CN103297394B - Website security detection method and device - Google Patents
Website security detection method and device Download PDFInfo
- Publication number
- CN103297394B CN103297394B CN201210046650.0A CN201210046650A CN103297394B CN 103297394 B CN103297394 B CN 103297394B CN 201210046650 A CN201210046650 A CN 201210046650A CN 103297394 B CN103297394 B CN 103297394B
- Authority
- CN
- China
- Prior art keywords
- website
- return
- data
- procedure site
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
This application discloses a kind of website security detection method and device, described method includes obtaining a website, website fingerprint information based on described website, identifies the procedure site of described website use and according to described procedure site, described website is carried out Hole Detection, finally returning that testing result.The cost of website vulnerability detection can be reduced by the application significantly, improve Hole Detection speed, reduce rate of failing to report.
Description
Technical field
The application relates to computer network security field, particularly relates to a kind of website security detection method and dress
Put.
Background technology
Along with Internet-related crimes and activities of hacker are becoming increasingly rampant, network security problem has become information age people face
The significant challenge faced.Along with B/S pattern is widely used, write web application by this pattern
Programmer also get more and more.But it is owing to level and the experience of developer are uneven, significant component of
Developer, writing code when, does not input letter entrained in data or the page to user
Breath (such as Cookie) carries out the legal judgement of necessity, causes assailant that this programming leak can be utilized to enter
Invade data base or attack the user of web application, being derived from some important data and interests, because of
The problem of the security threat that this each Internet enterprises nearly all to bring in the face of website vulnerability.Leak for website
The security threat problem that hole is brought, traditional website vulnerability detection method is Hole Detection side based on reptile
Method, the method, by Website page crawls collection url, is then filled at url and multiple is likely to result in peace
The complete lopsided data threatened, carry out Hole Detection to website, finally return to testing result.
Detect although leak detection method based on reptile can realize website vulnerability to a certain extent, but because of
For reptile itself, substantial amounts of request can be initiated in website, carry out the page and capture to realize finding link, and these
Link differs to establish a capital and there is security breaches problem, therefore will cause the waste of Internet resources and time cost.
Additionally, the feature of reptile itself is to find link, if be not linked to Lou on the page by the crawl page
The link of the hole page, leak cannot be found, and the security breaches that website exists therefore can not be detected.
Summary of the invention
The application provides a kind of website security detection method and device, in order to solve the safety that website vulnerability is brought
Threat problem, provides web portal security scan service for Internet enterprises.
On the one hand the application provides a kind of website security detection method, and described method includes: obtain a website;
Website fingerprint information based on described website, identifies the procedure site that described website uses;According to described net
Program of standing carries out Hole Detection to described website;Return testing result.
Preferably, one website of described acquisition is particularly as follows: according to the website domain-name information of described website or IP
Address obtains described website.
Preferably, before one website of described acquisition, the feature also collecting various procedure site sets up fingerprint
Information bank, described website fingerprint information obtains from described finger print information storehouse.
Preferably, behind one website of described acquisition, described method also includes: judge whether described website is examined
Surveyed;If detected, then return previous testing result.
Preferably, described website fingerprint information based on described website, identifies the website that described website uses
Program specifically includes: send the request capturing described website;Obtain based on described request and return data;Based on
Described return data, identify the procedure site that described website uses.
Preferably, described return data include returning conditional code, are used for representing the state that described request is processed,
And the website fingerprint keyword of described website.
Preferably, described based on described return data, identify procedure site that described website uses particularly as follows:
Analyze described return conditional code;When described return conditional code represents that the page on described website or described website is deposited
Time, analyze described website fingerprint keyword;Determine that described website makes according to described website fingerprint keyword
Procedure site.
Preferably, described according to described procedure site, described website is carried out Hole Detection particularly as follows: load institute
State all vulnerability informations of procedure site;Detect based on described vulnerability information.
Preferably, described testing result is preserved to data base.
The application also provides for a kind of web portal security detection device, and described device includes: obtain module, it is thus achieved that
One website;Identification module, according to the website fingerprint information of described website, identifies what described website used
Procedure site;Detection module, carries out Hole Detection according to described procedure site to described website;Return module,
Return testing result.
The application has the beneficial effect that:
By the website fingerprint information of analyzing web site in the application one embodiment, identify what described website used
Procedure site, carries out Hole Detection according to described procedure site to described website, therefore can reduce website inspection
The cost surveyed, improves speed and the coverage of Hole Detection, can for the procedure site identified
The institute comprehensively covering this procedure site is leaky, and reaching zero fails to report, and reduces rate of failing to report.
Further, in the application one embodiment, before detecting, also judge whether this website was detected,
Just directly previous testing result is returned if detected, thus be greatly saved the detection time and
Cost and Internet resources, and user also can quickly obtain testing result.
Further, in the application one embodiment, analyze the return data of the request capturing the page, such as, return
Returning conditional code and keyword to obtain the procedure site that website is used, the method is convenient and swift, the standard of identification
Really rate is high, and efficiency is high.
Accompanying drawing explanation
Fig. 1 is the flow chart of website security detection method in the application one embodiment;
Fig. 2 is the functional block diagram of web portal security detection device in the application one embodiment.
Detailed description of the invention
For enabling those skilled in the art to understand the application in more detail, below in conjunction with accompanying drawing, the application is carried out
Describe in detail.
As it is shown in figure 1, Fig. 1 is the flow chart of website security detection method, this reality in the application one embodiment
The method executing example includes:
Step 110: obtain a website;
Step 112: website fingerprint information based on website, identifies the procedure site that website uses;
Step 114: website is carried out Hole Detection according to procedure site;And
Step 116: return testing result.
Wherein, in step 110, it is thus achieved that a website, can be such as that the website domain name by website is believed
Breath or acquisition website, IP address, such as, user is by input equipment input website domain name.Website domain name is
On the Internet being made up of the name of a string separation, a certain computer or the title of calculating unit, use
In the electronic bearing (sometimes referred to as geographical position) of mark computer when data are transmitted, it is online unit
With the individual's important mark on network, play recognition reaction, it is simple to other people identify and retrieve a certain enterprise,
Tissue or the information resources of individual, thus the resource-sharing being better achieved on network, except mark action,
Under virtual environment, domain name can play guiding, publicize, the effect such as representative.Website domain name and website are one
One-to-one correspondence, when receiving the website domain-name information of website, just can obtain this website.Such as need
The website carrying out safety detection is www.baidu.com, then input domain name WWW.BAIDU.COM, then basis
Domain name can navigate to the website of Baidu.com.
In another embodiment, after step 110, before step 112, after i.e. obtaining this website,
Also judge that this website is the most tested, if this website has been detected by mistake, the most directly return previous inspection
Survey result, consequently, it is possible to the detection that just website detected need not be tried again, can effectively save time
Between and resource.
If it is determined that result to be that this website does not also have tested, then perform step 112, net based on website
Stand finger print information, identify the procedure site used by website.In the present embodiment, website fingerprint information refers to
The exclusive page feature of procedure site, bibliographic structure etc., by the judgement to these features, can identify
Which type of procedure site this website employs is built a station.Wherein, website fingerprint information is e.g. from a fingerprint letter
Breath storehouse obtains, as in figure 2 it is shown, finger print information storehouse 213 have collected the feature of various procedure site,
This finger print information storehouse 213 can have been built up before step 110, it is also possible to is in step 110
Afterwards, setting up before step 112, the application is not restricted.
If website was not detected, then send the request capturing website, obtain based on request and return data,
Based on returning data, identify the procedure site that website uses.Wherein, the request of transmission e.g. http please
Ask, return data and such as include returning conditional code and keyword, return conditional code and represent that server process should
The state asked, returns conditional code and represents by 3 bit digital, and different return conditional codes represents that server process is grabbed
Take the state that the request of website is different, such as, when returning conditional code and being 200, be appreciated that server becomes
Merit has processed this request, and head response or data volume desired by this request will return, such as when returning with this response
Return conditional code when being 100, it is possible to obtain server has been received by the Part I of request, now etc. to be received
Remainder, client should continue to send request.
Keyword, keyword refers to website fingerprint keyword, because page feature, bibliographic structure is website
The exclusive feature of program, according to page feature and the keyword of bibliographic structure, such as keyword be " Sina " and
" microblogging ", then illustrate that this website is the website of microblogging type, if such as keyword is " Netease " and " postal
Case ", then the website that this website is mailbox type is described, if keyword is " ends of the earth " and " forum ", then
The website that this website is forum's type is described, therefore, it is possible to know page feature and bibliographic structure, special according to the page
Bibliographic structure of seeking peace just can identify a website and employ what procedure site and build a station.
In some cases, keyword can directly obtain from Website page, in some cases, from
Keyword can not be directly obtained on Website page, be at this moment accomplished by checking the source code of this website, e.g. JS
Script or html script, wherein can get keyword, such as in source code in source code
Interior chain address, internal links refers to be linked to each other between same website domain content page under one's name, as channel,
In link between column, ultimate content pages, or even station, the Tag link between key word can classify as
Internal links.Interior chain address includes link path and filename feature, and the access path in interior chain address neutralizes
Filename has the feature of personalization, the type of this website can be demonstrated.Such as, at wordpress
In the page of blog program, the interior chain address of picture and pattern file may includes crux word
Wp-content/themes/ or keyword wp-includes/, when the interior chain address of analyzing web site, if occurring closing
Strong word wp-content/themes or keyword wp-includes, illustrates that this website employs wordpress and makees
For blog.In other embodiments, naturally it is also possible to other parts at source code get key word, originally
Application is not restricted.
During concrete analysis, first analyze and return conditional code, represent this website when returning conditional code or be somebody's turn to do
In the presence of the page on website, such as returning conditional code is 200, then removes analyzing web site fingerprint keyword, so
The procedure site that this website uses is determined afterwards according to website fingerprint keyword.
In another embodiment, even if returning conditional code is 200, but the difference arranged according to server,
Originally the request that represents processes successful conditional code 200 now may represent that request is wrong, so return is
One page made mistakes, the i.e. generally meaning representated by conditional code 404, so in order to further determine that this net
Stand and whether exist, also to analyze the length returning data, such as when two return data names are consistent, the
One data length returning data is 100 bytes, and second data length returning data is 200 bytes
Time, it can be determined that go out the return data that data length is 100 bytes represent it is the page of makeing mistakes, and data length
It is that the return data of 200 bytes represent that this website is to exist, and successfully returns this website.
In another embodiment, the request more than one sent, so to record patrolling between these requests
The relation of collecting, also includes in data returning the logical relation between data with other so returning.
In step 114, according to procedure site, website is carried out Hole Detection.Different procedure sites is corresponding
Different vulnerability informations, when determining the procedure site of website, it is possible to determines the leakage that procedure site is corresponding
Hole information.Load all vulnerability informations of procedure site, detect based on vulnerability information.Wherein, leak
Information e.g. obtains from a vulnerability information storehouse, as in figure 2 it is shown, have collected in vulnerability information storehouse 215
The vulnerability information that various procedure sites are corresponding, as long as after determining the procedure site of website, the most just can be true
The vulnerability information that fixed described procedure site is corresponding.This vulnerability information storehouse 215 can be before step 110 just
Having built up, it is also possible to be after step 110, set up before step 114, the application does not limits
System.
In step 116, return testing result, such as, testing result is shown the display unit in client
On, or testing result is exported another one client.Further, testing result can be saved in number
According in storehouse, when needing to detect this website next time, this testing result defeated directly can be proposed in this data base
Go out.
The embodiment of the present application also provides for the functional block diagram of a kind of web portal security detection device, refer to Fig. 2, should
Device includes:
Acquisition module 210 a, it is thus achieved that website;
Identification module 212, according to the website fingerprint information of website, identifies the procedure site that website uses;
Detection module 214, carries out Hole Detection according to procedure site to website;
Preserve module 216, return testing result.
By reading the operation of the website security detection method according to the embodiment of the present application as described above
Journey, how the above-mentioned unit of the web portal security detection device shown in Fig. 2 realizes just being apparent from,
Therefore, succinct for description, how to realize carrying out in detail with regard to no longer function to above-mentioned unit at this
Carefully describe.
By the above-described embodiment in the application, following technique effect at least can be realized:
By the website fingerprint information of analyzing web site in the application one embodiment, identify what described website used
Procedure site, carries out Hole Detection according to described procedure site to described website, therefore can reduce website inspection
The cost surveyed, improves speed and the coverage of Hole Detection, can for the procedure site identified
The institute comprehensively covering this procedure site is leaky, and reaching zero fails to report, and reduces rate of failing to report.
Further, in the application one embodiment, before detecting, also judge whether this website was detected,
Just directly previous testing result is returned if detected, thus be greatly saved the detection time and
Cost and Internet resources, and user also can quickly obtain testing result.
Further, in the application one embodiment, analyze the return data of the request capturing the page, such as, return
Returning conditional code and keyword to obtain the procedure site that website is used, the method is convenient and swift, the standard of identification
Really rate is high, and efficiency is high.
Obviously, those skilled in the art can carry out various change and modification without deviating from this Shen to the application
Spirit and scope please.So, if the application these amendment and modification belong to the application claim and
Within the scope of its equivalent technologies, then the application is also intended to comprise these change and modification.
Claims (7)
1. a website security detection method, it is characterised in that described method includes:
Obtain a website;
Website fingerprint information based on described website, identifies the procedure site that described website uses, including:
Send the request capturing described website;Obtain based on described request and return data;Analyze in described return data
Return conditional code, return data length and and other return the logical relation between data;When described website
Or in the presence of the page on described website, analyzing web site fingerprint keyword;According to described website fingerprint keyword
Determine the procedure site that described website uses, wherein, return data and include that returning conditional code returns with other
Return the logical relation between data and return data length and the website fingerprint keyword of described website;Wherein,
Described return conditional code, is used for representing the state that described request is processed;
According to described procedure site, described website is carried out Hole Detection;
Return testing result.
2. the method for claim 1, it is characterised in that one website of described acquisition is particularly as follows: root
Domain-name information or IP address according to described website obtain described website.
3. the method for claim 1, it is characterised in that before one website of described acquisition, also
The feature collecting various procedure site sets up finger print information storehouse, and described website fingerprint information is from described finger print information
Storehouse obtains.
4. the method for claim 1, it is characterised in that behind one website of described acquisition, described
Method also includes:
Judge whether described website was detected;
If detected, then return previous testing result.
5. the method for claim 1, it is characterised in that described according to described procedure site to described
Website carry out Hole Detection particularly as follows:
Load all vulnerability informations of described procedure site;
Detect based on described vulnerability information.
6. the method for claim 1, it is characterised in that described testing result is preserved to data base
In.
7. a web portal security detection device, it is characterised in that described device includes:
Obtain module, it is thus achieved that a website;
Identification module, according to the website fingerprint information of described website, identifies the website journey that described website uses
Sequence, including: send the request capturing described website;Obtain based on described request and return data;Analyze described
Return the returns conditional code in data, return data length and and other return data between logical relation;
In the presence of the page on described website or described website, analyzing web site fingerprint keyword;According to described website
The procedure site that described website uses determined in fingerprint keyword, wherein, return data include returning conditional code,
And other returns the logical relation between data and returns the website fingerprint key of data length and described website
Word;Wherein, described return conditional code, it is used for representing the state that described request is processed;
Detection module, carries out Hole Detection according to described procedure site to described website;
Return module, return testing result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210046650.0A CN103297394B (en) | 2012-02-24 | 2012-02-24 | Website security detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210046650.0A CN103297394B (en) | 2012-02-24 | 2012-02-24 | Website security detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103297394A CN103297394A (en) | 2013-09-11 |
| CN103297394B true CN103297394B (en) | 2016-12-14 |
Family
ID=49097722
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210046650.0A Active CN103297394B (en) | 2012-02-24 | 2012-02-24 | Website security detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103297394B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632100B (en) * | 2013-11-08 | 2017-06-27 | 北京奇安信科技有限公司 | A kind of website vulnerability detection method and device |
| CN104091116B (en) * | 2014-06-30 | 2017-06-27 | 珠海市君天电子科技有限公司 | Monitor method, device and the terminal of website vulnerability information |
| CN105515882B (en) * | 2014-09-22 | 2020-04-21 | 奇安信科技集团股份有限公司 | Website security detection method and device |
| CN105530218A (en) * | 2014-09-28 | 2016-04-27 | 北京奇虎科技有限公司 | Link security detection method and client |
| CN105337776B (en) * | 2015-11-19 | 2018-10-19 | 北京金山安全软件有限公司 | Method and device for generating website fingerprint and electronic equipment |
| CN105337993B (en) * | 2015-11-27 | 2018-09-07 | 厦门安胜网络科技有限公司 | It is a kind of based on the mail security detection device being association of activity and inertia and method |
| CN107360192A (en) * | 2017-08-29 | 2017-11-17 | 四川长虹电器股份有限公司 | Improve the fingerprint identification method of vulnerability scanning efficiency and precision |
| CN108322446B (en) * | 2018-01-05 | 2021-04-27 | 深圳壹账通智能科技有限公司 | Method and device for detecting vulnerability of intranet assets, computer equipment and storage medium |
| CN108573155B (en) * | 2018-04-18 | 2020-10-16 | 北京知道创宇信息技术股份有限公司 | Method and device for detecting vulnerability influence range, electronic equipment and storage medium |
| CN109190380A (en) * | 2018-08-20 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | The method and system that batch website loophole quickly detects are realized based on web fingerprint |
| CN109194632B (en) * | 2018-08-20 | 2022-07-15 | 中国平安人寿保险股份有限公司 | Method and device for detecting webpage backdoor program, computer equipment and storage medium |
| CN110321514A (en) * | 2019-07-10 | 2019-10-11 | 湖北长久欣信息科技股份有限公司 | A kind of modularization intelligent website website self-building management system |
| CN110879891B (en) * | 2019-08-14 | 2024-08-23 | 奇安信科技集团股份有限公司 | Vulnerability detection method and device based on web fingerprint information |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1870493A (en) * | 2006-06-15 | 2006-11-29 | 北京华景中天信息技术有限公司 | Scanning method for network station leakage |
| CN101312393A (en) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | Detection method and system for SQL injection loophole |
| CN101350745A (en) * | 2008-08-15 | 2009-01-21 | 北京启明星辰信息技术股份有限公司 | Intrude detection method and device |
| CN101370008A (en) * | 2007-08-13 | 2009-02-18 | 杭州安恒信息技术有限公司 | System for real-time intrusion detection of SQL injection WEB attacks |
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| US7984501B2 (en) * | 2006-04-03 | 2011-07-19 | ZMT Comunicacoes E Technologia Ltda. | Component-oriented system and method for web application security analysis |
-
2012
- 2012-02-24 CN CN201210046650.0A patent/CN103297394B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7984501B2 (en) * | 2006-04-03 | 2011-07-19 | ZMT Comunicacoes E Technologia Ltda. | Component-oriented system and method for web application security analysis |
| CN1870493A (en) * | 2006-06-15 | 2006-11-29 | 北京华景中天信息技术有限公司 | Scanning method for network station leakage |
| CN101312393A (en) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | Detection method and system for SQL injection loophole |
| CN101370008A (en) * | 2007-08-13 | 2009-02-18 | 杭州安恒信息技术有限公司 | System for real-time intrusion detection of SQL injection WEB attacks |
| CN101350745A (en) * | 2008-08-15 | 2009-01-21 | 北京启明星辰信息技术股份有限公司 | Intrude detection method and device |
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103297394A (en) | 2013-09-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103297394B (en) | Website security detection method and device | |
| Aliero et al. | An algorithm for detecting SQL injection vulnerability using black-box testing | |
| CN102739653B (en) | Detection method and device aiming at webpage address | |
| CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
| CN107786537B (en) | Isolated page implantation attack detection method based on Internet cross search | |
| CN108632219A (en) | A kind of website vulnerability detection method, detection service device and system | |
| Rizzo et al. | Unveiling web fingerprinting in the wild via code mining and machine learning | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| CN112350992A (en) | Safety protection method, device, equipment and storage medium based on web white list | |
| CN106022132A (en) | Real-time webpage Trojan detection method based on dynamic content analysis | |
| CN103647678A (en) | Method and device for online verification of website vulnerabilities | |
| CN108337269A (en) | A kind of WebShell detection methods | |
| CN106250761B (en) | Equipment, device and method for identifying web automation tool | |
| Calzavara et al. | Machine learning for web vulnerability detection: the case of cross-site request forgery | |
| CN113032655A (en) | Method for extracting and fixing dark network electronic data | |
| CN109547294A (en) | Networking equipment model detection method and device based on firmware analysis | |
| CN104468459B (en) | A kind of leak detection method and device | |
| CN108694325A (en) | The condition discriminating apparatus of the discriminating conduct and specified type website of specified type website | |
| Shyni et al. | Phishing detection in websites using parse tree validation | |
| CN108270754B (en) | Detection method and device for phishing website | |
| Singh et al. | A survey on different phases of web usage mining for anomaly user behavior investigation | |
| Subramani et al. | PhishInPatterns: measuring elicited user interactions at scale on phishing websites | |
| CN104717226A (en) | Method and device for detecting website address | |
| CN107566371B (en) | WebShell mining method for massive logs | |
| CN108322420A (en) | The detection method and device of backdoor file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1184922 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1184922 Country of ref document: HK |