A Reflection Vulnerability Detection Method Based on the Combination of Static and Dynamic

A vulnerability detection and reflective technology, which is applied in the fields of instruments, calculations, electrical digital data processing, etc., can solve problems such as cross-site scripting attacks

Active Publication Date: 2021-04-20
NANJING UNIV OF POSTS & TELECOMM
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Technical problem: The purpose of the present invention is to propose a reflective XSS vulnerability detection method combined with static stain propagation and dynamic Fuzzing test to solve the possible cross-site scripting attack problem when web applications parse pages

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Reflection Vulnerability Detection Method Based on the Combination of Static and Dynamic
  • A Reflection Vulnerability Detection Method Based on the Combination of Static and Dynamic
  • A Reflection Vulnerability Detection Method Based on the Combination of Static and Dynamic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The present invention is a reflective XSS loophole detection method combined with static taint propagation and dynamic Fuzzing test, by means of static analysis source code and taint propagation method, loopholes are searched, and the loopholes are automatically detected by using a randomization algorithm and a fuzzing test method.

[0044] in such as figure 2In the schematic diagram shown, the attacker lures the user to click on the email, so that the URL containing the malicious code in the page is executed, thereby stealing the user's password, login name and other private information.

[0045] The method mainly includes (1) static analysis of source code; (2) taint propagation; (3) dynamic Fuzzing test 3 steps, such as figure 1 shown. These three parts are described in detail below:

[0046] (1) Static analysis

[0047] The static analysis of web applications can be regarded as a continuous tracking and inspection of external input variables. According to the re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a reflective leak detection method based on the combination of static and dynamic. The method is a reflective XSS leak detection method combined with static stain propagation and dynamic Fuzzing test. Existing vulnerability detection is based on a single detection method such as taint analysis or genetic algorithm. Stain analysis is often a method combined with HTTP request packet interception, analysis and processing to track sensitive information and private data of users and prevent malicious program codes from being sent to Third parties, resulting in the leakage of user data. The traditional genetic algorithm only includes the basic genetic operations of selection, crossover, and mutation. In practical applications, due to its own defects, the genetic algorithm can only find a solution close to the global optimal solution, but cannot guarantee to converge to the global optimal solution. The present invention narrows the search scope of reflective XSS loopholes by means of static analysis of source codes and stain propagation methods, and at the same time uses a combination of randomization algorithm and fuzzy testing method to automatically detect loopholes, with high detection efficiency and high feasibility of the method.

Description

technical field [0001] The present invention proposes a kind of reflective XSS (Cross Site Scripting, cross-site scripting attack) vulnerability detection method based on static and dynamic combination for the security problem that web application program may exist, and is mainly used to solve the rapid development of web2.0 technology The reflective XSS vulnerability security problem faced by the Internet era belongs to the field of computer web network security technology. Background technique [0002] With the rapid development of web2.0 technology and the popularization of the Internet, web applications have been widely used, and web technologies represented by online shopping and social networking sites are changing the way people work and communicate to a large extent. However, the development of these new technologies, on the one hand, makes business activities more convenient and efficient, but at the same time, it also brings serious security risks such as leakage o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F21/57H04L29/08
CPCG06F21/577G06F2221/034H04L63/1433H04L67/02
Inventor 肖甫陈晶沙乐天韩崇王汝传
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap