CN105357195A - Unauthorized web access vulnerability detecting method and device - Google Patents

Unauthorized web access vulnerability detecting method and device Download PDF

Info

Publication number
CN105357195A
CN105357195A CN201510728727.6A CN201510728727A CN105357195A CN 105357195 A CN105357195 A CN 105357195A CN 201510728727 A CN201510728727 A CN 201510728727A CN 105357195 A CN105357195 A CN 105357195A
Authority
CN
China
Prior art keywords
parameter
privately owned
commission
url
leak
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510728727.6A
Other languages
Chinese (zh)
Other versions
CN105357195B (en
Inventor
王蔚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenxinfu Electronic Technology Co Ltd
Original Assignee
Shenzhen Shenxinfu Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenxinfu Electronic Technology Co Ltd filed Critical Shenzhen Shenxinfu Electronic Technology Co Ltd
Priority to CN201510728727.6A priority Critical patent/CN105357195B/en
Publication of CN105357195A publication Critical patent/CN105357195A/en
Application granted granted Critical
Publication of CN105357195B publication Critical patent/CN105357195B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses an unauthorized web access vulnerability detecting method. The unauthorized web access vulnerability detecting method comprises the following steps of acquiring HTTP flow information to be detected within a preset time, wherein the HTTP flow information comprises URL (Uniform Resource Locator) parameter information and a session ID, and the URL parameter information comprises URL parameters and parameter values; identifying index parameters used for indexing a server resource in the URL parameters based on the URL parameter information and the session ID and extracting private parameters used for indexing a user private resource from the index parameters; performing preset unauthorized access vulnerability testing operation for each private parameter and determining private parameters with unauthorized access vulnerability based on a testing result. The invention also discloses an unauthorized web access vulnerability detecting device. The unauthorized web access vulnerability detecting method and device can cover all the URL parameters with unauthorized access vulnerability within a detecting and testing range, and the identifying rate is high.

Description

Go beyond one's commission leak detection method and the device of web access
Technical field
The present invention relates to technical field of network security, particularly relate to go beyond one's commission leak detection method and device that a kind of web accesses.
Background technology
One of the most serious leak existed in current the Internet is this kind of leak of unauthorized access, as at URL(uniform resource locator) (UniformResourceLocator, be called for short URL) go beyond one's commission in leak, due to web programming defect, URL is utilized to import the property guessed of parameter into, by changing the parameter value of input, just may cause horizontal unauthorized access, taking other people private information.URL leak of going beyond one's commission is the very large service logic leak of a kind of harm, and it directly can walk around the Network Security Service defence on basis, and leak of going beyond one's commission finds that difficulty is large.In prior art, website designer can carry out authorization check to these parameters, guarantees that user only can have access to one's own resource, but in this type of application, data like this are so many, and from address date, sequence information, payment information etc., none does not need handled.After business complexity to a certain extent, be difficult to ensure that the access of these data all have passed through strict authorization check, thus create URL and to go beyond one's commission leak.URL go beyond one's commission leak can victim utilize, cause horizontal unauthorized access, cause the leakage of user sensitive information.
In prior art, mainly to web program, penetration testing is carried out by tester to the go beyond one's commission detection of leak of URL, manual detection springs a leak, namely entirely indiscriminate manual detection process is carried out to various URL parameter find with artificial and there is the URL parameter of leak of going beyond one's commission, not only efficiency is lower, labor intensive, and can not guarantee to cover all URL parameters detected in test specification.
Summary of the invention
Main purpose of the present invention is go beyond one's commission leak detection method and the device that provide a kind of web to access, is intended to cover expeditiously detect all existence in test specification and to go beyond one's commission the URL parameter of leak.
For achieving the above object, the leak detection method of going beyond one's commission of a kind of web access provided by the invention, said method comprising the steps of:
Gather HTTP flow information to be detected in Preset Time, described HTTP flow information comprises URL parameter information and session identification, and wherein, described URL parameter information comprises URL parameter and parameter value;
Identify the indexing parameter for index server resource in described URL parameter according to described URL parameter information and session identification by preset rules, and from described indexing parameter, extract the privately owned parameter for index user private privileges;
To the leak test operation of going beyond one's commission that parameter privately owned described in each is preset, determine to exist according to test result the privately owned parameter of leak of going beyond one's commission.
Preferably, describedly identify the indexing parameter for index server resource in described URL parameter according to described URL parameter information and session identification by preset rules, and the step extracted from described indexing parameter for the privately owned parameter of index user private privileges comprises:
Obtain the value feature of the parameter value that URL parameter is corresponding in described HTTP flow information, value feature is met pre-conditioned URL parameter and be identified as indexing parameter, described indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to described session identification, if the different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identify that this indexing parameter is privately owned parameter, described private parameter is used for index user private privileges.
Preferably, described statistics obtains the value feature of the parameter value that URL parameter is corresponding in described HTTP flow information, value feature is met the step that pre-conditioned URL parameter is identified as indexing parameter and comprises:
Add up the different value number of each URL parameter in described HTTP flow information and access the Visitor Logs number of each URL parameter;
If described Visitor Logs number reaches default number, and the different value numbers of URL parameter proportion in described Visitor Logs number reaches preset ratio, then identify that this URL parameter is indexing parameter.
Preferably, when described session identification comprises the first session identification and the second session identification, the described leak test operation of going beyond one's commission that parameter privately owned described in each is preset, determine to exist according to test result the go beyond one's commission step of privately owned parameter of leak and comprise:
If monitor the first HTTP request to access privately owned parameter with the first session identification, obtain the first parameter value of privately owned parameter described in session corresponding to described first session identification, and the first return information of record feedback;
If monitor the second HTTP request with the described privately owned parameter of the second session identification access, obtain the second parameter value of privately owned parameter described in session corresponding to described second session identification, and the second return information of record feedback;
Structure uses the HTTP test request of described second session identification and described first parameter value to visit described privately owned parameter, and the test return information of record feedback;
If described first return information is different from described second return information, and described test return information is identical with described first return information, then determine that described privately owned parameter exists leak of going beyond one's commission.
Preferably, the described leak test operation of going beyond one's commission that parameter privately owned described in each is preset, according to test result determine to exist go beyond one's commission leak privately owned parameter step after also comprise:
Show the privately owned parameter that there is leak of going beyond one's commission, carry out corresponding risk fence operation for user for the privately owned parameter that there is leak of going beyond one's commission.
In addition, for achieving the above object, what the present invention also provided a kind of web to access go beyond one's commission Hole Detection device, the Hole Detection device of going beyond one's commission of described web access comprises:
Acquisition module, for gathering HTTP flow information to be detected in Preset Time, described HTTP flow information comprises URL parameter information and session identification, and wherein, described URL parameter information comprises URL parameter and parameter value;
Identification module, for identifying the indexing parameter for index server resource in described URL parameter according to described URL parameter information and session identification by preset rules, and extracts the privately owned parameter for index user private privileges from described indexing parameter;
Test module, for the leak test operation of going beyond one's commission preset parameter privately owned described in each, determines to exist according to test result the privately owned parameter of leak of going beyond one's commission.
Preferably, described identification module specifically for:
Obtain the value feature of the parameter value that URL parameter is corresponding in described HTTP flow information, value feature is met pre-conditioned URL parameter and be identified as indexing parameter, described indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to described session identification, if the different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identify that this indexing parameter is privately owned parameter, described private parameter is used for index user private privileges.
Preferably, described identification module specifically for:
Add up the different value number of each URL parameter in described HTTP flow information and access the Visitor Logs number of each URL parameter;
If described Visitor Logs number reaches default number, and the different value numbers of URL parameter proportion in described Visitor Logs number reaches preset ratio, then identify that this URL parameter is indexing parameter.
Preferably, when described session identification comprises the first session identification and the second session identification, described test module specifically for:
If monitor the first HTTP request to access privately owned parameter with the first session identification, obtain the first parameter value of privately owned parameter described in session corresponding to described first session identification, and the first return information of record feedback;
If monitor the second HTTP request with the described privately owned parameter of the second session identification access, obtain the second parameter value of privately owned parameter described in session corresponding to described second session identification, and the second return information of record feedback;
Structure uses the HTTP test request of described second session identification and described first parameter value to visit described privately owned parameter, and the test return information of record feedback;
If described first return information is different from described second return information, and described test return information is identical with described first return information, then determine that described privately owned parameter exists leak of going beyond one's commission.
Preferably, the Hole Detection device of going beyond one's commission of described web access also comprises:
Display module, for showing the privately owned parameter that there is leak of going beyond one's commission, carries out corresponding risk fence operation for user for the privately owned parameter that there is leak of going beyond one's commission.
Go beyond one's commission leak detection method and the device of a kind of web access that the present invention proposes, identify the indexing parameter for index server resource in URL parameter to be detected by URL parameter information to be detected and session identification in the Preset Time of collection by preset rules, and from described indexing parameter, extract the privately owned parameter for index user private privileges; The leak test operation of going beyond one's commission preset parameter privately owned described in each determines to exist the privately owned parameter of leak of going beyond one's commission.Owing to only identifying the indexing parameter in test specification in all URL parameters, and only to the privately owned parameter extracted from described indexing parameter go beyond one's commission leak test, drastically increase detection efficiency, and can cover and detect all existence in test specification and to go beyond one's commission the URL parameter of leak, discrimination is high.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of leak detection method first embodiment of going beyond one's commission that web of the present invention accesses;
Fig. 2 is the schematic flow sheet of leak detection method second embodiment of going beyond one's commission that web of the present invention accesses;
Fig. 3 is the high-level schematic functional block diagram of Hole Detection device first embodiment of going beyond one's commission that web of the present invention accesses;
Fig. 4 is the high-level schematic functional block diagram of Hole Detection device second embodiment of going beyond one's commission that web of the present invention accesses.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The invention provides the leak detection method of going beyond one's commission that a kind of web accesses.
With reference to the schematic flow sheet that Fig. 1, Fig. 1 are leak detection method first embodiment of going beyond one's commission that web of the present invention accesses.
In a first embodiment, the leak detection method of going beyond one's commission that this web accesses comprises:
Step S10, gather HTTP flow information to be detected in Preset Time, described HTTP flow information comprises URL parameter information and session identification, and wherein, described URL parameter information comprises URL parameter and parameter value;
In the present embodiment, when need detect web access go beyond one's commission leak time, HTML (Hypertext Markup Language) (the HyperTextTransferProtocol through gateway device in Preset Time can be gathered, be called for short HTTP) flow information, the HTTP flow information gathered can comprise: the session identification etc. in IP information, URL, URL parameter information, cookie field, as extracted the value of JSESSOINID, ASP.NET_SessionId, PHPSESSID field in HTTP request bag cookie header field as session identification.Wherein, the collection duration of HTTP flow information to be detected can be preset according to the needs detected by user or gateway device, and as being set to fixing duration, such as can arrange this collection duration is 1 day, 7 days etc.; Also can be set to fixed qty, such as, when the Visitor Logs of certain URL parameter reaches 1000, then stop the collection of this URL parameter; At this, the acquisition mode of HTTP flow information is not construed as limiting.URL parameter information in the HTTP flow information gathered can comprise the relevant informations such as the parameter value of URL parameter and correspondence.
Step S20, identifies the indexing parameter for index server resource in described URL parameter according to described URL parameter information and session identification by preset rules, and from described indexing parameter, extracts the privately owned parameter for index user private privileges;
Because the HTTP flow information gathered comprises all URL parameters, parameter value and session identification, indexing parameter for index server resource in all URL parameters of the HTTP flow information of collection can be identified according to the occurrence number, value feature etc. of each URL parameter in the HTTP flow information gathered.Wherein, in the parameter that URL imports into, some parameters represent the index to a certain resource of server, and its parameter value identifies a concrete resource, as the record of in database, certain file, object etc., this URL parameter being used for index server resource is identified as indexing parameter.Such as url:a.com? userId=10 & errorId=0, wherein for userId parameter, its value is the index to user profile in database, the information of certain user can be inquired according to the parameter value of userId in a database, so identify that userId is indexing parameter.And for errorId parameter, its value representative be that web program is made mistakes type, the index not to a certain resource, therefore identifies that errorId parameter is not indexing parameter.
After identifying the indexing parameter for index server resource in described URL parameter, also can extract the privately owned parameter for index user private privileges further from described indexing parameter.Wherein, the resource of indexing parameter mark may be shared resource, and all users can obtain or revise this resource, and may be that certain user is privately owned, other users have authority to access yet.If the resource of certain indexing parameter mark is that specific user is privately owned, then identify that this indexing parameter is privately owned parameter.Such as url:a.com? userId=10 & articleId=1, there are two indexing parameter userId and articleId, userId parameter is the index to user profile, each user only can access oneself user profile, articleId parameter is the index of the article stored in server, and article is shared resource, and each user can access and read any article, therefore identify that userId parameter is privately owned parameter, and articleId parameter not privately owned parameter.
After identifying the indexing parameter for index server resource in described URL parameter, utilize session identification to add up specific user index of reference parameter value situation in each session, the privately owned parameter for index user private privileges can be extracted according to specific user index of reference parameter value situation in each session from described indexing parameter.
Step S30, to the leak test operation of going beyond one's commission that parameter privately owned described in each is preset, determines to exist according to test result the privately owned parameter of leak of going beyond one's commission.
In horizontal unauthorized access, if user A and user B belongs to same role X, have identical Permission Levels, user A and user B can obtain respective private data (data A and data B), if but system only demonstrates the role of energy visit data, and data are not run business into particular one point or verification, cause user A can have access to the data (data B) of user B, so this behavior of user A visit data B just constitutes horizontal unauthorized access.In the present embodiment, cause going beyond one's commission by described privately owned parameter acquiring the other side private data for user the feature of leak, the leak test operation of going beyond one's commission can preset parameter privately owned described in each, the value as privately owned parameter as described in changing forms value that test access link carries out testing, changing described privately owned parameter and accesses the modes such as the private data of different user and test privately owned parameter and whether there is leak of going beyond one's commission.The privately owned parameter that there is leak of going beyond one's commission can be determined according to test result.
The present embodiment identifies the indexing parameter for index server resource in URL parameter to be detected by URL parameter information to be detected and session identification in the Preset Time of collection by preset rules, and from described indexing parameter, extract the privately owned parameter for index user private privileges; The leak test operation of going beyond one's commission preset parameter privately owned described in each determines to exist the privately owned parameter of leak of going beyond one's commission.Owing to only identifying the indexing parameter in test specification in all URL parameters, and only to the privately owned parameter extracted from described indexing parameter go beyond one's commission leak test, drastically increase detection efficiency, and can cover and detect all existence in test specification and to go beyond one's commission the URL parameter of leak, discrimination is high.
Further, in other embodiments, above-mentioned steps S20 can comprise:
Obtain the value feature of the parameter value that URL parameter is corresponding in described HTTP flow information, value feature is met pre-conditioned URL parameter and be identified as indexing parameter, described indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to described session identification, if the different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identify that this indexing parameter is privately owned parameter, described private parameter is used for index user private privileges.
In the present embodiment, due to the parameter that indexing parameter is for index server resource, and server resource is very various, need the value of the indexing parameter of index different server resource also a lot, in a large amount of HTTP flow informations of different user, the value number of indexing parameter also can be a lot.Therefore, utilize this feature of indexing parameter, the value feature obtaining URL parameter in described HTTP flow information can be added up, value feature is met pre-conditioned URL parameter and be identified as indexing parameter.Particularly, the different value number of each URL parameter in described HTTP flow information can be added up and access the Visitor Logs number of each URL parameter; If described Visitor Logs number reaches default number, and the different value numbers of URL parameter proportion in described Visitor Logs number reaches preset ratio, then identify that this URL parameter is indexing parameter.Such as each URL parameter occurred in the HTTP flow information gathered, identify indexing parameter by following condition:
(1)n_total≥threshold 1
(2)rate≥threshold 2
Wherein, rate=n_unique/n_total, n_total are the record total number of this URL parameter of access, and n_unique is the number of the different value of this URL parameter.Threshold 1, threshold 2can arrange according to real needs, as threshold 1desirable 1000, to ensure that sample size is sufficient; Threshold 2desirable 0.1, certainly, also do not limit threshold 1, threshold 2for other values.When URL parameter satisfies condition (1), (2) simultaneously, then identify that this URL parameter is indexing parameter.As the url:a.com in the HTTP flow information for collection? userId=10 & errorId=1, respectively there are these two URL parameters of 1000 record access userId and errorId, in these 1000 records, userId parameter has 350 different values, the rate value that then userId parameter is corresponding is 0.35, and errorId parameter only has 10 different values, the rate value that then errorId parameter is corresponding is 0.01, so according to the condition for identification (1) of above-mentioned indexing parameter, (2), identify that userId parameter is indexing parameter, errorId parameter is not then indexing parameter.
And for privately owned parameter, each user only can access the parameter value of one's own resource.Session identification is a specific user in its term of validity internal labeling, and therefore, the parameter value that session identification has access within its cycle should be unique.Therefore, the different parameters value number of the average individual session access of each indexing parameter can be obtained according to described session identification, if the different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identify that this indexing parameter is privately owned parameter.Particularly, in collection HTTP flow information, the different parameters value number that each session adding up each indexing parameter is accessed, and the different parameters value number values_per_session calculating the average individual session access obtaining each indexing parameter.If values_per_session<threshold 3, then identify that this indexing parameter is privately owned parameter.In actual scene, owing to as there is attack traffic etc. in some special circumstances, the parameter value causing a session identification to have access within its cycle is also not necessarily unique, namely the value of the different parameters value number values_per_session of the average individual session access of privately owned parameter is without cease to equaling 1, but close to 1, therefore, in order to adapt to the identification to privately owned parameter in actual scene, in the present embodiment, judgment threshold threshold is set 3be 1.5, certainly, also can as required to threshold 3value adjust, in this no limit.As the url:a.com in the HTTP flow information for collection? userId=10 & articleId=1, identify two indexing parameter userId parameters and articleId parameter, userId parameter is as the index of user profile in server database, and articleId parameter is as the index of the article of server stores.The record of all access userId parameters in the HTTP flow information of statistics gatherer, by calculating individual session average access 1.05 different parameters values of userId parameter, the i.e. values_per_session=1.05 of userId parameter, that is, the session of all access userId parameters, substantially a parameter value is only accessed in each session, meets the criterion of privately owned parameter, so identify that userId parameter is privately owned parameter.Equally, for articleId parameter, count on individual session average access 6.52 different parameters values, the i.e. values_per_session=6.52 of articleId parameter, illustrate that resource and the user of this parameter value index are not one_to_one corresponding, so identify that articleId parameter is non-private parameter.
Like this, in the present embodiment, by adding up the concrete value feature of URL parameter in the described HTTP flow information gathered, identifying in described HTTP flow information and being used for the indexing parameter of index server resource.The privately owned parameter for index user private privileges is extracted again from described indexing parameter; Test and monitor to detect in web access whether there is leak of going beyond one's commission for subsequently through leak of going beyond one's commission to the privately owned parameter identified.
Further, in other embodiments, when described session identification comprises the first session identification and the second session identification, above-mentioned steps S30 can comprise:
If monitor the first HTTP request to access privately owned parameter with the first session identification, obtain the first parameter value of privately owned parameter described in session corresponding to described first session identification, and the first return information of record feedback;
If monitor the second HTTP request with the described privately owned parameter of the second session identification access, obtain the second parameter value of privately owned parameter described in session corresponding to described second session identification, and the second return information of record feedback;
Structure uses the HTTP test request of described second session identification and described first parameter value to visit described privately owned parameter, and the test return information of record feedback;
If described first return information is different from described second return information, and described test return information is identical with described first return information, then determine that described privately owned parameter exists leak of going beyond one's commission.
In the present embodiment, the privately owned parameter identified is gone beyond one's commission leak test time, can gateway device to each privately owned parameter go beyond one's commission leak test.If listen to certain HTTP request with session identification SessionId aaccess this privately owned parameter, parameter value is designated as Param a, record back page note Page a; If listen to certain HTTP request with session identification SessionId baccess this privately owned parameter, parameter value is designated as Param b, record back page note Page b.Structure HTTP request, uses session identification SessionId b, parameter value Param a, access this parameter, record back page Page bA.If Page a≠ Page b, and Page a=Page bA, then determine that this privately owned parameter exists leak of going beyond one's commission.Such as userId is the privately owned parameter identified, and is the index to user profile.At gateway device, this userId parameter is monitored, if monitor user A to have accessed parameter userId=a, user B have accessed parameter userId=b, HTTP request can be constructed, use the session identification access parameter userId=a of user B, if the information that server returns is identical with user A, so illustrate that this parameter of userId exists leak of going beyond one's commission.
By monitoring each privately owned parameter and test in the present embodiment, identifiable design goes out to exist the privately owned parameter of leak of going beyond one's commission, can cover and detect all existence in test specification and to go beyond one's commission the URL parameter of leak, can automation identify exist URL go beyond one's commission leak web application and specifically there is the URL parameter of leak.
As shown in Figure 2, second embodiment of the invention proposes the leak detection method of going beyond one's commission that a kind of web accesses, and on the basis of above-described embodiment, also comprises after above-mentioned steps S30:
Step S40, shows the privately owned parameter that there is leak of going beyond one's commission, and carries out corresponding risk fence operation for user for the privately owned parameter that there is leak of going beyond one's commission.
In the present embodiment after identifying the privately owned parameter that there is leak of going beyond one's commission, show the privately owned parameter that there is leak of going beyond one's commission, to inform that the current existence of user is gone beyond one's commission the URL parameter of leak in time, and point out user to carry out corresponding risk fence operation for the URL parameter that there is leak of going beyond one's commission, thus effectively avoid because leak of going beyond one's commission causes the sensitive data of user to leak.
The present invention further provides the Hole Detection device of going beyond one's commission that a kind of web accesses.
With reference to the high-level schematic functional block diagram that Fig. 3, Fig. 3 are Hole Detection device first embodiment of going beyond one's commission that web of the present invention accesses.
In a first embodiment, the Hole Detection device of going beyond one's commission that this web accesses comprises:
Acquisition module 01, for gathering HTTP flow information to be detected in Preset Time, described HTTP flow information comprises URL parameter information and session identification, and wherein, described URL parameter information comprises URL parameter and parameter value;
In the present embodiment, when need detect web access go beyond one's commission leak time, HTML (Hypertext Markup Language) (the HyperTextTransferProtocol through gateway device in Preset Time can be gathered, be called for short HTTP) flow information, the HTTP flow information gathered can comprise: the session identification etc. in IP information, URL, URL parameter information, cookie field, as extracted the value of JSESSOINID, ASP.NET_SessionId, PHPSESSID field in HTTP request bag cookie header field as session identification.Wherein, the collection duration of HTTP flow information to be detected can be preset according to the needs detected by user or gateway device, and as being set to fixing duration, such as can arrange this collection duration is 1 day, 7 days etc.; Also can be set to fixed qty, such as, when the Visitor Logs of certain URL parameter reaches 1000, then stop the collection of this URL parameter; At this, the acquisition mode of HTTP flow information is not construed as limiting.URL parameter information in the HTTP flow information gathered can comprise the relevant informations such as the parameter value of URL parameter and correspondence.
Identification module 02, for identifying the indexing parameter for index server resource in described URL parameter according to described URL parameter information and session identification by preset rules, and extracts the privately owned parameter for index user private privileges from described indexing parameter;
Because the HTTP flow information gathered comprises all URL parameters, parameter value and session identification, indexing parameter for index server resource in all URL parameters of the HTTP flow information of collection can be identified according to the occurrence number, value feature etc. of each URL parameter in the HTTP flow information gathered.Wherein, in the parameter that URL imports into, some parameters represent the index to a certain resource of server, and its parameter value identifies a concrete resource, as the record of in database, certain file, object etc., this URL parameter being used for index server resource is identified as indexing parameter.Such as url:a.com? userId=10 & errorId=0, wherein for userId parameter, its value is the index to user profile in database, the information of certain user can be inquired according to the parameter value of userId in a database, so identify that userId is indexing parameter.And for errorId parameter, its value representative be that web program is made mistakes type, the index not to a certain resource, therefore identifies that errorId parameter is not indexing parameter.
After identifying the indexing parameter for index server resource in described URL parameter, also can extract the privately owned parameter for index user private privileges further from described indexing parameter.Wherein, the resource of indexing parameter mark may be shared resource, and all users can obtain or revise this resource, and may be that certain user is privately owned, other users have authority to access yet.If the resource of certain indexing parameter mark is that specific user is privately owned, then identify that this indexing parameter is privately owned parameter.Such as url:a.com? userId=10 & articleId=1, there are two indexing parameter userId and articleId, userId parameter is the index to user profile, each user only can access oneself user profile, articleId parameter is the index of the article stored in server, and article is shared resource, and each user can access and read any article, therefore identify that userId parameter is privately owned parameter, and articleId parameter not privately owned parameter.
After identifying the indexing parameter for index server resource in described URL parameter, utilize session identification to add up specific user index of reference parameter value situation in each session, the privately owned parameter for index user private privileges can be extracted according to specific user index of reference parameter value situation in each session from described indexing parameter.
Test module 03, for the leak test operation of going beyond one's commission preset parameter privately owned described in each, determines to exist according to test result the privately owned parameter of leak of going beyond one's commission.
In horizontal unauthorized access, if user A and user B belongs to same role X, have identical Permission Levels, user A and user B can obtain respective private data (data A and data B), if but system only demonstrates the role of energy visit data, and data are not run business into particular one point or verification, cause user A can have access to the data (data B) of user B, so this behavior of user A visit data B just constitutes horizontal unauthorized access.In the present embodiment, cause going beyond one's commission by described privately owned parameter acquiring the other side private data for user the feature of leak, the leak test operation of going beyond one's commission can preset parameter privately owned described in each, the value as privately owned parameter as described in changing forms value that test access link carries out testing, changing described privately owned parameter and accesses the modes such as the private data of different user and test privately owned parameter and whether there is leak of going beyond one's commission.The privately owned parameter that there is leak of going beyond one's commission can be determined according to test result.
The present embodiment identifies the indexing parameter for index server resource in URL parameter to be detected by URL parameter information to be detected and session identification in the Preset Time of collection by preset rules, and from described indexing parameter, extract the privately owned parameter for index user private privileges; The leak test operation of going beyond one's commission preset parameter privately owned described in each determines to exist the privately owned parameter of leak of going beyond one's commission.Owing to only identifying the indexing parameter in test specification in all URL parameters, and only to the privately owned parameter extracted from described indexing parameter go beyond one's commission leak test, drastically increase detection efficiency, and can cover and detect all existence in test specification and to go beyond one's commission the URL parameter of leak, discrimination is high.
Further, in other embodiments, above-mentioned identification module 02 may be used for:
Obtain the value feature of the parameter value that URL parameter is corresponding in described HTTP flow information, value feature is met pre-conditioned URL parameter and be identified as indexing parameter, described indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to described session identification, if the different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identify that this indexing parameter is privately owned parameter, described private parameter is used for index user private privileges.
In the present embodiment, due to the parameter that indexing parameter is for index server resource, and server resource is very various, need the value of the indexing parameter of index different server resource also a lot, in a large amount of HTTP flow informations of different user, the value number of indexing parameter also can be a lot.Therefore, utilize this feature of indexing parameter, the value feature obtaining URL parameter in described HTTP flow information can be added up, value feature is met pre-conditioned URL parameter and be identified as indexing parameter.Particularly, the different value number of each URL parameter in described HTTP flow information can be added up and access the Visitor Logs number of each URL parameter; If described Visitor Logs number reaches default number, and the different value numbers of URL parameter proportion in described Visitor Logs number reaches preset ratio, then identify that this URL parameter is indexing parameter.Such as each URL parameter occurred in the HTTP flow information gathered, identify indexing parameter by following condition:
(1)n_total≥threshold 1
(2)rate≥threshold 2
Wherein, rate=n_unique/n_total, n_total are the record total number of this URL parameter of access, and n_unique is the number of the different value of this URL parameter.Threshold 1, threshold 2can arrange according to real needs, as threshold 1desirable 1000, to ensure that sample size is sufficient; Threshold 2desirable 0.1, certainly, also do not limit threshold 1, threshold 2for other values.When URL parameter satisfies condition (1), (2) simultaneously, then identify that this URL parameter is indexing parameter.As the url:a.com in the HTTP flow information for collection? userId=10 & errorId=1, respectively there are these two URL parameters of 1000 record access userId and errorId, in these 1000 records, userId parameter has 350 different values, the rate value that then userId parameter is corresponding is 0.35, and errorId parameter only has 10 different values, the rate value that then errorId parameter is corresponding is 0.01, so according to the condition for identification (1) of above-mentioned indexing parameter, (2), identify that userId parameter is indexing parameter, errorId parameter is not then indexing parameter.
And for privately owned parameter, each user only can access the parameter value of one's own resource.Session identification is a specific user in its term of validity internal labeling, and therefore, the parameter value that session identification has access within its cycle should be unique.Therefore, the different parameters value number of the average individual session access of each indexing parameter can be obtained according to described session identification, if the different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identify that this indexing parameter is privately owned parameter.Particularly, in collection HTTP flow information, the different parameters value number that each session adding up each indexing parameter is accessed, and the different parameters value number values_per_session calculating the average individual session access obtaining each indexing parameter.If values_per_session<threshold 3, then identify that this indexing parameter is privately owned parameter.In actual scene, owing to as there is attack traffic etc. in some special circumstances, the parameter value causing a session identification to have access within its cycle is also not necessarily unique, namely the value of the different parameters value number values_per_session of the average individual session access of privately owned parameter is without cease to equaling 1, but close to 1, therefore, in order to adapt to the identification to privately owned parameter in actual scene, in the present embodiment, judgment threshold threshold is set 3be 1.5, certainly, also can as required to threshold 3value adjust, in this no limit.As the url:a.com in the HTTP flow information for collection? userId=10 & articleId=1, identify two indexing parameter userId parameters and articleId parameter, userId parameter is as the index of user profile in server database, and articleId parameter is as the index of the article of server stores.The record of all access userId parameters in the HTTP flow information of statistics gatherer, by calculating individual session average access 1.05 different parameters values of userId parameter, the i.e. values_per_session=1.05 of userId parameter, that is, the session of all access userId parameters, substantially a parameter value is only accessed in each session, meets the criterion of privately owned parameter, so identify that userId parameter is privately owned parameter.Equally, for articleId parameter, count on individual session average access 6.52 different parameters values, the i.e. values_per_session=6.52 of articleId parameter, illustrate that resource and the user of this parameter value index are not one_to_one corresponding, so identify that articleId parameter is non-private parameter.
Like this, in the present embodiment, by adding up the concrete value feature of URL parameter in the described HTTP flow information gathered, identifying in described HTTP flow information and being used for the indexing parameter of index server resource.The privately owned parameter for index user private privileges is extracted again from described indexing parameter; Test and monitor to detect in web access whether there is leak of going beyond one's commission for subsequently through leak of going beyond one's commission to the privately owned parameter identified.
Further, in other embodiments, when described session identification comprises the first session identification and the second session identification, above-mentioned test module 03 may be used for:
If monitor the first HTTP request to access privately owned parameter with the first session identification, obtain the first parameter value of privately owned parameter described in session corresponding to described first session identification, and the first return information of record feedback;
If monitor the second HTTP request with the described privately owned parameter of the second session identification access, obtain the second parameter value of privately owned parameter described in session corresponding to described second session identification, and the second return information of record feedback;
Structure uses the HTTP test request of described second session identification and described first parameter value to visit described privately owned parameter, and the test return information of record feedback;
If described first return information is different from described second return information, and described test return information is identical with described first return information, then determine that described privately owned parameter exists leak of going beyond one's commission.
In the present embodiment, the privately owned parameter identified is gone beyond one's commission leak test time, can gateway device to each privately owned parameter go beyond one's commission leak test.If listen to certain HTTP request with session identification SessionId aaccess this privately owned parameter, parameter value is designated as Param a, record back page note Page a; If listen to certain HTTP request with session identification SessionId baccess this privately owned parameter, parameter value is designated as Param b, record back page note Page b.Structure HTTP request, uses session identification SessionId b, parameter value Param a, access this parameter, record back page Page bA.If Page a≠ Page b, and Page a=Page bA, then determine that this privately owned parameter exists leak of going beyond one's commission.Such as userId is the privately owned parameter identified, and is the index to user profile.At gateway device, this userId parameter is monitored, if monitor user A to have accessed parameter userId=a, user B have accessed parameter userId=b, HTTP request can be constructed, use the session identification access parameter userId=a of user B, if the information that server returns is identical with user A, so illustrate that this parameter of userId exists leak of going beyond one's commission.
By monitoring each privately owned parameter and test in the present embodiment, identifiable design goes out to exist the privately owned parameter of leak of going beyond one's commission, can cover and detect all existence in test specification and to go beyond one's commission the URL parameter of leak, can automation identify exist URL go beyond one's commission leak web application and specifically there is the URL parameter of leak.
As shown in Figure 4, second embodiment of the invention proposes the Hole Detection device of going beyond one's commission that a kind of web accesses, and on the basis of above-described embodiment, also comprises:
Display module 04, for showing the privately owned parameter that there is leak of going beyond one's commission, carries out corresponding risk fence operation for user for the privately owned parameter that there is leak of going beyond one's commission.
In the present embodiment after identifying the privately owned parameter that there is leak of going beyond one's commission, show the privately owned parameter that there is leak of going beyond one's commission, to inform that the current existence of user is gone beyond one's commission the URL parameter of leak in time, and point out user to carry out corresponding risk fence operation for the URL parameter that there is leak of going beyond one's commission, thus effectively avoid because leak of going beyond one's commission causes the sensitive data of user to leak.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.Through the above description of the embodiments, those skilled in the art can be well understood to the mode that above-described embodiment method can add required general hardware platform by software and realize, hardware can certainly be passed through, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium (as ROM/RAM, magnetic disc, CD), comprising some instructions in order to make a station terminal equipment (can be mobile phone, computer, server, or the network equipment etc.) perform method described in each embodiment of the present invention.
These are only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.

Claims (10)

1. a leak detection method of going beyond one's commission for web access, is characterized in that, said method comprising the steps of:
Gather HTTP flow information to be detected in Preset Time, described HTTP flow information comprises URL parameter information and session identification, and wherein, described URL parameter information comprises URL parameter and parameter value;
Identify the indexing parameter for index server resource in described URL parameter according to described URL parameter information and session identification by preset rules, and from described indexing parameter, extract the privately owned parameter for index user private privileges;
To the leak test operation of going beyond one's commission that parameter privately owned described in each is preset, determine to exist according to test result the privately owned parameter of leak of going beyond one's commission.
2. the leak detection method of going beyond one's commission of web access as claimed in claim 1, it is characterized in that, describedly identify the indexing parameter for index server resource in described URL parameter according to described URL parameter information and session identification by preset rules, and the step extracted from described indexing parameter for the privately owned parameter of index user private privileges comprises:
Obtain the value feature of the parameter value that URL parameter is corresponding in described HTTP flow information, value feature is met pre-conditioned URL parameter and be identified as indexing parameter, described indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to described session identification, if the different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identify that this indexing parameter is privately owned parameter, described private parameter is used for index user private privileges.
3. the leak detection method of going beyond one's commission of web access as claimed in claim 2, it is characterized in that, the value feature of the parameter value that URL parameter is corresponding in described acquisition described HTTP flow information, meets the step that pre-conditioned URL parameter is identified as indexing parameter and comprises by value feature:
Add up the different value number of each URL parameter in described HTTP flow information and access the Visitor Logs number of each URL parameter;
If described Visitor Logs number reaches default number, and the different value numbers of URL parameter proportion in described Visitor Logs number reaches preset ratio, then identify that this URL parameter is indexing parameter.
4. the leak detection method of going beyond one's commission of web access as claimed in claim 1, it is characterized in that, when described session identification comprises the first session identification and the second session identification, the described leak test operation of going beyond one's commission that parameter privately owned described in each is preset, determine to exist according to test result the go beyond one's commission step of privately owned parameter of leak and comprise:
If monitor the first HTTP request to access privately owned parameter with the first session identification, obtain the first parameter value of privately owned parameter described in session corresponding to described first session identification, and the first return information of record feedback;
If monitor the second HTTP request with the described privately owned parameter of the second session identification access, obtain the second parameter value of privately owned parameter described in session corresponding to described second session identification, and the second return information of record feedback;
Structure uses the HTTP test request of described second session identification and described first parameter value to visit described privately owned parameter, and the test return information of record feedback;
If described first return information is different from described second return information, and described test return information is identical with described first return information, then determine that described privately owned parameter exists leak of going beyond one's commission.
5. the leak detection method of going beyond one's commission of web access as claimed in claim 1, it is characterized in that, the described leak test operation of going beyond one's commission that parameter privately owned described in each is preset, according to test result determine to exist go beyond one's commission leak privately owned parameter step after also comprise:
Show the privately owned parameter that there is leak of going beyond one's commission, carry out corresponding risk fence operation for user for the privately owned parameter that there is leak of going beyond one's commission.
6. a Hole Detection device of going beyond one's commission for web access, is characterized in that, the Hole Detection device of going beyond one's commission of described web access comprises:
Acquisition module, for gathering HTTP flow information to be detected in Preset Time, described HTTP flow information comprises URL parameter information and session identification, and wherein, described URL parameter information comprises URL parameter and parameter value;
Identification module, for identifying the indexing parameter for index server resource in described URL parameter according to described URL parameter information and session identification by preset rules, and extracts the privately owned parameter for index user private privileges from described indexing parameter;
Test module, for the leak test operation of going beyond one's commission preset parameter privately owned described in each, determines to exist according to test result the privately owned parameter of leak of going beyond one's commission.
7. the Hole Detection device of going beyond one's commission of web access as claimed in claim 6, is characterized in that, described identification module specifically for:
Obtain the value feature of the parameter value that URL parameter is corresponding in described HTTP flow information, value feature is met pre-conditioned URL parameter and be identified as indexing parameter, described indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to described session identification, if the different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identify that this indexing parameter is privately owned parameter, described private parameter is used for index user private privileges.
8. the Hole Detection device of going beyond one's commission of web access as claimed in claim 7, is characterized in that, described identification module specifically for:
Add up the different value number of each URL parameter in described HTTP flow information and access the Visitor Logs number of each URL parameter;
If described Visitor Logs number reaches default number, and the different value numbers of URL parameter proportion in described Visitor Logs number reaches preset ratio, then identify that this URL parameter is indexing parameter.
9. the Hole Detection device of going beyond one's commission of web access as claimed in claim 6, is characterized in that, when described session identification comprises the first session identification and the second session identification, described test module specifically for:
If monitor the first HTTP request to access privately owned parameter with the first session identification, obtain the first parameter value of privately owned parameter described in session corresponding to described first session identification, and the first return information of record feedback;
If monitor the second HTTP request with the described privately owned parameter of the second session identification access, obtain the second parameter value of privately owned parameter described in session corresponding to described second session identification, and the second return information of record feedback;
Structure uses the HTTP test request of described second session identification and described first parameter value to visit described privately owned parameter, and the test return information of record feedback;
If described first return information is different from described second return information, and described test return information is identical with described first return information, then determine that described privately owned parameter exists leak of going beyond one's commission.
10. the Hole Detection device of going beyond one's commission of web access as claimed in claim 6, is characterized in that, also comprise:
Display module, for showing the privately owned parameter that there is leak of going beyond one's commission, carries out corresponding risk fence operation for user for the privately owned parameter that there is leak of going beyond one's commission.
CN201510728727.6A 2015-10-30 2015-10-30 Go beyond one's commission leak detection method and the device of web access Active CN105357195B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510728727.6A CN105357195B (en) 2015-10-30 2015-10-30 Go beyond one's commission leak detection method and the device of web access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510728727.6A CN105357195B (en) 2015-10-30 2015-10-30 Go beyond one's commission leak detection method and the device of web access

Publications (2)

Publication Number Publication Date
CN105357195A true CN105357195A (en) 2016-02-24
CN105357195B CN105357195B (en) 2019-06-14

Family

ID=55333059

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510728727.6A Active CN105357195B (en) 2015-10-30 2015-10-30 Go beyond one's commission leak detection method and the device of web access

Country Status (1)

Country Link
CN (1) CN105357195B (en)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027528A (en) * 2016-05-24 2016-10-12 微梦创科网络科技(中国)有限公司 WEB horizontal authority automatic identification method and device
CN106101082A (en) * 2016-05-31 2016-11-09 乐视控股(北京)有限公司 authority leak detection method and device
CN106713347A (en) * 2017-01-18 2017-05-24 国网江苏省电力公司电力科学研究院 Method for detecting unauthorized access vulnerability of power mobile application
CN107294919A (en) * 2016-03-31 2017-10-24 阿里巴巴集团控股有限公司 A kind of detection method and device of horizontal authority leak
CN107547490A (en) * 2016-06-29 2018-01-05 阿里巴巴集团控股有限公司 A kind of scanner recognition method, apparatus and system
CN107577949A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A kind of Web goes beyond one's commission leak detection method and system
CN107920062A (en) * 2017-11-03 2018-04-17 北京知道创宇信息技术有限公司 A kind of construction method and computing device of service logic Attack Detection Model Based
CN108228791A (en) * 2017-12-29 2018-06-29 北京奇虎科技有限公司 The recognition methods of data and device
CN108334758A (en) * 2017-01-20 2018-07-27 中国移动通信集团山西有限公司 A kind of detection method, device and the equipment of user's ultra vires act
CN108667770A (en) * 2017-03-29 2018-10-16 腾讯科技(深圳)有限公司 A kind of loophole test method, server and the system of website
WO2018188558A1 (en) * 2017-04-11 2018-10-18 腾讯科技(深圳)有限公司 Method and apparatus for identifying account permission
CN108769070A (en) * 2018-06-30 2018-11-06 平安科技(深圳)有限公司 One kind is gone beyond one's commission leak detection method and device
CN108833365A (en) * 2018-05-24 2018-11-16 杭州默安科技有限公司 A kind of service logic leak detection method and its system based on flow
CN108875368A (en) * 2017-05-10 2018-11-23 北京金山云网络技术有限公司 A kind of safety detection method, apparatus and system
CN108932426A (en) * 2018-06-27 2018-12-04 平安科技(深圳)有限公司 It goes beyond one's commission leak detection method and device
CN110135166A (en) * 2019-05-08 2019-08-16 北京国舜科技股份有限公司 A kind of detection method and system for the attack of service logic loophole
CN110581835A (en) * 2018-06-11 2019-12-17 阿里巴巴集团控股有限公司 Vulnerability detection method and device and terminal equipment
CN111107052A (en) * 2019-11-04 2020-05-05 广发银行股份有限公司 Method, apparatus, computer device and storage medium for identifying unauthorized detection points
CN111209565A (en) * 2020-01-08 2020-05-29 招商银行股份有限公司 Horizontal override vulnerability detection method, equipment and computer readable storage medium
CN111416811A (en) * 2020-03-16 2020-07-14 携程旅游信息技术(上海)有限公司 Unauthorized vulnerability detection method, system, equipment and storage medium
CN111427774A (en) * 2020-03-09 2020-07-17 深圳开源互联网安全技术有限公司 Request parameter modification method and system for application program test case
CN111949548A (en) * 2020-08-24 2020-11-17 福建国信立联信息科技有限公司 Automatic unauthorized penetration testing method and storage device
CN112118259A (en) * 2020-09-17 2020-12-22 四川长虹电器股份有限公司 Unauthorized vulnerability detection method based on classification model of lifting tree
CN113111951A (en) * 2021-04-20 2021-07-13 浙江网商银行股份有限公司 Data processing method and device
CN113590461A (en) * 2021-06-01 2021-11-02 的卢技术有限公司 Automobile user data override test method based on folder
CN114826717A (en) * 2022-04-18 2022-07-29 深信服科技股份有限公司 Abnormal access detection method and device, electronic equipment and storage medium
CN115664743A (en) * 2022-10-17 2023-01-31 浙江网商银行股份有限公司 Behavior detection method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145930A1 (en) * 2009-12-14 2011-06-16 International Business Machines Corporation Method, Program Product and Server for Controlling a Resource Access to an Electronic Resource Stored Within a Protected Data
CN104301302A (en) * 2014-09-12 2015-01-21 深信服网络科技(深圳)有限公司 Unauthorized attack detection method and device
CN104519070A (en) * 2014-12-31 2015-04-15 北京奇虎科技有限公司 Method and system for detecting website permission vulnerabilities

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145930A1 (en) * 2009-12-14 2011-06-16 International Business Machines Corporation Method, Program Product and Server for Controlling a Resource Access to an Electronic Resource Stored Within a Protected Data
CN104301302A (en) * 2014-09-12 2015-01-21 深信服网络科技(深圳)有限公司 Unauthorized attack detection method and device
CN104519070A (en) * 2014-12-31 2015-04-15 北京奇虎科技有限公司 Method and system for detecting website permission vulnerabilities

Cited By (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294919A (en) * 2016-03-31 2017-10-24 阿里巴巴集团控股有限公司 A kind of detection method and device of horizontal authority leak
CN106027528A (en) * 2016-05-24 2016-10-12 微梦创科网络科技(中国)有限公司 WEB horizontal authority automatic identification method and device
CN106027528B (en) * 2016-05-24 2019-07-12 微梦创科网络科技(中国)有限公司 A kind of method and device of the horizontal permission automatic identification of WEB
CN106101082A (en) * 2016-05-31 2016-11-09 乐视控股(北京)有限公司 authority leak detection method and device
CN107547490B (en) * 2016-06-29 2020-12-04 阿里巴巴集团控股有限公司 Scanner identification method, device and system
CN107547490A (en) * 2016-06-29 2018-01-05 阿里巴巴集团控股有限公司 A kind of scanner recognition method, apparatus and system
CN106713347A (en) * 2017-01-18 2017-05-24 国网江苏省电力公司电力科学研究院 Method for detecting unauthorized access vulnerability of power mobile application
CN106713347B (en) * 2017-01-18 2019-06-11 国网江苏省电力公司电力科学研究院 A kind of electric power mobile application unauthorized access leak detection method
CN108334758A (en) * 2017-01-20 2018-07-27 中国移动通信集团山西有限公司 A kind of detection method, device and the equipment of user's ultra vires act
CN108667770A (en) * 2017-03-29 2018-10-16 腾讯科技(深圳)有限公司 A kind of loophole test method, server and the system of website
CN108696490A (en) * 2017-04-11 2018-10-23 腾讯科技(深圳)有限公司 The recognition methods of account permission and device
WO2018188558A1 (en) * 2017-04-11 2018-10-18 腾讯科技(深圳)有限公司 Method and apparatus for identifying account permission
CN108875368A (en) * 2017-05-10 2018-11-23 北京金山云网络技术有限公司 A kind of safety detection method, apparatus and system
CN107577949A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A kind of Web goes beyond one's commission leak detection method and system
CN107920062A (en) * 2017-11-03 2018-04-17 北京知道创宇信息技术有限公司 A kind of construction method and computing device of service logic Attack Detection Model Based
CN107920062B (en) * 2017-11-03 2020-06-05 北京知道创宇信息技术股份有限公司 Construction method of business logic attack detection model and computing equipment
CN108228791A (en) * 2017-12-29 2018-06-29 北京奇虎科技有限公司 The recognition methods of data and device
CN108833365A (en) * 2018-05-24 2018-11-16 杭州默安科技有限公司 A kind of service logic leak detection method and its system based on flow
CN108833365B (en) * 2018-05-24 2021-06-15 杭州默安科技有限公司 Traffic-based service logic vulnerability detection method and system
CN110581835B (en) * 2018-06-11 2022-04-12 阿里巴巴集团控股有限公司 Vulnerability detection method and device and terminal equipment
CN110581835A (en) * 2018-06-11 2019-12-17 阿里巴巴集团控股有限公司 Vulnerability detection method and device and terminal equipment
WO2020000723A1 (en) * 2018-06-27 2020-01-02 平安科技(深圳)有限公司 Ultra vires vulnerability detection method and device
CN108932426A (en) * 2018-06-27 2018-12-04 平安科技(深圳)有限公司 It goes beyond one's commission leak detection method and device
CN108932426B (en) * 2018-06-27 2022-05-03 平安科技(深圳)有限公司 Unauthorized vulnerability detection method and device
WO2020000749A1 (en) * 2018-06-30 2020-01-02 平安科技(深圳)有限公司 Method and apparatus for detecting unauthorized vulnerabilities
CN108769070A (en) * 2018-06-30 2018-11-06 平安科技(深圳)有限公司 One kind is gone beyond one's commission leak detection method and device
CN110135166B (en) * 2019-05-08 2021-03-30 北京国舜科技股份有限公司 Detection method and system for service logic vulnerability attack
CN110135166A (en) * 2019-05-08 2019-08-16 北京国舜科技股份有限公司 A kind of detection method and system for the attack of service logic loophole
CN111107052A (en) * 2019-11-04 2020-05-05 广发银行股份有限公司 Method, apparatus, computer device and storage medium for identifying unauthorized detection points
CN111209565A (en) * 2020-01-08 2020-05-29 招商银行股份有限公司 Horizontal override vulnerability detection method, equipment and computer readable storage medium
CN111427774A (en) * 2020-03-09 2020-07-17 深圳开源互联网安全技术有限公司 Request parameter modification method and system for application program test case
CN111416811A (en) * 2020-03-16 2020-07-14 携程旅游信息技术(上海)有限公司 Unauthorized vulnerability detection method, system, equipment and storage medium
CN111416811B (en) * 2020-03-16 2022-07-22 携程旅游信息技术(上海)有限公司 Unauthorized vulnerability detection method, system, equipment and storage medium
CN111949548A (en) * 2020-08-24 2020-11-17 福建国信立联信息科技有限公司 Automatic unauthorized penetration testing method and storage device
CN111949548B (en) * 2020-08-24 2022-08-26 福建国信立联科技集团有限公司 Automatic unauthorized penetration testing method and storage device
CN112118259A (en) * 2020-09-17 2020-12-22 四川长虹电器股份有限公司 Unauthorized vulnerability detection method based on classification model of lifting tree
CN112118259B (en) * 2020-09-17 2022-04-15 四川长虹电器股份有限公司 Unauthorized vulnerability detection method based on classification model of lifting tree
CN113111951A (en) * 2021-04-20 2021-07-13 浙江网商银行股份有限公司 Data processing method and device
CN113590461A (en) * 2021-06-01 2021-11-02 的卢技术有限公司 Automobile user data override test method based on folder
CN113590461B (en) * 2021-06-01 2024-04-23 的卢技术有限公司 Test method for realizing override of automobile user data based on fidder
CN114826717A (en) * 2022-04-18 2022-07-29 深信服科技股份有限公司 Abnormal access detection method and device, electronic equipment and storage medium
CN114826717B (en) * 2022-04-18 2024-02-23 深信服科技股份有限公司 Abnormal access detection method and device, electronic equipment and storage medium
CN115664743A (en) * 2022-10-17 2023-01-31 浙江网商银行股份有限公司 Behavior detection method and device

Also Published As

Publication number Publication date
CN105357195B (en) 2019-06-14

Similar Documents

Publication Publication Date Title
CN105357195A (en) Unauthorized web access vulnerability detecting method and device
CN104301302B (en) Go beyond one&#39;s commission attack detection method and device
CN103179132B (en) A kind of method and device detecting and defend CC attack
CN107579956B (en) User behavior detection method and device
CN107465651A (en) Network attack detecting method and device
CN103368957B (en) Method and system that web page access behavior is processed, client, server
CN105930727A (en) Web-based crawler identification algorithm
CN109039987A (en) A kind of user account login method, device, electronic equipment and storage medium
CN106888211A (en) The detection method and device of a kind of network attack
CN107483563A (en) The data query method and apparatus and client and server of anti-reptile
CN103905372A (en) Method and device for removing false alarm of phishing website
CN107888605A (en) A kind of Internet of Things cloud platform traffic security analysis method and system
CN106534146A (en) Safety monitoring system and method
CN108206769B (en) Method, apparatus, device and medium for filtering network quality alarms
CN104202291A (en) Anti-phishing method based on multi-factor comprehensive assessment method
CN107733699B (en) Internet asset security management method, system, device and readable storage medium
CN104391953B (en) Detect the method and device of webpage renewal
CN109831429A (en) A kind of Webshell detection method and device
CN107800686A (en) A kind of fishing website recognition methods and device
CN108768921A (en) A kind of malicious web pages discovery method and system of feature based detection
CN104486320B (en) Intranet sensitive information leakage evidence-obtaining system and method based on sweet network technology
CN107332804A (en) The detection method and device of webpage leak
CN107528812A (en) A kind of attack detection method and device
CN102984003A (en) Network access detection system and network access detection method
CN104639387B (en) A kind of user network behavior tracking method and apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 518000 the first floor of A1 building, Nanshan Zhiyuan 1001, Nanshan District Xue Yuan Avenue, Shenzhen, Guangdong.

Applicant after: SINFOR Polytron Technologies Inc

Address before: 518052 the first floor of A1 building, Nanshan Zhiyuan 1001, Nanshan District Xue Yuan Avenue, Shenzhen, Guangdong.

Applicant before: Shenxinfu Electronics Science and Technology Co., Ltd., Shenzhen

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant