Unlock instant, AI-driven research and patent intelligence for your innovation.

Security defense method and system based on cookie encryption

A technology of security defense and security engine, applied in the field of security defense based on cookie encryption, which can solve the problems of complex signature database, difficulty in XSS vulnerability defense, and increased cost.

Inactive Publication Date: 2019-03-19
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Moreover, the feature codes of XSS attacks are flexible and changeable, which brings difficulties to XSS vulnerability defense, because it is impossible to summarize all XSS attacks with a single feature
In order to improve the XSS defense capability of the WEB application protection device, this makes it complicated to maintain the feature library of the rule set, and at the same time increases the cost

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security defense method and system based on cookie encryption
  • Security defense method and system based on cookie encryption

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] First of all, it needs to be explained that the present invention is an application of computer technology in the field of information security technology. During the implementation of the present invention, the application of multiple software function modules will be involved. The applicant believes that, after carefully reading the application documents and accurately understanding the realization principle and purpose of the present invention, combined with existing known technologies, those skilled in the art can fully implement the present invention by using their software programming skills. The aforementioned software functional modules include but are not limited to: protective equipment, security engine and cookie encryption device. Everything mentioned in the application documents of the present invention belongs to this category.

[0033] In order to effectively defend against cross-site scripting attacks and SQL injection attacks in the current network und...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technology of the network security, and aims to provide a security defense method and a system based on the cookie encryption. The system comprises an encryption and decryption device and a security engine deployed on a WEB application protection device between a client and a server. The encryption and decryption device is used for performing a cookie encryption on a response sent by the server to the client, and performing a cookie decryption on a request sent by the client to the server. As the intermediary of all data transmission between the client and the server, the security engine is used for ensuring that the client normally access and performing operations such as dropping, intercepting or alerting for requests that fail to be decrypted by the cookie.There is no need to store a key on the client, and the attacker fails because the protection device cannot be decrypted. In the case of complex and high-cost rule set maintenance and performance bottlenecks of traditional protection equipment, the present invention can be widely used as a lightweight and low-cost solution, and can be used as a lightweight and low-cost solution.

Description

technical field [0001] The invention relates to network security technology, in particular to a security defense method and system based on Cookie encryption. Background technique [0002] With the rapid development of the Internet, the security of WEB applications has become a hot topic in today's society. WEB sites are usually composed of application programs, which can provide various services and have very powerful functions. However, the services or displayed content provided by WEB websites to users are dynamically formed and can meet the individual needs of users. This personalized demand also brings security risks to WEB websites, such as SQL injection attacks, cross-site Scripting attacks, etc. At the same time, the popularity of AJAX technology has made the threat of XSS attacks more and more serious. XSS attacks rank third in the OWASP TOP 2018 distributed by the OWASP organization, which shows the great threat caused by XSS attacks. [0003] XSS attack is an ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/06H04L29/08
CPCH04L9/0631H04L63/0209H04L63/0435H04L63/1466H04L67/02
Inventor 赵睿范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD