Cross-site request forgery attack defense method and device, electronic device and storage medium

A cross-site request forgery and business request technology, applied in the field of information security, can solve problems such as poor stability of business requests

Inactive Publication Date: 2021-05-04
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the purpose of the embodiments of the present application is to provide a cross-site request forgery attack defense meth

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-site request forgery attack defense method and device, electronic device and storage medium
  • Cross-site request forgery attack defense method and device, electronic device and storage medium
  • Cross-site request forgery attack defense method and device, electronic device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

[0047] According to the applicant's research, it is found that the existing cross-site request forgery attack defense method uses a one-time valid verification value to be verified by the backend when constructing the request. After the verification is successful, the backend will be the next time Request to assign a new valid check value, and cycle like this. Since the attacker cannot forge the verification value, and the life cycle of the verification value is very short, or the attacker obtains the verification value by intercepting the interaction between the front end and the back end, the verification value has also expired, and the attacker will not be able to pass the website's check. The disadvantage of the prior art is that when any background program of the backend is blocked, the backen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a cross-site request forgery attack defense method and device, an electronic device and a storage medium, and relates to the technical field of information security. The method applied to the client comprises the following steps: generating a parallel session based on a request of a user; determining whether token group updating needs to be carried out or not based on the number of tokens in a first token group stored by the client; when the token group needs to be updated, obtaining a second token group, and determining a token corresponding to the parallel session in the second token group; the parallel session containing the token corresponding to the parallel session is sent to the server side, so that the server side generates a service request based on the parallel session when the token of the parallel session passes verification, and obtains a service request execution result from the background based on the service request; and receiving a service request execution result returned by the server. According to the method, available tokens are ensured when a client needs to perform a session through a token group updating means, and the service stability is improved while cross-site request forgery attack defense is ensured.

Description

technical field [0001] The present application relates to the technical field of information security, in particular, to a cross-site request forgery attack defense method, device, electronic equipment, and storage medium. Background technique [0002] At present, in Web user authentication, simple authentication can only guarantee that the request is sent from a user's browser, but cannot guarantee that the request itself is voluntarily sent by the user. Cross-site Request Forgery (Cross-site Request Forgery), also known as one-click attack or session riding, usually abbreviated as CSRF or XSRF, is an attack that coerces users to perform unintended operations on the currently logged-in web application method. Simply put, the attacker uses some technical means to trick the user's browser to visit a website that he has authenticated and perform some operations (such as sending emails, sending messages, and even property operations such as transferring money and purchasing go...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L9/32
CPCH04L63/0807H04L9/3213
Inventor 胡雨翠张国兴
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap