CN104519070A - 网站权限漏洞检测方法和系统 - Google Patents
网站权限漏洞检测方法和系统 Download PDFInfo
- Publication number
- CN104519070A CN104519070A CN201410854508.8A CN201410854508A CN104519070A CN 104519070 A CN104519070 A CN 104519070A CN 201410854508 A CN201410854508 A CN 201410854508A CN 104519070 A CN104519070 A CN 104519070A
- Authority
- CN
- China
- Prior art keywords
- access
- parameter
- link
- website
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000012360 testing method Methods 0.000 claims abstract description 75
- 230000008859 change Effects 0.000 claims description 36
- 230000004044 response Effects 0.000 claims description 24
- 238000004422 calculation algorithm Methods 0.000 claims description 20
- 238000001514 detection method Methods 0.000 claims description 14
- 238000004891 communication Methods 0.000 description 8
- 230000006854 communication Effects 0.000 description 8
- 230000015572 biosynthetic process Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000007175 bidirectional communication Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410854508.8A CN104519070B (zh) | 2014-12-31 | 2014-12-31 | 网站权限漏洞检测方法和系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410854508.8A CN104519070B (zh) | 2014-12-31 | 2014-12-31 | 网站权限漏洞检测方法和系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104519070A true CN104519070A (zh) | 2015-04-15 |
CN104519070B CN104519070B (zh) | 2018-03-13 |
Family
ID=52793792
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410854508.8A Active CN104519070B (zh) | 2014-12-31 | 2014-12-31 | 网站权限漏洞检测方法和系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104519070B (zh) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105357195A (zh) * | 2015-10-30 | 2016-02-24 | 深圳市深信服电子科技有限公司 | web访问的越权漏洞检测方法及装置 |
CN106027528A (zh) * | 2016-05-24 | 2016-10-12 | 微梦创科网络科技(中国)有限公司 | 一种web水平权限自动化识别的方法及装置 |
CN106101082A (zh) * | 2016-05-31 | 2016-11-09 | 乐视控股(北京)有限公司 | 权限漏洞检测方法及装置 |
CN106302337A (zh) * | 2015-05-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | 漏洞检测方法和装置 |
CN106470132A (zh) * | 2015-08-19 | 2017-03-01 | 阿里巴巴集团控股有限公司 | 水平权限测试方法及装置 |
CN106548075A (zh) * | 2015-09-22 | 2017-03-29 | 阿里巴巴集团控股有限公司 | 漏洞检测方法和装置 |
CN106713347A (zh) * | 2017-01-18 | 2017-05-24 | 国网江苏省电力公司电力科学研究院 | 一种电力移动应用越权访问漏洞检测方法 |
CN107220262A (zh) * | 2016-03-22 | 2017-09-29 | 阿里巴巴集团控股有限公司 | 信息处理方法和装置 |
CN107294919A (zh) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | 一种水平权限漏洞的检测方法及装置 |
WO2018188558A1 (zh) * | 2017-04-11 | 2018-10-18 | 腾讯科技(深圳)有限公司 | 账号权限的识别方法及装置 |
CN109583210A (zh) * | 2017-09-29 | 2019-04-05 | 阿里巴巴集团控股有限公司 | 一种水平权限漏洞的识别方法、装置及其设备 |
CN110798385A (zh) * | 2019-11-07 | 2020-02-14 | 中天宽带技术有限公司 | 广域网访问设置功能的测试方法、装置、设备及介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964025A (zh) * | 2009-07-23 | 2011-02-02 | 中联绿盟信息技术(北京)有限公司 | Xss检测方法和设备 |
US20130074151A1 (en) * | 2010-06-10 | 2013-03-21 | Alibaba Group Holding Limited | Online Business Method, System and Apparatus Based on Open Application Programming Interface |
CN103324890A (zh) * | 2013-07-03 | 2013-09-25 | 百度在线网络技术(北京)有限公司 | 对链接进行本地文件包含漏洞的检测方法和装置 |
-
2014
- 2014-12-31 CN CN201410854508.8A patent/CN104519070B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964025A (zh) * | 2009-07-23 | 2011-02-02 | 中联绿盟信息技术(北京)有限公司 | Xss检测方法和设备 |
US20130074151A1 (en) * | 2010-06-10 | 2013-03-21 | Alibaba Group Holding Limited | Online Business Method, System and Apparatus Based on Open Application Programming Interface |
CN103324890A (zh) * | 2013-07-03 | 2013-09-25 | 百度在线网络技术(北京)有限公司 | 对链接进行本地文件包含漏洞的检测方法和装置 |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106302337A (zh) * | 2015-05-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | 漏洞检测方法和装置 |
CN106470132A (zh) * | 2015-08-19 | 2017-03-01 | 阿里巴巴集团控股有限公司 | 水平权限测试方法及装置 |
CN106548075A (zh) * | 2015-09-22 | 2017-03-29 | 阿里巴巴集团控股有限公司 | 漏洞检测方法和装置 |
CN105357195B (zh) * | 2015-10-30 | 2019-06-14 | 深信服科技股份有限公司 | web访问的越权漏洞检测方法及装置 |
CN105357195A (zh) * | 2015-10-30 | 2016-02-24 | 深圳市深信服电子科技有限公司 | web访问的越权漏洞检测方法及装置 |
CN107220262A (zh) * | 2016-03-22 | 2017-09-29 | 阿里巴巴集团控股有限公司 | 信息处理方法和装置 |
CN107294919A (zh) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | 一种水平权限漏洞的检测方法及装置 |
CN106027528A (zh) * | 2016-05-24 | 2016-10-12 | 微梦创科网络科技(中国)有限公司 | 一种web水平权限自动化识别的方法及装置 |
CN106027528B (zh) * | 2016-05-24 | 2019-07-12 | 微梦创科网络科技(中国)有限公司 | 一种web水平权限自动化识别的方法及装置 |
CN106101082A (zh) * | 2016-05-31 | 2016-11-09 | 乐视控股(北京)有限公司 | 权限漏洞检测方法及装置 |
CN106713347A (zh) * | 2017-01-18 | 2017-05-24 | 国网江苏省电力公司电力科学研究院 | 一种电力移动应用越权访问漏洞检测方法 |
CN106713347B (zh) * | 2017-01-18 | 2019-06-11 | 国网江苏省电力公司电力科学研究院 | 一种电力移动应用越权访问漏洞检测方法 |
WO2018188558A1 (zh) * | 2017-04-11 | 2018-10-18 | 腾讯科技(深圳)有限公司 | 账号权限的识别方法及装置 |
CN108696490A (zh) * | 2017-04-11 | 2018-10-23 | 腾讯科技(深圳)有限公司 | 账号权限的识别方法及装置 |
CN109583210A (zh) * | 2017-09-29 | 2019-04-05 | 阿里巴巴集团控股有限公司 | 一种水平权限漏洞的识别方法、装置及其设备 |
CN110798385A (zh) * | 2019-11-07 | 2020-02-14 | 中天宽带技术有限公司 | 广域网访问设置功能的测试方法、装置、设备及介质 |
CN110798385B (zh) * | 2019-11-07 | 2023-03-03 | 中天宽带技术有限公司 | 广域网访问设置功能的测试方法、装置、设备及介质 |
Also Published As
Publication number | Publication date |
---|---|
CN104519070B (zh) | 2018-03-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104519070A (zh) | 网站权限漏洞检测方法和系统 | |
CN106101145B (zh) | 一种网站漏洞检测方法及装置 | |
JP6533871B2 (ja) | ウェブアプリケーションへのサインオンを制御するためのシステムおよび方法 | |
CN106789939B (zh) | 一种钓鱼网站检测方法和装置 | |
CN104580203A (zh) | 网站恶意程序检测方法及装置 | |
CN113342639B (zh) | 小程序安全风险评估方法和电子设备 | |
CN104539605B (zh) | 网站xss漏洞检测方法和设备 | |
CN105516916B (zh) | 一种移动设备的报警方法和系统 | |
CN101360102A (zh) | 通过远程验证并使用凭证管理器和已记录的证书属性来检测网址转接/钓鱼方案中对ssl站点的dns重定向或欺骗性本地证书的方法 | |
CN104579830B (zh) | 服务监控方法及装置 | |
CN105592011A (zh) | 一种账号登录方法及装置 | |
US20150169749A1 (en) | Multi-step search result retrieval | |
CN105323253A (zh) | 一种身份验证方法及装置 | |
CN102710646A (zh) | 一种钓鱼网站的收集方法和系统 | |
CN103399871B (zh) | 获取一个主域名相关联的二级域名信息的设备和方法 | |
CN106126707A (zh) | 信息识别方法和信息识别装置 | |
CN107547524A (zh) | 一种网页检测方法、装置和设备 | |
CN105141709A (zh) | 确定应用程序内页面跳转的方法及装置 | |
CN104363252A (zh) | 网站安全检测方法与装置 | |
CN104537305A (zh) | 网站漏洞检测方法和系统 | |
CN104683357A (zh) | 一种基于软件令牌的动态口令认证方法及系统 | |
CN104484609A (zh) | 网站漏洞检测方法和系统 | |
CN105337776A (zh) | 一种生成网站指纹的方法、装置及电子设备 | |
CN105681124A (zh) | 一种网速检测方法及装置 | |
CN104717226A (zh) | 一种针对网址的检测方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20161128 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee after: Qianxin Technology Group Co.,Ltd. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201230 Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee after: Qianxin Technology Group Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee before: Qianxin Technology Group Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Patentee after: Qianxin Technology Group Co.,Ltd. Address before: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee before: Qianxin Technology Group Co.,Ltd. |