Web frame injection vulnerability detection method and device

A vulnerability detection and framework technology, applied in the field of network security, can solve the problems of insufficient coverage of framework injection vulnerability detection scenarios, false negatives and false positives, etc., and achieve the effect of preventing attacks and accurate detection technology.

Active Publication Date: 2020-10-13
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present application provides a method and device for detecting web framework injection vulnerabilities, which are used to solve the proble

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web frame injection vulnerability detection method and device
  • Web frame injection vulnerability detection method and device
  • Web frame injection vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0045] In order to make the objectives, technical solutions and advantages of the present application clearer, the present application will be further described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.

[0046] see figure 1 A schematic diagram of an application scenario of web framework injection vulnerability detection is shown, including a client 10 and a web server 20 . Optionally, in this embodiment of the present invention, the foregoing client 10 may include, but is not limited to, at least one of the following: a mobile phone, a tablet computer, a notebook computer, and a PC. The client 10 includes a web browser, and the u...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a web frame injection vulnerability detection method and device. The method comprises the following steps that a client sends a first detection request comprising a random character string for triggering an exception response to a web application; when the first response content comprises the random character string for triggering the exception response, the client determines a potential framework injection loophole injection point of the web application and generates a to-be-closed label group, and sends a corresponding second detection request to the web application to obtain second response content after a detection code is generated for an input data processing characteristic detection rule group and the character string for triggering the exception response viathe web application and the detection code is injected into a potential framework injection loophole injection point; a framework code is generated, the framework code is injected into a potential framework injection loophole injection point, a corresponding third detection request is sent, and third response content is obtained; when that the injection framework code is executed is determined, that the web application has the framework injection vulnerability is determined; the problem that in the prior art, the web framework injection vulnerability cannot be efficiently and comprehensivelydetected is solved.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for detecting web framework injection vulnerabilities. Background technique [0002] With the popularization of Internet technology, the scale of web applications is getting bigger and bigger, and the intrusion threats faced by web applications are also getting bigger and bigger. Once the web application is attacked, it will cause serious consequences. Common vulnerabilities in web applications include XSS injection, frame injection, and link injection, among which frame injection is one of the common vulnerabilities in the field of network security. If the vulnerabilities of web applications are exploited by hackers, hackers can steal user login credentials, steal user accounts, or even control the entire web application and obtain server permissions of the web application, causing irreparable losses and serious harm to web applications an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1433H04L63/1466
Inventor 田杰张鑫符春辉吴骁
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap