CN104065645A - Web vulnerability protection method and apparatus - Google Patents
Web vulnerability protection method and apparatus Download PDFInfo
- Publication number
- CN104065645A CN104065645A CN201410230520.1A CN201410230520A CN104065645A CN 104065645 A CN104065645 A CN 104065645A CN 201410230520 A CN201410230520 A CN 201410230520A CN 104065645 A CN104065645 A CN 104065645A
- Authority
- CN
- China
- Prior art keywords
- leak
- web leak
- described web
- web
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a web vulnerability protection method and apparatus. The web vulnerability protection method includes collecting web vulnerabilities; reproducing the web vulnerabilities; analyzing the web vulnerabilities; utilizing the web vulnerabilities according to the reproduction and analysis results of the web vulnerabilities; protecting the web vulnerabilities according to the reproduction, analysis and utilization results of the web vulnerabilities.
Description
Technical field
Present invention relates in general to network security, relate to particularly a kind of for protecting the method and apparatus of WEB leak.
Background technology
Growing along with network and computer technology, is used the personnel of network to increase, and Network Security Environment goes from bad to worse.The complexity gradually of network and software engineering turns to diverse network attack and hacker's behavior provides fertile soil.Upper network layer goes out not poor attack and the raw leak that do not stop production is pestered beyond endurance network user, especially wherein deeply hurts with keeper of the frequent WEB developer of Internet contact, various websites etc.
In diverse network harm, the extent of injury of WEB leak is very large.Particularly, WEB leak refers to the potential safety hazard that WEB application, WEB framework, WEB language and WEB server etc. exist.Common WEB leak has SQL injection loophole, XSS leak, file including leak, code to carry out leak and document analysis leak etc.Assailant utilizes WEB leak can realize following malicious operation: obtain website data database data, back door, web page horse hanging and the dark chain of implantation etc. are uploaded in website.Why the harm of WEB leak is seriously because all program errors in operating system and the third party application that WEB application is used or the leak that can be utilized are all the sources of WEB leak.Even error configurations also can produce leak, and includes the application program that unsafe default setting or keeper do not carry out security configuration and also can produce leak.For example, WEB server is configured to allow any directory path of any user system pass through, and may cause like this revealing some sensitive informations that are stored on WEB server, as password, source code or customer information etc.
For above-mentioned WEB leak, conventional detection and defence instrument are WEB security scanners and WEB security firewall.WEB security scanners refers to for WEB server and scans detection, with the equipment of finding that it exists potential safety hazard.WEB security firewall refers to the equipment that security protection is provided for WEB server.
But, detect and defence instrument although have, if can not be effectively for its scanning is set and defend regular, often for the protection of WEB leak or helpless.Detect and defend rule after leak being analyzed and obtained its principle, just can be upgraded and arrange.This just makes regular renewal and the protection of leak is depended critically upon to the result of researching and analysing to leak.Only have analysis result more careful, could provide more favourable condition for the protection of WEB leak more fast and more comprehensively.The WEB security study of now carrying out in order to protect WEB leak comprises the collection of WEB leak, the reproduction of WEB leak, WEB leak analysis and the utilization of WEB leak, finally forms the descriptor to WEB leak: WEB leak title, WEB leak are suitable for version, WEB leak describes and WEB leak utilizes method etc.And the WEB leak producing by this flow process protection is comprehensive not, because existing WEB security study scheme has lacked the comprehensive utilization of the research to WEB leak, namely the results conversion of the reproduction to WEB leak, analysis and utilization can not be become to the final scheme for protecting leak.In other words, in the prior art, reproduction, analysis and the utilization that WEB leak is made is only used to study the characteristic of this WEB leak, and the result obtaining is not fully utilized, and this is unfavorable for the protection of WEB leak.And in the prior art, WEB leak analysis link is not deep enough thorough, only form leak simple description.
Therefore, in existing WEB leak means of defence, the analysis and research of leak are only rested on to surface, the description of the leak origin cause of formation is also only had to only a few words, it is only lip-deep analysis, not deep enough, can not to point out leak root place, so simple leak analysis does not have any effect to follow-up protection.Under contrast, in WEB leak means of defence according to the present invention, more thorough to the analysis of WEB leak, can point out the root place that leak produces, analyze the whole process that leak triggers; By deeply detailed leak analysis, finally provide recovery scenario, scan method and defence method targetedly, to WEB leak, protection has positive meaning for this.
In addition, existing WEB leak means of defence lacks comprehensive analysis and the conversion links to WEB leak, is only the analysis and research to single WEB leak, and the achievements conversion that WEB security study can not be analyzed is the rule of WEB security scanners and WEB security firewall.In WEB leak means of defence according to the present invention, can be in time by the reproduction for WEB leak, analyze and utilize achievement to convert WEB vulnerability scanning rule and WEB leak defence rule to, for WEB security scanners and WEB security firewall, this has improved promptness and the accuracy of WEB security sweep and WEB Prevention-Security greatly.In other words, technical scheme according to the present invention takes full advantage of the achievement of analysis, reproduction and utilization to WEB leak, develops the effective scheme of WEB leak protection and can cover in all directions WEB leak from producing to the links endangering on the basis of its achievement.
Summary of the invention
Therefore, the object of the invention is to for the Network Security Environment going from bad to worse provide a kind of in time, accurately and all sidedly protect the method and apparatus of WEB leak.
In a first aspect of the present invention, the invention provides a kind of for protecting the method for WEB leak.Described method comprises: collect WEB leak; Reappear described WEB leak; Analyze described WEB leak; Utilize described WEB leak based on the result of reappearing and analyze described WEB leak; Based on reappearing, analyzing and utilize the result of described WEB leak to protect WEB leak.
In a preferred embodiment of the invention, described method is screened collected described WEB leak based on screening criteria after being further included in and collecting described WEB leak.
In a preferred embodiment of the invention, in described method, described screening criteria comprise following at least one: the newness degree of described WEB leak, the coverage of described WEB leak, utilize the complexity of described WEB leak, the extent of injury of described WEB leak.
In a preferred embodiment of the invention, in described method, the described WEB leak of described collection further comprises by network collects described WEB leak from WEB leak source.
In a preferred embodiment of the invention, in described method, described WEB leak source comprise following at least one: WEB leak is announced website and database, mutual website, community, news portal website.
In a preferred embodiment of the invention, in described method, the described WEB leak of described reproduction further comprises that utilizing virtual machine and relative program to build Range Environment carrys out again described WEB leak.
In a preferred embodiment of the invention, in described method, the described WEB leak of described analysis further comprises according to described WEB leak trigger point and obtains the root of described WEB leak and the formation principle of described WEB by source code audit technique, analytical parameters transmittance process.
In a preferred embodiment of the invention, in described method, describedly utilize described WEB leak further to comprise that product concept checking POC program realizes the utilization of WEB leak.
In a preferred embodiment of the invention, in described method, the utilization of WEB leak comprise following at least one: reading database content, file reading content, upload back door, code and carry out.
In a preferred embodiment of the invention, in described method, described protection WEB leak further comprise following at least one: form the root to described WEB leak description, generate for the recovery scenario of described WEB leak, generate for the detection method of described WEB leak, generate the defence method for described WEB leak.
In a preferred embodiment of the invention, described method further comprises and will be converted to for the scanning rule of security scanners for the detection method of described WEB leak, will be converted to the defence rule for security firewall for the defence method of described WEB leak.
In a second aspect of the present invention, provide a kind of for protecting the equipment of WEB leak.Described equipment comprises: gathering-device, for collecting WEB leak; Reproducer, for reappearing described WEB leak; Analytical equipment, for analyzing described WEB leak; Use device, for utilizing described WEB leak based on the result of reappearing and analyze described WEB leak; Protector, for based on reappear, analyze and utilize the result of described WEB leak to protect WEB leak.
In a preferred embodiment of the invention, described equipment further comprises screening plant, for collected described WEB leak being screened based on screening criteria after collecting described WEB leak.
In a preferred embodiment of the invention, in described equipment, described screening criteria comprise following at least one: the newness degree of described WEB leak, the coverage of described WEB leak, utilize the complexity of described WEB leak, the extent of injury of described WEB leak.
In a preferred embodiment of the invention, in described equipment, described gathering-device further comprises network gathering-device, for collecting described WEB leak by network from WEB leak source.
In a preferred embodiment of the invention, in described equipment, described WEB leak source comprise following at least one: WEB leak is announced website and database, mutual website, community, news portal website.
In a preferred embodiment of the invention, in described equipment, described reproducer further comprises construction device, reappears described WEB leak for utilizing virtual machine and relative program to build Range Environment.
In a preferred embodiment of the invention, in described equipment, described analytical equipment further comprises audit device, for obtaining the root of described WEB leak and the formation principle of described WEB according to described WEB leak trigger point by source code audit technique, analytical parameters transmittance process.
In a preferred embodiment of the invention, in described equipment, described use device further comprises generating apparatus, realizes the utilization of WEB leak for product concept checking POC program.
In a preferred embodiment of the invention, in described equipment, the utilization of described WEB leak comprise following at least one: reading database content, file reading content, upload back door, code and carry out.
In a preferred embodiment of the invention, in described equipment, described protector further comprise following at least one: form device, be used to form the description of the root to described WEB leak; Recovery scenario generating apparatus, for generating the recovery scenario for described WEB leak; Detection method generating apparatus, generates the detection method for described WEB leak; Defence method generating apparatus, for generating the defence method for described WEB leak.
In a preferred embodiment of the invention, described equipment further comprises conversion equipment, for being converted to for the scanning rule of security scanners for the detection method of described WEB leak, will being converted to the defence rule for security firewall for the defence method of described WEB leak.
Can find out from above various aspects of the present invention, method and apparatus according to the invention has following advantage with respect to prior art:
Realize reproduction directly perceived and the Essential Analysis to WEB leak according to of the present invention for protecting the method and apparatus of WEB leak, recovery scenario is provided, and for WEB security scanners and WEB security firewall provide rule, improve greatly promptness and the accuracy of scanning and defence.And, in method and apparatus according to the invention, more thorough for the analysis of WEB leak, can point out the root place that leak produces, analyze the whole process that leak triggers; By deeply detailed leak analysis, can provide easily recovery scenario, scan method and defence method targetedly, greatly strengthen thus WEB fail safe.
Brief description of the drawings
Below with reference to the following description carried out by reference to the accompanying drawings, to more thoroughly understand present disclosure, in the accompanying drawings:
Fig. 1 be according to the embodiment of the present invention for protecting the flow chart of method of WEB leak.
Fig. 2 shows in detail the block diagram that utilizes the result of the reproduction of WEB leak, WEB leak analysis and the utilization of WEB leak to carry out the protection of WEB leak.
Fig. 3 be according to the embodiment of the present invention for protecting the block diagram of equipment of WEB leak.
Embodiment
To describe specific embodiments of the invention below in detail, embodiments of the invention shown in the drawings.But, can be with many multi-form the present invention that embody, and should not be understood as the embodiment that is confined to set forth herein.On the contrary, providing these embodiment to make the disclosure will be thorough and complete, and will pass on scope of the present invention to those skilled in the art comprehensively.Identical Reference numeral is indicated identical element from start to finish.
Although it should be understood that term " first ", " second " etc. can be used for describing various elements in this article, these elements should not be subject to the restriction of these terms.These terms are only used for an element and another to differentiate.
Term as used herein is only for the object of describing specific embodiment, and is not intended to limit the present invention.Unless context clearly indicates, singulative " ", " one " and " being somebody's turn to do " intention of using herein also comprise plural form.What will also be understood that is in the time using in this article, term " comprises " and/or specifies " comprising " existence of described feature, entirety, step, operation, element and/or assembly, but does not get rid of existence or the interpolation of one or more other features, entirety, step, operation, element, assembly and/or its group.
Unless otherwise defined, all terms (comprising technology and scientific terminology) that use herein have the general identical meaning of understanding with those skilled in the art.What will also be understood that is term as used herein to be interpreted as to have the meaning consistent with its meaning in the context of this specification and association area, and should not making an explanation with idealized or excessive formal meaning, unless definition so clearly in this article.
In the following description, unless explicitly stated otherwise, term " WEB leak " and " leak " can exchange use, and they all represent this implication of WEB leak.
Below in conjunction with accompanying drawing, embodiments of the invention are described.
In accompanying drawing 1, illustrate according to the embodiment of the present invention for protecting the flow chart of method of WEB leak.
In this flow chart, step S101 is the step of collecting WEB leak.It is the basis of realizing whole WEB leak means of defence to the collection of WEB leak.Only have the overall condition of having grasped WEB leak, could protect targetedly.The process that collection process itself is understood the popular inherent law of WEB leak exactly.For example, in collection process according to the present invention, the quantity of finding certain leak presents suddenly explosive growth in the recent period, can show that the condition that needs in the recent period this kind of leak of key protection and produce this kind of leak is may be recently disclosed or be found, obtain even the conclusion of certain macroscopical trend of WEB leak development so at this point.This conclusion seems simply, but can provide guiding direction for subsequent step.So it is extremely important to collect the step of WEB leak.
According to the present invention, collect WEB leak and can adopt automated manner and manual type.In the time taking automated manner, can utilize the automatic collection procedure of WEB leak, collect leak based on WEB leak feature database from the various leaks source that can obtain or detect leak.Automatically collection procedure can utilize built-in collection model (the object exchange model that for example, Stanford University proposes) to collect WEB leak.Automatically collection mode is certainly high efficiency and accurately, adopts automatic collection mode can tackle large leak collection work amount, so generally speaking all adopt automatic collection mode for the collection of WEB leak.
But collection mode also likely exists some shortcoming automatically, for example program likely can not be collected certain class leak targetedly, cannot understand etc. the appearance situation of new leak.At this time just can adopt the mode artificially collecting, and artificially collect and can tackle more neatly leak a situation arises.For example, after the leak initial analysis to certain class flared, collect targetedly certain or some leaks and further analyze, instead of as automatic collection procedure, will not distinguish ground indifference and collect.This also can improve efficiency, promptness and accuracy that leak is collected in some cases undoubtedly.
In one embodiment, after collecting WEB leak or among collection WEB leak process, can also comprise the step of collected WEB leak being screened based on screening criteria.This screening step also can adopt automated manner and manual type.Add the most important advantage that the step of the collected WEB leak of screening has and strengthen exactly specific aim.Because the developer for some WEB applications and webmaster, protect nearest popularity degree is high, the extent of injury is serious WEB leak obviously than being only that to protect routinely some common WEB leaks more important.
Therefore, in one embodiment, in screening process, screening criteria can comprise following at least one: the extent of injury of the newness degree of WEB leak, the coverage of WEB leak, the complexity of utilizing WEB leak, WEB leak.
Obviously, in same class WEB leak, the new WEB leak producing often has more break-up value than the WEB leak producing before, also more needs protection.So in the time of screening, can screen according to the newness degree of WEB leak.Certainly, perhaps WEB leak has long ago produced new harm in new environment, and it also may have the value larger than the WEB leak of new generation for routine analyzer and personnel so, so also can be screened.Generally speaking, can be used the newness degree of WEB leak as one of screening criteria.Similarly, utilize the coverage of screening criteria-WEB leak can filter out the WEB leak of Different Effects scope.For example, on the whole world exert an influence, only affect domestic, even only affect certain local area network (LAN) or certain WEB application etc.Equally, screening criteria-utilize the complexity of WEB leak can filter out the WEB leak that utilizes complexity different.For example, some WEB leak is more easily utilized, and so just can preferentially be analyzed and be protected, and the WEB leak that is difficult for the utilizing row analysis of just can putting behind again.In addition, the screening criteria of outbalance is exactly the extent of injury of WEB leak.This screening criteria can filter out the WEB leak that the extent of injury is different.For example, the WEB leak that only destroys certain WEB application obviously than just destroying easily whole system, the WEB leak extent of injury of destroying even whole network is low.
By collecting or instruct follow-up analytical procedure with above-mentioned these screening criterias, can make WEB leak means of defence carry out with certain priority the WEB leak that analyzing and processing meets various criterion, and then realize efficiently, WEB leak protection accurately.
In one embodiment, on collection mode, automatically collection procedure and artificially collect and can collect described WEB leak from WEB leak source by network.But these two kinds of collection modes also can be collected leak by other approach.For example, the personnel that are responsible for artificially collecting can listen to or read some WEB leak and describe to realize the collection to WEB leak, can collect WEB leak by various communication exchanges means in this case.
But in one embodiment, collecting WEB leak by network is obviously a kind of mode efficiently, and WEB leak source on network is also more abundant and accurately.WEB leak source can comprise following at least one: WEB leak is announced website and database, mutual website, community, news portal website.For example, leak collect personnel or automatically collection procedure can browse, search for WEB leak issuing web site and database, it includes but not limited to national information security breaches shared platform-www.cnvd.org.cn, China national information security vulnerability database-www.cnnvd.org.cn, famous black clouds website-www.wooyun.org, www.securityfocus.com, www.exploit-db.com etc.Leak collects personnel or automatic collection procedure can also be collected WEB leak by social network sites such as Sina's microblogging, Tengxun's microblogging, twitter.Even can also pass through some news portal websites (for example, www.sohu.com, www.163.com etc.), arbitrarily other websites, more independently server is collected WEB leak.
In one embodiment, collecting the process of WEB leak from these leak sources, can adopt sql like language inquiry leak database mode, can take analyzing XML language obtain data wherein mode, can take the mode of web crawlers, can take even the mode of some information of manual read to collect WEB leak.Generally speaking, can adopt the means of all obtaining informations to collect WEB leak.
After having completed the step of collection WEB leak, will reappear collected WEB leak.As shown in the step S102 in Fig. 1.In one embodiment, reappear WEB leak and can comprise that utilizing virtual machine and relative program to build Range Environment reappears described WEB leak.The meaning of reappearing WEB leak is to understand fully and to check the various conditions that trigger this WEB leak, and it comprises generation environment and the direct trigger condition of WEB leak.
In order to reappear WEB leak, need to build Range Environment, be generally virtual machine environment.Can, with reference to leak publish information, for different WEB leaks, in Range Environment, use specific WEB server OS, WEB container, WEB language, database, WEB application, WEB framework, WEB plug-in unit or WEB browser.Finally can refer again to leak publish information, build the specified conditions that leak triggers, reappear this WEB leak.In the process of building Range Environment, what pay special attention to is to need to use to have the version of leak, and guarantees that it is not by patch installing.If reappear not success of leak according to the method in leak publish information, can consider whether the triggering of this leak depends on other specific conditions.
For each WEB security breaches, for example can create a vmware virtual machine, the needed each specific operating system of this leak and the WEB program of triggering is installed in this virtual machine.For example, operating system (windows, linux etc.), WEB container (iis, apache, tomcat etc.), WEB language (asp, php, jsp etc.), database (mysql, oracle, mssql etc.), WEB application (Discuz, Wordpress etc.), WEB framework (django, thinkphp etc.), WEB plug-in unit (Buddypress, TimThumb etc.), WEB browser (IE, firefox, chrome etc.).
On the basis of building Range Environment, release news with reference to leak, obtain and trigger the needed specified conditions of this leak and trigger flow process, for example access certain url, or upload certain file etc.In conjunction with vmware virtual machine and leak trigger condition, we can reappear this WEB leak.
For example, collected from network announce one for the SQL injection loophole of Discuz forum program (version 2 .0) after following this leak of reproduction.First a newly-built vmware virtual machine is installed linux operating system, apache server, php language, mysql database, Discuz forum program (version 2 .0, not patch installing) in this virtual machine.After installation, carry out the operation of a specific url who uses this Discuz forum of any browser access, the result of this operation is the content that demonstrates this forum's database.This has just realized the reproduction of this SQL injection loophole.
Reappearing in the step of WEB leak, can learn the trigger point of WEB leak, and then enter the analytical procedure of leak WEB leak.As shown in the step S103 in Fig. 1.Leak analysis link is the core procedure of whole WEB leak means of defence.By this WEB leak analysis link, can obtain the generation root of WEB leak.Leak reproduction step has only been reappeared the superficial phenomenon of WEB leak, but leak analysis step be one by table to the inner step of analyzing, be a step of making a thorough investigation, tracing the origin.
In one embodiment, analyzing WEB leak can comprise according to WEB leak trigger point and obtain the root of described WEB leak and the formation principle of described WEB by source code audit technique, analytical parameters transmittance process.Generally speaking, leak analysis method generally can comprise patch contrast, end points debugging, program incidence relation, data transmission tracking, program circuit tracking etc.The root of WEB leak can comprise that input does not verify, exports that checking, authority are not verified, logic error etc.
For example, in this WEB leak analysis step, can on source code level, analyze WEB leak: if there is official's patch to issue, can contrast patch, navigate to leak point, and according to data conveying flow and program execution flow, find the trigger point of leak; If there is no official's patch, the relevant information of announcing with reference to leak, file association relation between routine analyzer, the execution flow process of tracing program and the transmittance process of data, in conjunction with the method for debugging to breakpoint under program, find out the root place of leak, and explanation is under which kind of condition, program, in the time of which kind of operational process, can cause the triggering of leak.
Be further detailed with WEB leak analysis example below.Still describe for the SQL injection loophole of Discuz forum program (version 2 .0) with regard to certain.This leak trigger point is certain specific url of access.We carry out source code audit for the Discuz forum program of version 2 .0, analyze the special input parameter in this specific url, analytic process receives after this parameter, how through parameter transmission and parameter handling process repeatedly, user's input is put in SQL query statement, and the result presentation of SQL query statement is being exported on the page.So far the result, presenting on the output page provides leak root place and leak to form principle.
After having carried out above-mentioned leak analysis and leak reproduction step, the result based on reproduction and analysis WEB leak is utilized described leak.As shown in the step S104 of Fig. 1.Particularly, leak utilizes step obtaining on the basis of the place of WEB leak root and the triggering flow process of this WEB leak, specifically and at length utilizing certain means to carry out more thoroughly to analyze leak, is also that to utilize step be a requisite step of more understanding WEB leak in depth to leak.Utilize the object of WEB leak to be further to understand the operation logic of this WEB leak, the leak root that checking obtains in analytical procedure whether correctly with and the size of the extent of injury, thereby can protect more targetedly.
In one embodiment, utilize the step of WEB leak can comprise that product concept checking POC program realizes the utilization of WEB leak.POC(Proof of Concept) program, the major function of POC proving program is exactly to carry out program verification for formation principle and the triggering method of leak, thus in the Range Environment of reappearing WEB leak, utilize analysis result truly to see particularly result and issuable harm that this leak produces.In brief, be exactly for specific leak principle, write specific POC program, realize specific target.
In one embodiment, the utilization of WEB leak can comprise following at least one: reading database content, file reading content, upload back door, code execution etc.These means are all the means for attacking for WEB leak conventionally.In other words be exactly, that malicious attacker is utilized the achieved function of WEB leak.So, only have by POC program and realized these set objectives for WEB leak, the inside of this leak be could specifically and truly understand and details or method realized, thereby for many-sided information that provides is provided.
Now still above review altar SQL injection loophole carrys out the process that brief explanation WEB leak utilizes.For example, for this SQL injection loophole, write POC program.In conjunction with the Range Environment of Vmware virtual machine, utilize POC program can obtain the data-base content of this website.Carry out leak for code, write POC program.In conjunction with the Range Environment of Vmware virtual machine, utilize this POC program can obtain the Webshell back door of website.
Reproduction to WEB leak above, analyze and utilize object to be all to seek the thorough understanding to WEB leak, to submit necessary information for this WEB leak of protection.After having grasped these information, the method according to this invention can be based on reappearing, analyzing and utilize the result of described WEB leak to protect WEB leak, as shown in the step S105 of Fig. 1.
WEB leak means of defence of the present invention as shown in Figure 1, it should be appreciated by those skilled in the art that step shown in it for exemplary, in reality also can not according to shown in order carry out.Or, can add or omit step.For example, on existing WEB leak basis, carry out the present invention and just can omit collection step.
Now, describe the means of defence of WEB leak in detail in connection with Fig. 2.Fig. 2 shows in detail the block diagram that utilizes the result of the reproduction of WEB leak, WEB leak analysis and the utilization of WEB leak to carry out the protection of WEB leak.
In the embodiment of the method according to this invention and as shown in Figure 2, to the method 200 of WEB leak can comprise following at least one: as shown in frame 201, form the description of root to WEB leak, as shown in frame 202, generate for the recovery scenario of WEB leak, as shown in frame 203, generate for the detection scheme of WEB leak, as shown in frame 204, generate the defense schemes for WEB leak.
Above-mentioned these WEB leak protection aspects can be used separately also and can be used in combination, and these aspects can provide the omnibearing protection of WEB leak,, for the source of generation-developer of WEB leak starts until the victim of WEB leak-may comprise webmaster (head of a station), WEB application personnel etc. until provide comprehensive counte-rplan for fire compartment wall and the scanner of protection WEB leak.This does not have in the WEB of prior art leak means of defence.Because the method for prior art is only the analysis and research to single WEB leak, and can not be by the application of result of WEB analysis and research in the whole chain of the generation-propagation-shutoff of WEB leak.Therefore the method according to this invention has with respect to the method for prior art the advantage that protection is comprehensive, have better promptness and accuracy.
Set forth particularly these protection steps below.Why adopting this four protection aspects, is because can provide comprehensive counte-rplan for all personnel and program on WEB leak harm chain.As shown in the figure, it finally can be applied to WEB developer 210, site owner, keeper 220, WEB security scanners 230 and WEB security firewall 240.It should be appreciated by those skilled in the art that this accompanying drawing is only for exemplary and nonrestrictive.And the final protectiving scheme producing can offer the personnel at all levels or the equipment that need with various forms, and is not limited to 210 shown in figure to 240 these four aspects.
After reappearing, analyze through WEB leak and utilizing, the root to WEB leak or triggering flow process etc. has had very thorough understanding.But these understandings only rest on program operation result aspect, the such as operation result of the above-mentioned data-base content presenting on webpage, POC program etc.And WEB developer may not understand this, also just cannot prevent in the stage of programming and exploitation the formation of WEB leak.So WEB leak means of defence according to the present invention, after obtaining the information such as root of WEB leak, can form the various useful description of the root to WEB leak.These are described the mode that adopts and include but not limited to: the natural language description mode that personnel can obtain in natural reading mode, the machine readable format forming with various forms, the description that for example XML language forms and can be by WEB leak protected personnel or obtainable any other describing mode of machine.And, provide the mode of these descriptions also can be varied.For example, provide, provide, provide and provide in any other mode that can make personnel or machine acquired information with the natural language of voice mode with form of message by various communication softwares or hardware by webpage.
This description obviously can make WEB developer in the time designing and developing WEB application, does not recommit similar mistake, has namely prevented the generation of WEB leak from source.This mode is obviously most effective mode, is also one of advantage of the present invention.And these roots describe and also not only have WEB developer to utilize, the developer of any program or hardware can therefrom obtain the information of own needs in case the generation in leak-stopping hole.
Secondly, WEB leak means of defence according to the present invention can form the recovery scenario generating for WEB leak.
In the time that WEB leak starts at network vertical spread, various securing softwares likely also do not upgrade for this leak.So, protect also and be significant at the initial stage of WEB leak development.And before this emergent threat face, keeper, the head of a station etc. of various websites often feels simply helpless.Because they know nothing the WEB leak working the mischief, and therefore also just without any safeguard procedures.But means of defence according to the present invention just can provide recovery scenario for this WEB leak to provide rapidly support to the personnel at all levels who is endangered in the initial stage of WEB leak harm, also likely the harmfulness of WEB leak is down to minimum.For example, this recovery scenario can be that WEB leak is carried out to the description that manual operations is repaired, and can be also a program patch etc.This recovery scenario likely can be used by site owner, keeper rapidly and needn't wait for the renewal of the softwares such as fire compartment wall.But for emergent object, this type of repair mode likely only provides reparation for the main harm mode of current popular.In other words, recovery scenario possibly cannot provide comprehensive defence.Therefore, the method according to this invention also provides follow-up scheme further to improve protection step.
Above two aspects can provide the urgent coping style for WEB leak for personnel at all levels, are adapted at WEB threat and occur protecting in time in the short time afterwards.
In addition, the method according to this invention can also generate for the detection scheme of WEB leak with for the defense schemes of WEB leak.This two schemes can provide more fully protection for WEB leak.Be the scheme of the WEB leak that complete detection existence is provided for the object of WEB leak generation detection scheme.Due to some WEB leak before not being triggered in latence and therefore temporarily do not show harmfulness, if at this moment do not detected, it just likely becomes potential threat and outburst beyond thought time so.So, provide the complete detection scheme of WEB leak be extremely necessary.
Similarly, provide for the all-around defense scheme of WEB leak and be also necessary.Because as mentioned above, recovery scenario may only provide the reparation for certain concrete triggering mode, and cannot all-around defense.So the all-around defense scheme that may provide after a while can provide the all-around defense of WEB leak to prevent from utilizing the achieved any attack of this WEB leak and harm consequence.
In one embodiment, the method according to this invention can also comprise and will be converted to for the scanning rule of security scanners for the detection scheme of WEB leak, will be converted to the defence rule for security firewall for the defense schemes of WEB leak.
After all, it is inadequate only relying on manual type for the protection of WEB leak, and WEB security firewall and scanner can provide more fast, automatically and comprehensively protect.So detection scheme and defense schemes being converted to scanning and the defence rule of WEB security firewall and scanner is the mode of protecting more efficiently WEB leak.
Illustrate according to WEB leak means of defence of the present invention with concrete example below.It will be understood by those skilled in the art that example shown in the present is all illustrative and nonrestrictive.
For example, for the SQL injection loophole of certain WEB application program, reappear, analyze and utilize through WEB leak, the discovery leak program that has its source in is not effectively filtered for the id parameter of user's input.SQL query statement in program is for example " select title, content from paper where id=$ id ", and what wherein need to limit $ id parameter is input as numeric type parameter.But due to programmer's carelessness, $ id parameter is not limited, cause the user can be to any assignment of $ id parameter, thereby caused the generation of SQL injection loophole.When malicious user access shape as " http://www.xxx.com/xxx.php id=1 union select username; password from admin " url link time, the $ id parameter receiving in program is " 1 union select username; password from admin ", it is not numeric type, thereby causes will there will be webmaster's username and password in back page.
Carry out now following four aspects of protection body for this SQL injection loophole:
1. form description to leak root and offer the programmer of this WEB application: $ id parameter effectively do not filtered and limited, thereby having caused the malicious user can be to any assignment of $ id parameter.WEB application developer after receiving this description, can be from this case chalk it up to experience, avoid occurring user to input the mistake not limited.
2. for leak root, leak recovery scenario is proposed: in program, $ id parameter is carried out to filtering limit, the $ id parameter that only allows for numeric type enters into program.This recovery scenario can use for site owner, thereby avoids website to be attacked.
3. from the angle of Hole Detection, leak is proposed detection scheme and is converted to security scanners rule.Can in scanner, add following detection rule: access " xxx.php id=1 and 1=1 " and " xxx.php id=1 and 1=2 " two url respectively, two back page contents are different, illustrate that this website exists SQL injection loophole.
4. from the angle of leak defence, leak is proposed defense schemes and is converted to security firewall rule.Can in fire compartment wall, add following defence rule: when user submit to url shape as " xxx.php id=1 union select name; password from admin " time, judge that id parameter is nonnumeric type, and comprise the key-strings such as union/select, stoped user's this request.
In sum, can form comprehensively WEB leak for protecting the method for WEB leak, protect in time and accurately according to of the present invention.And, it should be appreciated by those skilled in the art that method of the present invention not only can be for protection WEB leak, also can be for other leaks and the harm in protected network.And, neither be restrictive in the sequence of steps described in description method of the present invention, some step can not carried out or omit to some step with the order of describing.For example, if in advance the principle of certain WEB leak is had to certain understanding, can not carry out leak reproduction step so and leap to analyze and utilize step to save time.
Describe according to of the present invention for protecting the equipment of WEB leak below in conjunction with Fig. 3.Fig. 3 be according to the embodiment of the present invention for protecting the block diagram of equipment of WEB leak.
In Fig. 3, described equipment 300 can comprise: gathering-device 301, and can be for collecting WEB leak; Reproducer 302, can be for reappearing described WEB leak; Analytical equipment 303, can be for analyzing described WEB leak; Use device 304, can be for utilizing described WEB leak based on the result of reappearing and analyze described WEB leak; Protector 305, can for based on reappear, analyze and utilize the result of described WEB leak to protect WEB leak.
Preferably, this equipment may further include screening plant, for collected described WEB leak being screened based on screening criteria after collecting described WEB leak.
And, preferably, described screening criteria can comprise following at least one: the newness degree of described WEB leak, the coverage of described WEB leak, utilize the complexity of described WEB leak, the extent of injury of described WEB leak.
Preferably, in this equipment, described gathering-device may further include network gathering-device, for collecting described WEB leak by network from WEB leak source.
Preferably, in this equipment, described WEB leak source can comprise following at least one: WEB leak is announced website and database, mutual website, community, news portal website.
Preferably, in this equipment, described reproducer may further include construction device, reappears described WEB leak for utilizing virtual machine and relative program to build Range Environment.
Preferably, in this equipment, described analytical equipment may further include audit device, for obtaining the description of the root to described WEB leak and the formation principle of described WEB according to described WEB leak trigger point by source code audit technique, analytical parameters transmittance process.
Preferably, in this equipment, described use device may further include generating apparatus, realizes the utilization of WEB leak for product concept checking POC program.
Preferably, in this equipment, described WEB leak can utilize comprise following at least one: reading database content, file reading content, upload back door, code and carry out.
Preferably, in this equipment, described protector may further include following at least one: form device, be used to form the description of the root to described WEB leak; Recovery scenario generating apparatus, for generating the recovery scenario for described WEB leak; Detection method generating apparatus, generates the detection scheme for described WEB leak; Defence method generating apparatus, for generating the defense schemes for described WEB leak.
Preferably, this equipment may further include conversion equipment, for being converted to for the scanning rule of security scanners for the detection scheme of described WEB leak, will being converted to the defence rule for security firewall for the defense schemes of described WEB leak.
To sum up, can comprehensively protect for the whole chain of WEB leak formation development for the method for protecting WEB leak according to of the present invention.And can all provide reply protectiving scheme for the personnel at all levels and the program that relate to WEB leak, make to the protection of WEB leak become in time, comprehensively, efficient and accurately.
Although described by reference to the accompanying drawings specific embodiments of the invention above-mentioned, those skilled in the art without departing from the spirit and scope of the present invention, can carry out various changes, amendment and equivalent substitution to the present invention.Within these changes, amendment and equivalent substitution all mean and fall into the spirit and scope that the claim of enclosing limits.
Claims (22)
1. for protecting a method for WEB leak, described method comprises:
Collect WEB leak;
Reappear described WEB leak;
Analyze described WEB leak;
Utilize described WEB leak based on the result of reappearing and analyze described WEB leak; And
Based on reappearing, analyzing and utilize the result of described WEB leak to protect WEB leak.
2. method according to claim 1, is further included in the described WEB leak of collection and based on screening criteria, collected described WEB leak is screened afterwards.
3. method according to claim 2, wherein said screening criteria comprise following at least one: the newness degree of described WEB leak, the coverage of described WEB leak, utilize the complexity of described WEB leak, the extent of injury of described WEB leak.
4. method according to claim 1, the described WEB leak of wherein said collection further comprises by network collects described WEB leak from WEB leak source.
5. method according to claim 4, wherein said WEB leak source comprise following at least one: WEB leak is announced website and database, mutual website, community, news portal website.
6. method according to claim 1, the described WEB leak of wherein said reproduction further comprises that utilizing virtual machine and relative program to build Range Environment carrys out again described WEB leak.
7. method according to claim 1, the described WEB leak of wherein said analysis further comprises according to described WEB leak trigger point and obtains the description of the root to described WEB leak and the formation principle of described WEB by source code audit technique, analytical parameters transmittance process.
8. method according to claim 1, wherein saidly utilizes described WEB leak further to comprise that product concept checking POC program realizes the utilization of WEB leak.
9. method according to claim 8, the utilization of wherein said WEB leak comprise following at least one: reading database content, file reading content, upload back door, code and carry out.
10. according to the method described in any one in claim 1 to 9, wherein said protection WEB leak further comprise following at least one: form the root to described WEB leak description, generate for the recovery scenario of described WEB leak, generate for the detection scheme of described WEB leak, generate the defense schemes for described WEB leak.
11. methods according to claim 10, further comprise and will be converted to for the scanning rule of security scanners for the detection scheme of described WEB leak, will be converted to the defence rule for security firewall for the defense schemes of described WEB leak.
12. 1 kinds for protecting the equipment of WEB leak, and described equipment comprises:
Gathering-device, for collecting WEB leak;
Reproducer, for reappearing described WEB leak;
Analytical equipment, for analyzing described WEB leak;
Use device, for utilizing described WEB leak based on the result of reappearing and analyze described WEB leak;
Protector, for based on reappear, analyze and utilize the result of described WEB leak to protect WEB leak.
13. equipment according to claim 12, further comprise screening plant, for collected described WEB leak being screened based on screening criteria after collecting described WEB leak.
14. equipment according to claim 13, wherein said screening criteria comprise following at least one: the newness degree of described WEB leak, the coverage of described WEB leak, utilize the complexity of described WEB leak, the extent of injury of described WEB leak.
15. equipment according to claim 12, wherein said gathering-device further comprises network gathering-device, for collecting described WEB leak by network from WEB leak source.
16. equipment according to claim 15, wherein said WEB leak source comprise following at least one: WEB leak is announced website and database, mutual website, community, news portal website.
17. equipment according to claim 12, wherein said reproducer further comprises construction device, reappears described WEB leak for utilizing virtual machine and relative program to build Range Environment.
18. equipment according to claim 12, wherein said analytical equipment further comprises audit device, for obtaining the description of the root to described WEB leak and the formation principle of described WEB according to described WEB leak trigger point by source code audit technique, analytical parameters transmittance process.
19. equipment according to claim 12, wherein said use device further comprises generating apparatus, realizes the utilization of WEB leak for product concept checking POC program.
20. equipment according to claim 19, the utilization of wherein said WEB leak comprise following at least one: reading database content, file reading content, upload back door, code and carry out.
21. according to claim 12 to the equipment described in any one in 20, wherein said protector further comprise following at least one: form device, be used to form the description of the root to described WEB leak; Recovery scenario generating apparatus, for generating the recovery scenario for described WEB leak; Detection method generating apparatus, generates the detection scheme for described WEB leak; Defence method generating apparatus, for generating the defense schemes for described WEB leak.
22. equipment according to claim 21, further comprise conversion equipment, for being converted to for the scanning rule of security scanners for the detection scheme of described WEB leak, the defence rule for security firewall will be converted to for the defense schemes of described WEB leak.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410230520.1A CN104065645A (en) | 2014-05-28 | 2014-05-28 | Web vulnerability protection method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410230520.1A CN104065645A (en) | 2014-05-28 | 2014-05-28 | Web vulnerability protection method and apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104065645A true CN104065645A (en) | 2014-09-24 |
Family
ID=51553176
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410230520.1A Pending CN104065645A (en) | 2014-05-28 | 2014-05-28 | Web vulnerability protection method and apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104065645A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104301183A (en) * | 2014-10-23 | 2015-01-21 | 北京知道创宇信息技术有限公司 | WEB container detection method and device based on IP section scanning |
| CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
| CN104468563A (en) * | 2014-12-03 | 2015-03-25 | 北京奇虎科技有限公司 | Website bug protection method, device and system |
| WO2016150304A1 (en) * | 2015-03-20 | 2016-09-29 | 中兴通讯股份有限公司 | Security vulnerability strengthening method and system |
| CN106874768A (en) * | 2016-12-30 | 2017-06-20 | 北京瑞卓喜投科技发展有限公司 | The method and device of penetration testing |
| CN106911694A (en) * | 2017-02-28 | 2017-06-30 | 广东电网有限责任公司信息中心 | A kind of method automatically updated based on ANDROID leak knowledge bases |
| CN107426202A (en) * | 2017-07-13 | 2017-12-01 | 北京知道未来信息技术有限公司 | A kind of method that automatic test WAF intercepts rule |
| CN108154034A (en) * | 2017-12-21 | 2018-06-12 | 北京知道创宇信息技术有限公司 | Leak analysis method and device based on WordPress |
| CN108512859A (en) * | 2018-04-16 | 2018-09-07 | 贵州大学 | A kind of Web applications safety loophole mining method and device |
| CN108520180A (en) * | 2018-03-01 | 2018-09-11 | 中国科学院信息工程研究所 | A kind of firmware Web leak detection methods and system based on various dimensions |
| CN108848115A (en) * | 2018-09-03 | 2018-11-20 | 杭州安恒信息技术股份有限公司 | A kind of method, apparatus of web site scan, equipment and computer readable storage medium |
| CN108874669A (en) * | 2018-06-13 | 2018-11-23 | 山东浪潮通软信息科技有限公司 | A kind of method of inspection based on Web defect |
| CN109977677A (en) * | 2017-12-28 | 2019-07-05 | 平安科技(深圳)有限公司 | Vulnerability information collection method, device, equipment and readable storage medium storing program for executing |
| CN110059007A (en) * | 2019-04-03 | 2019-07-26 | 北京奇安信科技有限公司 | System vulnerability scan method, device, computer equipment and storage medium |
| CN110392028A (en) * | 2018-04-20 | 2019-10-29 | 上海巍擎信息技术有限责任公司 | Android system loophole method for wirelessly testing, device, computer equipment and storage medium |
| CN110912890A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | Novel vulnerability attack detection system for intranet |
| WO2021097713A1 (en) * | 2019-11-20 | 2021-05-27 | 阿里巴巴集团控股有限公司 | Distributed security testing system, method and device, and storage medium |
| CN115664862A (en) * | 2022-12-27 | 2023-01-31 | 深圳市四格互联信息技术有限公司 | Security baseline scanning method, device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1694454A (en) * | 2005-05-10 | 2005-11-09 | 西安交通大学 | Active network safety loophole detector |
| US20130086688A1 (en) * | 2011-09-30 | 2013-04-04 | International Business Machines Corporation | Web application exploit mitigation in an information technology environment |
| CN103699844A (en) * | 2012-09-28 | 2014-04-02 | 腾讯科技(深圳)有限公司 | Safety protection system and safety protection method |
-
2014
- 2014-05-28 CN CN201410230520.1A patent/CN104065645A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1694454A (en) * | 2005-05-10 | 2005-11-09 | 西安交通大学 | Active network safety loophole detector |
| US20130086688A1 (en) * | 2011-09-30 | 2013-04-04 | International Business Machines Corporation | Web application exploit mitigation in an information technology environment |
| CN103699844A (en) * | 2012-09-28 | 2014-04-02 | 腾讯科技(深圳)有限公司 | Safety protection system and safety protection method |
Non-Patent Citations (2)
| Title |
|---|
| 张昊星等: "《通用Web漏洞库》", 《计算机系统应用》 * |
| 陈波等: "《一种新型Web应用安全漏洞统一描述语言》", 《小型微型计算机系统》 * |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104301183A (en) * | 2014-10-23 | 2015-01-21 | 北京知道创宇信息技术有限公司 | WEB container detection method and device based on IP section scanning |
| CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
| CN104468563A (en) * | 2014-12-03 | 2015-03-25 | 北京奇虎科技有限公司 | Website bug protection method, device and system |
| WO2016150304A1 (en) * | 2015-03-20 | 2016-09-29 | 中兴通讯股份有限公司 | Security vulnerability strengthening method and system |
| CN106874768A (en) * | 2016-12-30 | 2017-06-20 | 北京瑞卓喜投科技发展有限公司 | The method and device of penetration testing |
| CN106911694A (en) * | 2017-02-28 | 2017-06-30 | 广东电网有限责任公司信息中心 | A kind of method automatically updated based on ANDROID leak knowledge bases |
| CN107426202A (en) * | 2017-07-13 | 2017-12-01 | 北京知道未来信息技术有限公司 | A kind of method that automatic test WAF intercepts rule |
| CN107426202B (en) * | 2017-07-13 | 2021-03-30 | 北京知道未来信息技术有限公司 | Method for automatically testing WAF (Wireless Access Filter) interception rule |
| CN108154034A (en) * | 2017-12-21 | 2018-06-12 | 北京知道创宇信息技术有限公司 | Leak analysis method and device based on WordPress |
| CN108154034B (en) * | 2017-12-21 | 2020-04-07 | 北京知道创宇信息技术股份有限公司 | Vulnerability analysis method and device based on WordPress |
| CN109977677A (en) * | 2017-12-28 | 2019-07-05 | 平安科技(深圳)有限公司 | Vulnerability information collection method, device, equipment and readable storage medium storing program for executing |
| CN108520180A (en) * | 2018-03-01 | 2018-09-11 | 中国科学院信息工程研究所 | A kind of firmware Web leak detection methods and system based on various dimensions |
| CN108520180B (en) * | 2018-03-01 | 2020-04-24 | 中国科学院信息工程研究所 | Multi-dimension-based firmware Web vulnerability detection method and system |
| CN108512859A (en) * | 2018-04-16 | 2018-09-07 | 贵州大学 | A kind of Web applications safety loophole mining method and device |
| CN110392028A (en) * | 2018-04-20 | 2019-10-29 | 上海巍擎信息技术有限责任公司 | Android system loophole method for wirelessly testing, device, computer equipment and storage medium |
| CN108874669A (en) * | 2018-06-13 | 2018-11-23 | 山东浪潮通软信息科技有限公司 | A kind of method of inspection based on Web defect |
| CN108848115A (en) * | 2018-09-03 | 2018-11-20 | 杭州安恒信息技术股份有限公司 | A kind of method, apparatus of web site scan, equipment and computer readable storage medium |
| CN110059007A (en) * | 2019-04-03 | 2019-07-26 | 北京奇安信科技有限公司 | System vulnerability scan method, device, computer equipment and storage medium |
| WO2021097713A1 (en) * | 2019-11-20 | 2021-05-27 | 阿里巴巴集团控股有限公司 | Distributed security testing system, method and device, and storage medium |
| CN110912890A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | Novel vulnerability attack detection system for intranet |
| CN110912890B (en) * | 2019-11-22 | 2021-10-22 | 上海交通大学 | Vulnerability attack detection system for intranet |
| CN115664862A (en) * | 2022-12-27 | 2023-01-31 | 深圳市四格互联信息技术有限公司 | Security baseline scanning method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104065645A (en) | Web vulnerability protection method and apparatus | |
| CN108737425B (en) | Vulnerability management system based on multi-engine vulnerability scanning correlation analysis | |
| CN104933362B (en) | Android application software API misapplies class leak automated detection method | |
| US9681304B2 (en) | Network and data security testing with mobile devices | |
| CN104468477A (en) | WebShell detection method and system | |
| CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
| CN103780614B (en) | A kind of SQL injection loophole method for digging based on simulated strike extension | |
| CN110059007B (en) | System vulnerability scanning method and device, computer equipment and storage medium | |
| US11805147B2 (en) | Domain-specific language simulant for simulating a threat-actor and adversarial tactics, techniques, and procedures | |
| Hasan et al. | Web application safety by penetration testing | |
| CN110851838A (en) | Cloud testing system and security testing method based on Internet | |
| Marback et al. | Security test generation using threat trees | |
| CN108512859A (en) | A kind of Web applications safety loophole mining method and device | |
| Mathas et al. | On the design of IoT security: Analysis of software vulnerabilities for smart grids | |
| Zamiri-Gourabi et al. | Gas what? I can see your GasPots. Studying the fingerprintability of ICS honeypots in the wild | |
| Kaur et al. | Mitigation of SQL injection attacks using threat modeling | |
| Liban et al. | Enhancing Mysql Injector vulnerability checker tool (Mysql Injector) using inference binary search algorithm for blind timing-based attack | |
| Varenitca et al. | Recommended practices for the analysis of web application vulnerabilities | |
| Thai et al. | A framework for website security assessment | |
| Shi et al. | Analysis of web security comprehensive evaluation tools | |
| Hristova et al. | Security assessment methodology for industrial control system products | |
| KR101968633B1 (en) | Method for providing real-time recent malware and security handling service | |
| Xu et al. | Identification of ICS security risks toward the analysis of packet interaction characteristics using state sequence matching based on SF-FSM | |
| Aarya et al. | Web scanning: existing techniques and future | |
| Medeiros et al. | Securing energy metering software with automatic source code correction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140924 |