CN104065645A - Web vulnerability protection method and apparatus - Google Patents

Web vulnerability protection method and apparatus Download PDF

Info

Publication number
CN104065645A
CN104065645A CN201410230520.1A CN201410230520A CN104065645A CN 104065645 A CN104065645 A CN 104065645A CN 201410230520 A CN201410230520 A CN 201410230520A CN 104065645 A CN104065645 A CN 104065645A
Authority
CN
China
Prior art keywords
web
vulnerability
vulnerabilities
means
protection
Prior art date
Application number
CN201410230520.1A
Other languages
Chinese (zh)
Inventor
练晓谦
Original Assignee
北京知道创宇信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京知道创宇信息技术有限公司 filed Critical 北京知道创宇信息技术有限公司
Priority to CN201410230520.1A priority Critical patent/CN104065645A/en
Publication of CN104065645A publication Critical patent/CN104065645A/en

Links

Abstract

The invention discloses a web vulnerability protection method and apparatus. The web vulnerability protection method includes collecting web vulnerabilities; reproducing the web vulnerabilities; analyzing the web vulnerabilities; utilizing the web vulnerabilities according to the reproduction and analysis results of the web vulnerabilities; protecting the web vulnerabilities according to the reproduction, analysis and utilization results of the web vulnerabilities.

Description

用于防护WEB漏洞的方法和设备 Method and apparatus for protection WEB vulnerabilities

技术领域 FIELD

[0001] 本发明总体上涉及网络安全,具体地涉及一种用于防护WEB漏洞的方法和设备。 It relates generally to network security [0001] The present invention particularly relates to a method and apparatus for protecting WEB vulnerability.

背景技术 Background technique

[0002] 随着网络和计算机技术的日益发展,使用网络的人员增多,网络安全环境日益恶化。 [0002] With the development of Internet and computer technology, using a network of personnel increased, network security environment is deteriorating. 网络和软件技术的逐渐复杂化为各种网络攻击和黑客行为提供了肥沃的土壤。 Increasingly complex network and software technology into a variety of network hacking attacks and provide fertile soil. 网络上层出不穷的攻击和不停产生的漏洞使网络使用者不胜其烦,尤其是其中与网络接触频繁WEB开发者、各种网站的管理员等深受其害。 Emerging network attacks and vulnerabilities constantly disturbs the troublesome Internet users, especially among frequent contact with the network WEB developers, administrators, and other various websites suffer.

[0003] 在各种网络危害中,WEB漏洞的危害程度很大。 [0003] In a variety of network harm, a large degree of harm WEB vulnerability. 具体而言,WEB漏洞是指WEB应用、 WEB框架、WEB语言和WEB服务器等存在的安全隐患。 Specifically, WEB Vulnerabilities are security risks WEB application, WEB framework, WEB language and WEB servers. 常见的WEB漏洞有SQL注入漏洞、XSS 漏洞、文件包含漏洞、代码执行漏洞和文件解析漏洞等。 Common WEB loopholes SQL injection vulnerabilities, XSS vulnerabilities, file inclusion vulnerability in code execution vulnerabilities and file parsing vulnerabilities. 攻击者利用WEB漏洞可以实现以下恶意操作:获取网站数据库数据、网站上传后门、网页挂马和植入暗链等。 An attacker who exploited the vulnerability WEB can achieve the following malicious actions: access to the Web database data, upload site back door, pages linked to horse and implants dark chain. WEB漏洞的危害之所以严重是因为WEB应用使用的操作系统和第三方应用程序中的所有程序错误或者可以被利用的漏洞都是WEB漏洞的来源。 WEB vulnerability is serious because the harm is because the source of all programs operating system and third-party applications using the WEB application errors or vulnerabilities may be exploited vulnerabilities are WEB. 甚至错误配置也可产生漏洞,并且包含有不安全的默认设置或管理员没有进行安全配置的应用程序也会产生漏洞。 Even misconfiguration can also create loopholes, and containing the application unsafe default settings or administrator will be no security configuration loopholes. 例如,WEB服务器被配置成可以让任何用户从系统上的任何目录路径通过,这样可能会导致泄露存储在WEB服务器上的一些敏感信息,如口令、源代码或客户信息等。 For example, the WEB server can be configured to allow any user from any directory path on the systems, which may lead to sensitive information on a WEB server, such as passwords, source code, or leakage of customer information is stored.

[0004] 针对上述WEB漏洞,常用的检测和防御工具是WEB安全扫描器和WEB安全防火墙。 [0004] In response to these WEB vulnerabilities, commonly used detection and prevention tools are WEB WEB security scanner and firewall security. WEB安全扫描器是指针对WEB服务器进行扫描检测,以发现其存在安全隐患的设备。 WEB security scanner means for scanning and detecting the WEB server device to discover its potential safety hazard. WEB安全防火墙是指为WEB服务器提供安全防护的设备。 WEB security firewall means providing security for the WEB server device.

[0005] 然而,虽然具有检测和防御工具,但是如果不能有效地为其设置扫描和防御规则, 往往对于WEB漏洞的防护还是无能为力。 [0005] However, while having detection and prevention tool, but if you can not effectively scan and defense to set the rules, often for protection WEB vulnerabilities can not do it. 而设置检测和防御规则必须在对漏洞进行分析并得到其原理之后才能得到更新。 The detection and prevention rules must be set in order to get updated after analysis of vulnerabilities and get their works. 这就使规则的更新和对漏洞的防护严重依赖于对漏洞的研究分析结果。 This makes regular updates and protection against vulnerability depends heavily on the results of vulnerability studies. 只有分析结果越细致、越快速以及越全面才能为WEB漏洞的防护提供越有利的条件。 Only the results of the more detailed analysis, the more rapid and more comprehensive in order to provide more favorable conditions for the protection WEB vulnerability. 现在为了防护WEB漏洞而进行的WEB安全研究包括WEB漏洞收集、WEB漏洞重现、 WEB漏洞分析和WEB漏洞利用,最终形成对WEB漏洞的描述信息:WEB漏洞名称、WEB漏洞适用版本、WEB漏洞描述和WEB漏洞利用方法等。 Now WEB WEB loopholes in security studies carried out for protection of the collection include WEB loopholes, loopholes reproduce WEB, WEB WEB exploits vulnerability analysis and, eventually forming a description of the vulnerability WEB: WEB vulnerability name, WEB loopholes in the applicable version, WEB Vulnerability Description WEB and exploit methods. 而通过这个流程产生的WEB漏洞防护是不够全面的,因为现有的WEB安全研究方案缺少了对WEB漏洞的研究的综合利用,也就是不能将对WEB漏洞的重现、分析和利用的结果转换成用于防护漏洞的最终方案。 The WEB vulnerability protection through this process produces is not comprehensive enough, because the existing WEB security research program lacks the comprehensive utilization of WEB vulnerabilities research, that is, it will not reproduce WEB vulnerability analysis and use of the results of conversion into the final plan for the protection vulnerabilities. 换言之,在现有技术中,对WEB漏洞做出的重现、分析以及利用仅仅是为了研究该WEB漏洞的特性,而得到的结果并没有被充分利用,这是不利于WEB漏洞防护的。 In other words, in the prior art, the reproduction of the WEB loopholes made, the analysis and the use of only to study the characteristics of the WEB vulnerability, and the result has not been fully utilized, it is not conducive to the protection of WEB vulnerabilities. 并且在现有技术中,WEB漏洞分析环节不够深入透彻,只形成对漏洞的一个简单描述。 And in the prior art, WEB link is not enough depth and thorough vulnerability analysis, only the formation of the vulnerability of a simple description.

[0006] 因此,在现有WEB漏洞防护方法中,对漏洞的分析研究仅仅停留在表面,对漏洞成因的描述也只有片言只语,仅仅是表面上的分析,不够深入,不能指出漏洞的根源所在,这样简单的漏洞分析对后续的防护起不到任何的作用。 [0006] Thus, in the existing WEB vulnerability protection methods, the analysis of vulnerabilities just stay on the surface, the description of the causes of vulnerability and only the utterances merely analysis on the surface, not deep enough, can not point out the root causes of vulnerability where such a simple vulnerability analysis for subsequent protection not have any effect. 对比之下,在根据本发明的WEB漏洞防护方法中,对WEB漏洞的分析更加透彻,能够指出漏洞产生的根源所在,分析出漏洞触发的整个过程;通过深入详细的漏洞分析,最终给出针对性的修复方案、扫描方法以及防御方法,这对WEB漏洞防护具有积极的意义。 By contrast, in the WEB vulnerability protection method of the present invention, an analysis of WEB vulnerabilities more thorough, able to point out where the root causes of vulnerability results, analysis of the entire process triggered by a vulnerability; vulnerability analysis through in-depth detail, given for final of the rehabilitation program, scanning method and defensive approach, which has positive significance for WEB vulnerability protection.

[0007] 此外,现有的WEB漏洞防护方法缺少对WEB漏洞的综合分析和转换环节,仅仅是对单个WEB漏洞的分析研究,不能将WEB安全研究分析的成果转化为WEB安全扫描器和WEB 安全防火墙的规则。 [0007] In addition, the existing methods lack WEB vulnerability protection aspects of the comprehensive analysis and conversion WEB vulnerability, just analysis of individual vulnerabilities WEB, WEB security research can not be analyzed results into WEB WEB safety and security scanners firewall rules. 在根据本发明的WEB漏洞防护方法中,可以及时地将针对WEB漏洞的重现、分析和利用成果转换成WEB漏洞扫描规则和WEB漏洞防御规则,供WEB安全扫描器和WEB安全防火墙使用,这极大的提高了WEB安全扫描和WEB安全防御的及时性和准确性。 WEB vulnerability protection in accordance with the method of the present invention, it is possible to reproduce the WEB for vulnerabilities, analyze and utilize timely conversion results into WEB vulnerability scanning rules and rules WEB loopholes defense, security scanner for WEB and WEB security firewall, which greatly improves the timeliness and accuracy of the WEB security scanning and security WEB defense. 换言之,根据本发明的技术方案充分利用了对WEB漏洞的分析、重现和利用的成果,其成果的基础上发展出WEB漏洞防护的有效方案并能够全方位地覆盖WEB漏洞从产生到危害的各个环节。 Effective programs in other words, the solution according to the invention makes full use of the analysis of WEB vulnerabilities, reproduction and use of the results, on the basis of the results of the development of the WEB vulnerability protection and can cover the full range of produce from WEB vulnerability to hazards Each link.

发明内容 SUMMARY

[0008] 因此,本发明的目的在于针对日益恶化的网络安全环境提供一种用于及时、准确以及全面地防护WEB漏洞的方法和设备。 [0008] Accordingly, an object of the present invention to provide for timely, accurate and comprehensive protection method and apparatus for WEB vulnerability deteriorating network security environment.

[0009] 在本发明的第一方面中,本发明提供一种用于防护WEB漏洞的方法。 [0009] In a first aspect of the present invention, the present invention provides a method for protecting WEB vulnerability. 所述方法包括:收集WEB漏洞;重现所述WEB漏洞;分析所述WEB漏洞;基于重现和分析所述WEB漏洞的结果来利用所述WEB漏洞;基于重现、分析和利用所述WEB漏洞的结果来防护WEB漏洞。 The method comprising: collecting WEB vulnerabilities; reproducing the WEB vulnerabilities; analyzing the WEB vulnerabilities; and reproduced based on the results of the analysis with the WEB WEB vulnerability to the vulnerability; reproduced based, analysis and use of the WEB the results loopholes to protect WEB vulnerabilities. [0010] 在本发明的一个优选实施例中,所述方法进一步包括在收集所述WEB漏洞之后基于筛选标准对所收集的所述WEB漏洞进行筛选。 [0010] In a preferred embodiment of the present invention, the method further comprises the collected vulnerability to filter the WEB-based screening criteria after collecting the WEB vulnerability.

[0011] 在本发明的一个优选实施例中,在所述方法中,所述筛选标准包括以下至少一个: 所述WEB漏洞的新旧程度、所述WEB漏洞的影响范围、利用所述WEB漏洞的难易程度、所述WEB漏洞的危害程度。 [0011] In a preferred embodiment of the present invention, in the method, the screening criteria comprises at least one of the following: Condition of the WEB vulnerability, the vulnerability of the scope of the WEB, WEB using the vulnerability the degree of difficulty, the degree of harm WEB vulnerability.

[0012] 在本发明的一个优选实施例中,在所述方法中,所述收集所述WEB漏洞进一步包括通过网络从WEB漏洞源收集所述WEB漏洞。 [0012] In a preferred embodiment of the present invention, in the method, the collection of the source WEB vulnerability further comprising collecting the vulnerability WEB WEB through the network vulnerability.

[0013] 在本发明的一个优选实施例中,在所述方法中,所述WEB漏洞源包括以下至少一个:WEB漏洞公布网站和数据库、社区交互网站、新闻门户网站。 [0013] In a preferred embodiment of the present invention, in the method, the WEB vulnerability comprises at least one source: WEB sites and published vulnerability databases, interactive community websites, news portal.

[0014] 在本发明的一个优选实施例中,在所述方法中,所述重现所述WEB漏洞进一步包括利用虚拟机和相关程序构建靶场环境来重新所述WEB漏洞。 [0014] In a preferred embodiment of the present invention, in the method, the reproducing using the WEB vulnerability further comprising a virtual machine environment and the procedures to re-build the WEB Range vulnerabilities.

[0015] 在本发明的一个优选实施例中,在所述方法中,所述分析所述WEB漏洞进一步包括根据所述WEB漏洞触发点通过源代码审计技术、分析参数传递过程来获取所述WEB漏洞的根源和所述WEB的形成原理。 [0015] In a preferred embodiment of the present invention, in the method, said analyzing comprising the further vulnerability WEB trigger points through the source code audit according to the WEB technology vulnerability analysis parameters to obtain the transfer process WEB the root causes of vulnerability and the formation of the principles of the WEB.

[0016] 在本发明的一个优选实施例中,在所述方法中,所述利用所述WEB漏洞进一步包括生成概念验证P0C程序来实现WEB漏洞利用。 [0016] In a preferred embodiment of the present invention, in the method, the utilization of the WEB vulnerability P0C further comprising generating a proof of concept exploit program to implement the WEB.

[0017] 在本发明的一个优选实施例中,在所述方法中,WEB漏洞利用包括以下至少一个: 读取数据库内容、读取文件内容、上传后门、代码执行。 [0017] In a preferred embodiment of the present invention, in the method, WEB exploit comprises at least one of: reading the contents of the database, read the file, uploads the back door code execution.

[0018] 在本发明的一个优选实施例中,在所述方法中,所述防护WEB漏洞进一步包括以下至少一个:形成对所述WEB漏洞的根源的描述、生成针对所述WEB漏洞的修复方案、生成针对所述WEB漏洞的检测方法、生成针对所述WEB漏洞的防御方法。 It described the formation of roots vulnerability WEB, WEB generating a repair scheme for the vulnerability: [0018] embodiment, in the method, the guard WEB vulnerability further comprises at least one of a preferred embodiment of the present invention. generating method for detecting the vulnerability WEB, WEB for the method of generating a defensive vulnerability.

[0019] 在本发明的一个优选实施例中,所述方法进一步包括将针对所述WEB漏洞的检测方法转换为用于安全扫描器的扫描规则、将针对所述WEB漏洞的防御方法转换为用于安全防火墙的防御规则。 [0019] In a preferred embodiment of the present invention, the method further comprises converting the rules for the security scanner to scan for the WEB vulnerability detection method, the method of converting the defense against vulnerability to a WEB in defense security firewall rules.

[0020] 在本发明的第二方面中,提供一种用于防护WEB漏洞的设备。 [0020] In a second aspect of the present invention, there is provided an apparatus for shielding WEB vulnerability. 所述设备包括:收集装置,用于收集WEB漏洞;重现装置,用于重现所述WEB漏洞;分析装置,用于分析所述WEB 漏洞;利用装置,用于基于重现和分析所述WEB漏洞的结果来利用所述WEB漏洞;防护装置,用于基于重现、分析和利用所述WEB漏洞的结果来防护WEB漏洞。 Said apparatus comprising: collection means for collecting WEB vulnerabilities; reproducing means for reproducing the WEB vulnerabilities; analyzing means for analyzing the WEB vulnerabilities; using means for reproducing and based on the analysis results WEB WEB using the vulnerability to the vulnerability; protection means for protection WEB reproduce the vulnerability, and using the results of the analysis based on the vulnerability WEB.

[0021] 在本发明的一个优选实施例中,所述设备进一步包括筛选装置,用于在收集所述WEB漏洞之后基于筛选标准对所收集的所述WEB漏洞进行筛选。 [0021] In a preferred embodiment of the present invention, the apparatus further comprising screening means for the collected vulnerability to filter the WEB-based screening criteria after collecting the WEB vulnerability.

[0022] 在本发明的一个优选实施例中,在所述设备中,所述筛选标准包括以下至少一个: 所述WEB漏洞的新旧程度、所述WEB漏洞的影响范围、利用所述WEB漏洞的难易程度、所述WEB漏洞的危害程度。 [0022] In a preferred embodiment of the present invention, in the device, the screening criteria comprises at least one of: a Condition, the scope of the vulnerability of the WEB vulnerability WEB, WEB using the vulnerability the degree of difficulty, the degree of harm WEB vulnerability.

[0023] 在本发明的一个优选实施例中,在所述设备中,所述收集装置进一步包括网络收集装置,用于通过网络从WEB漏洞源收集所述WEB漏洞。 [0023] In a preferred embodiment of the present invention, in the apparatus, the collecting means further comprises a network collecting means for collecting the vulnerability source WEB WEB through the network vulnerability.

[0024] 在本发明的一个优选实施例中,在所述设备中,所述WEB漏洞源包括以下至少一个:WEB漏洞公布网站和数据库、社区交互网站、新闻门户网站。 [0024] In a preferred embodiment of the present invention, in the device, the WEB vulnerability comprises at least one source: WEB sites and published vulnerability databases, interactive community websites, news portal.

[0025] 在本发明的一个优选实施例中,在所述设备中,所述重现装置进一步包括构建装置,用于利用虚拟机和相关程序构建靶场环境来重现所述WEB漏洞。 [0025] In a preferred embodiment of the present invention, in the apparatus, the reproducing apparatus further comprising means constructed, utilizing procedures and constructs a virtual machine environment to reproduce the WEB Range vulnerabilities.

[0026] 在本发明的一个优选实施例中,在所述设备中,所述分析装置进一步包括审计装置,用于根据所述WEB漏洞触发点通过源代码审计技术、分析参数传递过程来获取所述WEB 漏洞的根源和所述WEB的形成原理。 [0026] In a preferred embodiment of the present invention, in the apparatus, the analyzing means further comprises auditing means for trigger points from source audit techniques, based on the analysis parameter transfer process to acquire the WEB vulnerability WEB vulnerability described root of the principles and form of the WEB.

[0027] 在本发明的一个优选实施例中,在所述设备中,所述利用装置进一步包括生成装置,用于生成概念验证P0C程序来实现WEB漏洞利用。 [0027] In a preferred embodiment of the present invention, in the device, using the generating means further comprises means for generating a program to implement the concept of verification P0C WEB exploits.

[0028] 在本发明的一个优选实施例中,在所述设备中,所述WEB漏洞利用包括以下至少一个:读取数据库内容、读取文件内容、上传后门、代码执行。 [0028] In a preferred embodiment of the present invention, in the device, the WEB exploit comprises at least one of: reading the contents of the database, read the file, uploads the back door code execution.

[0029] 在本发明的一个优选实施例中,在所述设备中,所述防护装置进一步包括以下至少一个:形成装置,用于形成对所述WEB漏洞的根源的描述;修复方案生成装置,用于生成针对所述WEB漏洞的修复方案;检测方法生成装置,生成针对所述WEB漏洞的检测方法;防御方法生成装置,用于生成针对所述WEB漏洞的防御方法。 [0029] In a preferred embodiment of the present invention, in the device, the shielding means further comprises at least one of: forming means for forming the root of the WEB described vulnerability; a repair plan generating means, for generating a repair scheme for the WEB vulnerability; detection method generating means generates a detection method for the WEB loopholes; defensive approach generating means for generating a defense method for the WEB vulnerability.

[0030] 在本发明的一个优选实施例中,所述设备进一步包括转换装置,用于将针对所述WEB漏洞的检测方法转换为用于安全扫描器的扫描规则、将针对所述WEB漏洞的防御方法转换为用于安全防火墙的防御规则。 [0030] In a preferred embodiment of the present invention, the apparatus further comprises a conversion means for converting the scanner to scan the security rules for the method for detecting the WEB vulnerability, the vulnerability for the WEB defensive approach to defense conversion rules for secure firewall.

[0031] 从以上本发明的各个方面可以看出,根据本发明的方法和设备相对于现有技术具有以下优势: 根据本发明的用于防护WEB漏洞的方法和设备实现了对WEB漏洞的直观重现和本质分析,提供了修复方案,并为WEB安全扫描器和WEB安全防火墙提供了规则,极大的提高了扫描和防御的及时性和准确性。 [0031] As can be seen from the above aspects of the present invention, the prior art has the advantage that the method and apparatus of the invention with respect to: achieve intuitive WEB vulnerability of the method and apparatus for protection of the present invention WEB vulnerability reproduce and analyze the nature, it provides a rehabilitation program, and provides rules for the WEB and WEB security firewall security scanner, which greatly improves the timeliness and accuracy of scanning and defense. 并且,在根据本发明的方法和设备中,对于WEB漏洞的分析更加透彻,能够指出漏洞产生的根源所在,分析出漏洞触发的整个过程;通过深入详细的漏洞分析,可以方便的给出针对性的修复方案、扫描方法以及防御方法,由此极大地增强了WEB 安全性。 Further, in the method and apparatus according to the present invention, for a more thorough analysis WEB vulnerability, the vulnerability can be produced roots where noted, an analysis of the entire process triggered vulnerabilities; detailed vulnerability analysis depth can be easily given targeted the rehabilitation program, scan methods and defense methods, thereby greatly enhancing the WEB security.

附图说明 BRIEF DESCRIPTION

[0032] 下面参考结合附图所进行的下列描述,以便更透彻地理解本公开内容,在附图中: 图1是根据本发明实施例的用于防护WEB漏洞的方法的流程图。 [0032] Next, with reference to the following description taken in conjunction with the accompanying drawings in order to more thorough understanding of the present disclosure, in which: FIG. 1 is a flowchart of a method for protecting WEB vulnerabilities according to embodiments of the present invention.

[0033] 图2是详细示出了利用WEB漏洞重现、WEB漏洞分析和WEB漏洞利用的结果来进行WEB漏洞防护的框图。 [0033] FIG. 2 is a detailed diagram illustrating vulnerabilities reproduced using WEB, WEB WEB vulnerability analysis results and to exploit vulnerabilities block diagram WEB protection.

[0034] 图3是根据本发明实施例的用于防护WEB漏洞的设备的框图。 [0034] FIG. 3 is a block diagram of a device for protection WEB vulnerability embodiment of the present invention.

具体实施方式 Detailed ways

[0035] 下面将详细描述本发明的具体实施例,在附图中示出了本发明的实施例。 [0035] Specific embodiments of the present invention will be described in detail below, shown in the drawings an embodiment of the present invention. 然而,可以以许多不同形式来体现本发明,并且不应将其理解为局限于本文阐述的实施例。 However, it may be embodied in many different forms according to the present invention, and should not be construed as limited to the embodiments set forth herein. 相反,提供这些实施例使得本公开将是透彻和完整的,并将向本领域的技术人员全面传达本发明的范围。 Instead, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. 相同的附图标记自始至终指示相同的元素。 The same reference numerals indicate like elements throughout.

[0036] 应理解的是,虽然术语"第一"、"第二"等在本文中可以用来描述各种元素,但这些元素不应受到这些术语的限制。 [0036] It should be understood that, although the terms "first", "second", etc. may be used herein to describe various elements, these elements should not be limited by these terms. 这些术语仅用来将一个元素与另一个区别开。 These terms are only used to distinguish one element from another.

[0037] 本文所使用的术语仅仅是出于描述特定实施例的目的,并且并不意图限制本发明。 [0037] The terminology used herein is for the purpose of describing particular embodiments, and is not intended to limit the present invention. 除非上下文明确指明,本文所使用的单数形式"一个"、"一种"和"该"意图也包括复数形式。 Unless the context clearly dictates otherwise, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms. 还应理解的是当在本文中使用时,术语"包括"和/或"包含"指定所述特征、整体、 步骤、操作、元素和/或组件的存在,但是不排除一个或多个其他特征、整体、步骤、操作、元素、组件和/或其群组的存在或添加。 It should also be understood that when used herein, the term "comprising" and / or "comprising" specify the features, integers, steps, operations, elements and / or components, but do not preclude one or more other features , integers, steps, operations, elements, components, and / or groups thereof or addition.

[0038] 除非另外定义,本文所使用的所有术语(包括技术和科学术语)具有与本发明所属领域的普通技术人员一般理解的相同的意义。 [0038] Unless otherwise defined, all terms used herein (including technical and scientific terms) used herein have the same meaning as of ordinary skill in the art of the present invention generally understood. 还应理解的是应将本文所使用的术语解释为具有与其在本说明书和相关领域的上下文中的意义一致的意义,并且不应以理想化或过度形式化的意义来进行解释,除非在本文中明确地这样定义。 It should also be understood that the terminology used herein should be interpreted as having a meaning consistent with their meaning in the context of the present specification and relevant art and should not be interpreted in an idealized or overly formal sense be interpreted, unless herein expressly so defined.

[0039] 在以下描述中,除非明确指出,术语"WEB漏洞"和"漏洞"可以互换使用,它们都表示WEB漏洞这个含义。 [0039] In the following description, unless specifically indicated, the term "WEB loopholes" and "holes" can be used interchangeably, they have expressed WEB loopholes that meaning.

[0040] 下面结合附图对本发明的实施例进行描述。 [0040] The following embodiments in conjunction with the accompanying drawings of embodiments of the present invention will be described.

[0041] 在附图1中,示出根据本发明实施例的用于防护WEB漏洞的方法的流程图。 [0041] In Figure 1, a method for protecting a flowchart illustrating a WEB vulnerability embodiment of the present invention.

[0042] 在该流程图中,步骤S101是收集WEB漏洞的步骤。 [0042] In this flowchart, step S101 is a step of collecting WEB vulnerability. 对WEB漏洞的收集是实现整个WEB漏洞防护方法的基础。 Collection of WEB vulnerabilities is the foundation of the entire WEB vulnerability protection methods. 只有掌握了WEB漏洞的整体情况,才能有针对性的进行防护。 Only grasp the overall situation WEB vulnerability, can be targeted for protection. 收集过程本身就是对WEB漏洞流行的内在规律进行了解的过程。 Collection process itself is popular WEB vulnerabilities inherent laws to understand the process. 例如,在根据本发明的收集过程中,发现某种漏洞的数量近期突然呈现爆炸式增长,那么就此可以得出近期需要重点防护该种漏洞且产生该种漏洞的条件可能最近被披露或被发现、甚至于得到WEB漏洞发展的某种宏观趋势的结论。 For example, in the collection process according to the invention, a certain number of vulnerabilities found in the recent sudden explosive growth, then this can be drawn near future need to focus on this kind of protection and vulnerability generated This kind of vulnerability could be disclosed or discovered recently and even get WEB development loopholes in some macro trends conclusion. 这个结论看似简单,但是可以为后续步骤给出指导性方向。 This conclusion may seem simple, but can give guidance direction for the next steps. 所以收集WEB漏洞的步骤非常重要。 So step of collecting WEB vulnerability is very important.

[0043] 根据本发明,收集WEB漏洞可以采用自动方式和人工方式。 [0043] According to the present invention, vulnerability WEB collected manually and the automatic mode can be employed. 在采取自动方式时,可以利用WEB漏洞自动收集程序、基于WEB漏洞特征库来从可以获得或者检测到漏洞的各种漏洞源来收集漏洞。 In taking the automatic mode, you may be utilized to automatically vulnerabilities collector WEB, WEB-based vulnerability various signatures to detect or can be obtained from the vulnerability to the vulnerability collected vulnerability sources. 自动收集程序可以利用内建的收集模型(例如,斯坦福大学提出的对象交换模型)来收集WEB漏洞。 Automatic collection procedures can take advantage of the built-in collection model (for example, Stanford University raised Object Exchange Model) to collect WEB vulnerabilities. 自动收集方式毫无疑问是高效率和准确的,采用自动收集方式可以应对大的漏洞收集工作量,所以一般而言对于WEB漏洞的收集都采用自动收集方式。 Automatic collection methods is undoubtedly efficient and accurate, automatic collection methods can cope with big loophole collection effort, so in general for collecting WEB vulnerabilities are automatic collection methods.

[0044] 然而,自动收集方式也有可能存在某些缺点,例如程序有可能不能有针对性地收集某类漏洞,对新漏洞的出现情况无法了解等等。 [0044] However, the automatic collection methods There could also be some disadvantages, such programs may not be targeted to collect certain types of vulnerabilities, the situation appears to new vulnerabilities can not understand, and so on. 这时候就可以采用人工收集的方式,而且人工收集可以更加灵活地应对漏洞发生情况。 This time we can by way of manual collection, and manual collection can more flexibly respond to the incidence of vulnerability. 例如,在对某类突然爆发的漏洞初步分析后, 有针对性的收集某个或某些漏洞来进一步分析,而不是像自动收集程序那样不予区分地无差别收集。 For example, after a preliminary analysis of certain sudden outbreak of vulnerability, or targeted to collect a certain vulnerability to further analysis, rather than not distinguish as to automatically collect non-discriminatory procedures to collect. 这在某些情况下无疑也可以提高漏洞收集的效率、及时性和准确性。 In some cases this can be no doubt improve the efficiency of loopholes to collect, timeliness and accuracy.

[0045] 在一个实施例中,在收集WEB漏洞之后或者在收集WEB漏洞过程之中,还可以包括基于筛选标准对所收集的WEB漏洞进行筛选的步骤。 [0045] In one embodiment, after collection in the collection or vulnerability WEB WEB vulnerability process may further comprise the collected vulnerability WEB screening step based on screening criteria. 这一筛选步骤也可以采用自动方式和人工方式。 This screening step automatic mode and manual mode can also be used. 添加筛选所收集的WEB漏洞的步骤具有的最重要优点就是加强针对性。 Add WEB vulnerability screening procedure has collected the most important advantage is to strengthen targeted. 因为对一些WEB应用的开发者和网站管理员而言,防护最近流行程度高、危害程度严重的WEB漏洞显然要比仅仅是常规地防护一些常见的WEB漏洞更加重要。 Because some developers and webmasters WEB applications, the high prevalence of protection recently, the extent of serious harm WEB vulnerability is clearly better than just routinely protect some common vulnerability WEB more important.

[0046] 因此,在一个实施例中,在筛选过程中,筛选标准可以包括以下至少一个:WEB漏洞的新旧程度、WEB漏洞的影响范围、利用WEB漏洞的难易程度、WEB漏洞的危害程度。 [0046] Thus, in one embodiment, the screening process, the screening criteria may include at least one of: the vulnerability Condition WEB, WEB scope vulnerability, the vulnerability of the ease of use of WEB, WEB harmful levels of vulnerability.

[0047] 很显然,在同一类WEB漏洞中,新产生的WEB漏洞往往要比之前产生的WEB漏洞更具有分析价值,也更需要防护。 [0047] It is clear that in the same class WEB vulnerability, the newly created WEB loopholes often produced more than before WEB vulnerability analysis value, also need protection. 所以在筛选时,可以按照WEB漏洞的新旧程度来进行筛选。 Therefore, screening, screening can be carried out in accordance with Condition WEB vulnerability. 当然,也许很久以前的WEB漏洞在新的环境中产生了新的危害,那么它对于分析程序和人员来说也可能具有比新产生的WEB漏洞更大的价值,那么也可以将其筛选出来。 Of course, perhaps a long time ago WEB loopholes in the new environment produced a new hazard, then it may have more than WEB loopholes in the newly created value for analytical procedures and personnel, it is also possible to filter it out. 总而言之, 可以将WEB漏洞的新旧程度作为筛选标准之一而加以利用。 All in all, you can recency WEB vulnerability as one of the screening criteria to be used. 类似地,利用筛选标准-WEB漏洞的影响范围可以筛选出不同影响范围的WEB漏洞。 Similarly, the use of screening criteria -WEB scope of the vulnerability can filter out different scope of WEB vulnerabilities. 例如,对全球产生影响、只影响国内、 甚至只影响某个局域网或某个WEB应用等。 For example, the impact on the global, affects only domestic, and even affect only a local area network or a WEB application. 同样,筛选标准-利用WEB漏洞的难易程度可以筛选出利用难易程度不同的WEB漏洞。 Similarly, the screening criteria - ease of use WEB vulnerabilities can be screened using different degrees of difficulty WEB vulnerability. 例如,某些WEB漏洞更容易被利用,那么就可以优先加以分析和防护,而不易利用的WEB漏洞就可以放在后面再行分析。 For example, certain WEB vulnerability more easily utilized, then it can be analyzed and protection priorities, and difficult to use the WEB vulnerabilities can be placed behind the re-analysis. 此外,较为重要的筛选标准就是WEB漏洞的危害程度。 In addition, the more important selection criteria is the degree of harm WEB vulnerability. 这一筛选标准可以筛选出危害程度不同的WEB漏洞。 The screening criteria can filter out harmful levels of different WEB vulnerability. 例如,仅仅破坏某个WEB应用的WEB漏洞显然要比动辄就破坏整个系统、甚至于破坏整个网络的WEB漏洞危害程度低。 For example, only the destruction of a WEB application vulnerabilities is clearly better than WEB prone to destroy the entire system, even destroy low hazard degree WEB loopholes in the entire network.

[0048] 通过使用上述这些筛选标准来收集或者指导后续的分析步骤,可以使WEB漏洞防护方法以某种优先级来分析处理符合不同标准的WEB漏洞,进而实现高效、准确的WEB漏洞防护。 [0048] By using the above-described screening criteria or collected for subsequent analysis step guide, WEB vulnerability protection methods can in some priority WEB vulnerability analysis process conforming to different standards, thus achieving efficient and accurate WEB vulnerability protection.

[0049] 在一个实施例中,在收集方式上,自动收集程序和人工收集都可以通过网络从WEB 漏洞源收集所述WEB漏洞。 [0049] In one embodiment, on a collection mode, automatic collection procedures and vulnerabilities can be collected manually collect the source WEB WEB through the network vulnerability. 但是这两种收集方式也可以使用其他途径来收集漏洞。 However, the two collection methods can also be collected using loopholes in other ways. 例如, 负责人工收集的人员可以听取或者阅读某些WEB漏洞描述来实现对WEB漏洞的收集,在这种情况下可以使用各种通信交流手段来收集WEB漏洞。 For example, a person responsible for manually collected can listen to or read some WEB vulnerability described to achieve the collection of WEB vulnerabilities, in which case you can use a variety of communication means of communication to gather WEB vulnerabilities.

[0050] 然而,在一个实施例中,通过网络来收集WEB漏洞显然是一种高效的方式,而且网络上的WEB漏洞源也更加丰富和准确。 [0050] However, in one embodiment, the collected network vulnerabilities by WEB obviously in an efficient manner, and the source on the network vulnerability WEB more abundant and accurate. WEB漏洞源可以包括以下至少一个:WEB漏洞公布网站和数据库、社区交互网站、新闻门户网站。 WEB vulnerabilities source may include at least one of the following: WEB vulnerability publish websites and databases, interactive community websites, news portals. 例如,漏洞收集人员或者自动收集程序可以浏览、搜索WEB漏洞发布网站和数据库,其包括但不限于国家信息安全漏洞共享平台1胃. cnvd. org. cn、中国国家信息安全漏洞库-WWW. cnnvd. org. cn、著名的乌云网站-www. wooyun. org、www. securityfocus. com、www. exploit-db. com 等。 For example, vulnerability collectors or automatic collection procedures can browse, search for loopholes WEB publishing sites and databases, including but not limited to, the national information security vulnerabilities sharing platform 1 stomach. Cnvd. Org. Cn, China Information Security National Vulnerability Database -WWW. Cnnvd . org. cn, clouds famous sites -www. wooyun. org, www. securityfocus. com, www. exploit-db. com and so on. 漏洞收集人员或者自动收集程序还可以通过新浪微博、腾讯微博、twitter等社交网站来收集WEB漏洞。 Vulnerability collectors or automatic collection procedures also can be collected WEB vulnerability by Sina Weibo, Tencent Weibo, twitter and other social networking sites. 甚至还可以通过一些新闻门户网站(例如,www. sohu. com、www. 163. com等)、任意其他网上站点、甚至于一些独立的服务器来收集WEB漏洞。 Even by some of the news portal (for example, www. Sohu. Com, www. 163. com, etc.), any other Web sites, and even some independent WEB server to collect vulnerability.

[0051] 在一个实施例中,在从这些漏洞源收集WEB漏洞的过程中,可以采用SQL语言查询漏洞数据库的方式、可以采取解析XML语言获取其中数据的方式、可以采取网络爬虫的方式、甚至于可以采取人工阅读某些信息的方式来收集WEB漏洞。 [0051] In one embodiment, the process of collecting WEB vulnerability from these vulnerabilities sources, can be used the way SQL language queries vulnerability database, you can take parse XML languages ​​acquired the manner in which data can take web crawler way, even to read can take some artificial way to collect information WEB vulnerabilities. 总而言之,可以采用一切获取信息的手段来收集WEB漏洞。 All in all, we can use all means of access to information collected WEB vulnerabilities.

[0052] 在完成了收集WEB漏洞的步骤之后,就要对所收集的WEB漏洞进行重现。 [0052] After completing the step of collecting WEB vulnerability, it is necessary to collect WEB vulnerability to reproduce. 如图1 中的步骤S102所示。 Step 1 shown in FIG S102. 在一个实施例中,重现WEB漏洞可以包括利用虚拟机和相关程序构建靶场环境来重现所述WEB漏洞。 In one embodiment, the vulnerability may comprise WEB reproduced using a virtual machine environment and the procedures to reproduce the build Range WEB vulnerability. 重现WEB漏洞的意义在于可以弄清和复查触发该WEB漏洞的各种条件,其包括WEB漏洞的产生环境和直接触发条件。 WEB reproduce the vulnerability of significance is that it can trigger a variety of conditions to ascertain and review the WEB vulnerabilities, including vulnerabilities and produce environmental WEB direct trigger conditions.

[0053] 为了重现WEB漏洞,需要搭建靶场环境,通常为虚拟机环境。 [0053] In order to reproduce WEB loopholes need to build a shooting range environment, usually a virtual machine environment. 可以参考漏洞公布信息,针对不同的WEB漏洞,在靶场环境中使用特定的WEB服务器操作系统、WEB容器、WEB语言、数据库、WEB应用、WEB框架、WEB插件或者WEB浏览器。 Reference vulnerability can publish information for different WEB vulnerability, use a specific WEB server operating system environments on the range, WEB container, WEB language, database, WEB application, WEB framework, WEB browser plug-ins or WEB. 最后可以再次参考漏洞公布信息,构建漏洞触发的特定条件,重现该WEB漏洞。 Finally, you can refer to again publish vulnerability information, to build a specific trigger conditions of vulnerability, WEB reproduce the vulnerability. 在搭建靶场环境的过程中,要特别注意的是需要使用存在漏洞的版本,并且确保其没有被打补丁。 During the shooting range built environment, paying particular attention to is the need to use vulnerable versions, and ensure that it has not been patched. 若根据漏洞公布信息中的方法来重现漏洞没有成功,则可以考虑该漏洞的触发是否依赖于其他特定的条件。 If there is no success to reproduce the vulnerability according to the vulnerability of the information published method, consider whether to trigger the vulnerability it depends on other specific conditions.

[0054] 针对每个WEB安全漏洞,例如可以创建一个vmware虚拟机,在该虚拟机中安装触发该漏洞所需要的各特定的操作系统和WEB程序。 [0054] For each WEB security vulnerabilities, for example, you can create a vmware virtual machine, install trigger each specific operating system vulnerabilities and WEB program that required in the virtual machine. 例如,操作系统(windows、linux等)、 WEB 容器(iis、apache、tomcat 等)、WEB 语言(asp、php、jsp 等)、数据库(mysql、oracle、 mssql 等)、WEB 应用(Discuz、Wordpress 等)、WEB 框架(django、thinkphp 等)、WEB 插件(Buddypress、TimThumb 等)、WEB 浏览器(IE、firefox、chrome 等)。 For example, the operating system (windows, linux, etc.), WEB container (iis, apache, tomcat, etc.), WEB language (asp, php, jsp, etc.), database (mysql, oracle, mssql etc.), WEB application (Discuz, Wordpress, etc. ), WEB frame (django, thinkphp etc.), WEB plug (Buddypress, TimThumb etc.), WEB browser (IE, firefox, chrome, etc.).

[0055] 在搭建靶场环境的基础上,参考漏洞发布信息,获取触发该漏洞所需要的特定条件和触发流程,例如访问某个url,或者上传某个文件等。 [0055] On the basis of the built environment range, reference the vulnerabilities announced information, access to trigger the vulnerability specific conditions needed to trigger processes and, for example, access to a url, or upload a file and so on. 结合vmware虚拟机和漏洞触发条件,我们可以重现该WEB漏洞。 Combined with vmware virtual machine and loopholes trigger conditions, we can reproduce the WEB vulnerability.

[0056] 例如,在从网上收集了公布的一个针对Discuz论坛程序(版本2. 0)的SQL注入漏洞之后如下重现该漏洞。 [0056] For example, after the publication of a collection for injection Discuz Forum program (version 2.0) of the SQL vulnerability from the Internet as follows reproduce the vulnerability. 首先新建一个vmware虚拟机,在该虚拟机中安装linux操作系统、 apache服务器、php语言、mysql数据库、Discuz论坛程序(版本2. 0,未打补丁)。 First create a new vmware virtual machine, install the linux operating system in the virtual machine, apache server, php language, mysql database, Discuz Forum program (version 2.0, unpatched). 安装完成之后,执行使用任意浏览器访问这个Discuz论坛的一个特定url的操作,该操作的结果是显示出该论坛数据库的内容。 After the installation is complete, a specific url is performed using any browser to access this Discuz forum of operation, the result of this operation is to show the contents of the forum database. 这就实现了该SQL注入漏洞的重现。 This enables to reproduce the SQL injection vulnerability.

[0057] 在重现WEB漏洞的步骤中,可以得知WEB漏洞的触发点,进而进入漏洞WEB漏洞的分析步骤。 [0057] In step WEB reproduce the vulnerability, the vulnerability can be learned WEB trigger point, and then step into the analysis of vulnerability WEB vulnerability. 如图1中的步骤S103所示。 Step 1 shown in FIG S103. 漏洞分析环节是整个WEB漏洞防护方法的核心步骤。 Vulnerability analysis is a key step in the overall link protection method of WEB vulnerabilities. 通过该WEB漏洞分析环节,可以获得WEB漏洞的产生根源。 WEB by the analysis part of the root causes of vulnerability, the vulnerability can be obtained WEB. 漏洞重现步骤仅仅重现了WEB漏洞的表面现象,但是漏洞分析步骤是一个由表到里进行分析的步骤,是一个追根究底、推本溯源的步骤。 Steps to reproduce the vulnerability reproduce only superficial WEB vulnerability, but vulnerability analysis step is a step in the analysis carried out by the table, and get to the bottom is a step backwards to push.

[0058] 在一个实施例中,分析WEB漏洞可以包括根据WEB漏洞触发点通过源代码审计技术、分析参数传递过程来获取所述WEB漏洞的根源和所述WEB的形成原理。 [0058] In one embodiment, the WEB vulnerability analysis may include trigger points through the source code audit technology according WEB vulnerability analysis parameter transfer process to obtain the root of the WEB formed principles and vulnerability of the WEB. 一般而言,漏洞分析方法一般可以包括补丁对比、端点调试、程序关联关系、数据传递跟踪、程序流程跟踪等等。 In general, vulnerability analysis methods generally include patch contrast, the endpoint debugging, program associate relations, data transfer tracking, tracing program flow and so on. WEB漏洞的根源可以包括输入未验证、输出未验证、权限未验证、逻辑错误等等。 WEB root causes of vulnerability can not include input validation, output is not verified, not verified permissions, logic errors, and so on.

[0059] 例如,在这个WEB漏洞分析步骤中,可以在源码层次上对WEB漏洞进行分析:若有官方补丁发布,则可以对比补丁,定位到漏洞点,并根据数据传递流程和程序执行流程,找到漏洞的触发点;若没有官方补丁,参考漏洞公布的相关信息,分析程序间的文件关联关系,追踪程序的执行流程和数据的传递过程,结合给程序下断点进行调试的方法,找出漏洞的根源所在,并说明在何种条件下,程序在何种运行流程时,会导致漏洞的触发。 [0059] For example, in this WEB vulnerability analysis step, it can be analyzed WEB loopholes in the source code level: If the official patch is released, you can compare the patch, navigate to points of vulnerability, and pass execution flow processes and procedures based on the data, find the trigger point of vulnerability; if there is no official patch vulnerabilities published reference information, execution flow and data transfer process file association relationship between the analytical procedures, follow-up procedures, combined with the method of debugging to break under the program to find where the root causes of vulnerability, and explains the conditions under which the program runs in the process which will lead to trigger the vulnerability.

[0060] 以下面的WEB漏洞分析示例来进行进一步的说明。 [0060] In the following exemplary vulnerability analysis WEB be further described. 仍就某个针对Discuz论坛程序(版本2.0)的SQL注入漏洞进行说明。 Still it is described for an injection Discuz Forum program (version 2.0) of SQL vulnerabilities. 该漏洞触发点是访问某个特定url。 The trigger point is the vulnerability to access a specific url. 我们针对版本2. 0的Discuz论坛程序进行源代码审计,分析该特定url中的特殊输入参数,分析过程接收该参数后,如何经过多次的参数传递和参数处理流程,将用户的输入放进SQL查询语句中, 并将SQL查询语句的结果展现在输出页面上。 We Discuz Forum program for version 2.0 source code audit, analysis of special input parameters of the particular url, after receiving the analysis parameters, and how to pass parameters through multiple parameters of the process flow, the user's input into SQL queries, and the SQL query results to show on the output page. 至此,输出页面上呈现的结果提供了漏洞根源所在以及漏洞形成原理。 So far, results are presented on the output page provides root cause of vulnerability and vulnerability forming principle.

[0061] 在进行了上述的漏洞分析和漏洞重现步骤之后,基于重现和分析WEB漏洞的结果来利用所述漏洞。 After [0061] After completing the above vulnerabilities vulnerability analysis and reproducing step of reproducing and based on the results analyzed using the WEB vulnerability to the vulnerability. 如图1的步骤S104所示。 As shown in Step 1 S104. 具体而言,漏洞利用步骤可以在得到WEB漏洞根源的所在以及该WEB漏洞的触发流程的基础上,具体且详细地利用某种手段来更透彻地分析漏洞,也即漏洞利用步骤是更深入了解WEB漏洞的一个必不可少的步骤。 Specifically, the step can exploit vulnerabilities on the basis of WEB get the root of where and trigger the process of vulnerability on the WEB, and the use of specific detail some means to a more thorough analysis of vulnerability, that exploits step is to better understand the WEB vulnerability of a step essential. 利用WEB漏洞的目的在于更进一步地了解该WEB漏洞的运行原理,验证在分析步骤中得到的漏洞根源是否正确以及其危害程度的大小,从而可以更有针对性地来进行防护。 WEB exploit vulnerabilities aims to further understanding of the operating principle of the WEB vulnerability, verify the root causes of vulnerability obtained in the analysis step is correct and that the harm degree of size, which can be more targeted for protection.

[0062] 在一个实施例中,利用WEB漏洞的步骤可以包括生成概念验证P0C程序来实现WEB 漏洞利用。 Step [0062] In one embodiment, the use of WEB vulnerabilities may include generating P0C proof of concept exploit program to implement the WEB. POC (Proof of Concept)程序、即P0C验证程序的主要功能就是针对漏洞的形成原理和触发方法来进行程序验证,从而在重现WEB漏洞的靶场环境中利用分析结果真实具体地看到该漏洞产生的结果和可能产生的危害。 POC (Proof of Concept) program, that is the main function of P0C verification program is aimed at forming principle vulnerability and trigger approach to program verification, in order to reproduce in Range WEB vulnerabilities in real use the results produced specifically to see the vulnerability results and hazards that may arise. 简言之,就是针对特定的漏洞原理,编写特定的P0C程序,实现特定的目标。 In short, the principle of specific vulnerabilities, write specific P0C program, to achieve a particular goal.

[0063] 在一个实施例中,WEB漏洞利用可以包括以下至少一个:读取数据库内容、读取文件内容、上传后门、代码执行等。 [0063] In one embodiment, WEB exploit may comprise at least one of the following: read the contents of the database, read the file, uploads the back door, the code execution. 这些手段通常都是用于针对WEB漏洞进行攻击的手段。 These tools are usually used means of attacking WEB loopholes. 换言之,就是恶意攻击者利用WEB漏洞所能实现的功能。 In other words, a malicious attacker exploit the vulnerability WEB function can be achieved. 所以,只有通过P0C程序实现了这些针对WEB漏洞的既定目标,才能具体且真实地了解该漏洞的内部实现细节或方法,从而为防护提供多方面的信息。 Therefore, the program can only be achieved through P0C these stated objectives for the WEB vulnerability to specific and realistic understanding of the vulnerability of internal implementation details or methods, to provide a wide range of information protection.

[0064] 现仍以上述论坛SQL注入漏洞来简要解释WEB漏洞利用的过程。 [0064] now still above the Forum SQL injection vulnerability to briefly explain the process WEB exploits. 例如,针对该SQL 注入漏洞,编写P0C程序。 For example, the injection vulnerability against SQL, write P0C program. 结合Vmware虚拟机的靶场环境,利用P0C程序可以获取该网站的数据库内容。 Range combination Vmware virtual machine environment, the use of P0C program can access the database content to the site. 针对代码执行漏洞,编写P0C程序。 For code execution vulnerability, write P0C program. 结合Vmware虚拟机的靶场环境,利用该P0C程序可以获取网站的Web she 11后门。 Range combination Vmware virtual machine environment, the use of the P0C program can access the site Web she 11 the back door.

[0065] 以上对WEB漏洞的重现、分析和利用目的都在于寻求对WEB漏洞的透彻理解,以便为防护该WEB漏洞提供必要的信息。 [0065] more than the reproduction of the WEB vulnerabilities, analyze and utilize the aim is to seek a thorough understanding of the WEB loopholes in order to provide the necessary information for the protection of the WEB vulnerability. 在掌握了这些信息之后,根据本发明的方法可以基于重现、分析和利用所述WEB漏洞的结果来防护WEB漏洞,如图1的步骤S105所示。 After this information in hand, the method according to the present invention may be based reproduce, and using the results of the analysis WEB WEB vulnerability to the vulnerability protection, as shown in step S105 of FIG 1.

[0066] 如图1所示的本发明的WEB漏洞防护方法,本领域技术人员应该理解,其中所示步骤的为示例性的,实际中也可以不按照所示顺序执行。 WEB vulnerability protection method of the present invention shown in [0066] Figure 1, those skilled in the art should be understood to be exemplary, in practice may not be performed in the order in which the steps shown in FIG. 或者,可以添加或者省略步骤。 Alternatively, steps may be added or omitted. 例如, 在已有WEB漏洞基础上执行本发明就可以省略收集步骤。 For example, the present invention is performed on the basis of the existing vulnerabilities WEB collecting step can be omitted.

[0067] 现在,将结合图2详细描述WEB漏洞的防护方法。 [0067] will now be described in detail in conjunction with the vulnerability WEB protection method of FIG. 图2是详细示出了利用WEB漏洞重现、WEB漏洞分析和WEB漏洞利用的结果来进行WEB漏洞防护的框图。 2 is a detailed diagram illustrating vulnerabilities reproduced using WEB, WEB WEB vulnerability analysis results and to exploit vulnerabilities block diagram WEB protection.

[0068] 在根据本发明的方法的实施例中并如图2所示,对WEB漏洞的方法200可以包括以下至少一个:如框201所示,形成对WEB漏洞的根源的描述、如框202所示,生成针对WEB 漏洞的修复方案、如框203所示,生成针对WEB漏洞的检测方案、如框204所示,生成针对WEB漏洞的防御方案。 Described as shown in block 201, is formed on the root of the WEB vulnerabilities, such as block 202: [0068], a method of WEB vulnerabilities 200 may include at least one 2 shown in the embodiment of the method of the present invention and FIG. as shown in, for generating a repair scheme WEB vulnerability, as shown in block 203, for generating a WEB vulnerability detection scheme, as shown in block 204, the program generates a defense against WEB vulnerability.

[0069] 上述这些WEB漏洞防护方面可以单独使用也可以组合使用,并且这些方面可以提供对WEB漏洞全方位的防护,S卩,为WEB漏洞的产生源头-开发人员开始一直到WEB漏洞的受害者-可能包括网站管理员(站长)、WEB应用人员等、直至为防护WEB漏洞的防火墙和扫描器提供全面的应对方案。 [0069] These WEB vulnerability protection aspects can be used alone or in combination, and these aspects can provide full protection against vulnerability WEB, S Jie, to generate a source of vulnerability WEB - WEB developers begin until the vulnerability of victims - may include webmaster (webmaster), WEB applications personnel, provide a full response until a solution for protection WEB vulnerability scanner and firewall. 这在现有技术的WEB漏洞防护方法中是没有的。 This WEB vulnerability protection prior art method is not. 因为现有技术的方法仅仅是对单个WEB漏洞的分析研究,且不能将WEB分析研究的成果应用于WEB漏洞的产生-传播-封堵的整个链条。 Because the prior art method of analysis is only a single WEB vulnerability, and can not be applied to analysis of the results generated WEB WEB loopholes - spread - closure of the entire chain. 根据本发明的方法因此相对于现有技术的方法具有防护全面、具有更好的及时性和准确性的优势。 Thus the prior art protection method according to a comprehensive method of the present invention has the advantage of better accuracy and timeliness.

[0070] 下面,具体地阐述这些防护步骤。 [0070] Next, these protective steps specifically illustrated. 之所以采用这四个防护方面,是因为可以为WEB 漏洞危害链条上的所有人员和程序提供全面的应对方案。 The reason why the use of these four aspects of protection, because they can provide a comprehensive response program for all staff and programs on the WEB loopholes harm the chain. 如图所示,其最终可以应用于WEB 开发人员210、网站站长、管理员220、WEB安全扫描器230以及WEB安全防火墙240。 As shown, which may eventually be applied to WEB developer 210, a webmaster, administrator 220, 230 and the security scanner WEB WEB security firewall 240. 本领域技术人员应该理解,该附图仅为示例性而非限制性的。 Those skilled in the art should be understood that the drawings are merely exemplary and not limiting. 并且,所产生的最终防护方案可以以各种形式提供给需要的各种人员或设备,而不限于图中所示的210至240这四个方面。 And, ultimately resulting protection programs may be provided in various forms to a variety of personnel or equipment required, without being limited to these four areas 210 to 240 shown in FIG.

[0071] 在经过WEB漏洞重现、分析和利用之后,对WEB漏洞的根源或触发流程等都有了很透彻的了解。 [0071] After WEB vulnerability to reproduce, analyze and utilize the root causes of vulnerability WEB or trigger processes and so have a very thorough understanding. 但是这些了解仅仅停留在程序运行结果方面,例如上述在网页上呈现的数据库内容、P0C程序的运行结果等。 But just stay in the understanding of these outcomes the program is running, such as the aforementioned database content presented on the page, the results P0C programs and so on. 而WEB开发人员对此可能并不了解,也就无法在程序设计和开发的阶段来预防WEB漏洞的形成。 The WEB developers may not understand this, it will not be able to prevent the formation of WEB loopholes in the program design and development stage. 所以,根据本发明的WEB漏洞防护方法在获得WEB 漏洞的根源等信息之后,可以形成对WEB漏洞的根源的各种有用描述。 Therefore, according to the method of the present invention WEB vulnerability protection after obtaining a vulnerability information WEB roots, may be formed of a variety of useful description of the root of WEB vulnerabilities. 这些描述所采用的方式包括但不限于:人员能够以自然阅读方式获取的自然语言描述方式、以各种格式形成的机器可读格式,例如XML语言形成的描述以及可以由WEB漏洞防护人员或机器可获得的任何其他描述方式。 The described embodiment employed include, but are not limited to: a natural language description of the embodiment will be able to obtain a natural way of reading machine-readable format formation in various formats, such as XML description language and can be formed by a machine or person protection WEB vulnerability available to any other descriptive way. 而且,提供这些描述的方式也可以多种多样。 Furthermore, these may be varied in the manner described. 例如,通过网页提供、通过各种通信软件或硬件以消息形式提供、以语音方式的自然语言提供以及以可以使人员或机器获得信息的任何其他方式提供。 For example, provided through the web, it is provided in the form of messages through various communication software or hardware is provided to a natural language voice mode and enables a person or machine to obtain any other means of information provided.

[0072] 这种描述显然可以使WEB开发者在设计开发WEB应用时,不要再犯类似的错误,也就是从源头防止了WEB漏洞的产生。 [0072] This description obviously can make WEB developers in the design and development of WEB applications, do not make similar mistakes, that is, from the source to prevent the generation of WEB vulnerabilities. 这种方式显然是效率最高的方式,也是本发明的优势之一。 This approach is clearly the most efficient way, it is also one of the advantages of the present invention. 而且这些根源描述也并非只有WEB开发者可以利用,任何程序或硬件的开发者都可以从中获取自己需要的信息以防止漏洞的发生。 And it is not only describe these causes WEB developers can use any program or hardware developers can derive the information they need to prevent vulnerabilities.

[0073] 其次,根据本发明的WEB漏洞防护方法可以形成生成针对WEB漏洞的修复方案。 [0073] Next, the method according to the present invention WEB vulnerability protection may generate a repair scheme for forming WEB vulnerability.

[0074] 当WEB漏洞开始在网络上蔓延时,各种防护软件有可能还未针对该漏洞进行更新。 [0074] When WEB loopholes began to spread on the network, all kinds of protective software may not have been updated for the vulnerability. 所以,在WEB漏洞发展的初期进行防护也具有重大意义。 So, for protection also significant in the early development of WEB vulnerabilities. 而在这种突然出现的威胁面前,各种网站的管理员、站长等往往束手无策。 In the face of this threat and the sudden appearance of a variety of site administrators, webmasters, etc. are often helpless. 因为他们对造成危害的WEB漏洞一无所知, 并且因此也就没有任何防护措施。 Because they cause harm WEB loopholes ignorant, and therefore there is no any protective measures. 然而,根据本发明的防护方法在WEB漏洞危害的初期阶段就可以提供针对该WEB漏洞的修复方案以便向受到危害的各种人员迅速提供支援,也有可能将WEB漏洞的危害性降至最低。 However, according to the protection method of the invention can provide rehabilitation program for the WEB loopholes in the early stages of WEB vulnerabilities hazards in order to provide support to various staff out of harm's fast, it is also possible to minimize the dangers of WEB vulnerabilities. 例如,该修复方案可以是对WEB漏洞进行手工操作修复的描述,也可以是一个程序补丁等。 For example, the WEB repair scheme may be a vulnerability described manual repair, or may be a program patch and the like. 这种修复方案有可能可以快速地被网站站长、管理员加以利用而不必等待防火墙等软件的更新。 This restoration program has the potential to quickly be webmaster, administrator be utilized without having to wait for the update firewall software. 但是,出于应急的目的,此类修复方式有可能仅针对当前流行的主要危害方式提供修复。 However, for emergency purposes, such repair methods are likely to provide only for the current epidemic of major repair of harms way. 换言之,修复方案可能无法提供全面的防御。 In other words, the repair program may not provide a full defense. 因此,根据本发明的方法还提供后续的方案来进一步完善防护步骤。 Thus, the method of the present invention also provides a solution to the subsequent step to further improve the protection.

[0075] 以上两个方面可以为各种人员提供针对WEB漏洞的紧急应对方式,适合在WEB威胁出现之后的短时间内进行及时地防护。 [0075] these two aspects can provide emergency response mode for WEB vulnerability to a variety of personnel suitable for timely protection in a short time after the WEB threats emerge.

[0076] 此外,根据本发明的方法还可以生成针对WEB漏洞的检测方案和针对WEB漏洞的防御方案。 [0076] Further, according to the method of the present invention may also be generated for the WEB vulnerability detection scheme and defense programs for WEB vulnerability. 这两种方案可以针对WEB漏洞提供更全面的防护。 Both programs can provide more comprehensive protection against WEB vulnerability. 针对WEB漏洞生成检测方案的目的在于提供全面检测存在的WEB漏洞的方案。 Generate test programs for WEB vulnerability aims to provide comprehensive detection of the presence of WEB vulnerabilities scheme. 由于有些WEB漏洞在没有被触发之前处于潜伏状态并且因此暂时没有表现出危害性,这时如果不将其检测出来,那么其就有可能成为潜在的威胁并且在意想不到的时候爆发。 As some WEB loopholes in a latent state in the absence of being triggered and therefore did not show harm, then if it is not detected, then it is likely to become a potential threat and outbreak expect it. 所以,提供对WEB漏洞的全面检测方案是十分有必要的。 So, to provide comprehensive testing program WEB vulnerability is very necessary.

[0077] 类似地,提供针对WEB漏洞的全面防御方案也是有必要的。 [0077] Similarly, a comprehensive defense against vulnerability WEB program is also necessary. 因为,如上所述,修复方案可能仅提供针对某种具体触发方式的修复,而无法全面防御。 Because, as noted above, may provide only for a rehabilitation program to repair some specific trigger, but not the full defense. 所以可能稍后提供的全面防御方案将可以提供对WEB漏洞的全面防御以防止利用该WEB漏洞所能实现的任何攻击和危#后果。 It may later provide comprehensive prevention programs will be able to provide comprehensive protection from WEB loopholes to prevent any attacks and the consequences of using this dangerous # WEB vulnerability can achieve.

[0078] 在一个实施例中,根据本发明的方法还可以包括将针对WEB漏洞的检测方案转换为用于安全扫描器的扫描规则、将针对WEB漏洞的防御方案转换为用于安全防火墙的防御规则。 [0078] In one embodiment, the method according to the present invention may further include converting the scanning rules for security scanner, converts to a security firewall for defense programs defense WEB vulnerability detection scheme for WEB vulnerability rule.

[0079] 毕竟,对于WEB漏洞的防护仅仅依靠人工方式是不够的,WEB安全防火墙和扫描器可以提供更加快捷、自动和全面的防护。 [0079] After all, for the protection of WEB vulnerabilities manually alone it is not enough, WEB security scanners and firewalls can provide faster and more automatic and comprehensive protection. 所以将检测方案和防御方案转换为WEB安全防火墙和扫描器的扫描和防御规则是更有效率地防护WEB漏洞的方式。 So the conversion program for the prevention and detection scheme WEB firewall security and defense and the scanner scans the rules are more efficient protection WEB vulnerability way.

[0080] 下面以具体示例来说明根据本发明的WEB漏洞防护方法。 [0080] The following specific examples will be described WEB vulnerability protection method according to the invention. 本领域技术人员应该明白,本发明所示示例均是说明性而非限制性的。 Those skilled in the art will appreciate, the illustrated example of the present invention are illustrative and not restrictive.

[0081] 例如,针对某个WEB应用程序的SQL注入漏洞,经过WEB漏洞重现、分析和利用,发现漏洞根源在于程序对于用户输入的id参数没有进行有效过滤。 [0081] For example, SQL injection for a WEB application vulnerabilities, vulnerability through WEB reproduce, analysis and utilization, identify vulnerabilities, it is rooted in the program for the id parameter entered by the user is not effectively filter. 程序中的SQL查询语句例如为"select title, content from paper where id = $id",其中需要限制$id参数的输入为数字型参数。 Program in SQL queries, for example, "select title, content from paper where id = $ id", which is necessary to limit the input parameter $ id is numeric parameter. 但是由于程序员的粗心,并没有对$id参数进行限制,导致用户可以对$id 参数任意赋值,从而导致了SQL注入漏洞的产生。 However, due to careless programmer, and no restrictions on the $ id parameter, causing the user can assign any of the $ id parameter, resulting in the generation of SQL injection vulnerabilities. 当恶意用户访问形如"http://www.xxx. com/xxx. php?id=l union select username, password from admin,'的url 链接时,程序中接收到的$id 参数为" 1 union select username, password from admin",其不是数字型的,从而导致返回页面中将会出现网站管理员的用户名和密码。 When a malicious user to access the form "is http://www.xxx. Com / xxx. Php? Id = l union select username, password from admin, 'the url link, the program received $ id parameter is" 1 union select username, password from admin ", it is not numeric, leading to return to the page will appear in the user name and password for the site administrator.

[0082] 针对这个SQL注入漏洞进行防护体现在以下四个方面: 1.形成对漏洞根源的描述并提供给该WEB应用的程序员:没有对$id参数进行有效过滤和限制,从而导致了恶意用户可以对$id参数任意赋值。 [0082] For the SQL injection vulnerability protection in the following four areas: 1. a description of the formation of the root causes of vulnerability and made available to the programmer WEB application: $ id no effective filtration parameters and restrictions, which resulted in malicious users can assign any of the $ id parameter. WEB应用开发者在收到该描述之后,可以从该案例中吸取经验教训,避免出现对用户输入不加以限制的错误。 WEB application developer after receiving the description, lessons can be learned from this case, to avoid user input is not to limit mistakes.

[0083] 2.针对漏洞根源,提出漏洞修复方案:在程序中对$id参数进行过滤限制,仅允许为数字型的$id参数进入到程序中。 [0083] 2. In response to the root causes of vulnerability, bug fixes proposed solution: filtering restrictions on the $ id parameter in the program, only allows for the numeric parameter $ id to enter into the program. 该修复方案可以供网站站长使用,从而避免网站遭受攻击。 The repair program for webmasters can use to avoid the site being attacked.

[0084] 3.从漏洞检测的角度对漏洞提出检测方案并转换为安全扫描器规则。 [0084] 3. Vulnerability detection scheme is proposed and converted to safety rules from the scanner vulnerability detection angle. 可以在扫描器中加入以下的检测规则:分别访问"xxx.php?id=l and 1=1"和"xxx.php?id=l and 1=2" 两个url,两个返回页面内容不一样,则说明该网站存在SQL注入漏洞。 The following can be added in the scanner detection rules: each visit and "xxx.php id = l and 1 = 2?" Two url, two return to the page content does not "xxx.php id = l and 1 = 1?" Like, then SQL injection vulnerability that site.

[0085] 4.从漏洞防御的角度对漏洞提出防御方案并转换为安全防火墙规则。 [0085] 4. The proposed defense program from the perspective of defense loopholes vulnerabilities and converted to the security firewall rules. 可以在防火墙中加入以下的防御规则:当用户提交url形如" XXX. php?id=l union select name, password from admin"时,判断id参数为非数字型,且包含了union/select等关键字符串,则阻止用户的该次请求。 The following may be added in defense firewall rules: when the user submits the form url ".? XXX php id = l union select name, password from admin", non-numeric id parameter is determined, and comprises a union / select key, etc. string, block the user request times.

[0086] 综上所述,根据本发明的用于防护WEB漏洞的方法可以对WEB漏洞形成全面、及时和准确的防护。 [0086] In summary, a method for protection WEB vulnerabilities present invention may be formed on the overall vulnerability WEB, timely and accurate protection. 并且,本领域技术人员应该理解,本发明的方法不仅可以用于防护WEB漏洞,也可以用于防护网络上的其他漏洞和危害。 Further, those skilled in the art will appreciate, the method of the present invention may not only be used to protect WEB vulnerabilities, and other vulnerabilities may be harmful for the protection network. 而且,在描述本发明的方法中所述的步骤顺序也不是限制性的,某些步骤可以不以描述的顺序进行或者省略某些步骤。 Further, according to the method described in the present invention, the sequence of steps is not limiting, some steps may not be performed in the order described or that certain steps omitted. 例如,如果预先对某个WEB漏洞的原理有一定的了解,那么可以不进行漏洞重现步骤而直接跳到分析和利用步骤以节约时间。 For example, if you have some advance knowledge of the principles of a WEB vulnerability, you can not reproduce the vulnerability step and jump directly to the analysis and use steps to save time.

[0087] 下面结合图3描述根据本发明的用于防护WEB漏洞的设备。 [0087] FIG. 3 is described below in connection with a device for protection according to the present invention WEB vulnerabilities. 图3是根据本发明实施例的用于防护WEB漏洞的设备的框图。 FIG 3 is a block diagram of an apparatus for protection WEB vulnerability embodiment of the present invention.

[0088] 在图3中,所述设备300可以包括:收集装置301,可以用于收集WEB漏洞;重现装置302,可以用于重现所述WEB漏洞;分析装置303,可以用于分析所述WEB漏洞;利用装置304,可以用于基于重现和分析所述WEB漏洞的结果来利用所述WEB漏洞;防护装置305,可以用于基于重现、分析和利用所述WEB漏洞的结果来防护WEB漏洞。 [0088] In Figure 3, the apparatus 300 may include: a collecting means 301, may be used to collect WEB vulnerabilities; reproducing device 302, the WEB can be used to reproduce the vulnerability; analyzing means 303, may be used to analyze the said WEB vulnerabilities; utilization means 304, may be based on the results of the analysis and reproducing WEB using the vulnerability to the vulnerability WEB; guard 305 can be used to reproduce based on the results, analysis and use of the WEB vulnerability protection WEB loopholes.

[0089] 优选地,该设备可以进一步包括筛选装置,用于在收集所述WEB漏洞之后基于筛选标准对所收集的所述WEB漏洞进行筛选。 [0089] Preferably, the apparatus may further comprise filter means for the collected vulnerability to filter the WEB-based screening criteria after collecting the WEB vulnerability.

[0090] 并且,优选地,所述筛选标准可以包括以下至少一个:所述WEB漏洞的新旧程度、 所述WEB漏洞的影响范围、利用所述WEB漏洞的难易程度、所述WEB漏洞的危害程度。 [0090] Also, preferably, the screening criteria may comprise at least one of the following: Condition vulnerability of the WEB, WEB scope of the vulnerability, the difficulty of using the vulnerability WEB, WEB harm the vulnerability degree.

[0091] 优选地,在该设备中,所述收集装置可以进一步包括网络收集装置,用于通过网络从WEB漏洞源收集所述WEB漏洞。 [0091] Preferably, in the apparatus, the collection means may further include a network collecting means for collecting the vulnerability source WEB WEB through the network vulnerability.

[0092] 优选地,在该设备中,所述WEB漏洞源可以包括以下至少一个:WEB漏洞公布网站和数据库、社区交互网站、新闻门户网站。 [0092] Preferably, in the device, the WEB loopholes source may include at least one of the following: WEB vulnerability publish websites and databases, interactive community websites, news portals.

[0093] 优选地,在该设备中,所述重现装置可以进一步包括构建装置,用于利用虚拟机和相关程序构建靶场环境来重现所述WEB漏洞。 [0093] Preferably, in the apparatus, the reproducing apparatus may further comprise means constructed, utilizing procedures and constructs a virtual machine environment to reproduce the WEB Range vulnerabilities.

[0094] 优选地,在该设备中,所述分析装置可以进一步包括审计装置,用于根据所述WEB 漏洞触发点通过源代码审计技术、分析参数传递过程来获取对所述WEB漏洞的根源的描述和所述WEB的形成原理。 [0094] Preferably, in the apparatus, the analyzing device may further comprise means audit, the trigger point for the source code through the audit techniques, according to the WEB vulnerability analysis procedure to obtain the parameters passed to the root of the WEB vulnerability describes the principles of WEB formed.

[0095] 优选地,在该设备中,所述利用装置可以进一步包括生成装置,用于生成概念验证P0C程序来实现WEB漏洞利用。 [0095] Preferably, in the apparatus, the apparatus may further comprise using a generating means for generating a program to implement the concept of verification P0C WEB exploits.

[0096] 优选地,在该设备中,所述WEB漏洞可以利用包括以下至少一个:读取数据库内容、读取文件内容、上传后门、代码执行。 [0096] Preferably, in the apparatus, the WEB can use the vulnerability comprises at least one of: reading the contents of the database, read the file, uploads the back door code execution.

[0097] 优选地,在该设备中,所述防护装置可以进一步包括以下至少一个:形成装置,用于形成对所述WEB漏洞的根源的描述;修复方案生成装置,用于生成针对所述WEB漏洞的修复方案;检测方法生成装置,生成针对所述WEB漏洞的检测方案;防御方法生成装置,用于生成针对所述WEB漏洞的防御方案。 [0097] Preferably, in the apparatus, the guard may further comprise at least one of: forming means for forming the root of the WEB described vulnerability; a rehabilitation program generating means for generating for the WEB vulnerability repair scheme; detection method generating means generates a detection scheme for the WEB vulnerability; defensive approach generating means for generating a program for the defense WEB vulnerability.

[0098] 优选地,该设备可以进一步包括转换装置,用于将针对所述WEB漏洞的检测方案转换为用于安全扫描器的扫描规则、将针对所述WEB漏洞的防御方案转换为用于安全防火墙的防御规则。 [0098] Preferably, the apparatus may further comprise converting means for converting the detection scheme for converting WEB vulnerability scanner for scanning the security rules, converts the WEB program for defense for security vulnerability firewall defense rules.

[0099] 综上所示,根据本发明的用于防护WEB漏洞的方法可以针对WEB漏洞形成发展的整个链条进行全面的防护。 [0099] Fully shown above, may form the entire development chain comprehensive protection against vulnerability WEB WEB protection method for vulnerabilities present invention. 并且可以为涉及WEB漏洞的各种人员和程序都提供应对防护方案,使对WEB漏洞的防护变得及时、全面、高效和准确。 And may be involved in a variety of personnel and procedures are available to deal with WEB vulnerability protection scheme, the protection of WEB vulnerabilities become timely, comprehensive, efficient and accurate.

[〇1〇〇] 虽然上述已经结合附图描述了本发明的具体实施例,但是本领域技术人员在不脱离本发明的精神和范围的情况下,可以对本发明进行各种改变、修改和等效替代。 [〇1〇〇] While the foregoing has been described with reference to specific embodiments in conjunction with the present invention, those skilled in the art without departing from the spirit and scope of the present invention, various changes may be made to the present invention, other modifications and efficient alternative. 这些改变、修改和等效替代都意为落入随附的权利要求所限定的精神和范围之内。 Such changes, modifications, equivalents and alternatives are intended to fall within the appended claims as defined by the spirit and scope.

Claims (22)

1. 一种用于防护WEB漏洞的方法,所述方法包括: 收集WEB漏洞; 重现所述WEB漏洞; 分析所述WEB漏洞; 基于重现和分析所述WEB漏洞的结果来利用所述WEB漏洞;以及基于重现、分析和利用所述WEB漏洞的结果来防护WEB漏洞。 1. A method for protection WEB vulnerabilities, the method comprising: collecting WEB vulnerabilities; reproducing the WEB vulnerabilities; analyzing the WEB vulnerabilities; and reproduced based on the results of the analysis with the WEB vulnerability to WEB vulnerability; and based on reproducing, and using the results of the analysis WEB WEB vulnerability to the vulnerability protection.
2. 根据权利要求1所述的方法,进一步包括在收集所述WEB漏洞之后基于筛选标准对所收集的所述WEB漏洞进行筛选。 2. The method according to claim 1, further comprising said collected flaw WEB filter based on the filter criteria after collecting WEB vulnerability.
3. 根据权利要求2所述的方法,其中所述筛选标准包括以下至少一个:所述WEB漏洞的新旧程度、所述WEB漏洞的影响范围、利用所述WEB漏洞的难易程度、所述WEB漏洞的危害程度。 3. The method according to claim 2, wherein the selection criteria comprises at least one of the following: Condition vulnerability of the WEB, WEB scope of the vulnerability, the difficulty of using the WEB vulnerability, the WEB the degree of hazard vulnerability.
4. 根据权利要求1所述的方法,其中所述收集所述WEB漏洞进一步包括通过网络从WEB漏洞源收集所述WEB漏洞。 4. The method according to claim 1, wherein said collecting further comprises the WEB vulnerability vulnerability collecting the source WEB WEB through the network vulnerability.
5. 根据权利要求4所述的方法,其中所述WEB漏洞源包括以下至少一个:WEB漏洞公布网站和数据库、社区交互网站、新闻门户网站。 5. The method according to claim 4, wherein the source WEB vulnerabilities include at least one of: WEB vulnerability publish websites and databases, interactive community websites, news portals.
6. 根据权利要求1所述的方法,其中所述重现所述WEB漏洞进一步包括利用虚拟机和相关程序构建靶场环境来重新所述WEB漏洞。 6. The method according to claim 1, wherein said reproducing further comprises utilizing the WEB vulnerability virtual machine environment and the procedures to re-build the WEB Range vulnerabilities.
7. 根据权利要求1所述的方法,其中所述分析所述WEB漏洞进一步包括根据所述WEB 漏洞触发点通过源代码审计技术、分析参数传递过程来获取对所述WEB漏洞的根源的描述和所述WEB的形成原理。 7. The method according to claim 1, wherein said analyzing further comprises the WEB vulnerability trigger points through source code audit techniques, the analysis parameter transfer process according to the acquired WEB vulnerability to the vulnerability of the root of the description and the WEB the principle forming the WEB.
8. 根据权利要求1所述的方法,其中所述利用所述WEB漏洞进一步包括生成概念验证POC程序来实现WEB漏洞利用。 8. The method according to claim 1, wherein said vulnerability using the WEB POC further comprising generating a proof of concept exploit program to implement the WEB.
9. 根据权利要求8所述的方法,其中所述WEB漏洞利用包括以下至少一个:读取数据库内容、读取文件内容、上传后门、代码执行。 9. The method according to claim 8, wherein said WEB exploit comprises at least one of: reading the contents of the database, read the file, uploads the back door code execution.
10. 根据权利要求1至9中任一项所述的方法,其中所述防护WEB漏洞进一步包括以下至少一个:形成对所述WEB漏洞的根源的描述、生成针对所述WEB漏洞的修复方案、生成针对所述WEB漏洞的检测方案、生成针对所述WEB漏洞的防御方案。 9 to 10. The method according to any one of claims, wherein said shield further comprises at least WEB vulnerability a: roots formed description of the vulnerability WEB, WEB generating a repair scheme for the vulnerability, generating a detection scheme for the WEB vulnerability, the defense programs for generating the WEB vulnerability.
11. 根据权利要求10所述的方法,进一步包括将针对所述WEB漏洞的检测方案转换为用于安全扫描器的扫描规则、将针对所述WEB漏洞的防御方案转换为用于安全防火墙的防御规则。 11. The method according to claim 10, further comprising converting the security scanner for scanning rules, converts the firewall for security defense programs defense against the WEB vulnerability detection scheme for the WEB vulnerability rule.
12. -种用于防护WEB漏洞的设备,所述设备包括: 收集装置,用于收集WEB漏洞; 重现装置,用于重现所述WEB漏洞; 分析装置,用于分析所述WEB漏洞; 利用装置,用于基于重现和分析所述WEB漏洞的结果来利用所述WEB漏洞; 防护装置,用于基于重现、分析和利用所述WEB漏洞的结果来防护WEB漏洞。 12. - Device for protecting seed WEB vulnerability, the apparatus comprising: collecting means for collecting WEB vulnerabilities; reproducing means for reproducing the WEB vulnerabilities; analyzing means for analyzing the WEB vulnerabilities; use of means for reproducing and analyzing based on results of the use of the WEB WEB vulnerability to the vulnerability; protection means for protection based on the vulnerability reproducing WEB, WEB vulnerability analysis and use of the results.
13. 根据权利要求12所述的设备,进一步包括筛选装置,用于在收集所述WEB漏洞之后基于筛选标准对所收集的所述WEB漏洞进行筛选。 13. The apparatus as claimed in claim 12, further comprising screening means for said collected flaw WEB screened after collecting the WEB vulnerability based screening criteria.
14. 根据权利要求13所述的设备,其中所述筛选标准包括以下至少一个:所述WEB漏洞的新旧程度、所述WEB漏洞的影响范围、利用所述WEB漏洞的难易程度、所述WEB漏洞的危害程度。 14. The apparatus according to claim 13, wherein the selection criteria comprises at least one of the following: the degree of difficulty of the WEB Condition vulnerability, the vulnerability of the scope of the WEB, WEB using the vulnerability, the WEB the degree of hazard vulnerability.
15. 根据权利要求12所述的设备,其中所述收集装置进一步包括网络收集装置,用于通过网络从WEB漏洞源收集所述WEB漏洞。 15. The apparatus according to claim 12, wherein said collecting means further comprises a network collecting means for collecting the vulnerability source WEB WEB through the network vulnerability.
16. 根据权利要求15所述的设备,其中所述WEB漏洞源包括以下至少一个:WEB漏洞公布网站和数据库、社区交互网站、新闻门户网站。 16. The apparatus of claim 15, wherein the source WEB vulnerabilities include at least one of: WEB vulnerability publish websites and databases, interactive community websites, news portals.
17. 根据权利要求12所述的设备,其中所述重现装置进一步包括构建装置,用于利用虚拟机和相关程序构建靶场环境来重现所述WEB漏洞。 17. The apparatus as claimed in claim 12, wherein said reproducing means further comprising means constructed, utilizing procedures and constructs a virtual machine environment to reproduce the WEB Range vulnerabilities.
18. 根据权利要求12所述的设备,其中所述分析装置进一步包括审计装置,用于根据所述WEB漏洞触发点通过源代码审计技术、分析参数传递过程来获取对所述WEB漏洞的根源的描述和所述WEB的形成原理。 18. The apparatus according to claim 12, wherein said analyzing means further comprises auditing means for trigger points through the source code audit technology, based on the WEB vulnerability analysis procedure to obtain the parameters passed to the root of the WEB vulnerability describes the principles of WEB formed.
19. 根据权利要求12所述的设备,其中所述利用装置进一步包括生成装置,用于生成概念验证POC程序来实现WEB漏洞利用。 19. The apparatus as claimed in claim 12, wherein said utilizing means further comprises a generating means for generating a program to implement the concept of POC WEB authentication exploits.
20. 根据权利要求19所述的设备,其中所述WEB漏洞利用包括以下至少一个:读取数据库内容、读取文件内容、上传后门、代码执行。 20. The apparatus according to claim 19, wherein said WEB exploit comprises at least one of: reading the contents of the database, read the file, uploads the back door code execution.
21. 根据权利要求12至20中任一项所述的设备,其中所述防护装置进一步包括以下至少一个:形成装置,用于形成对所述WEB漏洞的根源的描述;修复方案生成装置,用于生成针对所述WEB漏洞的修复方案;检测方法生成装置,生成针对所述WEB漏洞的检测方案;防御方法生成装置,用于生成针对所述WEB漏洞的防御方案。 21. The apparatus 12-1 according to any of claim 20, wherein the shielding means further comprises at least one of: forming means for forming the root of the WEB described vulnerability; a rehabilitation program generating means for to generate a repair scheme for the WEB vulnerability; detection method generating means generates a detection scheme for the WEB vulnerability; defensive approach generating means for generating a program for the defense WEB vulnerability.
22. 根据权利要求21所述的设备,进一步包括转换装置,用于将针对所述WEB漏洞的检测方案转换为用于安全扫描器的扫描规则、将针对所述WEB漏洞的防御方案转换为用于安全防火墙的防御规则。 22. The apparatus according to claim 21, further comprising converting means for converting the rules for the security scanner to scan for the WEB vulnerability detection scheme, converted to the use for defense programs WEB vulnerability in defense security firewall rules.
CN201410230520.1A 2014-05-28 2014-05-28 Web vulnerability protection method and apparatus CN104065645A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410230520.1A CN104065645A (en) 2014-05-28 2014-05-28 Web vulnerability protection method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410230520.1A CN104065645A (en) 2014-05-28 2014-05-28 Web vulnerability protection method and apparatus

Publications (1)

Publication Number Publication Date
CN104065645A true CN104065645A (en) 2014-09-24

Family

ID=51553176

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410230520.1A CN104065645A (en) 2014-05-28 2014-05-28 Web vulnerability protection method and apparatus

Country Status (1)

Country Link
CN (1) CN104065645A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301183A (en) * 2014-10-23 2015-01-21 北京知道创宇信息技术有限公司 WEB container detection method and device based on IP section scanning
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN104468563A (en) * 2014-12-03 2015-03-25 北京奇虎科技有限公司 Website bug protection method, device and system
WO2016150304A1 (en) * 2015-03-20 2016-09-29 中兴通讯股份有限公司 Security vulnerability strengthening method and system
CN106874768A (en) * 2016-12-30 2017-06-20 北京瑞卓喜投科技发展有限公司 Penetration testing method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694454A (en) * 2005-05-10 2005-11-09 西安交通大学 Active network safety loophole detector
US20130086688A1 (en) * 2011-09-30 2013-04-04 International Business Machines Corporation Web application exploit mitigation in an information technology environment
CN103699844A (en) * 2012-09-28 2014-04-02 腾讯科技(深圳)有限公司 Safety protection system and safety protection method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694454A (en) * 2005-05-10 2005-11-09 西安交通大学 Active network safety loophole detector
US20130086688A1 (en) * 2011-09-30 2013-04-04 International Business Machines Corporation Web application exploit mitigation in an information technology environment
CN103699844A (en) * 2012-09-28 2014-04-02 腾讯科技(深圳)有限公司 Safety protection system and safety protection method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张昊星等: "《通用Web漏洞库》", 《计算机系统应用》 *
陈波等: "《一种新型Web应用安全漏洞统一描述语言》", 《小型微型计算机系统》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301183A (en) * 2014-10-23 2015-01-21 北京知道创宇信息技术有限公司 WEB container detection method and device based on IP section scanning
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN104468563A (en) * 2014-12-03 2015-03-25 北京奇虎科技有限公司 Website bug protection method, device and system
WO2016150304A1 (en) * 2015-03-20 2016-09-29 中兴通讯股份有限公司 Security vulnerability strengthening method and system
CN106874768A (en) * 2016-12-30 2017-06-20 北京瑞卓喜投科技发展有限公司 Penetration testing method and device

Similar Documents

Publication Publication Date Title
Takanen et al. Fuzzing for software security testing and quality assurance
Grier et al. Secure web browsing with the OP web browser
Lu et al. Chex: statically vetting android apps for component hijacking vulnerabilities
Zheng et al. ADAM: an automatic and extensible platform to stress test android anti-virus systems
AU2007273085B2 (en) System and method of analyzing web content
US8812652B2 (en) Honey monkey network exploration
Wei et al. Preventing SQL injection attacks in stored procedures
JP5497173B2 (en) Xss detection method and apparatus
Guha et al. Verified security for browser extensions
Huang et al. Web application security assessment by fault injection and behavior monitoring
Bau et al. State of the art: Automated black-box web application vulnerability testing
Saxena et al. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications.
US8800042B2 (en) Secure web application development and execution environment
Yue et al. Characterizing insecure javascript practices on the web
US20090158430A1 (en) Method, system and computer program product for detecting at least one of security threats and undesirable computer files
Canali et al. Prophiler: a fast filter for the large-scale detection of malicious web pages
CN102801697B (en) Malicious code detection method and system based on plurality of URLs (Uniform Resource Locator)
Lee et al. A novel method for SQL injection attack detection based on removing SQL query attribute values
US9081961B2 (en) System and method for analyzing malicious code using a static analyzer
CN101808093B (en) System and method for automatically detecting WEB security
Huang et al. A testing framework for Web application security assessment
Lekies et al. 25 million flows later: Large-scale detection of DOM-based XSS
Bai et al. AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations.
Johari et al. A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection
Wang et al. Explicating sdks: Uncovering assumptions underlying secure authentication and authorization

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
RJ01