preventing XSS attacks

Inactive Publication Date: 2018-12-18
彩讯科技股份有限公司
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention provides a defense method, device, equipment and storage medium for cross-site scripting attacks, so as to solve the technical problem that XSS attacks cannot be dynamically defended in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-site scripting attack defense method, device, apparatus and storage medium
  • Cross-site scripting attack defense method, device, apparatus and storage medium
  • Cross-site scripting attack defense method, device, apparatus and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] figure 1 It is a flow chart of a method for defending against cross-site scripting attacks provided by Embodiment 1 of the present invention. This embodiment is applicable to the situation of defending against cross-site scripting attacks. The method can be executed by a defense device for cross-site scripting attacks The cross-site scripting attack defense device may be realized by software and / or hardware, and the cross-site scripting attack defense device may be composed of two or more physical entities, or may be composed of one physical entity.

[0031] Generally speaking, XSS attacks include: reflection type (Non-persistent) XSS attack, storage type (persistent) XSS attack and DOM-base type XSS attack. Specifically, the malicious code of the reflected XSS attack generally exists in the address bar used to input the URL, and the attack is carried out when the user clicks a malicious link to the target website. The malicious code of the stored XSS attack is general...

Embodiment 2

[0069] figure 2 It is a flowchart of a method for defending against cross-site scripting attacks provided by Embodiment 2 of the present invention. This embodiment is based on the foregoing embodiments, and further specifies the defense method for cross-site scripting attacks. Such as figure 2As shown, the defense method of the cross-site scripting attack in this embodiment specifically includes the following steps:

[0070] S210. Obtain the content to be detected and the sender's account information sent by the network side.

[0071] Wherein, the sender's account information can be understood as the user's account information on different network platforms of the client, for example, the user's account information on self-media platforms such as blogs, microblogs, and post bars. In this embodiment, the sender's account information can be listed as a blacklist or a whitelist. Wherein, the object of the blacklist or the whitelist is the sender's account information or IP ...

Embodiment 3

[0096] image 3 It is a flowchart of a method for defending against cross-site scripting attacks provided by Embodiment 3 of the present invention. This embodiment is based on the foregoing embodiments, and is used as a preferred embodiment to specifically describe a defense method for cross-site scripting attacks. Such as image 3 As shown, the specific operation steps of the cross-site scripting attack defense method in this embodiment are as follows:

[0097] Configure the policy file according to user requirements to generate a policy file in XML (eXtensible Markup Language, Extensible Markup Language) format. Specifically, the policy file may include the following three contents: configuring global variables according to global rules; configuring black and white lists; configuring filtering keywords, filtering key characters and filtering labels. Among them, configuring the policy file according to the user's needs can be understood as the customized configuration of t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a cross-site script attack defence method, a device, an apparatus and a storage medium. The method comprises the following steps: obtaining the content to be detected sent by the network side; matching the content to be detected with a preset set of attack characters to screen potential attack codes in the content to be detected; performing security encoding processing on the potential attack code to obtain a security code; replacing the potential attack code with the security code to convert the content to be detected into secure content; displaying the secure content.The invention solves the technical problem that the XSS attack can not be dynamically defended in the prior art, the preset attack character set can be configured according to user requirements to ensure that the content to be detected input by the user conforms to the application specification of the application programming interface so as to effectively prevent the technical effect of XSS attacks.

Description

technical field [0001] The embodiments of the present invention relate to network security technologies, and in particular to a defense method, device, device and storage medium for cross-site scripting attacks. Background technique [0002] In today's era when the network is developed, scripting languages ​​are widely used in network applications. However, the subsequent XSS (cross-site scripting, cross-site scripting) attack has become one of the most serious security problems on the Internet at present. [0003] At present, in order to solve XSS attacks, it is generally considered from the perspective of attackers to improve the security of the program, that is, to improve the security awareness of developers, and to eliminate malicious codes that may exist in all input sources. Generally speaking, developers use a security filter to globally intercept malicious code to ensure network security. [0004] But in actual operation, the content entered by the user on the fro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441H04L63/30
Inventor 杨良志白琳汪志新丁德平瞿勇金
Owner 彩讯科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com