Web security vulnerability detection method, scanner, storage medium and electronic equipment

Abstract

The invention discloses a Web security vulnerability detection method, a vulnerability scanner, a storage medium and electronic equipment. The method comprises the following steps: adding taint marks to data of attacker controllable data sources, defining character string classes to describe the data added with the taint marks, and packaging the data of all the attacker controllable data sources to form instances of the character string classes; reconstructing a character string operation function and an attacker controllable function of a script source program running environment, and adding an auxiliary function, so that data added with taint marks execute logic flow according to the script source program; and executing the reconstructed attacker controllable function so as to detect whether parameters transmitted into the attacker controllable function carry the stain marks or not, and further judging whether Web security vulnerabilities exist or not. According to the method, the taint mark is added to the data from the controllable data source of the attacker, and the propagation process of the taint mark is analyzed, so that various common DOM XSS vulnerabilities can be accurately detected, and the false alarm rate and the missing report rate are reduced.

Description

technical field [0001] The embodiments of the present application relate to the field of web application firewalls, and in particular to a method for detecting web security vulnerabilities, a vulnerability scanner, a storage medium, and electronic equipment. Background technique [0002] At present, a large part of web security vulnerabilities is XSS vulnerability (Cross-site scripting). When there is an XSS vulnerability in site A, the attacker can use it to inject malicious scripts. When a user visits, the malicious script will be executed. The attacker passes Malicious scripts can steal sensitive user information, or impersonate users to perform various operations, etc., causing great harm. [0003] Among them, XSS can generally be divided into three categories: reflected XSS, stored XSS and DOM XSS. Common DOM XSS detection methods include: (1) black box Fuzz; (2) JavaScript static analysis; (3) JavaScript dynamic analysis. [0004] Black-box Fuzz integrates a large nu...

AI Technical Summary

Problems solved by technology

[0005] Since JavaScript is a very flexible language, it contains many dynamic features, such as weak types, closures, runtime modification of prototype objects, dynamic loading of JS code, events and asynchronous callbacks, etc., which brings great benefits to JavaScript static analysis. Big challenge, but also prone to false positives and false negatives, so the false positive and false negative rates are usually high

[0006] One method of JavaScript dynamic analysis is to modify the browser kernel code and perform taint analysis on this basis, but this method requires developers to be familiar with the browser kernel, and it is difficult to implement. In addition, since browser code updates are very Frequent, making follow-up maintenance workload heavy

Images