CN102932370B - A kind of security sweep method, equipment and system - Google Patents

A kind of security sweep method, equipment and system Download PDF

Info

Publication number
CN102932370B
CN102932370B CN201210470482.8A CN201210470482A CN102932370B CN 102932370 B CN102932370 B CN 102932370B CN 201210470482 A CN201210470482 A CN 201210470482A CN 102932370 B CN102932370 B CN 102932370B
Authority
CN
China
Prior art keywords
scanning rule
http request
rule storehouse
security
webpage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210470482.8A
Other languages
Chinese (zh)
Other versions
CN102932370A (en
Inventor
夏祖转
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nantong yunshangxiang home textile e-commerce Co., Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201210470482.8A priority Critical patent/CN102932370B/en
Publication of CN102932370A publication Critical patent/CN102932370A/en
Application granted granted Critical
Publication of CN102932370B publication Critical patent/CN102932370B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present invention provides a kind of security sweep method, equipment and system.The method comprises: obtain the HTTP request of user to webpage WEB server requested webpage; Obtain the scanning rule storehouse corresponding with described HTTP request, scanning rule storehouse corresponding to described HTTP request comprises the security breaches relevant to described HTTP request, and scanning rule storehouse corresponding to described HTTP request is the subset in the universal class type scanning rule storehouse being applicable to any HTTP request; According to described scanning rule storehouse, security sweep is carried out to described HTTP request.Security sweep method, equipment and system that the embodiment of the present invention provides, improve security sweep efficiency and save security sweep consume resource.

Description

A kind of security sweep method, equipment and system
Technical field
The present invention relates to network security technology, particularly relate to a kind of security sweep method, equipment and system, belong to communication technical field.
Background technology
Along with the development of network, assault is also more and more frequent, and harmfulness is also more and more serious, wherein, the attack be subject to webpage (WEB) server is again the most frequent, therefore becomes the most important thing of server protection for the security protection of WEB server.
The security protection of current WEB server, is mainly realized by deployment secure safeguard in a network.Fig. 1 is a kind of system architecture diagram being typically deployed with the network system of safety protection equipment.As shown in Figure 1, safety protection equipment 11 is connected between subscriber equipment 12 and WEB server 13, and is connected with a security scanner 14.Safety protection equipment 11 intercepts and captures HTML (Hypertext Markup Language) (Hypertexttransferprotocol, the HTTP) request that subscriber equipment 12 mails to WEB server 13; Intercepted and captured HTTP request is sent to security scanner 14, by security scanner 14 by carrying out security sweep to HTTP request, determines whether to attack, and judged result is returned to safety protection equipment 11; If judge that this HTTP request is attacked, then return information by safety protection equipment 11 to subscriber equipment, if judge that this HTTP request is not attack, then by safety protection equipment 11, this HTTP request is sent to WEB server 13.
Because network attack person normally attacks for the security breaches of software and program, with obtain server managing defect, steal enterprise's secret, amendment server content etc., therefore safety protection equipment carries out the process of security sweep to HTTP request, mainly by process that the security breaches of HTTP request and known WEB server match.But, the security breaches of WEB server known at present nearly thousands of kinds, and along with the continuous issue of web server software redaction and the issue of new web server software and constantly groping of malicious persons, more leak will constantly be found.Therefore, scanning rule storehouse (comprising known whole security breaches, for mating with HTTP request) for carrying out security sweep is more and more huger, causes safety protection equipment when scanning, the resource of scan consume gets more and more, consuming time more and more longer.
Summary of the invention
For the defect existed in prior art, the invention provides a kind of security sweep method, equipment and system, to realize the object improving security sweep efficiency and save the resource that security sweep consumes.
First aspect, provides a kind of security sweep method, comprising:
Obtain the HTTP request of user to webpage WEB server requested webpage;
Obtain the scanning rule storehouse corresponding with described HTTP request, scanning rule storehouse corresponding to described HTTP request comprises the security breaches relevant to described HTTP request, and scanning rule storehouse corresponding to described HTTP request is the subset in the universal class type scanning rule storehouse being applicable to any HTTP request;
According to described scanning rule storehouse, security sweep is carried out to described HTTP request.
In the first possible implementation of first aspect, the described acquisition scanning rule storehouse corresponding with described HTTP request specifically comprises:
According to the type of the type of described WEB server and/or the webpage of request, determine the scanning rule storehouse corresponding with described HTTP request.
In conjunction with the first possible implementation of first aspect, in the implementation that the second of first aspect is possible, the described type according to the type of described WEB server and/or the webpage of request, determine the scanning rule storehouse corresponding with described HTTP request, and according to described scanning rule storehouse, security sweep is carried out to described HTTP request, comprising:
Judge whether to there is the first scanning rule storehouse corresponding with the type of described WEB server;
If there is described first scanning rule storehouse, then according to described first scanning rule storehouse, the first security sweep is carried out to described HTTP request;
If there is not described first scanning rule storehouse, if or described first security sweep do not find attack, then the second corresponding according to the type of the webpage of described request scanning rule storehouse, carries out the second security sweep to described HTTP request.
In conjunction with the first possible implementation of first aspect, in the third possible implementation of first aspect, the described type according to described WEB server, determine the scanning rule storehouse corresponding with described HTTP request, also comprise before:
Obtain the uniform resource position mark URL of described HTTP request;
The type of described WEB server is determined according to described URL.
Second aspect, provides a kind of security scanner, comprising:
Acquisition request module, for obtaining the HTTP request of user to WEB server requested webpage;
Scanning rule acquisition module, for obtaining the scanning rule storehouse corresponding with described HTTP request, scanning rule storehouse corresponding to described HTTP request comprises the security breaches relevant to described HTTP request, and scanning rule storehouse corresponding to described HTTP request is the subset in the universal class type scanning rule storehouse being applicable to any HTTP request;
Security sweep module, for according to described scanning rule storehouse, carries out security sweep to described HTTP request.
In the first possible implementation of second aspect, scanning rule acquisition module is used for:
According to the type of the type of described WEB server and/or the webpage of request, determine the scanning rule storehouse corresponding with described HTTP request.
In conjunction with the first possible implementation of second aspect, in the implementation that the second of second aspect is possible, described scanning rule acquisition module, and security sweep module specifically for:
First scanning rule corresponding with the type of described WEB server is there is in described scanning rule acquisition module for judging whether; If there is described first scanning rule storehouse, then trigger described security sweep module executable operations;
Correspondingly, described security sweep module is used for carrying out the first security sweep according to described first scanning rule storehouse to described HTTP request;
If also for there is not described first scanning rule storehouse in described scanning rule acquisition module, if or described first security sweep does not find to attack, the second then corresponding according to the type of the webpage of described request scanning rule storehouse, triggers described security sweep module executable operations;
Correspondingly, described security sweep module also for according to described second scanning rule storehouse, is stated HTTP request to fearness and is carried out the second security sweep.
In conjunction with the first possible implementation of second aspect, in the third possible implementation of second aspect, described scanning rule acquisition module also for:
Obtain the URL of described HTTP request;
The type of described WEB server is judged according to described UTL.
The third aspect, a kind of security protection system is provided, comprise subscriber equipment, WEB server, be connected to safety protection equipment between described subscriber equipment and WEB server, and the security scanner to be connected with described safety protection equipment, wherein, the security scanner that provides for the embodiment of the present invention of described security scanner.
According to security sweep method of the present invention, equipment and system, the software/program corresponding due to different HTTP request is distinct, causes the security breaches that different HTTP request is relevant also different.Therefore, when after getting the HTTP request that user sends to WEB server, from pre-configured different scanning rule storehouse, search corresponding with this HTTP request and only comprise the scanning rule storehouse of the part in universal class type scanning rule storehouse, and according to the scanning rule storehouse of this correspondence, security sweep is carried out to HTTP request, while effectively realizing security sweep, can significantly reduce the deal with data amount of security sweep, effectively save device resource, improve sweep speed.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of system architecture diagram being typically deployed with the network system of safety protection equipment;
Fig. 2 is the schematic flow sheet of the security sweep method of one embodiment of the invention;
Fig. 3 is the schematic flow sheet of the security sweep method of another embodiment of the present invention;
Fig. 4 is the flow chart of an example of the security sweep method applying the embodiment of the present invention in network system;
Fig. 5 is the system architecture diagram that another kind is deployed with the network system of safety protection equipment;
Fig. 6 is the structural representation of the security scanner of one embodiment of the invention;
Fig. 7 is the structural representation of the security scanner of another embodiment of the present invention.
Embodiment
The security sweep method of the embodiment of the present invention is performed by security scanner, this security scanner both can by mode shown in Fig. 1, be deployed in network system, any alternate manner also can be adopted to be deployed in network system, to realize carrying out security sweep to HTTP request.
Fig. 2 is the schematic flow sheet of the security sweep method of one embodiment of the invention, and as shown in Figure 2, this security sweep method comprises:
Step 201, obtains the HTTP request of user to WEB server requested webpage;
Step 202, obtain the scanning rule storehouse corresponding with described HTTP request, scanning rule storehouse corresponding to described HTTP request comprises the security breaches relevant to described HTTP request, and scanning rule storehouse corresponding to described HTTP request is the subset in the universal class type scanning rule storehouse being applicable to any HTTP request;
Step 203, according to described scanning rule storehouse, carries out security sweep to described HTTP request.
Particularly, pre-configured multiple different scanning rule storehouse in security scanner, each scanning rule storehouse is applicable to different HTTP request, and the type etc. of the webpage that the type of such as corresponding with HTTP request WEB server, HTTP request are asked adapts.This scanning rule storehouse comprises the known security breaches of part, is the subset in the universal class type scanning rule storehouse (i.e. scanning rule storehouse of the prior art) of the security breaches comprising known whole WEB server.Such as, a certain scanning rule storehouse is corresponding with the type of a certain WEB server, the security breaches that the WEB server that then this scanning rule storehouse only comprises the type may exist, and the WEB server not comprising other type may exist but can not be present in the security breaches of the WEB server of the type.
After security scanner gets the HTTP request that user sends to WEB server, according in WEB server to the configuration mode in scanning rule storehouse, from pre-configured multiple scanning rule storehouses, search the scanning rule storehouse corresponding with this HTTP request.More specifically, such as: in security scanner, WEB server for different types configures different scanning rule storehouses, and store the mapping relations of the type of WEB server and the mark in scanning rule storehouse in security scanner, then security scanner is according to the type of WEB server corresponding to HTTP request, searches the scanning rule storehouse corresponding with it.
After security scanner determines the scanning rule storehouse corresponding with the HTTP request received, according to determined scanning rule storehouse, security sweep is carried out to this HTTP request, various security breaches in HTTP request and scanning rule storehouse are matched, to judge that whether this HTTP request is the attack for certain security breaches.Wherein, carry out mating and determine whether that the detailed process of attacking can adopt any existing security sweep mode, do not limit in the embodiment of the present invention.
Normally attack for the security breaches of software or program owing to attacking, the security breaches that different software or program may exist are also different.Therefore, according to the security sweep method of above-described embodiment, the software/program corresponding due to different HTTP request is distinct, causes the security breaches that different HTTP request is relevant also different.Therefore, when after getting the HTTP request that user sends to WEB server, from pre-configured different scanning rule storehouse, search corresponding with this HTTP request and only comprise the scanning rule storehouse of the part in universal class type scanning rule storehouse, and according to the scanning rule storehouse of this correspondence, security sweep is carried out to HTTP request, while effectively realizing security sweep, can significantly reduce the deal with data amount of security sweep, effectively save device resource, improve sweep speed.
Further, in the security sweep method of above-described embodiment, the described acquisition scanning rule storehouse corresponding with described HTTP request specifically comprises:
According to the type of the type of described WEB server and/or the webpage of request, determine the scanning rule storehouse corresponding with described HTTP request.
More specifically, such as, in security scanner, dissimilar according to WEB server, as Tomcat server, Light server, Apache Server etc., loads different scanning rule storehouses.Whole leaks that the WEB server that each scanning rule storehouse comprises respective type is known.
For the configuration mode in this kind of scanning rule storehouse, after security scanner gets the HTTP request that user sends to WEB server, obtain the type of WEB server corresponding to this HTTP request, and from the scanning rule storehouse of device, search the scanning rule storehouse corresponding according to the type of this WEB server with this, and utilize the scanning rule storehouse found to carry out security sweep to this HTTP request.Wherein, be provided with WEB server type judgment rule in security scanner in advance, security scanner, after receiving HTTP request, according to the WEB server type judgment rule that this is pre-configured, identifies the type of the WEB server that HTTP request is corresponding.More specifically, WEB server type judgment rule is such as the URL(uniform resource locator) (UniversalResourceLocator, URL) according to HTTP request, determines the type of WEB server.
In security scanner, can also dissimilar according to webpage, such as comprise for providing the webpage of text, for providing the webpage of video file and for providing the webpage etc. of picture file, loading different scanning rule storehouses.Whole leaks that the webpage that each scanning rule storehouse comprises respective type is known.
For the configuration mode in this kind of scanning rule storehouse, after security scanner gets the HTTP request that user sends to WEB server, obtain the type of the webpage that this HTTP request is asked, and from the scanning rule storehouse of device, search the scanning rule storehouse corresponding according to the type of this webpage with this, and utilize the scanning rule storehouse found to carry out security sweep to this HTTP request.
Further, can also load the scanning rule storehouse differently configured in security scanner, such as, be both mounted with the scanning rule storehouse of the type configuration according to WEB server, returning apparatus has the scanning rule storehouse of the type configuration according to webpage simultaneously.Correspondingly, in the security sweep method of above-described embodiment, can according to default scanning logic, multiple exercise obtains scanning rule storehouse corresponding to HTTP request and carries out the operation of security sweep according to determined scanning rule storehouse.
Fig. 3 is the schematic flow sheet of the security sweep method of another embodiment of the present invention, and as shown in Figure 3, this security sweep method comprises:
Step 301, security scanner starts, and loads the scanning rule storehouse of predefined dissimilar WEB server, and the scanning rule storehouse of different web pages type;
Step 302, security scanner obtains the type of WEB server corresponding to this HTTP request after receiving the HTTP request of user's transmission;
Step 303, security scanner judges whether the scanning rule storehouse (being such as called the first scanning rule storehouse) that the type of the WEB server that existence is corresponding with this HTTP request is corresponding; If so, then step 304 is performed; If not, then step 305 is performed;
Step 304, carries out security sweep (being such as called the first security sweep) according to described first scanning rule storehouse to HTTP request, judges whether HTTP request is query-attack; If so, then security sweep is completed; If not, then step 305 is performed;
Step 305, obtains the type of the webpage that HTTP request is asked;
Step 306, the scanning rule storehouse (be such as called second scanning rule storehouse) corresponding according to the type of described webpage, carries out security sweep (being such as called the second security sweep) to HTTP request, and completes security sweep.
According to the security sweep method of above-described embodiment, respectively from different angles, the different scanning rule storehouse that HTTP request is corresponding can be determined, and when adopting a kind of scanning rule storehouse not scan attack, recycle other scanning rule storehouse and rescaning.Therefore, significantly can either reduce the deal with data amount of security sweep, effective saving device resource, improve sweep speed, reliability and the success rate of security sweep can be improved again, avoid holiday leak in the incomplete or scanning rule storehouse of certain type of the kind in the scanning rule storehouse owing to loading in security scanner, and cause the problem that effectively cannot identify attack.
In addition, in order to improve reliability and the success rate of security sweep further, universal class type scanning rule storehouse can also be loaded in security scanner.
In such cases, also comprise before above-mentioned steps 306: judge whether existence second scanning rule storehouse, if exist, then perform step 306, that is: according to the second scanning rule storehouse, the second security sweep is carried out to HTTP request, if judge that this HTTP request is for attacking, then complete security sweep by the second security sweep; If do not judge that this HTTP request is for attacking by the second security sweep, or there is the second scanning rule storehouse, then universal class type scanning rule storehouse is adopted again to scan HTTP request.
Fig. 4 is the flow chart of an example of the security sweep method applying the embodiment of the present invention in network system.In the diagram, with in the system shown in figure 1, the security sweep method of application above-described embodiment is example, is described the flow process realizing security protection.
As shown in Figure 4, following flow process is comprised:
Step 401, safety protection equipment intercepts and captures the HTTP request that user sends, and is sent to security scanner;
Step 402, security scanner judges the type of corresponding WEB server according to the URL that this HTTP request is carried;
Step 403, security scanner judges whether to there is the scanning rule corresponding with the type of this WEB server, i.e. the first scanning rule storehouse; If exist, then perform step 404; If do not exist, then perform step 405;
Step 404, carries out security sweep according to described first scanning rule storehouse to HTTP request, i.e. the first security sweep, to judge that whether HTTP request is for query-attack; If so, then step 409 is performed; If not, then step 405 is performed;
Step 405, obtains the type of the webpage that HTTP request is asked;
Step 406, security scanner judges whether to there is the scanning rule storehouse corresponding with the type of this webpage, i.e. the second scanning rule storehouse; If exist, then perform step 407; If do not exist, then perform step 408;
Step 407, carries out security sweep according to described second scanning rule storehouse to HTTP request, i.e. the second security sweep, to judge that whether HTTP request is for query-attack; If so, then step 409 is performed; If not, then step 408 is performed;
Step 408, carries out security sweep according to universal class type scanning rule storehouse to HTTP request, to judge that whether HTTP request is for attack; If so, then step 409 is performed; If not, then step 411 is performed;
Step 409, security scanner returns to safety protection equipment the scanning result that HTTP request is query-attack; Perform step 410 afterwards;
Step 410, safety protection equipment returns warning message to user, and process ends;
Step 411, security scanner returns to safety protection equipment the scanning result that HTTP request is normal request; Perform step 412 afterwards;
Step 412, HTTP request is forwarded to corresponding WEB server by safety protection equipment, and process ends.
Although in above-mentioned Fig. 4, to apply the security sweep method of above-described embodiment in the system shown in figure 1, be described, but it is only used as the Application Scenarios-Example of security sweep method of the application embodiment of the present invention, but not the restriction of security sweep method to the embodiment of the present invention.Hereinafter, in Another Application scene, the process of the security sweep method of the application embodiment of the present invention is described.
Fig. 5 is the system architecture diagram that another kind is deployed with the network system of safety protection equipment.As shown in Figure 5, safety protection equipment 51 is with bypass mode, be connected on same switch with WEB server 53, subscriber equipment 52 carries out data interaction by switch 55 and WEB server 53, the HTTP request that subscriber equipment 52 sends to WEB server 53 by switch 55 and WEB server 53 return to the http response of subscriber equipment 52, are mirrored on safety protection equipment 51.
After the HTTP request that safety protection equipment 51 receives mirror image and http response, HTTP request and http response are sent to connected security scanner 54.Security scanner 54, according to the security sweep method of above-mentioned any embodiment, carries out security sweep to HTTP request, to judge whether this user attacks the server returning http response, and scanning result is returned to safety protection equipment 51; Safety protection equipment 51 is according to scanning result record attack logs, and this attack logs can be used for the mode subsequently through determining subscriber blacklist, realizes, to the protection of WEB server, not limiting in the embodiment of the present invention.
Wherein, in above process, the http response that the WEB server that can get mirror image due to security scanner returns, so security scanner can directly by resolving server (Server) head of http response, determine the type of WEB server, therefore without the need to configuring WEB server type judgment rule.
Fig. 6 is the structural representation of the security scanner of one embodiment of the invention.As shown in Figure 6, this security scanner 60 comprises:
Acquisition request module 61, for obtaining the HTTP request of user to WEB server requested webpage;
Scanning rule acquisition module 62, for obtaining the scanning rule storehouse corresponding with described HTTP request, scanning rule storehouse corresponding to described HTTP request comprises the security breaches relevant to described HTTP request, and scanning rule storehouse corresponding to described HTTP request is the subset in the universal class type scanning rule storehouse being applicable to any HTTP request;
Security sweep module 63, for according to described scanning rule storehouse, carries out security sweep to described HTTP request.
The idiographic flow of the security scanner execution security sweep of above-described embodiment is identical with the security sweep method of above-mentioned any embodiment, so place is not repeating.
Normally attack for the security breaches of software or program owing to attacking, the security breaches that different software or program may exist are also different.Therefore, according to the security scanner of above-described embodiment, the software/program corresponding due to different HTTP request is distinct, causes the security breaches that different HTTP request is relevant also different.Therefore, when after getting the HTTP request that user sends to WEB server, from pre-configured different scanning rule storehouse, search corresponding with this HTTP request and only comprise the scanning rule storehouse of the part in universal class type scanning rule storehouse, and according to the scanning rule storehouse of this correspondence, security sweep is carried out to HTTP request, while effectively realizing security sweep, can significantly reduce the deal with data amount of security sweep, effectively save device resource, improve sweep speed.
Further, in the security scanner of above-described embodiment, scanning rule acquisition module is used for:
According to the type of the type of described WEB server and/or the webpage of request, determine the scanning rule storehouse corresponding with described HTTP request.
Further, in the security scanner of above-described embodiment, described scanning rule acquisition module, and security sweep module specifically for:
First scanning rule corresponding with the type of described WEB server is there is in described scanning rule acquisition module for judging whether; If there is described first scanning rule storehouse, then trigger described security sweep module executable operations;
Correspondingly, described security sweep module is used for carrying out the first security sweep according to described first scanning rule storehouse to described HTTP request;
If also for there is not described first scanning rule storehouse in described scanning rule acquisition module, if or described first security sweep does not find to attack, the second then corresponding according to the type of the webpage of described request scanning rule storehouse, triggers described security sweep module executable operations;
Correspondingly, described security sweep module also for according to described second scanning rule storehouse, is stated HTTP request to fearness and is carried out the second security sweep.
Further, in the security scanner of above-described embodiment, described scanning rule acquisition module also for:
Obtain the URL of described HTTP request;
The type of described WEB server is judged according to described UTL.
Fig. 7 is the structural representation of the security scanner of another embodiment of the present invention.As shown in Figure 7, this security scanner 70 comprises memory 71, and the processor 72 be connected with memory 71.
Wherein, in memory 71, store batch processing code, and processor 72 is for calling the program code stored in memory, for performing following operation:
Obtain the HTTP request of user to WEB server requested webpage;
Obtain the scanning rule storehouse corresponding with described HTTP request, scanning rule storehouse corresponding to described HTTP request comprises the security breaches relevant to described HTTP request, and scanning rule storehouse corresponding to described HTTP request is the subset in the universal class type scanning rule storehouse being applicable to any HTTP request;
According to described scanning rule storehouse, security sweep is carried out to described HTTP request.
Certainly, in the security scanner of above-described embodiment, input/output interface, hard disc apparatus and network interface unit etc. can also be comprised, do not limit in the embodiment of the present invention.And, memory can also comprise random access memory (RandomAccessMemory, and read-only memory (ReadOnlyMemory RAM), ROM), wherein, such as run in ROM and have basic input output system (BasicInputOutputSystem, BIOS), such as running in RAM has operating system, control and management device and said procedure code.
The embodiment of the present invention also provides a kind of security protection system, this security protection system comprises subscriber equipment, WEB server, is connected to safety protection equipment between described subscriber equipment and WEB server, and the security scanner to be connected with described safety protection equipment, wherein, described security scanner is the security scanner of above-mentioned any embodiment.
Wherein, security scanner can with safety protection equipment integrated or scattering device, do not limit in the embodiment of the present invention.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can have been come by the hardware that program command is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program, when performing, performs the step comprising above-mentioned each embodiment of the method; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (5)

1. a security sweep method, is characterized in that, comprising:
Obtain the HTTP request of user to webpage WEB server requested webpage;
Obtain the scanning rule storehouse corresponding with described HTTP request, scanning rule storehouse corresponding to described HTTP request comprises the security breaches relevant to described HTTP request, and scanning rule storehouse corresponding to described HTTP request is the subset in the universal class type scanning rule storehouse being applicable to any HTTP request;
According to described scanning rule storehouse, security sweep is carried out to described HTTP request;
The described acquisition scanning rule storehouse corresponding with described HTTP request specifically comprises:
According to the type of the type of described WEB server and/or the webpage of request, determine the scanning rule storehouse corresponding with described HTTP request, wherein, the type of described webpage comprises for providing the webpage of text, for providing the webpage of video file and for providing the webpage of picture file, described scanning rule storehouse comprises: for provide the webpage of text corresponding scanning rule storehouse, for the scanning rule storehouse that provides the webpage of video file corresponding and the scanning rule storehouse for providing the webpage of picture file corresponding;
The described type according to the type of described WEB server and/or the webpage of request, determine the scanning rule storehouse corresponding with described HTTP request, and according to described scanning rule storehouse, security sweep is carried out to described HTTP request, comprising:
Judge whether to there is the first scanning rule storehouse corresponding with the type of described WEB server;
If there is described first scanning rule storehouse, then according to described first scanning rule storehouse, the first security sweep is carried out to described HTTP request;
If there is not described first scanning rule storehouse, if or described first security sweep do not find attack, then the second corresponding according to the type of the webpage of described request scanning rule storehouse, carries out the second security sweep to described HTTP request.
2. security sweep method according to claim 1, is characterized in that, the described type according to described WEB server, determines the scanning rule storehouse corresponding with described HTTP request, also comprises before:
Obtain the uniform resource position mark URL of described HTTP request;
The type of described WEB server is determined according to described URL.
3. a security scanner, is characterized in that, comprising:
Acquisition request module, for obtaining the HTTP request of user to WEB server requested webpage;
Scanning rule acquisition module, for obtaining the scanning rule storehouse corresponding with described HTTP request, scanning rule storehouse corresponding to described HTTP request comprises the security breaches relevant to described HTTP request, and scanning rule storehouse corresponding to described HTTP request is the subset in the universal class type scanning rule storehouse being applicable to any HTTP request;
Security sweep module, for according to described scanning rule storehouse, carries out security sweep to described HTTP request;
Scanning rule acquisition module is used for:
According to the type of the type of described WEB server and/or the webpage of request, determine the scanning rule storehouse corresponding with described HTTP request, wherein, the type of described webpage comprises for providing the webpage of text, for providing the webpage of video file and for providing the webpage of picture file, described scanning rule storehouse comprises: for provide the webpage of text corresponding scanning rule storehouse, for the scanning rule storehouse that provides the webpage of video file corresponding and the scanning rule storehouse for providing the webpage of picture file corresponding;
Described scanning rule acquisition module, and security sweep module specifically for:
First scanning rule corresponding with the type of described WEB server is there is in described scanning rule acquisition module for judging whether; If there is described first scanning rule storehouse, then trigger described security sweep module executable operations;
Correspondingly, described security sweep module is used for carrying out the first security sweep according to described first scanning rule storehouse to described HTTP request;
If also for there is not described first scanning rule storehouse in described scanning rule acquisition module, if or described first security sweep does not find to attack, the second then corresponding according to the type of the webpage of described request scanning rule storehouse, triggers described security sweep module executable operations;
Correspondingly, described security sweep module also for according to described second scanning rule storehouse, carries out the second security sweep to described HTTP request.
4. security scanner according to claim 3, is characterized in that, described scanning rule acquisition module also for:
Obtain the URL of described HTTP request;
The type of described WEB server is judged according to described URL.
5. a security protection system, comprise subscriber equipment, WEB server, be connected to safety protection equipment between described subscriber equipment and WEB server, and the security scanner to be connected with described safety protection equipment, it is characterized in that, described security scanner is the arbitrary described security scanner of claim 3 to 4.
CN201210470482.8A 2012-11-20 2012-11-20 A kind of security sweep method, equipment and system Active CN102932370B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210470482.8A CN102932370B (en) 2012-11-20 2012-11-20 A kind of security sweep method, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210470482.8A CN102932370B (en) 2012-11-20 2012-11-20 A kind of security sweep method, equipment and system

Publications (2)

Publication Number Publication Date
CN102932370A CN102932370A (en) 2013-02-13
CN102932370B true CN102932370B (en) 2015-11-25

Family

ID=47647072

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210470482.8A Active CN102932370B (en) 2012-11-20 2012-11-20 A kind of security sweep method, equipment and system

Country Status (1)

Country Link
CN (1) CN102932370B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104348789B (en) * 2013-07-30 2018-04-27 中国银联股份有限公司 For preventing the Web server and method of cross-site scripting attack
CN103701815A (en) * 2013-12-27 2014-04-02 北京神州绿盟信息安全科技股份有限公司 Webpage scanning processing method, device and client
CN104410633B (en) * 2014-11-26 2018-03-02 广州华多网络科技有限公司 The method and device of security sweep is carried out to anti-concurrent server
CN105959250A (en) * 2015-10-22 2016-09-21 杭州迪普科技有限公司 Network attack black list management method and device
CN105376222A (en) * 2015-10-30 2016-03-02 四川九洲电器集团有限责任公司 Intelligent defense system based on cloud computing platform
CN105516131B (en) * 2015-12-04 2019-03-26 珠海豹趣科技有限公司 A kind of method, apparatus and electronic equipment scanning loophole
CN105404816B (en) * 2015-12-24 2018-11-06 北京奇虎科技有限公司 Leak detection method based on content and device
CN107026821B (en) * 2016-02-01 2021-06-01 阿里巴巴集团控股有限公司 Message processing method and device
CN106789860B (en) * 2016-03-02 2021-02-05 新华三技术有限公司 Signature rule loading method and device
CN106330563B (en) * 2016-08-30 2019-09-17 北京神州绿盟信息安全科技股份有限公司 A kind of method and device of determining Intranet http communication stream service type
CN107580005A (en) * 2017-11-01 2018-01-12 北京知道创宇信息技术有限公司 Website protection method, device, website safeguard and readable storage medium storing program for executing
CN109165511B (en) * 2018-08-08 2022-07-15 深圳前海微众银行股份有限公司 Web security vulnerability processing method, system and computer readable storage medium
CN109361692B (en) * 2018-11-20 2020-12-04 远江盛邦(北京)网络安全科技股份有限公司 Web protection method based on asset type identification and self-discovery vulnerability
CN110225062A (en) * 2019-07-01 2019-09-10 北京微步在线科技有限公司 A kind of method and apparatus monitoring network attack
CN110311983B (en) * 2019-07-09 2021-04-06 北京字节跳动网络技术有限公司 Service request processing method, device and system, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558605A (en) * 2004-01-19 2004-12-29 上海交通大学 Method for realizing loophole scanning
CN101594261A (en) * 2008-05-28 2009-12-02 北京百问百答网络技术有限公司 A kind of forgery website monitoring method and system thereof
CN101834760A (en) * 2010-05-20 2010-09-15 杭州华三通信技术有限公司 IPS (Intrusion Prevention System)device based attack detecting method and IPS device
CN102664875A (en) * 2012-03-31 2012-09-12 华中科技大学 Malicious code type detection method based on cloud mode
CN102710642A (en) * 2012-06-01 2012-10-03 北京神州绿盟信息安全科技股份有限公司 Method and device for scanning system bug

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7836500B2 (en) * 2005-12-16 2010-11-16 Eacceleration Corporation Computer virus and malware cleaner

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558605A (en) * 2004-01-19 2004-12-29 上海交通大学 Method for realizing loophole scanning
CN101594261A (en) * 2008-05-28 2009-12-02 北京百问百答网络技术有限公司 A kind of forgery website monitoring method and system thereof
CN101834760A (en) * 2010-05-20 2010-09-15 杭州华三通信技术有限公司 IPS (Intrusion Prevention System)device based attack detecting method and IPS device
CN102664875A (en) * 2012-03-31 2012-09-12 华中科技大学 Malicious code type detection method based on cloud mode
CN102710642A (en) * 2012-06-01 2012-10-03 北京神州绿盟信息安全科技股份有限公司 Method and device for scanning system bug

Also Published As

Publication number Publication date
CN102932370A (en) 2013-02-13

Similar Documents

Publication Publication Date Title
CN102932370B (en) A kind of security sweep method, equipment and system
KR101074624B1 (en) Method and system for protecting abusinng based browser
US9686303B2 (en) Web page vulnerability detection method and apparatus
US9356937B2 (en) Disambiguating conflicting content filter rules
CN105553917B (en) Method and system for detecting webpage bugs
US9531734B2 (en) Method and apparatus for intercepting or cleaning-up plugins
CN110300133B (en) Cross-domain data transmission method, device, equipment and storage medium
CN103617395A (en) Method, device and system for intercepting advertisement programs based on cloud security
CN109922062B (en) Source code leakage monitoring method and related equipment
US20190222587A1 (en) System and method for detection of attacks in a computer network using deception elements
US9087194B2 (en) Providing information to a security application
CN102647417A (en) Method, device and system realizing network access and network system
CN108156121B (en) Traffic hijacking monitoring method and device and traffic hijacking alarm method and device
CN106250761B (en) Equipment, device and method for identifying web automation tool
US20130074160A1 (en) Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus
US20190394234A1 (en) On-device network protection
CN107103243B (en) Vulnerability detection method and device
KR101781780B1 (en) System and Method for detecting malicious websites fast based multi-server, multi browser
CN104506529A (en) Website protection method and device
CN103209414B (en) A kind of method, device and mobile terminal of controlling web page access
CN104992113A (en) Method and device for detecting whether privacy content of website is exposed, and cloud monitoring system
CN113992392A (en) Mobile internet traffic anti-hijack method and system
KR101482508B1 (en) Browsing method for preventing file outflow and recording-medium recorded program thereof
KR100977150B1 (en) Method and system for testing web site
KR20100049514A (en) Method and system for testing web site

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20191218

Address after: No.1, floor 3, No.319, zhanggongshan Road, Yuhui District, Bengbu City, Anhui Province

Patentee after: Bengbu guijiu Intellectual Property Service Co., Ltd

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: Huawei Technologies Co., Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20201021

Address after: C020, 3rd floor, e-commerce Industrial Park, Nantong home textile city, Jinchuan Avenue, Chuanjiang Town, Tongzhou District, Nantong City, Jiangsu Province 226300

Patentee after: Nantong yunshangxiang home textile e-commerce Co., Ltd

Address before: No.1, floor 3, No.319, zhanggongshan Road, Yuhui District, Bengbu City, Anhui Province

Patentee before: Bengbu guijiu Intellectual Property Service Co.,Ltd.

TR01 Transfer of patent right