Website application vulnerability attack detection method and device and storage medium

A detection method and vulnerability technology, applied in the field of information security, can solve problems such as the inability to achieve precise protection and the inability of protection methods to be associated with specific businesses, and achieve the effect of precise protection

Pending Publication Date: 2021-02-23
QI AN XIN SECURITY TECH ZHUHAI CO LTD +1
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In order to prevent vulnerability attacks from causing adverse effects on user terminals or website servers, the current protection against various application layer vulnerabilities (such as deserialization, code execution vulnerabilities, etc.) of website applications is mainly through feature matching. Whether the request packet to the website application contains specific attack characteristics. This protection method cannot be associated with specific services. If the rules are too strict, a large number of false positives will be generated. If the rules are too loose, a large number of loopholes will be generated, which cannot be realized. Precise Protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Website application vulnerability attack detection method and device and storage medium
  • Website application vulnerability attack detection method and device and storage medium
  • Website application vulnerability attack detection method and device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] Hereinafter, the present application will be described in detail with reference to the drawings and embodiments. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

[0054] In this embodiment, a method for detecting website application vulnerability attacks is provided, such as figure 1 As shown, the method includes:

[0055] Step 101, monitor the interpreter corresponding to the target website application, and capture the to-be-executed code of the key function from the interpreter through the hook function.

[0056]The embodiment of the present application is mainly applied to the detection of the intruder's attack on the application script vulnerability of the website server. In addition, the embodiment of the present application is mainly aimed at interpreting and executing scripts. Therefore, by monitoring the interpreter, the application corresponding...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a website application vulnerability attack detection method and device, a storage medium and computer equipment, and the method comprises the steps of monitoring an interpretercorresponding to a target website application, and capturing a to-be-executed code of a key function from the interpreter through a hook function; analyzing the to-be-executed code to obtain a to-be-executed process corresponding to the to-be-executed code; and judging whether the to-be-executed code is the execution code of the vulnerability attack behavior or not according to the standard execution process corresponding to the key function and the to-be-executed process. According to the invention, the key function of the execution layer is executed through the hook script, and whether theexecution process of the script meets the specification or not is judged by checking whether the execution process of the script meets the specification or not, so that accurate protection of websiteapplication layer vulnerabilities is realized.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a detection method and device, a storage medium, and a computer device for a website application vulnerability attack. Background technique [0002] In recent years, intranet security incidents have occurred frequently, and the loss of important or sensitive data within enterprises or organizations has caused serious losses and impacts on governments and enterprises. [0003] In order to prevent vulnerability attacks from causing adverse effects on user terminals or website servers, the current protection against various application layer vulnerabilities (such as deserialization, code execution vulnerabilities, etc.) of website applications is mainly through feature matching. Whether the request packet to the website application contains specific attack characteristics. This protection method cannot be associated with specific services. If the rules are too...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52H04L29/06
CPCG06F21/52H04L63/1433
Inventor 陈俊儒谢文聪
Owner QI AN XIN SECURITY TECH ZHUHAI CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap