TW201401095A - Weakness scanning system for network, scanning method and computer-readable storage media thereof - Google Patents

Weakness scanning system for network, scanning method and computer-readable storage media thereof Download PDF

Info

Publication number
TW201401095A
TW201401095A TW101148469A TW101148469A TW201401095A TW 201401095 A TW201401095 A TW 201401095A TW 101148469 A TW101148469 A TW 101148469A TW 101148469 A TW101148469 A TW 101148469A TW 201401095 A TW201401095 A TW 201401095A
Authority
TW
Taiwan
Prior art keywords
detection
website
control module
network
target server
Prior art date
Application number
TW101148469A
Other languages
Chinese (zh)
Inventor
Shih-Yu Chen
Chi-Hsing Yeh
Original Assignee
Dragonsoft Security Associates Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dragonsoft Security Associates Inc filed Critical Dragonsoft Security Associates Inc
Publication of TW201401095A publication Critical patent/TW201401095A/en

Links

Landscapes

  • Computer And Data Communications (AREA)

Abstract

A weakness scanning system for network is applied to target server, wherein the target server at least stores a web page for building a website. The weakness scanning system a control module and a transmission/ receiving module. The control module loads and executes a detection instruction and stores a weakness. The control generates a detecting string by executing the detection software. The transmission/ receiving module receives the detecting string and transfer the detecting string to the target server. The target server receives and executes the detecting string, executes for the web page of the website and generates an execution result corresponding to the execution. The target server transfers the execution result back to the control module of the detection host, the control compares the execution result with the weakness chart and determines at least a weakness is detected in the webpage of the website accordingly.

Description

網路弱點偵測系統、偵測方法及其電腦可讀儲存媒體 Network vulnerability detection system, detection method and computer readable storage medium thereof

本發明係關於一種網路弱點偵測系統、偵測方法及其電腦可讀儲存媒體,特別是以遠端偵測方式偵測特定網站的一種網路弱點偵測系統、偵測方法及其電腦可讀儲存媒體。 The invention relates to a network vulnerability detection system, a detection method and a computer readable storage medium thereof, and particularly relates to a network vulnerability detection system, a detection method and a computer thereof for detecting a specific website by using a remote detection method Readable storage media.

隨著網路科技及雲端技術的蓬勃發展,網際網路已成為人與人之間互動中不可或缺的溝通工具和互動媒介,由於網際網路對於資訊傳遞的即時性以及散播的廣泛性,任何資訊都能夠透過網際網路迅速地散佈到世界每一個角落,正因為網路無遠弗屆的特性,因此目前相關網路技術的應用層面也不再僅限於單純的訊息傳遞或資料的交換,更進一步延伸到休閒娛樂、商品交易,甚至於金貿流通等不同的層面,同時傳遞或交換的資訊也不僅限於單純文字的內容,更包括多媒體的圖片、影片以及最新發展的互動式資訊,然而,為因應前述日新月異的資訊類型,呈現上述資訊內容的網站亦必須整合不同功能及程式類型。 With the rapid development of network technology and cloud technology, the Internet has become an indispensable communication tool and interactive medium for interaction between people. Due to the immediacy of information transmission and the spread of information on the Internet, Any information can be quickly spread to every corner of the world through the Internet. Because of the characteristics of the Internet, the application of related network technologies is no longer limited to pure message transmission or data exchange. Further extending to different levels of leisure and entertainment, commodity trading, and even gold trade, the information transmitted or exchanged is not limited to simple text content, but also includes multimedia pictures, videos and the latest developments of interactive information. However, in response to the aforementioned types of information, the websites that present the above information content must also integrate different functions and program types.

承前所述,由於時下的網路的應用已擴展至各種領域,相對地來說,針對所傳遞或交換資訊內容的隱密性和安全性之維護也日益重要,特定是針對金融交易、商業貿易或個人隱私等相關資訊都是不法人士所覬覦的目標。此外,由於目前多數的網站必須整合並連結不同的功能及程式類型,以應付各種資訊類型,因此網站的不同網路頁面可能同時包括有不同的程式類型,並以不同種類的程式語言進行撰寫,此舉亦使得維護網站的安全性的難度 相對地提昇,目前常見針對網站攻擊的類型包括主要三種不同的類型:(1)網站資訊側錄;(2)網站資訊竄改;以及(3)網站癱瘓,同時常見的攻擊手段亦包括:(1)跨網站的入侵字串(Cross Site Scripting,XSS,亦稱為跨站腳本攻擊),網路應用程式直接將來自使用者的執行請求送回瀏覽器執行,使得攻擊者可擷取使用者的小型文字檔(Cookie)或會話(Session)資料而能假冒直接登入為合法使用者;(2)注入缺失(Injection Flaw):網路應用程式執行來自外部包括資料庫在內的惡意指令,結構化查詢語言資料隱碼攻擊(Structured Query Language Injection,SQL Injection)與命令隱碼攻擊(Command Injection)等攻擊包括在內;(3)惡意檔案執行(Malicious File Execution):網路應用程式引入來自外部的惡意檔案並執行檔案內容;(4)不安全的物件參考(Insecure Direct Object Reference):攻擊者利用網路應用程式本身的檔案讀取功能任意存取檔案或重要資料;(5)跨網站的偽造要求(Cross-Site Request Forgery,CSRF):已登入網路應用程式的合法使用者執行到惡意的指令,但網路應用程式卻當成合法需求處理,使得惡意指令被正常執行;(6)資訊揭露與不適當錯誤處置(Information Leakage and Improper Error Handling):網路應用程式的執行錯誤訊息包含敏感資料;(7)遭破壞的鑑別與連線管理(Broken Authentication and Session Management):網路應用程式中自行撰寫的身分驗證相關功能有缺陷;(8)不安全的密碼儲存器(Insecure Cryptographic Storage):網路應用程式沒有對敏感性資料使用加密、使用較弱的加密演算法或將金鑰儲存於容易被取得之處;(9)不安全的通訊 (Insecure Communication):傳送敏感性資料時並未使用加密方式;(10)疏於限制網址存取(Failure to Restrict URL Access):某些網頁因為沒有權限控制,使得攻擊者可透過網址直接存取等不同的攻擊手段類型。面對層出不窮的網路攻擊,為避免特定網站受到上述各種類型及手段的攻擊,網站管理者及資訊安全廠商如何事先預測到特定網站具有可能被攻擊的弱點(weakness),並進而分析如何對應修正特定網站,以期克服弱點,避免特定網站被癱瘓或所儲存的資訊被側錄或竄改,進而達到維護網路安全性的目標,實為目前刻不容緩且必須要解決的課題。 As mentioned above, since the application of the current network has been extended to various fields, relatively, the maintenance of the confidentiality and security of the transmitted or exchanged information content is increasingly important, specifically for financial transactions, business. Information such as trade or personal privacy is the target of unscrupulous people. In addition, since most websites currently have to integrate and link different functions and program types to cope with various types of information, different web pages of the website may include different program types and be written in different kinds of programming languages. This also makes it difficult to maintain the security of the website. Relatively improved, the types of common website attacks currently include three main types: (1) website information side-recording; (2) website information tampering; and (3) website 瘫痪, and common attacks include: (1) Cross-site intrusion string (XSS, also known as cross-site scripting attack), the web application directly sends the execution request from the user back to the browser for execution, so that the attacker can retrieve the user's Small text file (Cookie) or session (Session) data can be faked and directly logged into a legitimate user; (2) Injection Flaw: The web application executes malicious instructions from the external including the database, structured Attacks such as Query Language Injection (SQL Injection) and Command Implicit Attack (Command Injection) are included; (3) Malicious File Execution: Web applications are introduced from outside Malicious files and executable file content; (4) Insecure Direct Object Reference: The attacker uses the file of the web application itself Read function to access files or important data; (5) Cross-Site Request Forgery (CSRF): legitimate users who have logged into the web application execute malicious instructions, but web applications However, it is treated as a legitimate requirement, so that malicious instructions are executed normally; (6) Information Leakage and Improper Error Handling: the execution error message of the web application contains sensitive information; (7) the damaged information Broken Authentication and Session Management: Defective identity verification functions written in web applications; (8) Insecure Cryptographic Storage: Web applications are not sensitive Sexual data using encryption, using weaker encryption algorithms or storing keys where they are easily accessible; (9) unsafe communication (Insecure Communication): The encryption method is not used when transmitting sensitive data; (10) Failure to Restrict URL Access: Some web pages have direct access to the website because they do not have permission control. Different types of attack methods. In the face of an endless stream of cyber attacks, in order to prevent specific websites from being attacked by various types and means, how can website administrators and information security vendors predict in advance the specific website's possible weaknesses, and then analyze how to correct them? Specific websites, in order to overcome weaknesses, to avoid the fact that specific websites are being shackled or stored information being side-recorded or tampered with, thereby achieving the goal of maintaining network security, is an urgent task that must be solved at present.

然而,綜觀目前市面上可見之網站安全維護軟體皆僅在網站偵測到被攻擊後消極地提醒網站管理者防堵可能的網站漏洞,抑或是被動地接收由資訊安全廠商發布一般性的網站弱點更新資訊,並無法即時並有效地檢測專屬於特定網站潛在的弱點或漏洞,並提供可行的修正建議,以提昇特定網站的安全性,防範未然。 However, looking at the website security maintenance software currently available on the market, it only passively reminds website administrators to block possible website vulnerabilities after the website detects the attack, or passively receives general website weaknesses issued by information security vendors. Updates do not immediately and effectively detect potential weaknesses or vulnerabilities specific to a particular site, and provide actionable fixes to improve the security of a particular site and prevent it from happening.

鑒於以上的問題,本發明在於提供一種以遠端偵測方式偵測特定網站的一種網路弱點偵測系統、偵測方法及其電腦可讀儲存媒體,藉以解決習用的網站及相關資訊容易受到網路攻擊的問題,同時克服習用的網站管理者僅能消極地防堵網站已被攻擊的弱點,提供專屬於特定網站的弱點分析報告及修正建議,進而提昇特定網站的安全性及隱密性。 In view of the above problems, the present invention provides a network vulnerability detection system, a detection method, and a computer readable storage medium for detecting a specific website by using a remote detection method, so as to solve the problem that the used website and related information are susceptible to The problem of cyber attacks, while overcoming the practice of webmasters can only negatively prevent the weaknesses of websites that have been attacked, provide vulnerability analysis reports and correction suggestions specific to specific websites, thereby improving the security and privacy of specific websites. .

本發明揭露一種網路弱點偵測系統,適用於一目標伺服器, 其中該目標伺服器儲存有建置一網站的至少一網路頁面;網路弱點偵測系統包含有一控制模組及一傳輸/接收模組。控制模組儲存有一偵測軟體及一弱點對照表,控制模組透過偵測軟體產生一檢測字串。傳輸/接收模組接收該檢測字串,並傳輸檢測字串至目標伺服器。目標伺服器接收檢測字串,針對網站的網路頁面執行檢測字串並對應產生一執行結果,目標伺服器傳輸執行結果至偵測主機之傳輸/接收模組並回傳至控制模組,控制模組比對執行結果及弱點對照表,並對應判斷網站的頁面具有至少一弱點。 The invention discloses a network vulnerability detection system, which is suitable for a target server. The target server stores at least one network page for constructing a website; the network vulnerability detection system includes a control module and a transmission/reception module. The control module stores a detection software and a weak point comparison table, and the control module generates a detection string through the detection software. The transmission/reception module receives the detection string and transmits the detection string to the target server. The target server receives the detection string, performs a detection string on the webpage of the website, and generates an execution result correspondingly, and the target server transmits the execution result to the transmission/reception module of the detection host and returns to the control module, and controls The module compares the execution result and the vulnerability comparison table, and correspondingly determines that the website page has at least one weakness.

對應前述的網路弱點偵測系統,本發明另外揭露一種網路弱點偵測方法,適用於一目標伺服器,其中該目標伺服器儲存有建置一網站的至少一網路頁面;網路弱點偵測方法包含有以下步驟:以一控制模組透過一偵測軟體產生一檢測字串;以該控制模組傳送該檢測字串至一傳輸/接收模組;以該傳輸/接收模組傳輸該檢測字串至一目標伺服器;其中該目標伺服器接收該檢測字串後,針對該網站的一網路頁面執行該檢測字串並對應產生一執行結果;以該傳輸/接收模組接收該執行結果並回傳至該控制模組;以及以該控制模組比對該執行結果及該弱點對照表,並對應判斷該網站的該頁面具有至少一弱點。 Corresponding to the foregoing network vulnerability detection system, the present invention further discloses a network vulnerability detection method, which is applicable to a target server, wherein the target server stores at least one network page for constructing a website; network weakness The detection method includes the following steps: generating a detection string through a detection software by a control module; transmitting the detection string to a transmission/reception module by the control module; and transmitting by the transmission/reception module Transmitting the detection string to a target server; wherein after receiving the detection string, the target server executes the detection string for a web page of the website and correspondingly generates an execution result; receiving by the transmission/reception module The execution result is returned to the control module; and the control module compares the execution result and the vulnerability comparison table, and correspondingly determines that the page of the website has at least one weakness.

對應前述的網路弱點偵測方法,本發明另外揭露一種電腦可讀儲存媒體,其儲存一偵測軟體,偵測軟體用於一網路弱點偵測系統並予以實施之步驟包含以下步驟:以一控制模組透過該偵測軟體產生一檢測字串;該控制模組傳送該檢測字串至一傳輸/接收模組;以該傳輸/接收模組傳輸該檢 測字串至一目標伺服器;其中該目標伺服器接收該檢測字串後,針對該網站的一網路頁面執行該檢測字串並對應產生一執行結果;以該傳輸/接收模組接收該執行結果並回傳至該控制模組;以及以該控制模組比對該執行結果及該弱點對照表,並對應判斷該網站的該頁面具有至少一弱點。 Corresponding to the foregoing network vulnerability detection method, the present invention further discloses a computer readable storage medium, which stores a detection software, and the detection software is used in a network vulnerability detection system and is implemented by the following steps: a control module generates a detection string through the detection software; the control module transmits the detection string to a transmission/reception module; and transmits the detection by the transmission/reception module Testing the string to a target server; wherein after receiving the detection string, the target server executes the detection string for a web page of the website and correspondingly generates an execution result; receiving the execution by the transmission/reception module The result is returned to the control module; and the control module compares the execution result and the vulnerability comparison table, and correspondingly determines that the page of the website has at least one weakness.

本發明之功效在於,偵測主機主動地透過偵測軟體產生檢測字串並傳送到儲存特定網站的目標伺服器,並依據目標伺服器回傳之執行結果與偵測主機內部的弱點對照表進行比對,進而對應判斷此網站是否具有潛在的弱點,進而針對此特定網站提出專屬的弱點分析報告及改善建議,以供網路管理者作為維護網站的參考之用,藉此提昇此特定網站的安全性及可靠性。 The function of the invention is that the detecting host actively generates a detection string through the detection software and transmits the detection string to the target server storing the specific website, and performs according to the execution result of the target server backhaul and the weak point comparison table in the detection host. The comparison, in turn, determines whether the website has potential weaknesses, and then provides a dedicated vulnerability analysis report and improvement suggestions for the specific website for the network administrator to use as a reference for maintaining the website, thereby improving the specific website. Safety and reliability.

有關本發明的特徵、實作與功效,茲配合圖式作最佳實施例詳細說明如下。 The features, implementations, and utilities of the present invention are described in detail below with reference to the drawings.

本發明的網路弱點偵測系統、偵測方法及其電腦可讀儲存媒體包含有二種不同的實施例,以下發明人分別進行說明。 The network vulnerability detection system, the detection method and the computer readable storage medium of the present invention comprise two different embodiments, which are respectively described by the inventors.

在第一實施例中,請參考第1圖及第2圖,本發明揭露一種網路弱點偵測系統10,適用於一目標伺服器200,其中該目標伺服器儲存有建置一網站的至少一網路頁面。值得注意的是,此處所述網站的網路頁面係包括但不限於以超文本標記語言(HyperText Markup Language,HTML)編寫的頁面、以結構化查詢語言(Structured Query Language,SQL)編寫的頁面、動態伺服器網頁(Active Server Pages,ASP)的頁面、或以延伸標記語言(Extensible Markup Language,XML)編寫的頁面等不同的網路頁面類型,此外頁面的數量及各頁面間的連結和結構亦不以本發明所揭露的內容為限,本領域具有通常技藝者,得依照網站的類型及使用需求,再不脫離本發明的精神下,自行變更或調整。 In the first embodiment, referring to FIG. 1 and FIG. 2, the present invention discloses a network vulnerability detection system 10, which is applicable to a target server 200, wherein the target server stores at least one website. A web page. It is worth noting that the web pages of the websites described herein include, but are not limited to, pages written in HyperText Markup Language (HTML), pages written in Structured Query Language (SQL). , dynamic server pages (Active Server Pages, ASP) pages, or in the extended markup language (Extensible Different types of web pages, such as pages written by Markup Language, XML). In addition, the number of pages and the links and structures between the pages are not limited by the content disclosed in the present invention, and those skilled in the art have to follow the website. The type and usage requirements are subject to change or adjustment without departing from the spirit of the invention.

如第1圖及第2圖所示,網路弱點偵測系統10包含有一偵測主機10,且偵測主機10包括有一控制模組101及一傳輸/接收模組102。所述控制模組101及傳輸/接收模組102可為各自獨立配置之電腦主機,互相以訊號線或網路連接。控制模組101及傳輸/接收模組102也可以整合為單一偵測主機100,電性連接於目標伺服器200。 As shown in FIG. 1 and FIG. 2, the network vulnerability detection system 10 includes a detection host 10, and the detection host 10 includes a control module 101 and a transmission/reception module 102. The control module 101 and the transmission/reception module 102 can be independently configured computer hosts connected to each other by a signal line or a network. The control module 101 and the transmission/reception module 102 can also be integrated into a single detection host 100 and electrically connected to the target server 200.

控制模組101儲存有一偵測軟體及一弱點對照表500。控制模組101載入並執行偵測軟體,以透過偵測軟體產生檢測字串。控制模組101並依據執行結果進行分析,藉以判斷特定網站是否具有潛在的弱點。弱點對照表500則列舉目標伺服器200回傳之執行結果的類型及對應執行結果所歸納可能具有的潛在弱點,以供控制模組101進行比對和分析。 The control module 101 stores a detection software and a vulnerability comparison table 500. The control module 101 loads and executes the detection software to generate a detection string through the detection software. The control module 101 analyzes the execution result according to the execution result to determine whether the specific website has potential weaknesses. The vulnerability comparison table 500 lists the types of execution results returned by the target server 200 and potential weaknesses that may be attributed to the corresponding execution results for the control module 101 to perform comparison and analysis.

傳輸/接收模組102連接控制模組101及目標伺服器200。傳輸/接收模組102用以接收控制模組101透過偵測軟體所產生的檢測字串。傳輸/接收模組102並對應轉換檢測字串為檢測封包,傳送至目標伺服器200。同時,傳輸/接收模組102亦接收目標伺服器200所對應產生執行結果的封包,並再次對應轉換為可供控制模組101辨讀的訊號型式,並回傳給控制模組101作為分析和判斷之用。 The transmission/reception module 102 is connected to the control module 101 and the target server 200. The transmission/reception module 102 is configured to receive a detection string generated by the control module 101 through the detection software. The transmission/reception module 102 transmits the detection packet to the target server 200 corresponding to the detection detection string. At the same time, the transmission/reception module 102 also receives the packet corresponding to the execution result of the target server 200, and converts it into a signal type that can be read by the control module 101, and transmits it back to the control module 101 for analysis and Judging.

請參考第3圖及第4圖,在本實施例中,當前述的網路弱點偵測系統10針對特定網站進行弱點偵測時,控制模組101透過偵測軟體產生一檢測字串300(S101)。 Referring to FIG. 3 and FIG. 4, in the embodiment, when the network vulnerability detection system 10 performs vulnerability detection for a specific website, the control module 101 generates a detection string 300 through the detection software. S101).

於一具體實施例中,檢測字串300係檢測該網站之該頁面中的動態執行腳本,而控制模組101檢測該動態執行腳本中的結構化查詢語言(Structured QueryLanguage,SQL)指令。於另一具體實施例中,檢測字串300係檢測該網站中以延伸標記語言(Extensible Markup Language,XML)編寫的頁面。 In one embodiment, the detection string 300 detects a dynamic execution script in the page of the website, and the control module 101 detects a Structured Query Language (SQL) instruction in the dynamic execution script. In another embodiment, the detection string 300 detects pages written in the Extensible Markup Language (XML) on the website.

值得注意的是,前述的檢測字串300僅為範例,檢測字串300係包括但不限於用以針對特定網站的不同類型或以不同程式語言所撰寫的頁面進行錯誤訊息返回(Application error message)、程式碼執行(Code execution)、Cookie操控(Cookie manipulation)、斷行符號注入(CRLF injection)、跨網站框架腳本(Cross Frame Scripting)、跨網站腳本(Cross Site Scripting)、目錄跨越(Directory traversal)、檔案引入(File inclusion)、完整路徑揭露(Full path disclosure)、輕量化目錄存取協定注入(LDAP injection)、PHP程式碼注入(PHP code injection)、遠端XSL檔案引入(Remote XSL inclusion)、腳本程式碼揭露(Script source code disclosure)、結構化查詢語言注入(SQL injection)、統一資源定位轉向(URL redirection)、Xpath語法注入(XPath injection)、存在備份檔案(Backup Files)、URI存在跨網站腳本(Cross Site Scripting in URI)、腳本程式錯誤(Script Error)、路徑存在跨網站腳本(Cross Site Scripting in path)、目錄權限(Directory permissions)、超文本協定指 令竄改(HTTP Verb Tampering)、可能敏感目錄(Possibile Sensitive Directories)或可能敏感檔案(Possibile Sensitive File)等不同偵測方式的檢測字串。 It should be noted that the foregoing detection string 300 is merely an example, and the detection string 300 includes, but is not limited to, an application error message for different types of specific websites or pages written in different programming languages. , Code execution, Cookie manipulation, CRLF injection, Cross Frame Scripting, Cross Site Scripting, Directory traversal , File inclusion, Full path disclosure, LDAP injection, PHP code injection, Remote XSL inclusion, Script source code disclosure, structured SQL injection, URL redirection, XPath injection, Backup Files, URIs exist across sites Cross Site Scripting in URI, script error, path exists across the network Scripting (Cross Site Scripting in path), the directory permissions (Directory permissions), hypertext agreement refers to A detection string for different detection methods such as HTTP Verb Tampering, Possibile Sensitive Directories, or Possibile Sensitive File.

在完成檢測字串300的產生後,控制模組101傳送檢測字串300至偵傳輸/接收模組102(S105)。傳輸/接收模組102將檢測字串300對應轉換為封包的形式,並傳送檢測字串300至目標伺服器200(S110)。 After the generation of the detection string 300 is completed, the control module 101 transmits the detection string 300 to the detection transmission/reception module 102 (S105). The transmission/reception module 102 converts the detection string 300 into a form of a packet, and transmits the detection string 300 to the target server 200 (S110).

承前所述,目標伺服器200接收檢測字串300(S115)後,目標伺服器200針對網站的一網路頁面執行檢測字串300,並對應產生一執行結果400(S120)。 As described above, after the target server 200 receives the detection string 300 (S115), the target server 200 executes the detection string 300 for a web page of the website, and correspondingly generates an execution result 400 (S120).

目標伺服器200將執行結果400轉換為網路封包的形式,目標伺服器200則傳輸執行結果400以網路封包形式傳送至傳輸/接收模組102(S125)。 The target server 200 converts the execution result 400 into a form of a network packet, and the target server 200 transmits the execution result 400 to the transmission/reception module 102 in the form of a network packet (S125).

傳輸/接收模組102將封包形式的執行結果400轉換為可辨識的訊號形式,並回傳至控制模組101(S130)。 The transmission/reception module 102 converts the execution result 400 in the form of a packet into an identifiable signal form and transmits it back to the control module 101 (S130).

控制模組101將執行結果400與弱點對照表500進行比對(S135)。 The control module 101 compares the execution result 400 with the vulnerability comparison table 500 (S135).

若執行結果400與弱點對照表500相符合,則控制模組101對應判斷特定網站的頁面具有至少一弱點(S140);若執行結果400與弱點對照表500不符合,則控制模組101對應判斷特定網站的頁面具有不具有此弱點(S145)。如此依序以不同類型的檢測字串300針對目標伺服器200進行偵測,控制模組101即能夠偵測出特定網站具有那些潛在的弱點,並對應分析可行的修正建議。 If the execution result 400 matches the vulnerability comparison table 500, the control module 101 correspondingly determines that the page of the specific website has at least one weakness (S140); if the execution result 400 does not match the vulnerability comparison table 500, the control module 101 correspondingly determines The page of a particular website has no such weakness (S145). The detection of the target server 200 by the different types of detection strings 300 is performed in this manner, and the control module 101 can detect the potential weaknesses of the specific website and analyze the feasible correction suggestions.

在第二實施例中,本發明的網路弱點偵測系統10,其設備之模組組成及電性連接關係與第一實施例大致相類似,惟其不同之處,在本實施例中,控制模組101除了偵測特定網站的弱點以外,控制模組100亦透過偵測軟體產生偵測訊號,並依據目標伺服器200回傳之網路結構映像(Network mapping)訊號,分析特定網站之頁面的分佈結構及定址(Uniform Resource Locator,URL)狀態,以找出所有網路頁面,並取得該些網路頁面的分布結構及定址。本處所述的分布結構及定址包括但不限於組成此網站的各頁面資訊、資訊種類及細部內容、此網站的頁面地圖(Site Map)及各頁面的定址狀態等不同的網站資訊。 In the second embodiment, the network vulnerability detection system 10 of the present invention has a module composition and an electrical connection relationship similar to those of the first embodiment, but the difference is, in this embodiment, the control In addition to detecting the weakness of a specific website, the control module 100 also generates a detection signal through the detection software, and analyzes the page of the specific website according to the network mapping signal returned by the target server 200. The distribution structure and location (Uniform Resource Locator, URL) status to find all network pages, and obtain the distribution structure and address of the network pages. The distribution structure and addressing described in this section include, but are not limited to, the information of each page that constitutes the website, the type and details of the information, the site map of the website, and the location status of each page.

在本實施例中,以網路弱點偵測系統10之控制模組101針對特定網站進行弱點偵測的步驟(S230~S275)與第一實施例相類同(S101~S145),請參照第1圖至第4圖及第一實施例的說明內容,發明人不在此贅述。 In this embodiment, the steps (S230-S275) of performing the vulnerability detection for the specific website by the control module 101 of the network vulnerability detection system 10 are similar to those of the first embodiment (S101~S145), please refer to 1 to 4 and the description of the first embodiment, the inventors will not repeat here.

請參照第5圖及第6圖,並請同時參考第1圖及第2圖,當控制模組101執行特定網站的弱點偵測之前步驟(S230~S275),控制模組101透過偵測軟體產生一偵測訊號600至傳輸/接收模組102(S201)。 Please refer to FIG. 5 and FIG. 6 , and refer to FIG. 1 and FIG. 2 simultaneously. When the control module 101 performs the weakness detection of a specific website (S230-S275), the control module 101 transmits the detection software. A detection signal 600 is generated to the transmission/reception module 102 (S201).

傳輸/接收模組102接收偵測訊號600後,對應轉換成網路封包的形式,傳輸/接收模組102傳輸封包形式的偵測訊號600至目標伺服器200(S205),目標伺服器200接收偵測訊號600(S210),並依據所儲存網站的頁面內容對應產生網站的一網路結構映像(Network mapping)訊號700(S215)。 After receiving the detection signal 600, the transmission/reception module 102 converts the network into a network packet, and the transmission/reception module 102 transmits the detection signal 600 in the form of a packet to the target server 200 (S205), and the target server 200 receives The detection signal 600 is detected (S210), and a network mapping signal 700 of the website is generated according to the content of the page of the stored website (S215).

而後,目標伺服器200傳輸網路結構映像(Network mapping)訊號700至偵測主機100之傳輸/接收模組102並回傳至控制模組101(S220),控制模組101依據網路結構映像訊號700判斷網站之頁面的分佈結構及定址(Uniform Resource Locator,URL)狀態(175),藉此控制模組101能夠分析特定網站的網站資訊,並找出組成網站的所有網站頁面(S225)。 Then, the target server 200 transmits a network mapping signal 700 to the transmission/reception module 102 of the detection host 100 and transmits it back to the control module 101 (S220). The control module 101 according to the network structure image The signal 700 determines the distribution structure and address (Uniform Resource Locator, URL) status of the website (175), whereby the control module 101 can analyze the website information of the specific website and find all the website pages constituting the website (S225).

接著,控制模組101針對每一個網站頁面,逐一進行弱點偵測的步驟(S230~S275),藉以分析出該網站的所有頁面中,具有弱點的頁面為何,並分析各頁面之弱點型態。 Next, the control module 101 performs the steps of detecting the weaknesses one by one for each website page (S230~S275), so as to analyze the pages with weak points among all the pages of the website, and analyze the weakness patterns of each page.

在本實施例中,最後,控制模組101判斷網站的頁面的分佈結構及定址(Uniform Resource Locator,URL)狀態及判斷網站的該頁面具有弱點後,控制模組101依據頁面的分佈結構及定址及弱點針對此網站對應產生一網路弱點偵測報告(S280)。 In this embodiment, finally, after the control module 101 determines the distribution structure and address (Uniform Resource Locator, URL) status of the website and determines that the page of the website has a weakness, the control module 101 according to the distribution structure and address of the page. And the vulnerability generates a network vulnerability detection report (S280) corresponding to the website.

網路弱點偵測報告係整合前述的網站分析,並針對此網站提供對應的修正建議,藉此作為網站管理者或網路安全維護者進行網站維護或修正的參考,以避免來自網際網路的不同攻擊手段,進而提升此網站的安全性、穩定性及隱密性。值得注意的是,網路弱點偵測報告的產生時機不限於在完成弱點偵測以及網站分析之後,網站管理者亦可選擇在執行上述任一偵測項目之後即立刻對應產生網路弱點偵測報告,此舉有助於減少偵測過程所耗費的時間,提升效率。 The Network Vulnerability Detection Report integrates the aforementioned website analysis and provides corresponding correction suggestions for this website as a reference for website maintenance or network security maintainers to maintain or correct the website to avoid Internet access. Different means of attack to improve the security, stability and privacy of this website. It is worth noting that the timing of the network vulnerability detection report is not limited to the completion of vulnerability detection and website analysis. The website administrator can also choose to generate network vulnerability detection immediately after executing any of the above detection items. Reporting, this will help reduce the time and efficiency of the detection process.

對應前述第一實施例及第二實施例的網路弱點偵測系統及偵測方法,本發明另外揭露一種電腦可讀儲存媒體,其儲存一偵測 軟體,偵測軟體用於網路弱點偵測系統並予以實施之步驟請參照前述第一實施例及第二實施例所揭露的發明內容,發明人不在此贅述。 Corresponding to the network vulnerability detection system and the detection method of the foregoing first embodiment and the second embodiment, the present invention further discloses a computer readable storage medium, which stores a detection For the steps of the software and the detection software for the network vulnerability detection system and the implementation thereof, please refer to the disclosures of the first embodiment and the second embodiment, and the inventors will not repeat them here.

上述本發明之網路弱點偵測系統,經由上述網路弱點偵測方法及其電腦可讀儲存媒體,偵測主機能夠以遠端連線的方式定期主動連線到儲存特定網站的目標伺服器針對此網站的弱點及網頁內容進行偵測,並與偵測主機內建的弱點對照表加以比對,藉此判斷此網站是否具有潛在的弱點,並彙整上述的內容對應產生專屬於此網站的網路弱點偵測報告及修正建議,以作為網站管理者或網路安全維護者參考之用,並進一步提供網站修正或維護的建議,以避免來自網際網路的不同攻擊手段,進而提升此網站的安全性、穩定性及隱密性。 The network vulnerability detection system of the present invention, through the network vulnerability detection method and the computer readable storage medium, detects that the host can periodically connect to the target server for storing a specific website by using a remote connection manner. Detecting the weaknesses of the website and the content of the webpage, and comparing it with the vulnerability table built into the detection host to determine whether the website has potential weaknesses, and collecting the content corresponding to the website to generate the exclusive content of the website. The network vulnerability detection report and correction suggestions are used as a reference for website administrators or network security maintainers, and further suggestions for website correction or maintenance are provided to avoid different attacks from the Internet, thereby enhancing the website. Safety, stability and privacy.

此外,在本發明中,目標伺服器無須安裝任何接口軟體,偵測主機即可直接針對目標伺服器進行偵測和判斷,此舉有助於網路安全維護者同時針對不同伺服器進行偵測和管理,並減少客戶端網站管理者維護的困擾,進而降低維護成本。 In addition, in the present invention, the target server does not need to install any interface software, and the detection host can directly detect and judge the target server, which helps the network security maintainer to detect different servers at the same time. And management, and reduce the maintenance of client site administrators, thereby reducing maintenance costs.

更進一步地,由於本發明之網路弱點偵測系統能夠同時以全球最新的資訊針對不同的特定網站進行檢測,以提供專屬的網路弱點偵測報告及修正建議,使各網站的網站管理者能夠得到最新也最完整的資訊,在網站被惡意攻擊前預先得知此網站潛在的弱點或漏洞,並有效地做好事前的防堵和修補,以避免網站受到惡意的攻擊或資訊側錄,進而提昇各網站的安全性、穩定性及隱密性,防範於未然。 Furthermore, the network vulnerability detection system of the present invention can simultaneously detect the specific website with the latest global information, so as to provide a dedicated network vulnerability detection report and correction suggestions, so that the website administrators of each website The latest and most complete information can be obtained, and the potential weaknesses or vulnerabilities of the website can be known in advance before the website is maliciously attacked, and the anti-blocking and repairing of the website can be effectively done to avoid malicious attacks or information browsing. In order to improve the security, stability and privacy of each website, prevent it from happening.

雖然本發明之實施例揭露如上所述,然並非用以限定本發明,任何熟習相關技藝者,在不脫離本發明之精神和範圍內,舉凡依本發明申請範圍所述之形狀、構造、特徵及數量當可做些許之變更,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。 Although the embodiments of the present invention are disclosed above, it is not intended to limit the present invention, and those skilled in the art, regardless of the spirit and scope of the present invention, the shapes, structures, and features described in the scope of the present application. And the number of modifications may be made, and the scope of patent protection of the present invention shall be determined by the scope of the patent application attached to the specification.

10‧‧‧網路弱點偵測系統 10‧‧‧Network Weakness Detection System

100‧‧‧偵測主機 100‧‧‧Detecting host

101‧‧‧控制模組 101‧‧‧Control Module

102‧‧‧傳輸/接收模組 102‧‧‧Transmission/reception module

200‧‧‧目標伺服器 200‧‧‧target server

300‧‧‧檢測字串 300‧‧‧detection string

400‧‧‧執行結果 400‧‧‧Execution results

500‧‧‧弱點對照表 500‧‧‧ Weakness comparison table

600‧‧‧偵測訊號 600‧‧‧Detection signal

700‧‧‧網路結構映像訊號 700‧‧‧Network structure image signal

第1圖為本發明第一實施例及第二實施例之網路弱點偵測系統的連接示意圖。 FIG. 1 is a schematic diagram showing the connection of the network vulnerability detection system according to the first embodiment and the second embodiment of the present invention.

第2圖為本發明第一實施例及第二實施例之網路弱點偵測系統的元件方塊圖。 FIG. 2 is a block diagram showing the components of the network vulnerability detection system according to the first embodiment and the second embodiment of the present invention.

第3圖為本發明第一實施例之網路弱點偵測方法的步驟流程圖。 FIG. 3 is a flow chart showing the steps of the network vulnerability detection method according to the first embodiment of the present invention.

第4圖為本發明第一實施例之網路弱點偵測方法的示意圖。 FIG. 4 is a schematic diagram of a network vulnerability detection method according to a first embodiment of the present invention.

第5圖為本發明第二實施例之網路弱點偵測方法的步驟流程圖。 FIG. 5 is a flow chart showing the steps of the network vulnerability detection method according to the second embodiment of the present invention.

第6圖為本發明第二實施例之網路弱點偵測方法的示意圖。 FIG. 6 is a schematic diagram of a network vulnerability detection method according to a second embodiment of the present invention.

10‧‧‧網路弱點偵測系統 10‧‧‧Network Weakness Detection System

100‧‧‧偵測主機 100‧‧‧Detecting host

200‧‧‧目標伺服器 200‧‧‧target server

500‧‧‧弱點對照表 500‧‧‧ Weakness comparison table

Claims (11)

一種網路弱點偵測系統,適用於一目標伺服器,其中該目標伺服器儲存有建置一網站的至少一網路頁面;該網路弱點偵測系統包含有:一偵測主機,包括有:一控制模組,儲存有一偵測軟體及一弱點對照表,該控制模組透過該偵測軟體產生一檢測字串;及一傳輸/接收模組,連接於該控制模組及該目標伺服器,用以自該控制模組接收該檢測字串,並傳輸該檢測字串至該目標伺服器;其中該目標伺服器接收該檢測字串,針對該網站的該網路頁面執行該檢測字串並對應產生一執行結果,該目標伺服器傳輸該執行結果至該傳輸/接收模組並回傳至該控制模組,該控制模組比對該執行結果及該弱點對照表,並對應判斷該網站的該頁面具有至少一弱點。 A network vulnerability detection system is applicable to a target server, wherein the target server stores at least one network page for constructing a website; the network vulnerability detection system includes: a detection host, including a control module storing a detection software and a weak point comparison table, the control module generating a detection string through the detection software; and a transmission/reception module connected to the control module and the target servo And receiving the detection string from the control module, and transmitting the detection string to the target server; wherein the target server receives the detection string, and executing the detection word for the webpage of the website And the target server generates an execution result, and the target server transmits the execution result to the transmission/reception module and returns the control module to the control module, and the control module compares the execution result and the vulnerability comparison table, and correspondingly determines The page of the website has at least one weakness. 如請求項第1項所述的網路弱點偵測系統,其中該控制模組更透過該偵測軟體產生一偵測訊號至該傳輸/接收模組,該傳輸/接收模組傳輸該偵測訊號至該目標伺服器,其中該目標伺服器接收該偵測訊號,並對應傳輸該網站的一網路結構映像(Network mapping)訊號至該偵測主機之該傳輸/接收模組並回傳至該控制模組,該控制模組依據該網路分佈狀態訊號判斷該網站之該頁面的分佈結構及定址(Uniform Resource Locator,URL)狀態。 The network vulnerability detection system of claim 1, wherein the control module generates a detection signal to the transmission/reception module through the detection software, and the transmission/reception module transmits the detection. Signaling to the target server, wherein the target server receives the detection signal, and correspondingly transmits a network mapping signal of the website to the transmission/reception module of the detection host and transmits back to The control module determines the distribution structure and the location of the page (Uniform Resource Locator, URL) of the website according to the network distribution status signal. 如請求項第1項所述的網路弱點偵測系統,其中該檢測字串係檢測該網站之該頁面中的動態執行腳本。 The network vulnerability detection system of claim 1, wherein the detection string detects a dynamic execution script in the page of the website. 如請求項第3項所述的網路弱點偵測系統,其中該控制模組檢測該動態執行腳本中的結構化查詢語言(Structured Query Language,SQL)指令。 The network vulnerability detection system of claim 3, wherein the control module detects a Structured Query Language (SQL) instruction in the dynamic execution script. 如請求項第1項所述的網路弱點偵測系統,其中該檢測字串係檢測該網站中以延伸標記語言(Extensible Markup Language,XML)編寫的該頁面。 The network vulnerability detection system of claim 1, wherein the detection string detects the page in the website written in Extensible Markup Language (XML). 一種網路弱點偵測方法,適用於一目標伺服器,其中該目標伺服器儲存有建置一網站的至少一網路頁面;該網路弱點偵測方法包含有以下步驟:以一偵測主機之一控制模組透過一偵測軟體產生一檢測字串;以該控制模組傳送該檢測字串至一傳輸/接收模組;以該偵測主機之該傳輸/接收模組傳輸該檢測字串至一目標伺服器;其中該目標伺服器接收該檢測字串後,針對該網站的一網路頁面執行該檢測字串並對應產生一執行結果;以該傳輸/接收模組接收該執行結果並回傳至該控制模組;以及以該控制模組比對該執行結果及該弱點對照表,並對應判斷該網站的該頁面具有至少一弱點。 A network vulnerability detection method is applicable to a target server, wherein the target server stores at least one network page for constructing a website; the network vulnerability detection method includes the following steps: detecting a host by using a method One of the control modules generates a detection string through a detection software; the control module transmits the detection string to a transmission/reception module; and transmits the detection word to the transmission/reception module of the detection host Serializing to a target server; wherein the target server receives the detection string, executing the detection string for a web page of the website and correspondingly generating an execution result; receiving the execution result by the transmission/reception module And returning to the control module; and comparing the execution result and the vulnerability comparison table with the control module, and correspondingly determining that the page of the website has at least one weakness. 如請求項第6項所述的網路弱點偵測方法更包括以下步驟:該控制模組透過該偵測軟體產生一偵測訊號至該傳輸/接 收模組;該傳輸/接收模組傳輸該偵測訊號至該目標伺服器;該目標伺服器接收該偵測訊號,並對應傳輸該網站的一網路結構映像(Network mapping)訊號至該傳輸/接收模組並回傳至該控制模組;該控制模組依據該網路結構映像訊號判斷該網站之該頁面的分佈結構及定址(Uniform Resource Locator,URL)狀態。 The network vulnerability detection method of claim 6 further includes the following steps: the control module generates a detection signal through the detection software to the transmission/connection Receiving a module; the transmitting/receiving module transmits the detecting signal to the target server; the target server receives the detecting signal and correspondingly transmitting a network mapping signal of the website to the transmission And receiving the module and transmitting it back to the control module; the control module determines the distribution structure and the location (Uniform Resource Locator, URL) status of the page of the website according to the network structure image signal. 如請求項第6項所述的網路弱點偵測方法,其中該控制模組判斷該網站的該頁面的分佈結構及定址(Uniform Resource Locator,URL)狀態及判斷該網站的該頁面具有該弱點後,該控制模組依據該頁面的分佈結構及定址及該弱點針對該網站對應產生一網路弱點偵測報告。 The network vulnerability detection method according to claim 6, wherein the control module determines a distribution structure and a location (Uniform Resource Locator, URL) status of the page of the website, and determines that the page of the website has the weakness. Afterwards, the control module generates a network vulnerability detection report according to the distribution structure and address of the page and the vulnerability corresponding to the website. 一種電腦可讀儲存媒體,其儲存一偵測軟體,該偵測軟體用於一網路弱點偵測系統並予以實施之步驟包含以下步驟:以一偵測主機之一控制模組透過該偵測軟體產生一檢測字串;該控制模組傳送該檢測字串至一傳輸/接收模組;以該偵測主機之該傳輸/接收模組傳輸該檢測字串至一目標伺服器;其中該目標伺服器接收該檢測字串後,針對該網站的一網路頁面執行該檢測字串並對應產生一執行結果;以該傳輸/接收模組接收該執行結果並回傳至該控制模組;以及以該控制模組比對該執行結果及該弱點對照表,並對應判 斷該網站的該頁面具有至少一弱點。 A computer-readable storage medium for storing a detection software, the detection software being used in a network vulnerability detection system and implementing the steps includes the following steps: one of the detection host controls the module to pass the detection The software generates a detection string; the control module transmits the detection string to a transmission/reception module; and the transmission/reception module of the detection host transmits the detection string to a target server; wherein the target After receiving the detection string, the server executes the detection string for a web page of the website and correspondingly generates an execution result; receiving the execution result by the transmission/reception module and transmitting the result to the control module; The control module compares the execution result and the weak point comparison table, and correspondingly judges Breaking the page of the site has at least one weakness. 如請求項第9項所述之電腦可讀儲存媒體,其中,該偵測軟體用於該網路弱點偵測系統並予以實施之步驟包含:該偵測主機之該控制模組透過該偵測軟體產生一偵測訊號至該傳輸/接收模組;該偵測主機之該傳輸/接收模組傳輸該偵測訊號至該目標伺服器;該目標伺服器接收該偵測訊號,並對應傳輸該網站的一網路結構映像(Network mapping)訊號至該偵測主機之該傳輸/接收模組並回傳至該控制模組;該控制模組依據該網路結構映像訊號判斷該網站之該頁面的分佈結構及定址(Uniform Resource Locator,URL)狀態。 The computer-readable storage medium of claim 9, wherein the detecting software is used in the network vulnerability detecting system and the method comprises: the detecting module of the detecting host transmits the detecting The software generates a detection signal to the transmission/reception module; the transmission/reception module of the detection host transmits the detection signal to the target server; the target server receives the detection signal and transmits the corresponding detection signal A network mapping signal of the website is sent to the transmission/reception module of the detection host and transmitted back to the control module; the control module determines the page of the website according to the network structure image signal The distribution structure and location (Uniform Resource Locator, URL) status. 如請求項第9項所述之電腦可讀儲存媒體,其中,該偵測軟體用於該網路弱點偵測系統並予以實施該控制模組判斷該網站的該頁面的分佈結構及定址(Uniform Resource Locator,URL)狀態及判斷該網站的該頁面具有該弱點後,該控制模組並依據該頁面的分佈結構及定址及該弱點針對該網站對應產生一網路弱點偵測報告。 The computer readable storage medium of claim 9, wherein the detection software is used in the network vulnerability detection system and the control module is implemented to determine the distribution structure and address of the page of the website (Uniform) Resource Locator, URL) status and after determining that the page of the website has the weakness, the control module generates a network vulnerability detection report according to the distribution structure and address of the page and the vulnerability corresponding to the website.
TW101148469A 2012-06-16 2012-12-19 Weakness scanning system for network, scanning method and computer-readable storage media thereof TW201401095A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US201261660687P 2012-06-16 2012-06-16

Publications (1)

Publication Number Publication Date
TW201401095A true TW201401095A (en) 2014-01-01

Family

ID=50345063

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101148469A TW201401095A (en) 2012-06-16 2012-12-19 Weakness scanning system for network, scanning method and computer-readable storage media thereof

Country Status (1)

Country Link
TW (1) TW201401095A (en)

Similar Documents

Publication Publication Date Title
US11924234B2 (en) Analyzing client application behavior to detect anomalies and prevent access
US10868819B2 (en) Systems for detecting a headless browser executing on a client computer
Alwan et al. Detection and prevention of SQL injection attack: a survey
US10447730B2 (en) Detection of SQL injection attacks
US8667294B2 (en) Apparatus and method for preventing falsification of client screen
US8286225B2 (en) Method and apparatus for detecting cyber threats
US8285778B2 (en) Protecting web application data
US20150319189A1 (en) Protecting websites from cross-site scripting
US20130160132A1 (en) Cross-site request forgery protection
Salas et al. Security testing methodology for evaluation of web services robustness-case: XML injection
CN110581841B (en) Back-end anti-crawler method
Kapodistria et al. An advanced web attack detection and prevention tool
Katkar Anjali et al. Web vulnerability detection and security mechanism
Ying et al. CSP adoption: current status and future prospects
Kaur et al. State-of-the-art survey on web vulnerabilities, threat vectors, and countermeasures
Jovičić et al. Common web application attack types and security using asp. net
Jayaraman et al. Enforcing request integrity in web applications
TW201401095A (en) Weakness scanning system for network, scanning method and computer-readable storage media thereof
Nilsson Security in Behaviour Driven Authentication for Web Applications
Chokhawala Kirit et al. Secure Web Application: Preventing Application Injections
Song et al. Design of web security penetration test system based on attack and defense game
Ćosić Web 2.0 services (vulnerability, threats and protection measures)
Ingle et al. Attacks on web based software and modelling defence mechanisms
Taelman et al. A Prospective Analysis of Security Vulnerabilities within Link Traversal-Based Query Processing (Extended Version)
Kraguljac et al. Security of the Most Frequently Used Web Content Management Systems