CN102970282A - Website security detection system - Google Patents
Website security detection system Download PDFInfo
- Publication number
- CN102970282A CN102970282A CN2012104265322A CN201210426532A CN102970282A CN 102970282 A CN102970282 A CN 102970282A CN 2012104265322 A CN2012104265322 A CN 2012104265322A CN 201210426532 A CN201210426532 A CN 201210426532A CN 102970282 A CN102970282 A CN 102970282A
- Authority
- CN
- China
- Prior art keywords
- network address
- website
- leak
- return results
- predefined
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 67
- 238000012360 testing method Methods 0.000 claims description 15
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 230000002596 correlated effect Effects 0.000 abstract 1
- 238000000034 method Methods 0.000 description 14
- 241000063534 Pseudaspius leptocephalus Species 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000002950 deficient Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 230000008485 antagonism Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 239000002775 capsule Substances 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000001846 repelling effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Images
Abstract
The invention discloses a website security detection system which comprises a website security detection device, one or a plurality of web servers and a web crawler device. The website security detection device is suitable for receiving web addresses from the web crawler device and constructing detection web addresses correlated with the web addresses to utilize the detection web addresses to visit websites so as to judge whether leaks occur in the web addresses. The one or the plurality of web servers is suitable for responding to visit of the website security detection device to the websites and returning results to the website security detection device. The web crawler device is suitable for capturing the web addresses of the websites from the one or the plurality of web servers and sending the web addresses to the website security detection device.
Description
Technical field
The present invention relates to computer network security, relate in particular to a kind of web portal security detection system.
Background technology
Leak refers to weakness or the defective that computer system exists.The mistake that produces when the defective when leak may be from application software or operating system design or coding, also may from business in the interaction process process design defect or the unreasonable part on the logic flow.These defectives, mistake or unreasonable part may be had a mind to or by mistake be utilized, thereby assets or operation to a tissue cause adverse effect, are attacked or control such as information system, and capsule information are stolen, user data is tampered, and system is used as the springboard of other host computer systems of invasion.From the leak of present discovery, the leak in the application software is far away more than the leak in the operating system, and particularly the leak in the WEB application system accounts for the overwhelming majority in the information system leak especially.
It is the assailant and the critical process of protection person both sides antagonism that leak is found, if the leak that protection person can not can be utilized early than assailant's discovery, the assailant just might utilize leak to launch a offensive.Find more early and patching bugs that the possibility that information security events occurs is just less.The specialty vulnerability scanning system is to find a kind of important means of leak, and it can find the remote server port assignment automatically, the service that provides is provided, and is detected long-range or the local host security vulnerabilities.After finding leak, also to further verify to check vulnerability scanning result's accuracy by the leak of automatic or manual.The operation maintenance personnel of information system should regularly carry out vulnerability scanning, in time find and quick patching bugs.
In traditional website vulnerability scanning product, only can carry out the leak test for the page that has existed, and after finding leak, lack necessary leak authentication mechanism, cause wrong report very high.
Summary of the invention
In view of the above problems, the present invention has been proposed, in order to a kind of web portal security detection system that overcomes the problems referred to above or address the above problem at least in part is provided.
According to the present invention, a kind of web portal security detection system is provided, it comprises web portal security checkout equipment, one or more Website server and web crawlers equipment, wherein,
Described web portal security checkout equipment is suitable for receiving detection network address that network address and structure be associated with described network address utilizing its accessing website from described web crawlers equipment, thereby judges whether described network address exists leak;
Described one or more Website server is suitable in response to the access of described web portal security checkout equipment to the website, to described web portal security checkout equipment return results; And
Described web crawlers equipment is suitable for from the network address of described one or more Website server crawl website, and described network address is sent to described web portal security checkout equipment.
Alternatively, described web portal security checkout equipment comprises network interface, is suitable for receiving network address, and utilizes the network address accessing website that receives, and the return results that obtains described website.
This web portal security checkout equipment also comprises the network address constructor, be suitable for obtaining from network interface the network address of website, and according to the network address of this website construct be associated with this website first detect network address, and detect network address based on first and construct and detect second of network address corresponding to first and detect network address, and detect network address and second with first and detect network address and send to described network interface.
In addition, the web portal security checkout equipment also comprises loophole detector, be suitable for from first return results of network interface reception corresponding to this first detection network address, detect the website based on the first return results and whether have leak, indicate described website to exist in the situation of leak in testing result, obtain second return results corresponding with the second detection network address from network interface, and verify based on the second return results whether described website exists leak.
Alternatively, the web portal security checkout equipment can also comprise memory according to an embodiment of the invention, is suitable for storing vulnerability database, records formation rule and predefined leak judgment rule that the network address constructor is used for constructing the first detection network address in the vulnerability database.
The invention provides above-mentioned web portal security detection system.According to embodiments of the invention, can whether there be leak based on utilizing the resulting return results of the first detection network address access websites to detect the website, and based on utilizing the authenticity of verifying this leak corresponding to the first resulting return results of the second detection network address access websites that detects network address, like this, can solve well the high problem of ubiquitous rate of false alarm in the Hole Detection, greatly reduced rate of false alarm, quality and the efficient of Hole Detection have been improved, be conducive to find early leak, maintenance information safety.
Above-mentioned explanation only is the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of specification, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of drawings
By reading hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used for the purpose of preferred implementation is shown, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 is the flow chart of web portal security detection method according to an embodiment of the invention;
Fig. 2 is the flow chart of step S108 in the web portal security detection method according to an embodiment of the invention;
Fig. 3 is the flow chart of step S108 in according to another embodiment of the invention the web portal security detection method;
Fig. 4 is the block diagram of web portal security checkout equipment according to an embodiment of the invention; And
Fig. 5 is the block diagram of web portal security detection system according to an embodiment of the invention.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in the accompanying drawing, yet should be appreciated that and to realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order to understand the disclosure more thoroughly that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
Fig. 1 schematically illustrates the according to an embodiment of the invention flow chart of web portal security detection method 100.As shown in Figure 1, in web portal security detection method 100 according to an embodiment of the invention, the method starts from step S102, in step S102, and according to the network address of website, the first detection network address that structure is associated with this website.
According to embodiments of the invention, network address for example can be URL(Uniform Resource Locator, URL(uniform resource locator)), hereinafter be described as an example of URL example, but network address is not limited in URL, but can comprise the mode of any marked net station address.
According to one embodiment of present invention, before carrying out above-mentioned steps S102, can execution in step S101: from website crawl network address.Alternatively, this step S101 can carry out by web crawlers, that is, web crawlers is from the Website server crawl network address at place, website.
Next, in step S102, according to the network address that grasps, construct the first detection network address that is associated with this website.According to embodiments of the invention, can in the network address of this website, add according to the leak type that will test or the definite character string of predefined leak judgment rule, detect network address to construct first.For instance, suppose website URL that web crawlers grasps be http://xxx.com(wherein " x " can be any letter or number), if the leak type of test is responsive catalogue, then can constructs first and detect network address: http://xxx.com/admin/; Suppose that the website URL that web crawlers grasps is http://webscan.xxx.com/app/, if the leak type of test is backup directory, then can constructs first and detect network address: http://webscan.xxx.com/app.bak; Suppose that web crawlers has grabbed file http://webscan.xxx.com/b.asp, if the leak type of test is backup file, then can constructs first and detect network address: http://webscan.xxx.com/b.asp.tar.gz; If pre-defined leak judgment rule is XSS(Cross-Site Scripting, cross site scripting) rule, then can add in the URL back grasped character string "<script〉alert (42873)</script ", in this case, if the URL that grasps is http://aaa.com/a.asp a=1, first address test of then constructing is: http://aaa.com/a.asp a=1<script〉alert (42873)</script 〉.Those skilled in the art can understand easily, the mode that above-mentioned structure first detects network address only is example, scope of the present invention is not limited to this, can also adopt other to construct the mode of the first address test, for example with SQL(Structured Query Language, SQL) injects rule as predefined leak judgment rule, determine the character string that to add.
Then, in step S 104, utilize first to detect network address and visit this website, and detect this website based on the return results of this website and whether have leak.According to embodiments of the invention, can judge whether the return results of this website meets predefined leak judgment rule, in situation about meeting, indicate this website to have leak.This return results can comprise one or more in state code, content of pages, the page header information.Still be described as an example of the XSS rule example, suppose to utilize above-mentioned first address test http://aaa.com/a.asp a=1<script〉alert (42873)</script〉access this website, if comprise in the content of pages that returns character string "<script〉alert (42873)</script ", think that then this return results meets the XSS rule, indicate this website to have leak.Similarly, if adopt SQL to inject rule as predefined leak judgment rule, can judge then whether return results meets SQL and inject rule, in situation about meeting, indicates this website to have leak this moment.In addition, for example utilize above-mentioned first to detect network address http://xxx.com/admin/ accessing website, detect responsive catalogue leak, if the state code that returns is 200(OK), content of pages is greater than 10 characters, then can indicate this website to have leak.
Next, in step S106, indicate this website to exist in the situation of leak in testing result, based on this first detection network address, structure detects second of network address corresponding to first and detects network address.According to embodiments of the invention, can detect first and add the checking character string in the network address, detect network address to construct second.Alternatively, the length of this checking character string is greater than a character.
With the first top detection network address http://xxx.com/admin/, http://webscan.xxx.com/app.bak, http://webscan.xxx.com/b.asp.tar.gz, http://aaa.com/a.asp a=1<script〉alert (42873)</script〉be example, the second detection network address of constructing can be respectively http://xxx.com/adminXXXXX/, http://webscan.xxx.com/appXXXXXX.bak, http://webscan.xxx.com/bXXXX.asp.tar.gz, http://aaa.com/aXXXXXX.asp a=1<script〉alert (42873)</script 〉, wherein " X " can be any character.
Subsequently, in step S108, utilize this second detection network address to visit this website, and verify based on the return results of this website whether this website exists this leak.
Fig. 2 schematically illustrates the flow chart of step S108 in the web portal security detection method according to an embodiment of the invention, as shown in Figure 2, in this embodiment, whether above-mentioned checking website exists the step of leak can comprise substep S108a, S108b and S108c.
At first, in substep S108a, whether the return results of judging the website meets predefined leak judgment rule, detect network address http://aaa.com/aXXXXXX.asp a=1<script take XSS rule and above-mentioned second〉alert (42873)</script〉as example, utilize this second detection network address accessing website, if comprise in the content of pages that returns character string "<script〉alert (42873)</script ", think that then this return results meets the XSS rule, if and do not comprise in the content of pages that returns character string "<script〉alert (42873)</script ", think that then this return results does not meet the XSS rule.In substep S108b, if return results does not meet the leak judgment rule, can determine that then there is this leak in this website.And in substep S108c, if return results meets in the situation of leak judgment rule, can determine that then there is not this leak in this website.That is to say that the server at place, website should be different for utilizing the first detection network address access with the return results that utilizes the second detection network address access of having added therein arbitrary string, if identical, then may have wrong report.
Among superincumbent substep S108b and the S108c, if utilize second to detect the resulting return results of network address access websites and to utilize the first detection network address to access the return results that this website obtains consistent, all meet for example XSS rule, can determine that then there is not this leak in this website, before based on the indicated leak of the detection that utilizes the first return results that detects the network address access websites to carry out for wrong report, need not to report this leak; And if utilize second to detect the resulting return results of network address access websites and utilize first to detect network address to access the return results that this website obtains inconsistent, do not meet for example XSS rule, just can determine that there is this leak in this website, and report this leak.
Fig. 3 schematically illustrates the flow chart of step S108 in according to another embodiment of the invention the web portal security detection method, as shown in Figure 3, in this embodiment, step S 108 can comprise substep S108a ', S108b ', S108c ' and S108d '.
At first, in substep S108a ', utilize second to detect repeatedly access websites of network address, and obtain a plurality of return results; Next, in substep S108b ', judge whether a plurality of return results meet predefined leak judgment rule; Then, in substep S108c ' and S108d ', if meet in a plurality of return results in result's the situation of ratio more than or equal to predefined threshold value of leak judgment rule, determine that there is not this leak in this website, if and meet in a plurality of return results in result's the situation of ratio less than predefined threshold value of leak judgment rule, determine that there is this leak in this website.This predefined threshold value for example can be 0.5, but is not limited to this value, but can choose according to actual needs.Be in 0.5 the situation in this threshold value, if the result who meets the leak judgment rule in a plurality of return results more than or equal not meet the result of leak judgment rule, determine that then there is not this leak in this website, before based on the indicated leak of the detection that utilizes the first return results that detects the network address access websites to carry out for wrong report, need not to report this leak; Otherwise, be less than the result who does not meet the leak judgment rule if meet the result of leak judgment rule in a plurality of return results, can determine that then there is this leak in this website, and report this leak.
The invention provides a kind of web portal security detection method.According to embodiments of the invention, can whether there be leak based on utilizing the resulting return results of the first detection network address access websites to detect the website, and based on utilizing the authenticity of verifying this leak corresponding to the first resulting return results of the second detection network address access websites that detects network address, like this, can solve well the high problem of ubiquitous rate of false alarm in the Hole Detection, greatly reduced rate of false alarm, quality and the efficient of Hole Detection have been improved, be conducive to find early leak, maintenance information safety.
Corresponding with above-mentioned method 100, the present invention also provides a kind of web portal security checkout equipment 200.Fig. 4 schematically illustrates the according to an embodiment of the invention block diagram of web portal security checkout equipment.Referring to Fig. 4, web portal security checkout equipment 200 mainly comprises network interface 201, network address constructor 203, loophole detector 205.
According to embodiments of the invention, network interface 201 is suitable for receiving network address, and utilizes the network address accessing website that receives and the return results that obtains the website.Network address constructor 203 is suitable for obtaining from network interface 201 network address of website, and according to the network address of this website construct be associated with this website first detect network address, and first detect network address and construct corresponding to this and first detect second of network address and detect network address based on this, and detect network address and second with first and detect network address and send to network interface 201.Loophole detector 205 is suitable for from first return results of network interface 201 receptions corresponding to this first detection network address, detect the website based on the first return results and whether have leak, exist in the situation of leak in testing result indication website, obtain second return results corresponding with the second detection network address from network interface 201, and whether have leak based on the second return results checking website.According to embodiments of the invention, the first return results of access websites and the second return results comprise one or more in state code, content of pages, the page header information.Above-mentioned network interface 201, network address constructor 203 and loophole detector 205 can be used for carrying out step S102, S104, S106 and the S108 of said method 100.
According to embodiments of the invention, web portal security checkout equipment 200 can also comprise memory 207, be suitable for storing vulnerability database, record in this vulnerability database the network address constructor be used for constructing first detect the formation rule of network address and predefined leak judgment rule (as XSS, SQL such as etc. rule).
According to embodiments of the invention, network address constructor 203 can add according to the leak type that will test or the definite character string of predefined leak judgment rule in the network address of website, detects network address to construct first.
Still for above for the example in the description of method 100, detect network address corresponding to first of website http://xxx.com, http://webscan.xxx.com/app/, http://webscan.xxx.com/b.asp, http://aaa.com/a.asp a=1 and can be respectively http://xxx.com/admin/, http://webscan.xxx.com/app.bak, http://webscan.xxx.com/b.asp.tar.gz, http://aaa.com/a.asp a=1<script〉alert (42873)</script.
As mentioned above, loophole detector 205 detects the website based on the first return results and whether has leak from first return results of network interface 201 receptions corresponding to this first detection network address.Wherein, loophole detector 205 judges whether the first return results of website meets predefined leak judgment rule, and in situation about meeting, there is leak in the indication website.
Still be described as an example of the XSS rule example, suppose to utilize above-mentioned first address test http://aaa.com/a.asp a=1<script〉alert (42873)</script〉access this website, if comprise in the content of pages that returns character string "<script〉alert (42873)</script ", think that then this first return results meets the XSS rule, indicates this website to have leak.In addition, for example utilize above-mentioned first to detect network address http://xxx.com/admin/ accessing website, detect responsive catalogue leak, if the state code that returns is 200(OK), content of pages is greater than 10 characters, then can indicate this website to have leak.
According to embodiments of the invention, network address constructor 203 can detect first and add the checking character string in the network address, detects network address to construct second.Still with the first top detection network address http://xxx.com/admin/, http://webscan.xxx.com/app.bak, http://webscan.xxx.com/b.asp.tar.gz, http://aaa.com/a.asp a=1<script〉alert (42873)</script〉be example, the second detection network address of constructing can be respectively http://xxx.com/adminXXXXX/, http://webscan.xxx.com/appXXXXXX.bak, http://webscan.xxx.com/bXXXX.asp.tar.gz, http://aaa.com/aXXXXXX.asp a=1<script〉alert (42873)</script 〉, wherein " X " can be any character.
According to one embodiment of present invention, loophole detector 205 judges whether the second return results of website meets predefined leak judgment rule, do not meet at the second return results in the situation of predefined leak judgment rule, determine that there is this leak in this website, perhaps meet in the situation of predefined leak judgment rule at the second return results, determine that there is not this leak in this website.If the second return results is consistent with the first return results, all meet for example XSS rule, can determine that then there is not this leak in this website, the indicated leak of the detection of carrying out based on the first return results before the loophole detector 205 is wrong report, need not to report this leak; And if the second return results and the first return results are inconsistent, do not meet for example XSS rule, can determine that with regard to loophole detector 205 there is this leak in this website, and report this leak.
According to another embodiment of the invention, loophole detector 205 utilizes the second detection network address repeatedly to access this website, and obtains a plurality of the second return results; Judge whether a plurality of the second return results meet predefined leak judgment rule; In a plurality of the second return results, meet in result's the situation of ratio more than or equal to predefined threshold value of predefined leak judgment rule, determine that there is not this leak in the website; Perhaps in a plurality of the second return results, meet in result's the situation of ratio less than predefined threshold value of predefined leak judgment rule, determine that there is this leak in this website.This predefined threshold value for example can be 0.5, but is not limited to this value, but can choose according to actual needs.Be in 0.5 the situation in this threshold value, if the result who meets the leak judgment rule in a plurality of the second return results more than or equal not meet the result of leak judgment rule, determine that then there is not this leak in this website, the indicated leak of detection that before carries out based on the first return results is wrong report, need not to report this leak; Otherwise, be less than the result who does not meet the leak judgment rule if meet the result of leak judgment rule in a plurality of the second return results, can determine that then there is this leak in this website, and report this leak.
Because above-mentioned each equipment (device) embodiment is corresponding with aforementioned approaches method embodiment, therefore no longer each device embodiment is described in detail.
According to another aspect of the invention, also provide a kind of web portal security detection system 1000.Fig. 5 schematically illustrates the according to an embodiment of the invention block diagram of web portal security detection system 1000, referring to Fig. 5, web portal security detection system 1000 can comprise web portal security checkout equipment 200, be suitable for receiving detection network address that network address and structure be associated with described network address utilizing its accessing website from described web crawlers equipment 400, thereby judge whether described network address exists leak; Also comprise one or more Website server 300-1 ..., 300-n, be suitable for the access in response to 200 pairs of websites of web portal security checkout equipment, to web portal security checkout equipment 200 return results; Also comprise web crawlers equipment 400, be suitable for from one or more Website server 300-1 ..., 300-n crawl website network address, and network address sent to web portal security checkout equipment 200.
Intrinsic not relevant with any certain computer, virtual system or miscellaneous equipment with demonstration at this algorithm that provides.Various general-purpose systems also can be with using based on the teaching at this.According to top description, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the specification that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be put into practice in the situation of these details not having.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the description to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes in the above.Yet the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires the more feature of feature clearly put down in writing than institute in each claim.Or rather, as following claims reflected, inventive aspect was to be less than all features of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate clearly thus this embodiment into, wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and they are arranged in one or more devices different from this embodiment the module in the device among the embodiment.Can become the some module combinations among the embodiment module or unit or assembly, and can be divided into a plurality of submodules or subelement or sub-component to them in addition.In such feature and/or process or module at least some are mutually repelling, and can adopt any combination to disclosed all features in this specification (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Unless in addition clearly statement, disclosed each feature can be by providing identical, being equal to or similar purpose alternative features replaces in this specification (comprising claim, summary and the accompanying drawing followed).
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included among other embodiment, the combination of the feature of different embodiment means and is within the scope of the present invention and forms different embodiment.For example, in claims, the one of any of embodiment required for protection can be used with compound mode arbitrarily.
Each device embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving at one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use in practice microprocessor or digital signal processor (DSP) to realize according to some or all some or repertoire of modules in the device of the embodiment of the invention.The present invention can also be embodied as be used to part or all the device program (for example, computer program and computer program) of carrying out method as described herein.Such realization program of the present invention can be stored on the computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides at carrier signal, perhaps provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation of the scope that does not break away from claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " before the element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title with these word explanations.
Claims (9)
1. a web portal security detection system (1000), comprise web portal security checkout equipment (200), one or more Website server (300-1 ..., 300-n) with web crawlers equipment (400), wherein,
Described web portal security checkout equipment (200) is suitable for receiving detection network address that network address and structure be associated with described network address utilizing its accessing website from described web crawlers equipment (400), thereby judges whether described network address exists leak;
Described one or more Website server (300-1 ..., 300-n), be suitable in response to the access of described web portal security checkout equipment (200) to the website, to described web portal security checkout equipment (200) return results; And
Described web crawlers equipment (400), be suitable for from described one or more Website server (300-1 ..., the 300-n) network address of crawl website, and described network address sent to described web portal security checkout equipment (200).
2. the system as claimed in claim 1, wherein, described web portal security checkout equipment (200) comprising:
Network interface (201) is suitable for receiving network address, and utilizes the network address accessing website that receives, and the return results that obtains described website;
Network address constructor (203), be suitable for obtaining the network address of website from described network interface (201), and according to the network address of this website construct be associated with this website first detect network address, and detect network address based on described first and construct and detect second of network address corresponding to described first and detect network address, and will described first detect network address and the second detection network address sends to described network interface (201);
Loophole detector (205), be suitable for from first return results of described network interface (201) reception corresponding to this first detection network address, detect described website based on described the first return results and whether have leak, indicate described website to exist in the situation of leak in testing result, obtain second return results corresponding with described the second detection network address from described network interface, and verify based on described the second return results whether described website exists leak.
3. system as claimed in claim 2, wherein, described network address security detection equipment (200) also comprises memory (207), is suitable for storing vulnerability database, records formation rule and predefined leak judgment rule that the network address constructor is used for constructing the first detection network address in the described vulnerability database.
4. system as claimed in claim 2 or claim 3, wherein said network address constructor (203) adds the character string of determining according to the leak type that will test or predefined leak judgment rule in the network address of described website, detect network address to construct described first.
5. system as claimed in claim 2 or claim 3, wherein said loophole detector (205) judges whether the first return results of described website meets predefined leak judgment rule, in situation about meeting, indicates described website to have leak.
6. system as claimed in claim 2 or claim 3, wherein said network address constructor (203) detects described first and adds the checking character string in the network address, detects network address to construct second.
7. such as any described system among the claim 2-6, wherein said loophole detector (205) judges whether the second return results of described website meets described predefined leak judgment rule, do not meet in the situation of described predefined leak judgment rule at described the second return results, determine that there is described leak in described website, perhaps meet in the situation of described predefined leak judgment rule at described the second return results, determine that there is not described leak in described website.
8. such as any described system among the claim 2-6, wherein said loophole detector (205) utilizes described the second detection network address repeatedly to access described website, and obtains a plurality of the second return results; Judge whether described a plurality of the second return results meets described predefined leak judgment rule; In described a plurality of the second return results, meet in result's the situation of ratio more than or equal to predefined threshold value of described predefined leak judgment rule, determine that there is not described leak in described website; Perhaps in described a plurality of the second return results, meet in result's the situation of ratio less than predefined threshold value of described predefined leak judgment rule, determine that there is described leak in described website.
9. such as any described system among the claim 2-8, the first return results of the described website of wherein said access and the second return results comprise one or more in state code, content of pages, the page header information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210426532.2A CN102970282B (en) | 2012-10-31 | 2012-10-31 | website security detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210426532.2A CN102970282B (en) | 2012-10-31 | 2012-10-31 | website security detection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102970282A true CN102970282A (en) | 2013-03-13 |
| CN102970282B CN102970282B (en) | 2015-08-19 |
Family
ID=47800168
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210426532.2A Active CN102970282B (en) | 2012-10-31 | 2012-10-31 | website security detection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102970282B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001946A (en) * | 2012-10-31 | 2013-03-27 | 北京奇虎科技有限公司 | Website security detection method, website security detection equipment and website security detection system |
| CN103530565A (en) * | 2013-10-21 | 2014-01-22 | 北京锐安科技有限公司 | Method and device for scanning website program bugs based on web |
| CN103647678A (en) * | 2013-11-08 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for online verification of website vulnerabilities |
| CN104506541A (en) * | 2014-12-29 | 2015-04-08 | 北京奇虎科技有限公司 | Website loophole alarming method and device |
| CN104618176A (en) * | 2014-12-29 | 2015-05-13 | 北京奇虎科技有限公司 | Website security detection method and device |
| CN108629182A (en) * | 2017-03-21 | 2018-10-09 | 腾讯科技(深圳)有限公司 | Leak detection method and Hole Detection device |
| CN109446441A (en) * | 2018-09-26 | 2019-03-08 | 北京邮电大学 | A kind of credible distributed capture storage system of general Web Community |
| CN110598415A (en) * | 2019-08-16 | 2019-12-20 | 苏州浪潮智能科技有限公司 | Security vulnerability emergency response triggering judgment method and device |
| WO2020019479A1 (en) * | 2018-07-27 | 2020-01-30 | 平安科技(深圳)有限公司 | Website security detection method and device |
| CN111935121A (en) * | 2020-07-31 | 2020-11-13 | 北京天融信网络安全技术有限公司 | Vulnerability reporting method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1866817A (en) * | 2006-06-15 | 2006-11-22 | 北京华景中天信息技术有限公司 | Website safety risk estimating method and system |
| CN101312393A (en) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | Detection method and system for SQL injection loophole |
| US20090119777A1 (en) * | 2008-02-22 | 2009-05-07 | Nhn Corporation | Method and system of determining vulnerability of web application |
| US8239952B1 (en) * | 2007-02-01 | 2012-08-07 | Mcafee, Inc. | Method and system for detection of remote file inclusion vulnerabilities |
| CN103001946A (en) * | 2012-10-31 | 2013-03-27 | 北京奇虎科技有限公司 | Website security detection method, website security detection equipment and website security detection system |
-
2012
- 2012-10-31 CN CN201210426532.2A patent/CN102970282B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1866817A (en) * | 2006-06-15 | 2006-11-22 | 北京华景中天信息技术有限公司 | Website safety risk estimating method and system |
| US8239952B1 (en) * | 2007-02-01 | 2012-08-07 | Mcafee, Inc. | Method and system for detection of remote file inclusion vulnerabilities |
| CN101312393A (en) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | Detection method and system for SQL injection loophole |
| US20090119777A1 (en) * | 2008-02-22 | 2009-05-07 | Nhn Corporation | Method and system of determining vulnerability of web application |
| CN103001946A (en) * | 2012-10-31 | 2013-03-27 | 北京奇虎科技有限公司 | Website security detection method, website security detection equipment and website security detection system |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001946A (en) * | 2012-10-31 | 2013-03-27 | 北京奇虎科技有限公司 | Website security detection method, website security detection equipment and website security detection system |
| CN103530565A (en) * | 2013-10-21 | 2014-01-22 | 北京锐安科技有限公司 | Method and device for scanning website program bugs based on web |
| CN103647678A (en) * | 2013-11-08 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for online verification of website vulnerabilities |
| CN104506541A (en) * | 2014-12-29 | 2015-04-08 | 北京奇虎科技有限公司 | Website loophole alarming method and device |
| CN104618176A (en) * | 2014-12-29 | 2015-05-13 | 北京奇虎科技有限公司 | Website security detection method and device |
| CN104618176B (en) * | 2014-12-29 | 2017-11-24 | 北京奇安信科技有限公司 | website security detection method and device |
| CN108629182A (en) * | 2017-03-21 | 2018-10-09 | 腾讯科技(深圳)有限公司 | Leak detection method and Hole Detection device |
| WO2020019479A1 (en) * | 2018-07-27 | 2020-01-30 | 平安科技(深圳)有限公司 | Website security detection method and device |
| CN109446441A (en) * | 2018-09-26 | 2019-03-08 | 北京邮电大学 | A kind of credible distributed capture storage system of general Web Community |
| CN109446441B (en) * | 2018-09-26 | 2020-11-03 | 北京邮电大学 | General credible distributed acquisition and storage system for network community |
| CN110598415A (en) * | 2019-08-16 | 2019-12-20 | 苏州浪潮智能科技有限公司 | Security vulnerability emergency response triggering judgment method and device |
| CN110598415B (en) * | 2019-08-16 | 2021-07-27 | 苏州浪潮智能科技有限公司 | Security vulnerability emergency response triggering judgment method and device |
| CN111935121A (en) * | 2020-07-31 | 2020-11-13 | 北京天融信网络安全技术有限公司 | Vulnerability reporting method and device |
| CN111935121B (en) * | 2020-07-31 | 2022-04-26 | 北京天融信网络安全技术有限公司 | Vulnerability reporting method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102970282B (en) | 2015-08-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102970282B (en) | website security detection system | |
| CN103001946B (en) | Website security detection method and equipment | |
| Gupta et al. | PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications | |
| CN104301302B (en) | Go beyond one's commission attack detection method and device | |
| CN108989355B (en) | Vulnerability detection method and device | |
| CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
| CN106101145B (en) | A kind of website vulnerability detection method and device | |
| CN101964025B (en) | XSS detection method and equipment | |
| CN102546576B (en) | A kind of web page horse hanging detects and means of defence, system and respective code extracting method | |
| CN103491543A (en) | Method for detecting malicious websites through wireless terminal, and wireless terminal | |
| KR101001132B1 (en) | Method and System for Determining Vulnerability of Web Application | |
| CN103368957B (en) | Method and system that web page access behavior is processed, client, server | |
| CN103996007A (en) | Testing method and system for Android application permission leakage vulnerabilities | |
| CN109039987A (en) | A kind of user account login method, device, electronic equipment and storage medium | |
| CN104063309A (en) | Web application program bug detection method based on simulated strike | |
| CN105631341B (en) | Blind detection method and device for vulnerability | |
| CN106548075B (en) | Vulnerability detection method and device | |
| CN104618178A (en) | Website bug online evaluation method and device | |
| CN103647678A (en) | Method and device for online verification of website vulnerabilities | |
| CN103780450B (en) | The detection method and system of browser access network address | |
| CN102045319A (en) | Method and device for detecting SQL (Structured Query Language) injection attack | |
| CN104618177A (en) | Website bug examination method and device | |
| CN104506541A (en) | Website loophole alarming method and device | |
| CN102546618A (en) | Method, device, system and website for detecting fishing website | |
| CN105404816A (en) | Content-based vulnerability detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161228 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. |
|
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Long Zhuan Inventor after: Meng Jun Inventor after: Liu Xuezhong Inventor after: Zhao Wu Inventor before: Long Zhuan Inventor before: Zhao Wu |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20180720 Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Co-patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: No. 3, No. 10, No. 10, No. 10, Lu Jia, 1701-26, 17 Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CP03 | Change of name, title or address |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee after: Qianxin Technology Group Co.,Ltd. Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210105 Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee after: Qianxin Technology Group Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee before: Qianxin Technology Group Co.,Ltd. Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
| TR01 | Transfer of patent right | ||
| CP03 | Change of name, title or address |
Address after: 2nd Floor, Building 1, Yard 26, Xizhimenwai South Road, Xicheng District, Beijing, 100032 Patentee after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Patentee after: Qianxin Technology Group Co.,Ltd. Address before: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee before: Qianxin Technology Group Co.,Ltd. |
|
| CP03 | Change of name, title or address |