JP3896486B2 - Website inspection equipment - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a technique for inspecting a device, and more particularly to a technique for inspecting a vulnerability inherent in a website that provides content via a network.
[0002]
[Prior art]
With the development of network technology, the number of network users is increasing, for example, for the use of e-mail and browsing of websites. The use of such networks is now spreading into daily life as a natural means of acquiring information. In addition to the increase in the number of users, the number of websites providing various services is also increasing. Many of these websites handle personal information of users, such as shopping sites, and provide services for each user.
[0003]
Originally, such a website needs to be designed and created in consideration of security so that personal information is not leaked, but there are actually many websites with defects. A person who intentionally attacks a website, such as a hacker or cracker, finds a defect in the website, and performs an attack such as impersonation or cross-site scripting to steal personal information.
[0004]
In recent years, the problem of leakage of personal information on websites has been frequently investigated, and the problem has not been reduced in spite of the fact that the attack method has been made public. Security flaws that cause these problems are often fundamental errors when developing and creating web applications, for example. In addition, there are some websites that are operated with neglected defects even though there are defects that may cause leakage of personal information due to lack of awareness of problems of website operators.
[0005]
As a technology to prevent such leakage of personal information, IDS (Intruder Detection System) that detects attacks by comparing known attack patterns with actual communication patterns and notifies site administrators, and known attack patterns There is a technique for detecting the presence or absence of vulnerability by setting a website to be inspected for the purpose of testing (Patent Document 1).
[0006]
[Patent Document 1]
US Pat. No. 6,311,278
[0007]
[Problems to be solved by the invention]
However, these security countermeasure techniques target a known attack, and cannot be prevented when attacked with a new pattern. Further, in the technique disclosed in Patent Document 1, since an attack is directly performed on a website to be inspected, if there is a vulnerability in the website to be investigated, it is expected to check that website for inspection. Can cause undue damage.
[0008]
The present invention has been made in view of the above-mentioned problems, and the purpose thereof is a technique for inspecting a vulnerability inherent in a website, a technique for determining a vulnerability without launching an attack on the website, and an objective. It is to provide a technique for evaluating the safety of a website based on a standard. A secondary purpose is to provide an inspection technique that avoids an inspection method that can be regarded as so-called unauthorized access. Yet another object is to provide a technique for an individual who actually intends to use a website to confirm the safety of the website at an individual level prior to the use.
[0009]
[Means for Solving the Problems]
  The present inventionAccording to the obtained by repeating the process of obtaining the web page of the website from the clientCommunication between website and clientMultipleAn acquisition unit to acquire;pluralIncluded in communication contentWhen various parameters satisfy the specified conditions, perform processing to add points in association with the parameters, and select parameters with high total points.websiteAndSession tracking parameters that identify sessions with clientsWhen it is likelyAn estimation unit for estimation;Based on the data structure or transmission format of parameters estimated by the estimator as likely to be session tracking parameters, or based on communication results when communicating with websites using or deleting parametersAn analysis unit for analyzingAn inspection apparatus for a website is provided.Thereby, since this apparatus can analyze the vulnerability of a website indirectly based on the session tracking parameter included in the communication content, the website is not adversely affected by the inspection action.
[0010]
  Also,Thereby, it is possible to extract a parameter that is highly likely to be used as a session tracking parameter from various parameters included in the communication content.
  The estimation unit determines whether or not the parameter satisfies a predetermined condition based on a region where each parameter exists, a character string included in each parameter, or a communication result when communication is performed with a website after deleting each parameter. Can be determined.
  The estimator determines that each parameter is in the Authorization field, if each parameter is in a cookie set at logout, if each parameter is in a cookie with the secure flag set, each parameter is In the case of a parameter name that includes a specific character string, if it is confirmed that the personal information screen will not be displayed if each parameter is deleted, each parameter is included in the screen immediately after login, or each parameter is When one of the cases where the request for displaying a screen for displaying personal information is always included is confirmed, a process of adding points in association with the parameter can be performed.
  The apparatus of the present invention may further include an instruction unit that instructs a user to log in to a website, obtain a web page including personal information on the website, and obtain a plurality of web pages on the website. The unit can acquire the communication content while the user is communicating with the website from the client in response to the instruction from the instruction unit.
[0011]
  The estimation unit includesIn a session between the website and the client,Includes personal informationA specific part that identifies a web page as a page of interestThe parameter included in the web page identified as the page of interest by the identifying unit.High priorityCan.Thereby, session tracking parameters can be further narrowed down. The “attention page” is a web page to which information that originally specifies a session, such as a login screen and a personal information setting screen, should be added.
[0012]
  SaidThe estimation unit performs a session between the website and the client.Web pages that contain a given stringThe specific part specified as an attention page can be included, and the parameter included in the web page specified as the attention page by the specification part can be given high priority.Thereby, the specific | specification part can specify an attention page based on communication content.
[0013]
  This deviceThe user specifies a web page that is likely to contain the session tracking parameters.Accepting receptionThe estimating unit may further include a specifying unit that specifies the web page that the receiving unit has received the designation as a page of interest, and the web page specified as the page of interest by the specifying unit. High priority can be given to the included parameters.As a result, the page of interest can be identified based on the user's instructions, so that the page of interest can be identified even if personal information is included in the web page in a format that is difficult to identify automatically, such as personal photos. .
[0015]
  This device,PiecesA storage unit that holds human informationCan further includeThe analysis unitThe estimator estimated that the session tracking parameter is highly likelyParameterStored in the storage unitDetermine whether the personal information is includedWhen the personal information is included, it can be analyzed that the website has a vulnerability.Thereby, this apparatus can judge whether a session tracking parameter can be estimated easily.
[0016]
  The analysis unitThe estimator estimated that the session tracking parameter is highly likelyWhether the parameter has regularity, With the websiteIncluded in a series of communication contentsConcernedJudgment based on parametersWhen the parameter has regularity, it can be analyzed that the website has a vulnerability.Thereby, this apparatus can judge whether a session tracking parameter can be estimated easily based on transition of the value of the session tracking parameter contained in a series of communication contents.
[0017]
The apparatus may further include a determination unit that determines a transmission format of the session tracking parameter. Thereby, this apparatus can judge the vulnerability which may arise according to a transmission format.
[0018]
The apparatus may further include a providing unit that provides different comments to the client according to the determined transmission format. Thereby, this apparatus can present a user with an analysis result as a comment.
[0019]
  The present inventionAccording to the above, obtained by repeating the process of acquiring the web page of the website from the clientWebsite andSaidCommunication contents with clientMultipleAn acquisition unit to acquire;When various parameters included in the plurality of communication contents satisfy a predetermined condition, a process of adding points in association with the parameters is performed, and the parameters having a high total score of the points areSession tracking parameters that identify sessions between the website and the clientWhen it is likelyAn estimation unit for estimation;The estimation unit selects the parameter estimated to be likely to be the session tracking parameter as a verification parameter, removes the verification parameter, performs communication to the web page, and based on the communication result, the verification parameter is Whether it is the session tracking parameterA verification unit to verify;An inspection apparatus for a website is provided.Thereby, this apparatus can verify the correctness of the session tracking parameter extracted from the communication content.
  The estimation unit determines whether or not the parameter satisfies a predetermined condition based on a region where each parameter exists, a character string included in each parameter, or a communication result when communication is performed with a website after deleting each parameter. Can be determined.
  The estimator determines that each parameter is in the Authorization field, if each parameter is in a cookie set at logout, if each parameter is in a cookie with the secure flag set, each parameter is In the case of a parameter name that includes a specific character string, if it is confirmed that the personal information screen will not be displayed if each parameter is deleted, each parameter is included in the screen immediately after login, or each parameter is When one of the cases where the request for displaying a screen for displaying personal information is always included is confirmed, a process of adding points in association with the parameter can be performed.
[0020]
  The verification unitThe verificationDelete the parameter from the request message to be sent to the websiteTo generate a new request messageEditing department toThe new generated by the editing unitWhen the web page that should have been acquired cannot be acquired by the request messageAnd the verification parameter is the session tracking parameterJudgment part to judge, Can have.Thereby, the estimated session tracking parameter can be removed from the request message, and a new request message can be generated.
[0021]
  This deviceInIn the determination unitWhen it is determined that the verification parameter is not the session tracking parameter, the verification unit selects, as the verification parameter, the parameter that is estimated to be next likely to be the session tracking parameter by the estimation unit. The verification is performed, and this process can be repeated until the determination unit determines that the verification parameter is the session tracking parameter.As a result, a correct session tracking parameter can be identified from among a plurality of session tracking parameter candidates.
[0022]
  This deviceFrom the userThe verification unitAccept the verification of the verification byPermission sectionCan further includeThe verification unit, when permitted by the user,Verification can be performed.Thereby, this apparatus can perform a verification process under the user's recognition. That is, the inspection act is not recognized as unauthorized access.
[0023]
  The apparatus further includes a storage unit that holds personal information, and the determination unit includes:It is determined whether or not a web page including personal information can be acquired by the new request message, and when the web page including personal information cannot be acquired, the verification parameter is the session tracking parameter. Can be determined.
[0024]
  Of the present inventionThe apparatus includes a parameter corresponding to the session tracking parameter when logging in to the website using personal information of the first user, and a web page including the personal information of the first user from the website Second communication contents between the first storage unit for storing the first request message for obtaining the information and the website when logging in to the website using the personal information of the second user The parameter included in the second communication content is obtained by replacing the parameter corresponding to the session tracking parameter included in the first request message with the session tracking parameter included in the second communication content. Including a replacement unit that generates a second request message including the second request message generated by the replacement unit. A determination unit that determines whether a web page including information related to the first user can be acquired from the website by an est message, and the analysis unit includes the determination unit When it is determined that the web page can be acquired, it can be analyzed that the web page is vulnerable.Thereby, this apparatus can verify the vulnerability with respect to the impersonation act of the 3rd party by the malfunction of the access control inherent in a website.
[0025]
  The web page may be a session with the client by logging into the website using personal information of a user from the client,This deviceIn a session between the website and the client, a specifying unit that specifies a web page including personal information, and after the client logs out from the website, the estimation unit is likely to be the session tracking parameter. A determination unit that determines whether the web page specified by the specifying unit can be reproduced using the estimated parameter, and the analysis unit includes the determination unit that determines whether the web page When it is determined that the page can be reproduced, it can be analyzed that the web page is vulnerable.Thereby, the logout function in the website can be inspected.
[0026]
  The web page may be a session with the client by logging in to the website using the personal information of the user from the client, and the device includes the website, the client, and the client. In the session, a specific unit for identifying a web page including personal information and an elapsed time after the session between the client and the website is interrupted while the client is not logged out of the website The analysis unit may further include a measurement unit, and a determination unit that determines whether or not the web page specified by the specifying unit can be reproduced after the elapsed time exceeds a predetermined threshold. When the determination unit determines that the web page can be reproduced, the It can be analyzed and the weak exists.Thereby, the timeout function in a website can be inspected.
[0027]
It should be noted that any combination of the above-described constituent elements and a conversion of the expression of the present invention between a method, an apparatus, a system, a recording medium, a computer program, etc. are also effective as an aspect of the present invention.
[0028]
DETAILED DESCRIPTION OF THE INVENTION
The inspection system according to the embodiment does not actually attack a website like a known system, and its operation is basically performed at an individual level. Therefore, by installing the inspection system according to the embodiment in various locations in a distributed manner, more individuals can voluntarily use the system as much as possible for the purpose of ensuring the safety of their access. Is the basic form. This also produces the following side effects.
1. The habit of ensuring the safety of individuals at their own responsibility will be widened, and will be an opportunity to raise awareness of security at the national level.
2. Websites are constantly inspected by a large number of individuals, and sites with low security consciousness must be deceived. As a result, this is an opportunity for consciousness reform on the site management side.
[0029]
FIG. 1 is a configuration diagram of an inspection system 10 according to an embodiment. The website 50 is a site to be inspected, and provides content to the browser 14 via the network 12. The inspection apparatus 100 functions as a proxy for the browser 14, relays communication between the browser 14 and the website 50, and acquires communication contents. And the inspection apparatus 100 judges the vulnerability of the website 50 based on the communication content. The browser 14 and the inspection apparatus 100 may be formed on the same computer by executing a predetermined program, or may be formed on different computers.
[0030]
In general, communication between the browser 14 and the website 50 is performed based on HTTP (Hyper Text Transfer Protocol). When acquiring content according to HTTP, the browser 14 transmits a request message 20 to the website 50. Then, the website 50 transmits a response message 22 in response to the request message 20. When communication is performed according to HTTP, a request and a response are communication units (hereinafter simply referred to as “access”). For this reason, when providing content that spans multiple web pages for each user, such as a shopping site, it is necessary to manage the web pages being provided for each user. That is, it is necessary to manage a series of accesses (hereinafter simply referred to as “sessions”) for providing content to the user. As a management method, it is common to assign identification information for each session.
[0031]
FIG. 2 is an internal configuration diagram of the website 50 of FIG. The website 50 is formed by causing an arbitrary computer to execute a predetermined program, and a single website may be formed on a single computer, or a plurality of websites may be formed. The web server 58 provides content according to HTTP. The normal content storage unit 56 stores, for example, HTML content. The web server 58 reads the content requested via the network 12 from the normal content storage unit 56 and transmits it.
[0032]
For example, the web application 54 forms a web page for each user based on the personal information stored in the personal information storage unit 52. Then, the web page generated for each user is provided to the user via the web server 58. Examples of sites that provide web pages for each user include shopping sites, personal schedule management sites, and web mail sites. Since the website 50 handling such personal information provides a web page for each user, it is necessary to assign identification information (hereinafter simply referred to as “session tracking parameter”) for each session.
[0033]
In general, the vulnerability of a website is mainly caused by a bug inherent in the web server 58 or a bug inherent in the web application 54. The web application 54 is, for example, CGI or JSP (trademark), and often includes bugs due to design errors or developer errors during development. The inspection apparatus 100 in FIG. 1 mainly analyzes vulnerabilities inherent in the web application 54. Many of the vulnerabilities in the web application 54 are mostly related to poor access control functions caused by, for example, mishandling of session tracking parameters.
[0034]
For example, if the value of the session tracking parameter does not change from session to session, the user's personal information is included, or if it is easy to guess, a malicious person can acquire personal information by impersonating the original user. Or receive services on behalf of the original user. The vulnerability inherent in the web application 54 can be analyzed based on session tracking parameters included in the content of communication performed between the website 50 and the browser 14 of FIG.
[0035]
FIG. 3 is a diagram illustrating an example of the data structure of the request message 20 of FIG. The request message 20 has a request header 24 and a request body 26. The session tracking parameter 28 is identification information assigned for each session, and is set in a cookie in this figure. In another example, the session tracking parameter 28 may be embedded in either the request body 26, the URL (Uniform Resource Locator) or the Authentication field in the request header 24. The user ID 30 is information indicating a user ID in the website 50, for example.
[0036]
FIG. 4 is a diagram illustrating an example of a data structure of the response message 22 in FIG. The response message 22 has a response header 32 and a response body 34. A command for setting a new session tracking parameter 36 in a cookie is added to the response header 32 in this figure. From the parameters such as the session tracking parameter 28 in FIG. 3 and the session tracking parameter 36 in FIG. 4, the handling status of the session tracking parameter in the website 50 can be determined.
[0037]
In this example, it can be seen that the website 50 generates the session tracking parameter by combining the incremented value and the user ID every time a session is performed. Since it is easy to estimate such session tracking parameters, the website 50 can determine that personal information may be leaked due to unauthorized access. In this manner, the vulnerability inherent in the website 50 can be analyzed based on the session tracking parameters included in the request message 20 and the response message 22 (hereinafter simply referred to as “communication content”). Since the inspection device 100 in FIG. 1 determines the vulnerability of the website 50 based on the communication content, it does not attack the website 50 unlike the conventional inspection device. For this reason, the website 50 is not damaged. Further, not only a known vulnerability can be determined as in a conventional inspection apparatus, but also an inherent vulnerability inherent in the website 50 can be analyzed.
[0038]
FIG. 5 is an internal configuration diagram of the inspection apparatus 100 of FIG. Each component of the inspection apparatus 100 is, as far as a hardware component, a CPU of an arbitrary computer, a memory, a program for realizing the components shown in the figure loaded in the memory, a storage unit such as a hard disk for storing the program, It is realized mainly by a network connection interface, a facsimile communication modem, and the like, but it is understood by those skilled in the art that there are various modifications in the implementation method and apparatus. Each figure to be described below shows functional unit blocks, not hardware unit configurations.
[0039]
The acquisition unit 150 acquires the communication content between the website 50 and the browser 14 and stores the acquired communication content in the communication content storage unit 102. The estimation unit 200 estimates a session tracking parameter candidate based on the communication content held in the communication content storage unit 102, and outputs it to the analysis unit 300. The analysis unit 300 analyzes vulnerabilities inherent in the website 50 based on session tracking parameters and the like. The verification unit 400 verifies whether the session tracking parameter estimated by the estimation unit 200 is correct. Although details of the test contents will be described later, the test unit 350 tests various functions related to session tracking parameters such as a logout function and a timeout function in the website 50, for example.
[0040]
The personal information storage unit 104 holds personal information such as a user ID and password in the website 50 used for inspection. The inspection control unit 106 controls each of the acquisition unit 150, the analysis unit 300, the estimation unit 200, and the verification unit 400. In addition, the inspection control unit 106 provides an operation instruction received from the user via the operation receiving unit 108 to a unit that requires the instruction. In addition, the inspection control unit 106 outputs information for displaying an operation screen, analysis results, and the like to the display processing unit 110. The display processing unit 110 displays the information on the display unit.
[0041]
FIG. 6 is a diagram illustrating an example of a data structure in the personal information storage unit 104 of FIG. In the present embodiment, the personal information storage unit 104 holds personal information in an XML (eXtensible Markup Language) format. The user information column 500 holds personal information for two users. The first user information column 502 holds the personal information of the first user. The second user information column 504 holds personal information of the second user. The personal information column 506 holds individual user information such as a user ID, password, name, address, e-mail address, telephone number, credit card number, and the like. The personal information column 506 includes a damage value column 508 that holds information relating to a risk caused by leakage, an item column 510 that holds a keyword that specifies the type of personal information, and a value column 512 that holds user information specified by the keyword. And have. Although details will be described later, the vulnerability of the website 50 can be analyzed based on whether or not such personal information is included in the communication content.
[0042]
FIG. 7 is an internal block diagram of the acquisition unit 150 of FIG. The first determination unit 152 and the second determination unit 156 determine whether or not the communication content is encrypted by, for example, HTTPS (Hyper Text Transfer Protocol over SSL). When the communication content is encrypted, the first encryption / decryption unit 158 and the second encryption / decryption unit 159 decrypt the communication content. In addition, the first encryption / decryption unit 158 and the second encryption / decryption unit 159 encrypt communication contents as necessary. The extraction unit 154 of the acquisition unit 150 extracts predetermined information such as information used for inspection from the communication content and outputs the extracted information to the storage processing unit 160. The storage processing unit 160 stores individual information in the communication content storage unit 102. For example, the storage processing unit 160 may generate an object for each session for acquiring a web page, and store the extracted information in the object.
[0043]
FIG. 8 is a diagram for explaining the class structure of objects held in the communication content storage unit 102 of FIG. The communication class 520 has, for example, a protocol, a communication date / time, a header, a body, and the like as members. The request class 522 is a class that inherits the communication class 520, and further has, for example, a request method, URL, and parameters as members. The parameter is a member for holding an argument included in the request header, request body, and the like. The member for holding the parameter may hold a pointer of an object of a class for managing the parameter (hereinafter simply referred to as “parameter class”). Since the parameter class has a structure capable of holding a plurality of parameters, the request class 522 can hold a plurality of parameters included in the request message. The header part and body part of the request message are held in the header and body members, respectively.
[0044]
The response class 524 is a class that inherits the communication class 520 and further has a response code, parameters, and the like as members. The header part and body part of the response message are held in the header and body members, respectively. A cookie or the like is held in a parameter member.
[0045]
The access class 526 is a class that inherits the request class 522 and the response class 524, records a request message and a response message at the time of access, and manages communication contents. The access class 526 further has a session name, page attribute, access number, user information, and the like as members. The session name is a name for identifying a session. The page attribute is a member for holding information for specifying the type of the acquired web page such as a login screen or a personal information display screen. Although details will be described later, the inspection control unit 106 in FIG. 5 presents information regarding a web page to be acquired for the inspection to the user. Information about the web page is notified from the inspection control unit 106 to the storage processing unit 160 of FIG. 7 as a page attribute. The storage processing unit 160 stores the page attribute in the object. Thereby, an object for each access can be generated while adding a page attribute. The access number is a member for holding information designating the order of access in a session, that is, the number of access since the start of the web site inspection. The user information is a member for holding information for specifying personal information used for performing the session. The storage processing unit 160 in FIG. 7 generates an object of the access class 526 every time an access occurs, and associates the object with an object for managing a session and records the communication content.
[0046]
Returning to FIG. 7, when a response message (hereinafter also simply referred to as “response”) is received from the website 50, the first determination unit 152 determines whether or not the response is encrypted. For example, when the response conforms to HTTP, that is, when the response is not encrypted, the first determination unit 152 outputs the response to the extraction unit 154 of the acquisition unit 150. The extraction unit 154 extracts information held in the members of the access class 526 in FIG. 8 and outputs the response to the second determination unit 156. The second determination unit 156 outputs the response supplied from the extraction unit 154 to the browser 14 as it is.
[0047]
When the response from the website 50 conforms to HTTPS, that is, when encrypted, the first determination unit 152 outputs the encrypted response to the first encryption / decryption unit 158. The first encryption / decryption unit 158 decrypts the encrypted response and outputs the decrypted response to the extraction unit 154. The extraction unit 154 extracts the information described above and outputs it to the storage processing unit 160. Then, the extraction unit 154 outputs the response to the second encryption / decryption unit 159. The second encryption / decryption unit 159 encrypts the response again and outputs it to the second determination unit 156. The second determination unit 156 outputs the encrypted response to the browser 14. As described above, when the response conforms to HTTPS, the acquisition unit 150 includes the first determination unit 152, the first encryption / decryption unit 158, the extraction unit 154, the second encryption / decryption unit 159, and the second determination. The response is output to the browser 14 via the unit 156. Further, in the case of conforming to HTTP, the acquisition unit 150 outputs a response to the browser 14 via the first determination unit 152, the extraction unit 154, and the second determination unit 156.
[0048]
Even when a request message (hereinafter sometimes simply referred to as “request”) is received from the browser 14 and transmitted to the website 50, as described above, in the case of an encrypted request, the acquisition unit 150 performs the second determination. The request is output to the website 50 via the unit 156, the second encryption / decryption unit 159, the extraction unit 154, the first encryption / decryption unit 158, and the first determination unit 152. In the case of an unencrypted request, the acquisition unit 150 outputs the request to the website 50 via the second determination unit 156, the extraction unit 154, and the first determination unit 152.
[0049]
FIG. 9 is an internal block diagram of the estimation unit 200 of FIG. The extraction unit 202 extracts a session tracking parameter candidate (hereinafter simply referred to as “parameter candidate”) based on the communication content held in the communication content storage unit 102, and outputs it to the narrowing unit 204. The extraction unit 202 adds points when the following facts are confirmed for the parameters included in the communication contents, and estimates and extracts the parameters that are likely to be session tracking parameters in descending order of the total score.
[0050]
(1) When the parameter is in the Authorization field
(2) The parameter is included in the cookie, and the cookie is set at the time of logout in the logout function check phase described later
(3) If the parameter is in a cookie with the secure flag set
(4) When the parameter name is a parameter name including a specific character string such as “session” or “sid”
(5) When it is confirmed in the session tracking parameter verification phase described later that the personal information screen will not be displayed if the parameter is deleted.
(6) When the parameter is included in the screen immediately after login in the login phase
(7) When the parameter is always included in the request to display the screen displaying personal information
[0051]
FIG. 10 is an example of a flowchart of parameter candidate selection processing in the estimation unit 200 of FIG. The extraction unit 202 in FIG. 9 first extracts parameter candidates from the cookie (S100). Next, the extraction unit 202 extracts parameter candidates from the URL. Next, the extraction unit 202 extracts parameter candidates from the body. Then, the extraction unit 202 extracts parameter candidates from the authentication field. In another example, the order of these processes may be changed. Accordingly, the extraction unit 202 can extract parameter candidates from values transmitted by any transmission method such as cookie, GET, POST, and basic authentication.
[0052]
Returning to FIG. 9, the identifying unit 206 identifies a web page including personal information (hereinafter, simply referred to as “target page”) based on the page attributes held in the communication content storage unit 102, and Output. Further, the specifying unit 206 may specify a web page in which character strings such as personal information, a HIDDEN tag, and a password input box are included in the communication content as the attention page. Then, the identifying unit 206 supplies information on the page of interest to the narrowing unit 204.
[0053]
Since the attention page is often provided for each user, there is a high possibility that the session tracking parameter is included in the attention page. The narrowing-down unit 204 narrows down the session tracking parameter candidates based on the information on the page of interest and the session tracking parameter candidates supplied from the extraction unit 202. For example, the narrowing-down unit 204 may narrow down session tracking parameter candidates in descending order of reproduction frequency, or narrow down to leave the session tracking parameter candidates included in the page of interest.
[0054]
FIG. 11 is an internal configuration diagram of the verification unit 400 of FIG. The parameter inspection unit 402 specifies a session tracking parameter from the parameter candidates extracted by the estimation unit 200. The parameter candidates to be verified are supplied from the analysis unit 300 in this figure, but may be directly supplied from the extraction unit 202 in other examples. The impersonation inspection unit 404 verifies whether or not the website 50 can be used by impersonating another user. The permission unit 406 accepts whether or not to execute the verification process in the parameter inspection unit 402 or the impersonation inspection unit 404 from the user via the inspection control unit 106. When the permission is granted by the user, the permission unit 406 permits the parameter checking unit 402 and the impersonation checking unit 404 to execute the verification process. Since the parameter inspection unit 402 and the impersonation inspection unit 404 automatically access the website 50 using the user's personal information, the user is asked for permission.
[0055]
FIG. 12 is an internal block diagram of the parameter inspection unit 402 of FIG. The parameter candidate input unit 410 receives parameter candidates from the analysis unit 300. Then, the accepted parameter candidates are output to the selection unit 412. The selection unit 412 selects one of the parameter candidates, outputs the selected session tracking parameter (hereinafter simply referred to as “verification parameter”) to the editing unit 416 and notifies the reading unit 414 that the selection has been made.
[0056]
FIG. 13 is a diagram illustrating an example of a parameter selection screen 72 for selecting a verification parameter in the selection unit 412. When selecting a verification parameter, a parameter selection screen 72 is displayed. In the transmission method column 550, the transmission method is displayed for each parameter candidate. The name column 552 displays the name of the session tracking parameter. The value is displayed in the value column 554. The score field 556 displays points obtained by adding, for example, the number of extractions. This value is calculated when the estimation unit 200 in FIG. 9 determines parameter candidates, for example. The status column 558 holds information indicating whether verification has already been performed. The user may select an arbitrary session candidate and determine the verification parameter. Further, the selection unit 412 may determine the verification parameters in descending order of score.
[0057]
Returning to FIG. 12, the reading unit 414 reads an already performed session, that is, the communication content held in the communication content storage unit 102, and supplies the read content to the editing unit 416. The editing unit 416 removes the verification parameter from the supplied communication content and generates a new communication content, that is, a new request. Then, the request is output to the communication unit 418. In the present embodiment, the request is a request for acquiring a page of interest. The communication unit 418 outputs the request to the website 50 and receives a response corresponding to the request from the website 50. The communication unit 418 outputs a response from the website 50 to the determination unit 420. The newly acquired response is called “current response”.
[0058]
The determination unit 420 compares the personal information included in the personal information storage unit 104 of FIG. 5 with the current response, and is included in the current response in a response to a request that has been normally accessed, that is, the verification parameter has not been deleted. Determine whether personal information is included. When personal information is not included in the current response, that is, when the page of interest cannot be acquired, the determination unit 420 determines that the verification parameter is used as a session tracking parameter. If personal information is included, the determination unit 420 determines that the verification parameter is not used as a session tracking parameter. Then, the determination unit 420 instructs the selection unit 412 to select another verification parameter. The selection unit 412 selects another session tracking parameter in the parameter candidates and instructs the reading unit 414 and the editing unit 416 again. The parameter inspection unit 402 identifies the session tracking parameter by repeating this process.
[0059]
In another example, the determination unit 420 compares the current response with, for example, the communication content held in the communication content storage unit 102 as a past response when acquiring the page of interest, and acquires the same response. It may be determined whether or not. In this embodiment, the communication content storage unit 102 adds and holds a page attribute for each communication content. The determination unit 420 reads from the communication content storage unit 102 the communication content with information specifying that the page attribute is the page of interest from the communication content storage unit 102 and uses it for determination. For example, the determination unit 420 may determine whether or not the current response and the communication content completely match, or determine whether or not the current response and the communication content partially match. Also good. If the current response does not match the communication content, the determination unit 420 determines that the verification parameter is used as a session tracking parameter. If the current response matches the communication content, the determination unit 420 determines that the verification parameter is not used as a session tracking parameter, and instructs the selection unit 412 to select another verification parameter.
[0060]
FIG. 14 is an internal configuration diagram of the spoofing inspection unit 404 of FIG. When instructed by the analysis unit 300, the login processing unit 430 logs in to the website 50 using the information of the second user held in the personal information storage unit 104 of FIG. Then, the login processing unit 430 notifies the reading unit 432 that the user has logged in. The parameter acquisition unit 440 acquires the session tracking parameter specified by the parameter inspection unit 402 of FIG. 12 from the session obtained by logging in with the second user. The session tracking parameter when logged in as the second user is hereinafter simply referred to as “current session parameter”. The parameter acquisition unit 440 outputs the current session parameter to the replacement unit 434. The reading unit 432 reads from the communication content storage unit 102 in the past a request for acquiring the page of interest when the first user logs in, and outputs the request to the replacement unit 434. The replacement unit 434 generates a new request by replacing the session tracking parameter included in the request with the current session parameter. Then, the replacement unit 434 outputs the generated request to the communication unit 436.
[0061]
The communication unit 436 outputs the request to the website 50. The response from the website 50 is received and output to the determination unit 438 of the spoofing inspection unit 404. The determination unit 438 compares the information included in the personal information storage unit 104 with the response, and determines whether the personal information of the first user or the second user is included in the response. When the response is the personal information of the first user, the determination unit 438 determines that the website 50 is vulnerable to impersonation. If personal information cannot be acquired, the website 50 determines that personal information will not be leaked due to impersonation. The determination unit 438 transmits the determination result to the analysis unit 300.
[0062]
FIG. 15 is an internal block diagram of the test unit 350 of FIG. The logout function inspection unit 352 inspects the logout function in the website 50 based on an instruction from the analysis unit 300. The logout function is a function for discarding the session tracking parameters when logging out. In the case of the website 50 that is not discarded, it can be determined that there is a vulnerability that is illegally accessed. The timeout function inspection unit 354 inspects the timeout function in the website 50 based on an instruction from the analysis unit 300. The time-out function is a function for discarding the session tracking parameter when a predetermined time elapses with the session left unattended. In the case of the website 50 that is not discarded, it can be determined that there is a vulnerability that is illegally accessed.
[0063]
FIG. 16 is an internal block diagram of the logout function inspection unit 352 of FIG. The logout processing unit 360 logs out from the website 50 in response to an instruction from the analysis unit 300. After logout, the request instruction unit 362 reads past requests from 102 and outputs them to the communication unit 364. The communication unit 364 transmits the request to the website 50. The communication unit 364 receives a response from the website 50 and outputs the response to the determination unit 366. The determination unit 366 compares the current response with, for example, the communication content held in the communication content storage unit 102 as a past response when the page of interest is acquired. For example, the determination unit 366 may determine whether or not the current response and the communication content completely match, or determine whether or not the current response and the communication content partially match. Alternatively, it may be determined whether or not the personal information partially included in the current response matches the personal information held in the personal information storage unit 104 of FIG. When the current response matches the past communication content, the determination unit 366 determines that the logout function in the website 50 is insufficient. If they do not match, the determination unit 366 determines that the logout function in the website 50 is functioning normally. The determination unit 366 transmits the determination result to the analysis unit 300.
[0064]
FIG. 17 is an internal block diagram of the timeout function inspection unit 354 of FIG. The setting unit 370 sets a time for testing the time-out function, that is, a waiting time until a request is transmitted, and instructs the time measuring unit 372 to start time measurement. After the time set in the setting unit 370 has elapsed, the time measuring unit 372 notifies the instruction unit 374 to that effect. The instruction unit 374 instructs the communication unit 376 to transmit a request based on the notification from the time measuring unit 372. The communication unit 376 acquires the request temporarily held in the setting unit 370 according to the instruction and transmits the request to the website 50. The communication unit 376 receives the response from the website 50 and outputs the response to the determination unit 378 of the timeout function inspection unit 354. The determination unit 378 compares the response with the communication content held in the communication content storage unit 102. If they match, the determination unit 378 determines that the time-out function is not operating in the website 50 for the time set by the inspection. If they do not match, the determination unit 378 determines that the time-out function is operating normally in the website 50 when the time set in the inspection has elapsed.
[0065]
FIG. 18 is an internal configuration diagram of the analysis unit 300 of FIG. The parameter state determination unit 302 refers to the data held in the communication content storage unit 102 to determine the state of the session tracking parameter. For example, it is determined whether or not a secure flag is set in the session tracking parameter, and the determination result is output to the digitizing unit 312. The easy-to-guess judgment unit 304 determines whether or not it is easy to guess the session tracking parameter based on a series of data held in the communication content storage unit 102 and the personal information storage unit 104, and the determination result is converted into a numerical unit. 312 is output. For example, the ease is determined based on the fact that the user ID is included in the session tracking parameter and that there is regularity.
[0066]
The transmission format determination unit 306 determines the transmission format of the session tracking parameter based on the data stored in the communication content storage unit 102 and the estimation unit 200. Then, the determination result is output to the digitizing unit 312. The transmission format determination unit 306 determines, for example, whether the session tracking parameter is transmitted using cookie, GET, POST, or basic authentication. The transmission format determination unit 306 identifies the transmission method by examining the embedded position of the session tracking parameter included in the request message and the response message.
[0067]
The verification result receiving unit 308 receives the verification result from the verification unit 400 and outputs the verification result to the digitizing unit 312. The test result receiving unit 310 receives the test result from the test unit 350 and outputs the test result to the digitizing unit 312. The digitizing unit 312 digitizes the value supplied from each unit and outputs, for example, total points to the selecting unit 314. The selection unit 314 selects a predetermined comment from the knowledge database 316 according to the combination of the points and the diagnosis results from each unit, and outputs the selected comment to the examination control unit 106. Then, the selected comment is displayed on the display unit via the display processing unit 110 of FIG.
[0068]
The determination result supplied from each unit is weighted, and the numerical unit 312 may perform numerical processing such as addition processing according to the weighting. The knowledge database 316 has a data structure that allows a predetermined comment to be selected according to a combination of determination results as well as simply associating numerical values with comments. For example, a comment may be associated with each session tracking parameter transmission format, or a combination of other determination results may be associated.
[0069]
FIG. 19 is a diagram illustrating an example of the inspection result screen 70. The inspection result screen 70 displays a list of information related to the website to be investigated, diagnosis status, diagnosis result, session tracking parameters, and the like.
[0070]
FIG. 20 is a diagram illustrating another example of the inspection result screen 74. The inspection result screen 74 is a screen that displays information related to the vulnerability inherent in the website to be investigated. The selection unit 314 of FIG. 18 indicates that if the session tracking parameter is stored in a cookie, and if the website is vulnerable to cross-site scripting, personal information may be stolen by impersonation. Select a comment to be notified. Thereby, the screen of this figure is displayed.
[0071]
FIG. 21 is a diagram illustrating another example of the inspection result screen 76. This inspection result screen 76 is also a screen that displays information related to the vulnerability inherent in the website to be investigated, as in FIG. When the value of the session tracking parameter is similar for each user and can be easily estimated, the selection unit 314 in FIG. 18 selects a comment notifying that a vulnerability to impersonation is inherent. Thereby, the screen of this figure is displayed.
[0072]
FIG. 22 is an example of a flowchart of processing for inspecting the vulnerability of the website 50 in the inspection apparatus 100 of FIG. First, the inspection apparatus 100 estimates session tracking parameters based on the communication content between the browser 14 and the website 50 (S10). Next, the inspection apparatus 100 verifies whether the estimated session tracking parameter is correct (S12). Next, the inspection device 100 verifies the vulnerability to the spoofing action in the website 50, that is, the function of access control (S14).
[0073]
FIG. 23 is an example of a detailed flowchart of step 10 in FIG. When the session tracking parameter estimation process is started, the inspection apparatus 100 starts recording communication contents (S20). Then, the inspection apparatus 100 instructs the user to log in to the website 50 (S22). Next, the inspection apparatus 100 instructs the user to acquire a personal information page. In response to this instruction, the user follows the link of the web page, searches for the personal information page, and displays it on the browser 14. The inspection apparatus 100 records the personal information page (S24). Even during this search operation, the inspection apparatus 100 records communication contents.
[0074]
Next, the inspection apparatus 100 instructs to arbitrarily search a plurality of web pages provided by the website 50, records a communication content during this period, and statistically estimates a session tracking parameter. Are collected (S26). Then, the inspection apparatus 100 instructs logout from the website 50 (S27). Then, the inspection apparatus 100 adds the session tracking parameter to the request again after logout, and inspects the logout function by attempting to acquire the personal information page (S28).
[0075]
After inspecting the logout function, the inspection apparatus 100 ends recording of communication contents (S30). And the test | inspection apparatus 100 estimates a session tracking parameter based on the communication content in a series of sessions to step 28 (S32). Then, the inspection apparatus 100 performs analysis based on the estimated transmission format and data structure of the session tracking parameter (S34), and displays the vulnerability existing in the website 50 as the analysis result (S36).
[0076]
FIG. 24 is an example of a detailed flowchart of step 12 in FIG. When the session tracking parameter verification process is started, the inspection apparatus 100 starts recording communication contents (S40). Then, the inspection apparatus 100 instructs the user to log in to the website 50 (S42). Next, the inspection apparatus 100 instructs the user to acquire a personal information page, and records the personal information page displayed in response to this instruction (S42).
[0077]
Then, the inspection apparatus 100 notifies the user that the session tracking parameter is to be verified using the user information, and inquires whether the processing is permitted (S44). If permitted (Y in S44), the inspection apparatus 100 selects a verification parameter from the parameter candidates (S46). And the test | inspection apparatus 100 removes a verification parameter from the request transmitted to the website 50 in order to acquire a personal information page at step 42, and produces | generates a new request (S48).
[0078]
Then, the inspection apparatus 100 transmits the request to the website 50 (S50) and receives a response from the website 50 (S52). Next, the inspection apparatus 100 determines whether or not a personal information page has been acquired based on the content of the response (S54). When the personal information page can be acquired (Y in S54), the process returns to step 46, and the inspection apparatus 100 selects another parameter candidate as a verification parameter. When the personal information page cannot be acquired (N in S54), the inspection apparatus 100 ends the recording of the communication content (S56). And the test | inspection apparatus 100 specifies a verification parameter as a session tracking parameter when a personal information page cannot be acquired (S58). The inspection apparatus 100 performs analysis by narrowing down the vulnerabilities inherent in the website 50 based on the identified session tracking parameter transmission method and the like (S60), and displays the analysis result. (S62). In step 44, when it is not permitted (N of S44), the inspection apparatus 100 stops the process.
[0079]
FIG. 25 is an example of a detailed flowchart of step 14 in FIG. When the spoofing verification process is started, the inspection apparatus 100 starts recording communication contents (S70). Then, the inspection apparatus 100 instructs the user to log in to the website 50 with the second user information (S72). Next, the inspection apparatus 100 instructs the user to acquire a personal information page, and records the personal information page displayed in response to this instruction (S74).
[0080]
  Then, the inspection apparatus 100 notifies the user that the process for verifying the spoofing vulnerability is performed, and inquires whether or not to execute the process (S76). If permitted (Y in S76), the inspection apparatus 100Log in with your first user informationA new request is generated by replacing the session tracking parameter included in the request transmitted to the website 50 to acquire the personal information page with the current session parameter obtained after logging in as the second user (S78).
[0081]
Then, the inspection apparatus 100 transmits the request to the website 50 (S80) and receives a response from the website 50 (S82). The inspection apparatus 100 ends the communication content recording (S84). Next, the inspection apparatus 100 determines whether or not the personal information of the first user has been acquired based on the content of the response (S86). If the personal information of the first user can be acquired, the website 50 is vulnerable to impersonation. Then, the inspection apparatus 100 performs analysis while considering the session tracking parameter transmission method and the like (S88), and displays the analysis result (S90). In step 76, when it is not permitted (N of S76), the inspection apparatus 100 stops the process.
[0082]
The present invention has been described based on the embodiments. The embodiments are exemplifications, and it will be understood by those skilled in the art that various modifications can be made to combinations of the respective constituent elements and processing processes, and such modifications are within the scope of the present invention. . The following are points to keep in mind from this point of view.
[0083]
In the embodiment, the operation of this system is basically left to the individual's will. However, in view of the high public utility of this system, its operation can naturally be managed collectively by an entity capable of implementing public utilities. In that case, what is necessary is just to implement | achieve the test | inspection apparatus 100 of FIG. The present invention does not ask the operation subject or the operation format.
[0084]
For example, a system auditor may use the system for a security audit of the system, or a web application orderer may use the system for acceptance of the system. Traditionally, it has been difficult to set standards for such audits and acceptances, and has never been clarified. However, an objective criterion can be set that no vulnerability is detected by the system.
[0085]
A server for collecting the results of examinations performed at the individual level is provided in the network 12. Then, when accessing the website, the browser 14 may first connect to the server, and after confirming the safety of the website or presenting it to the user, the access may be started. As a configuration of the browser 14 having such a function, a detection unit that detects an access instruction, an access destination information acquisition unit that inquires of a server that holds an inspection result using a URL specified as an access destination as a search key, and an acquisition And a presentation unit for presenting the safety to the user. Thereby, the inspection result of the website collected by other users can be used effectively. In addition, it is possible to collect test results of countless websites in a very short time.
[0086]
Further, the browser 14 includes the inspection device 100, and the access destination information acquisition unit may cause the inspection device 100 to inspect the access destination when the access destination information acquisition unit cannot acquire the access destination inspection result. Then, the browser 14 may register the newly acquired inspection result in the server.
[0087]
【The invention's effect】
ADVANTAGE OF THE INVENTION According to this invention, the vulnerability which exists in a website can be test | inspected based on the communication content of the website and client which are test object.
[Brief description of the drawings]
FIG. 1 is a configuration diagram of an inspection system according to an embodiment.
FIG. 2 is an internal configuration diagram of the website shown in FIG.
FIG. 3 is a diagram illustrating an example of a data structure of a request message in FIG. 1;
4 is a diagram illustrating an example of a data structure of a response message in FIG. 1. FIG.
FIG. 5 is an internal configuration diagram of the inspection apparatus of FIG. 1;
6 is a diagram showing an example of a data structure in the personal information storage unit of FIG.
7 is an internal block diagram of the acquisition unit in FIG. 5. FIG.
8 is a diagram for explaining a class structure of an object held in a communication content storage unit in FIG. 5;
FIG. 9 is an internal block diagram of the estimation unit in FIG. 5;
10 is a flowchart of parameter candidate selection processing in the estimation unit of FIG. 9;
FIG. 11 is an internal configuration diagram of the verification unit in FIG. 5;
12 is an internal configuration diagram of a parameter inspection unit in FIG. 11;
13 is a diagram illustrating an example of a parameter selection screen for selecting a verification parameter in the selection unit in FIG. 12;
14 is an internal configuration diagram of a spoofing inspection unit in FIG. 11;
15 is an internal configuration diagram of the test unit in FIG. 5;
16 is an internal configuration diagram of a logout function inspection unit in FIG. 15;
17 is an internal configuration diagram of a timeout function inspection unit in FIG. 15;
18 is an internal configuration diagram of the analysis unit in FIG. 5;
FIG. 19 is a diagram showing an example of an inspection result screen.
FIG. 20 is a diagram showing another example of an inspection result screen.
FIG. 21 is a diagram showing another example of an inspection result screen.
22 is an example of a flowchart of a process for inspecting a website for vulnerability in the inspection apparatus of FIG. 1;
FIG. 23 is an example of a detailed flowchart of step 10 in FIG. 22;
FIG. 24 is an example of a detailed flowchart of step 12 in FIG. 22;
FIG. 25 is an example of a detailed flowchart of step 14 in FIG. 22;
[Explanation of symbols]
10 inspection system, 12 network, 14 browser, 20 request message, 22 response message, 50 website, 100 inspection device, 102 communication content storage unit, 104 personal information storage unit, 106 inspection control unit, 108 operation reception unit, 110 display Processing unit, 150 acquisition unit, 152 first determination unit, 154 extraction unit, 156 second determination unit, 158 first encryption / decryption unit, 159 second encryption / decryption unit, 160 storage processing unit, 200 estimation unit, 202 Extraction unit, 204 Refinement unit, 206 Identification unit, 208 User instruction reception unit, 300 analysis unit, 302 Parameter state determination unit, 304 Estimability determination unit, 306 Transmission format determination unit, 308 Verification result reception unit, 310 test Result reception unit, 312 digitization unit, 314 selection unit, 316 knowledge data 350, test section, 352 logout function inspection section, 354 timeout function inspection section, 36 session tracking parameter, 360 logout processing section, 362 request instruction section, 364 communication section, 366 determination section, 370 setting section, 372 timing section, 374 instruction unit, 376 communication unit, 378 determination unit, 400 verification unit, 402 parameter inspection unit, 404 impersonation inspection unit, 406 permission unit, 410 parameter candidate input unit, 412 selection unit, 414 reading unit, 416 editing unit, 418 communication Unit, 420 determination unit, 430 login processing unit, 432 reading unit, 434 replacement unit, 436 communication unit, 438 determination unit, 440 parameter acquisition unit.

Claims (19)

An acquisition unit that acquires a plurality of communication contents between the client and the web site obtained by repeating the process of acquiring the web page of the web site from the client,
When various parameters included in the plurality of communication contents satisfy a predetermined condition, a process of adding points in association with the parameters is performed, and the parameter having a high total score of the points is set as the website and the client. An estimator that estimates that it is likely to be a session tracking parameter that identifies a session with
Based on the data configuration or transmission format of the parameter estimated by the estimation unit to be highly likely to be the session tracking parameter, or based on the communication result when communicating with the website using or deleting the parameter An analysis unit for analyzing the website;
A website inspection apparatus comprising: The apparatus of claim 1.
The estimation unit is configured to determine whether the parameter is the predetermined area based on a region in which each parameter exists, a character string included in each parameter, or a communication result when the parameter is deleted and communication is performed with the website. An inspection apparatus for a website, characterized by determining whether or not the above condition is satisfied . The apparatus according to claim 1 or 2,
The estimation unit may be configured such that each parameter is in an Authorization field, each parameter is in a cookie set at logout, each parameter is in a cookie with a secure flag set, When each parameter is a parameter name including a specific character string, it is confirmed that the personal information screen is not displayed when each parameter is deleted, and each parameter is included in the screen immediately after login. Or when each of the parameters is always included in a request for displaying a screen for displaying personal information, a process of adding points in association with the parameters is performed. A website inspection device characterized by the above. The apparatus according to any one of claims 1 to 3,
The estimation unit includes a specifying unit that specifies a web page including personal information as a page of interest in a session between the website and the client, and is included in the web page specified as the page of interest by the specifying unit. An inspection device for a website, wherein a high priority is given to the parameter . The apparatus according to any one of claims 1 to 3,
The estimation unit includes a specifying unit that specifies a web page including a predetermined character string as a page of interest in a session between the website and the client, and the web specified as the page of interest by the specifying unit A website inspection apparatus, characterized in that a high priority is given to the parameters included in a page . The apparatus according to any one of claims 1 to 3 ,
A reception unit that receives a designation of a web page that is likely to include the session tracking parameter from the user;
The estimation unit includes a specifying unit that specifies the web page that has been designated by the receiving unit as a target page, and gives a high priority to the parameter included in the web page specified as the target page by the specifying unit. inspection apparatus of the web site, characterized in that the wear. Te device smell as claimed in any one of claims 1 to 6,
Further comprising a storage unit that holds personal information,
The analysis unit determines whether or not the personal information stored in the storage unit is included in the parameter estimated by the estimation unit to be highly likely to be the session tracking parameter, and the personal information is If it is included, the website inspection apparatus analyzes that the website has a vulnerability . The device according to any one of claims 1 to 7,
The analyzing unit determines whether the estimation unit has said session tracking the parameter likelihood is estimated that high a parameter regularity, based on the parameters included in the series of contents of communication with the web site When the parameter has regularity, it is analyzed that the website has a vulnerability . The apparatus according to any one of claims 1 to 8,
The web page performs a session with the client by logging in to the website using the user's personal information from the client,
The device is
A specifying unit for specifying a web page including personal information in a session between the website and the client;
After the client logs out from the website, whether or not the estimating unit can reproduce the web page specified by the specifying unit using the parameter estimated to be highly likely to be the session tracking parameter A determination unit for determining whether or not
Further including
The website inspection apparatus , wherein the analysis unit analyzes that the web page is vulnerable when the determination unit determines that the web page can be reproduced . The apparatus according to any one of claims 1 to 9 ,
The web page performs a session with the client by logging in to the website using the user's personal information from the client,
The device is
A specifying unit for specifying a web page including personal information in a session between the website and the client;
A measurement unit that measures an elapsed time after a session between the client and the website is terminated in a state where the client is not logged out of the website;
A determination unit that determines whether or not the specified web page can be reproduced after the elapsed time exceeds a predetermined threshold;
Further including
The website inspection apparatus , wherein the analysis unit analyzes that the web page is vulnerable when the determination unit determines that the web page can be reproduced . The apparatus according to any one of claims 1 to 10,
When logging in to the website using personal information of the first user, a web page including parameters corresponding to the session tracking parameters and including the personal information of the first user is acquired from the website. A first storage for storing a first request message for
A parameter corresponding to the session tracking parameter included in the first request message, acquiring second communication content with the website when logging into the website using personal information of a second user Replacing the session tracking parameter included in the second communication content with a replacement unit that generates a second request message including the parameter included in the second communication content ;
A determination unit for determining whether or not a web page including information related to the first user can be acquired from the website by the second request message generated by the replacement unit;
Further including
The analyzing unit, when said determination section determines that the web page can be acquired, the inspection apparatus of the website, wherein the analyzing and are vulnerable to the web page. 12. The device according to any one of claims 1 to 11,
An instruction unit for instructing the user to log in to the website, obtain a web page including personal information on the website, and obtain a plurality of web pages on the website;
The acquisition unit acquires the communication contents while the user is communicating with the website from the client in response to an instruction from the instruction unit. An acquisition unit for acquiring a plurality of communication contents between the website and the client obtained by repeating the process of acquiring the web page of the website from the client;
When various parameters included in the plurality of communication contents satisfy a predetermined condition, a process of adding points in association with the parameters is performed, and the parameter having a high total score of the points is set as the website and the client. An estimator that estimates that it is likely to be a session tracking parameter that identifies a session with
The estimation unit selects the parameter estimated to be likely to be the session tracking parameter as a verification parameter, removes the verification parameter, performs communication to the web page, and based on the communication result, the verification parameter is A verification unit that verifies whether or not the session tracking parameter;
A website inspection apparatus comprising: The apparatus of claim 13 .
The estimation unit is configured to determine whether the parameter is the predetermined area based on a region in which each parameter exists, a character string included in each parameter, or a communication result when the parameter is deleted and communication is performed with the website. inspection system website, characterized in that to determine whether or not the condition. The device according to claim 13 or 14 ,
The estimation unit may be configured such that each parameter is in an Authorization field, each parameter is in a cookie set at logout, each parameter is in a cookie with a secure flag set, When each parameter is a parameter name including a specific character string, it is confirmed that the personal information screen is not displayed when each parameter is deleted, and each parameter is included in the screen immediately after login. Or when each of the parameters is always included in a request for displaying a screen for displaying personal information, a process of adding points in association with the parameters is performed. A website inspection device characterized by the above. An apparatus according to any of claims 13 to 15,
The verification unit
An editing unit that deletes the verification parameter from the request message to be sent to the website and generates a new request message;
By the new request message the editing unit has generated, when the web page to be acquired originally can not be acquired, a determination unit and the validation parameter is the session tracking parameters,
A website inspection apparatus characterized by comprising: The apparatus of claim 16.
When the determination unit determines that the verification parameter is not the session tracking parameter, the verification unit verifies the parameter that is estimated to be the next session tracking parameter by the estimation unit. The website inspection apparatus , wherein the verification is performed by selecting it as a parameter and repeating this process until the determination unit determines that the verification parameter is the session tracking parameter . 18. An apparatus according to claim 16 or 17,
A storage unit for storing personal information;
The determination unit determines whether or not a web page including personal information can be acquired by the new request message, and when the web page including personal information cannot be acquired, the verification parameter is set to the session. An inspection apparatus for a website, characterized in that it is determined as a tracking parameter . An apparatus according to any of claims 13 to 18,
A permission unit that accepts permission of the verification by the verification unit from a user;
The inspection unit for a website, wherein the verification unit performs the verification when permitted by a user.

Images