Supercharge Your Innovation With Domain-Expert AI Agents!

Unauthorized access vulnerability detection method and system, server and storage medium

An unauthorized access and vulnerability detection technology, applied in the field of security testing, can solve problems such as large manpower demand, easy to miss unauthenticated identity access logic loopholes, etc., and achieve the effect of saving manpower and material resources

Pending Publication Date: 2021-01-01
彩讯科技股份有限公司
View PDF8 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the detection of unauthenticated user access in security testing mainly relies on manpower to test manually. For some complex business systems, a large number of requests need to be analyzed and tested, which not only requires a lot of manpower, but also is easy Missed some unauthenticated identity access logic vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unauthorized access vulnerability detection method and system, server and storage medium
  • Unauthorized access vulnerability detection method and system, server and storage medium
  • Unauthorized access vulnerability detection method and system, server and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] This embodiment provides a method for detecting unauthorized access vulnerabilities, which is executed by a detection terminal independent of the client and server, such as figure 1 shown, including:

[0061] S101. Obtain one or more first requests from the client;

[0062] The first request in this step refers to the request initiated by the client to realize the target service. By setting proxy access, the first request initiated by the client is first captured by the detection end, and after detection and judgment, it is sent to the server or marked according to whether the first request has a loophole. This step implements a large number of complete and automated captures of user service requests for system access through the test terminal to ensure the integrity of the tested service traffic.

[0063] In an alternative embodiment, since the request business flow is often relatively large and contains a large number of resource requests, such as pictures and other...

Embodiment 2

[0078] In this embodiment, on the basis of the above embodiments, a step of deduplicating the first response request is added, and a detailed description of the judging process is added, such as figure 2 , including the following steps:

[0079] S201. Acquire one or more first requests from a client.

[0080] S202. Parse the first request, and determine access right information in the first request.

[0081] S203. Deduplicate the first request.

[0082] In this step, the same request may be repeatedly initiated by the client, and duplicate requests are avoided by deduplication to be imported into subsequent tests to save detection time. Specifically, the deduplication method may be: calculating first request fingerprints of the one or more first requests based on a preset algorithm; and judging whether there are duplicate first request fingerprints. If repeated, delete the first request corresponding to the repeated first request fingerprint.

[0083] In this step, the fi...

Embodiment 3

[0096] Such as Figure 4 , the present embodiment provides an unauthorized access vulnerability detection system 3, comprising the following modules:

[0097] The first obtaining module 301 is configured to obtain one or more first requests from the service flow sent from the client to the server. The module is further configured to filter the service traffic based on preset filtering rules, so as to obtain the one or more first requests. Optionally, the detection end may store one or more global variables in advance, and deploy them in a distributed manner through the detection branch of the detection end, so as to deal with the situation that multiple clients of the detection distributed system initiate one or more first requests. Then, the module is also used for: acquiring requests from one or more clients to the server at the same time.

[0098] The parsing module 302 is configured to parse the first request and determine the access right information in the first reques...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an unauthorized access vulnerability detection method which is executed by a detection terminal independent of a client and a server, and comprises the following steps: acquiring one or more first requests of the client; analyzing the first request, and determining access permission information in the first request; sending the first request to the server to obtain first response information; removing the access permission information in the first request to generate a second request; sending the second request to the server to obtain second response information; judgingwhether the first response information and the second response information are the same or not; and if yes, determining that the first request has an unauthorized access vulnerability. According to the unauthorized access vulnerability detection method provided by the invention, whether access of the client to the server has the vulnerability or not is automatically detected, and manpower and material resources are saved.

Description

technical field [0001] The embodiments of the present invention relate to the technical field related to security testing, and in particular to a method, system, server and storage medium for detecting unauthorized access vulnerabilities. Background technique [0002] With the increasing development of mobile communication technology and the further implementation of the national network security law. Enterprise business systems are facing increasingly serious challenges in the field of information security. For software companies, it is still important to conduct security testing quickly and at low cost to find security loopholes. Automated security testing tools can find many security vulnerabilities with obvious characteristics, but they can't do anything about business logic loopholes. Among many security issues, unauthenticated user access is one of the common ones. [0003] At present, the detection of unauthenticated user access in security testing mainly relies on ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F21/57
CPCH04L63/10H04L63/12H04L63/1433G06F21/577G06F2221/034
Inventor 杨良志白琳汪志新卢业波贾亮刘晓
Owner 彩讯科技股份有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com