Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Web frame injection vulnerability detection method and device

A vulnerability detection and framework technology, applied in the field of network security, can solve the problems of insufficient coverage of framework injection vulnerability detection scenarios, false negatives and false positives, etc., and achieve the effect of preventing attacks and accurate detection technology.

Active Publication Date: 2020-10-13
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present application provides a method and device for detecting web framework injection vulnerabilities, which are used to solve the problems in the prior art that the framework injection vulnerability detection scenarios of web applications are not fully covered, and there are missing and false positives.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web frame injection vulnerability detection method and device
  • Web frame injection vulnerability detection method and device
  • Web frame injection vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] In order to make the purpose, technical solution and advantages of the application clearer, the application will be further described in detail below in conjunction with the accompanying drawings. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0046] see figure 1 A schematic diagram of an application scenario of web framework injection vulnerability detection is shown, including a client 10 and a web server 20 . Optionally, in the embodiment of the present invention, the above-mentioned client 10 may include but not limited to at least one of the following: a mobile phone, a tablet computer, a notebook computer, and a PC. The client 10 includes a web browser, and the user can send a detection request to the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a web frame injection vulnerability detection method and device. The method comprises the following steps that a client sends a first detection request comprising a random character string for triggering an exception response to a web application; when the first response content comprises the random character string for triggering the exception response, the client determines a potential framework injection loophole injection point of the web application and generates a to-be-closed label group, and sends a corresponding second detection request to the web application to obtain second response content after a detection code is generated for an input data processing characteristic detection rule group and the character string for triggering the exception response viathe web application and the detection code is injected into a potential framework injection loophole injection point; a framework code is generated, the framework code is injected into a potential framework injection loophole injection point, a corresponding third detection request is sent, and third response content is obtained; when that the injection framework code is executed is determined, that the web application has the framework injection vulnerability is determined; the problem that in the prior art, the web framework injection vulnerability cannot be efficiently and comprehensivelydetected is solved.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for detecting web framework injection vulnerabilities. Background technique [0002] With the popularization of Internet technology, the scale of web applications is getting bigger and bigger, and the intrusion threats faced by web applications are also getting bigger and bigger. Once the web application is attacked, it will cause serious consequences. Common vulnerabilities in web applications include XSS injection, frame injection, and link injection, among which frame injection is one of the common vulnerabilities in the field of network security. If the vulnerabilities of web applications are exploited by hackers, hackers can steal user login credentials, steal user accounts, or even control the entire web application and obtain server permissions of the web application, causing irreparable losses and serious harm to web applications an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1433H04L63/1466
Inventor 田杰张鑫符春辉吴骁
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products