CN104539605B - 网站xss漏洞检测方法和设备 - Google Patents
网站xss漏洞检测方法和设备 Download PDFInfo
- Publication number
- CN104539605B CN104539605B CN201410815994.2A CN201410815994A CN104539605B CN 104539605 B CN104539605 B CN 104539605B CN 201410815994 A CN201410815994 A CN 201410815994A CN 104539605 B CN104539605 B CN 104539605B
- Authority
- CN
- China
- Prior art keywords
- website
- link
- xss
- test
- detected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 59
- 238000012360 testing method Methods 0.000 claims abstract description 99
- 238000012546 transfer Methods 0.000 claims abstract description 26
- 238000000034 method Methods 0.000 claims abstract description 25
- 238000013515 script Methods 0.000 claims description 19
- 230000004044 response Effects 0.000 abstract description 9
- 238000005516 engineering process Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 10
- 230000006854 communication Effects 0.000 description 10
- 230000008901 benefit Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 101100108778 Pseudomonas aeruginosa (strain ATCC 15692 / DSM 22644 / CIP 104116 / JCM 14847 / LMG 12228 / 1C / PRS 101 / PAO1) pepA gene Proteins 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000012512 characterization method Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims (12)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410815994.2A CN104539605B (zh) | 2014-12-23 | 2014-12-23 | 网站xss漏洞检测方法和设备 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410815994.2A CN104539605B (zh) | 2014-12-23 | 2014-12-23 | 网站xss漏洞检测方法和设备 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104539605A CN104539605A (zh) | 2015-04-22 |
CN104539605B true CN104539605B (zh) | 2017-12-22 |
Family
ID=52855074
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410815994.2A Active CN104539605B (zh) | 2014-12-23 | 2014-12-23 | 网站xss漏洞检测方法和设备 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104539605B (zh) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105631341B (zh) * | 2015-12-18 | 2020-01-21 | 北京奇虎科技有限公司 | 一种漏洞盲测方法及装置 |
CN106897624A (zh) * | 2017-01-16 | 2017-06-27 | 深圳开源互联网安全技术有限公司 | 一种漏洞检测方法及其装置 |
CN107026854B (zh) * | 2017-03-27 | 2020-02-07 | 北京神州绿盟信息安全科技股份有限公司 | 漏洞验证方法及装置 |
CN108809890B (zh) * | 2017-04-26 | 2021-05-25 | 腾讯科技(深圳)有限公司 | 漏洞检测方法、测试服务器及客户端 |
CN109428878B (zh) * | 2017-09-01 | 2021-11-23 | 阿里巴巴集团控股有限公司 | 漏洞检测方法、检测装置和检测系统 |
CN108011898B (zh) * | 2018-01-30 | 2020-11-20 | 深圳壹账通智能科技有限公司 | 漏洞检测方法、装置、计算机设备和存储介质 |
CN110300193B (zh) * | 2019-07-01 | 2021-07-06 | 北京微步在线科技有限公司 | 一种获取实体域名的方法和装置 |
CN111371745B (zh) * | 2020-02-21 | 2022-06-28 | 北京百度网讯科技有限公司 | 用于确定ssrf漏洞的方法和装置 |
CN114430402B (zh) * | 2020-10-15 | 2023-11-10 | 中国移动通信集团浙江有限公司 | 网络域名流量调度方法、装置及计算设备 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964025A (zh) * | 2009-07-23 | 2011-02-02 | 中联绿盟信息技术(北京)有限公司 | Xss检测方法和设备 |
CN102819710A (zh) * | 2012-08-22 | 2012-12-12 | 西北工业大学 | 基于渗透测试的跨站点脚本漏洞检测方法 |
CN103870752A (zh) * | 2012-12-18 | 2014-06-18 | 百度在线网络技术(北京)有限公司 | 一种用于检测Flash XSS漏洞的方法、装置与设备 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8959629B2 (en) * | 2012-07-12 | 2015-02-17 | Sap Se | Preserving web document integrity through web template learning |
-
2014
- 2014-12-23 CN CN201410815994.2A patent/CN104539605B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964025A (zh) * | 2009-07-23 | 2011-02-02 | 中联绿盟信息技术(北京)有限公司 | Xss检测方法和设备 |
CN102819710A (zh) * | 2012-08-22 | 2012-12-12 | 西北工业大学 | 基于渗透测试的跨站点脚本漏洞检测方法 |
CN103870752A (zh) * | 2012-12-18 | 2014-06-18 | 百度在线网络技术(北京)有限公司 | 一种用于检测Flash XSS漏洞的方法、装置与设备 |
Also Published As
Publication number | Publication date |
---|---|
CN104539605A (zh) | 2015-04-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104539605B (zh) | 网站xss漏洞检测方法和设备 | |
CN104363251B (zh) | 网站安全检测方法与装置 | |
CN104363253B (zh) | 网站安全检测方法与装置 | |
CN106453216A (zh) | 恶意网站拦截方法、装置及客户端 | |
CN104378389B (zh) | 网站安全检测方法与装置 | |
US9681304B2 (en) | Network and data security testing with mobile devices | |
CN104363252B (zh) | 网站安全检测方法与装置 | |
CN104519070B (zh) | 网站权限漏洞检测方法和系统 | |
US20080066173A1 (en) | System for verifying a client request | |
CN104767757A (zh) | 基于web业务的多维度安全监测方法和系统 | |
CN109428878A (zh) | 漏洞检测方法、检测装置和检测系统 | |
CN103685290A (zh) | 基于ghdb的漏洞扫描系统 | |
CN106101145A (zh) | 一种网站漏洞检测方法及装置 | |
CN101631108A (zh) | 为网络服务器的防火墙产生规则文件的方法和系统 | |
CN104125121A (zh) | 网络劫持行为的检测系统及方法 | |
CN102104601A (zh) | 一种基于渗透技术的web漏洞扫描方法和漏洞扫描器 | |
CN105302707B (zh) | 应用程序的漏洞检测方法和装置 | |
CN104253785B (zh) | 危险网址识别方法、装置及系统 | |
CN109600371A (zh) | 一种网络层漏洞检测系统及方法 | |
CN104040538B (zh) | 一种互联网应用交互方法、装置及系统 | |
US20240064167A1 (en) | Rest API Scanning for Security Testing | |
CN109361713A (zh) | 互联网风险监控方法、装置、设备及存储介质 | |
CN107846407A (zh) | 一种批量检测ssrf漏洞的方法及系统 | |
CN103399871B (zh) | 获取一个主域名相关联的二级域名信息的设备和方法 | |
CN103023905A (zh) | 一种用于检测恶意链接的设备、方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20170209 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee after: Qianxin Technology Group Co.,Ltd. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201225 Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee after: Qianxin Technology Group Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee before: Qianxin Technology Group Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Patentee after: Qianxin Technology Group Co.,Ltd. Address before: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee before: Qianxin Technology Group Co.,Ltd. |