Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and system for mining cross-site scripting vulnerabilities in a cloud computing environment

A cross-site scripting vulnerability, cloud computing environment technology, applied in transmission systems, software deployment, electrical components, etc., can solve non-persistent XSS attacks, browser and application source code solutions are not feasible, browsers do not meet user requirements Self-interest and other issues, to achieve the effect of low false negative rate and false positive rate, easy deployment

Active Publication Date: 2021-08-17
WUHAN UNIV
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, it leads to a non-persistent XSS attack
[0011] Traditional cross-site scripting attack detection methods cannot be directly applied in the cloud environment. The main reasons are: 1. Users choose the browser they use according to their own preferences, and forcing users to use a specific browser is not in the user's own interests.
2. The cloud environment provides corresponding security guarantees for the application system, and cannot modify the application program or browse the source code of the application program at will
At the same time, some traditional methods only focus on one language, such as JSP, PHP or ASP
Therefore, the solution of modifying the browser and application source code is not feasible in the cloud environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for mining cross-site scripting vulnerabilities in a cloud computing environment
  • A method and system for mining cross-site scripting vulnerabilities in a cloud computing environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to facilitate those of ordinary skill in the art to understand and implement the present invention, the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the implementation examples described here are only for illustration and explanation of the present invention, and are not intended to limit this invention.

[0031] please see figure 1 A method for mining cross-site scripting vulnerabilities provided by the present invention for a cloud computing environment comprises the following steps:

[0032] Step 1: Grab the Web page of the HTTP protocol;

[0033] In this embodiment, by traversing the Web sites in the URL links, and these Web sites support and follow the HTTP protocol, the Web site hierarchy is automatically extracted, and the URL links are added to the Web hierarchy to find the Web pages containing parameters .

[0034] Step 2: Parse the web page to...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a cross-site scripting vulnerability mining method and system oriented to a cloud computing environment. In the invention, a web page crawling module first crawls super HTTP web pages; an HTML parsing module parses the captured web pages to obtain corresponding web pages. DOM structure tree, at the same time, the HTML parsing module will obtain the embedded URL link and call parameters; pass the URL and call parameters to the external JavaScript link extractor module, which can extract the corresponding external JS file set; the script extractor module It can extract the relevant script content in the HTTP response message; perform similarity detection between the script content and the script content retrieved from the URL link, and judge whether there is an XSS vulnerability by whether the similarity is detected. The present invention effectively avoids modifying the source code of browsers and Web application programs. The invention solves the problem that the Web application program deployed in the cloud computing environment is easily attacked by cross-site scripting, and improves the security.

Description

technical field [0001] The invention belongs to the technical field of cloud computing environment security, and relates to a script loophole mining method and system, in particular to a cloud environment-oriented cross-site script loophole mining method and system. Background technique [0002] Cloud computing uses convenient and ubiquitous Internet resources to distribute shared hardware resources and information to other users according to their needs. At present, many companies are committed to developing cloud computing technology and deploying application systems in the cloud environment. Because of its flexibility and low cost, it has become the most popular technology for deploying applications on the Internet. The three cloud computing service models used by users are described as follows: [0003] (1) Infrastructure as a Service (IaaS for short). IaaS aims to provide end users with physical or virtual resources such as processors, storage, network and other basi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08G06F8/60
CPCG06F8/60H04L63/1433H04L67/02
Inventor 陈晶何琨杜瑞颖杨子康
Owner WUHAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products