CN105357195B - Go beyond one's commission leak detection method and the device of web access - Google Patents
Go beyond one's commission leak detection method and the device of web access Download PDFInfo
- Publication number
- CN105357195B CN105357195B CN201510728727.6A CN201510728727A CN105357195B CN 105357195 B CN105357195 B CN 105357195B CN 201510728727 A CN201510728727 A CN 201510728727A CN 105357195 B CN105357195 B CN 105357195B
- Authority
- CN
- China
- Prior art keywords
- parameter
- privately owned
- commission
- url
- indexing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Abstract
The invention discloses a kind of leak detection methods of going beyond one's commission of web access, the following steps are included: HTTP flow information to be detected in acquisition preset time, the HTTP flow information includes URL parameter and session identification, wherein the URL parameter information includes URL parameter and parameter value;The indexing parameter for being used for index server resource in the URL parameter is identified by preset rules according to the URL parameter information and session identification, and extracts the privately owned parameter for indexing user's private privileges from the indexing parameter;Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter, determines there is the privately owned parameter for loophole of going beyond one's commission according to test result.The invention also discloses a kind of Hole Detection devices of going beyond one's commission of web access.It is high that the present invention can cover all URL parameters that there is loophole of going beyond one's commission, discrimination in detection test scope.
Description
Technical field
The present invention relates to go beyond one's commission leak detection method and dresses that technical field of network security more particularly to a kind of web access
It sets.
Background technique
At present the loophole of most serious present in internet first is that this kind of loophole of unauthorized access, such as positioned in unified resource
It accords in (Uniform Resource Locator, abbreviation URL) loophole of going beyond one's commission, due to web programming defect, is passed using URL
The property guessed for entering parameter passes through the parameter value of change input, it is possible to cause lateral unauthorized access, take other people privately owned letters
Breath.URL loophole of going beyond one's commission is a kind of very big service logic loophole of harm, it can be directly around the Network Security Service on basis
Defence, loophole of going beyond one's commission find that difficulty is big.In the prior art, website designer can carry out authorization check to these parameters, it is ensured that use
Family is only capable of that one's own resource is accessed, but in this type of application, suchlike data are so more, from number of addresses
According to, order information, payment information etc., none does not need to be handled with care.When business complexity to a certain extent after, it is difficult to ensure that this
The access of a little data all have passed through stringent authorization check, go beyond one's commission loophole to produce URL.URL loophole of going beyond one's commission can be attacked
The person of hitting utilizes, and causes lateral unauthorized access, leads to the leakage of user sensitive information.
In the prior art, the go beyond one's commission detection of loophole of URL is mainly passed through by tester carries out infiltration survey to web program
Examination, artificial detection spring a leak, i.e., find to exist and get over manually handling the indiscriminate artificial detection of various URL parameters progress entirely
The URL parameter of loophole is weighed, not only efficiency is lower, labor intensive, and it is all in test scope to cannot ensure that covering detects
URL parameter.
Summary of the invention
The main purpose of the present invention is to provide go beyond one's commission leak detection method and the devices of a kind of web access, it is intended to efficiently
Cover to rate all URL parameters that there is loophole of going beyond one's commission in detection test scope.
To achieve the above object, the leak detection method of going beyond one's commission of a kind of web access provided by the invention, the method includes
Following steps:
Acquire preset time in HTTP flow information to be detected, the HTTP flow information include URL parameter information and
Session identification, wherein the URL parameter information includes URL parameter and parameter value;
It is identified in the URL parameter by preset rules for indexing clothes according to the URL parameter information and session identification
The indexing parameter for device resource of being engaged in, and extract from the indexing parameter the privately owned parameter for indexing user's private privileges;
Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter, is determined to exist according to test result and be gone beyond one's commission
The privately owned parameter of loophole.
Preferably, described to be identified in the URL parameter according to the URL parameter information and session identification by preset rules
For the indexing parameter of index server resource, and extract from the indexing parameter private for indexing user's private privileges
There is the step of parameter to include:
The value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information meets value feature pre-
If the URL parameter of condition is identified as indexing parameter, the indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to the session identification, if
The different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identifies that the indexing parameter is privately owned
Parameter, the private parameter is for indexing user's private privileges.
Preferably, the statistics obtains the value feature of the corresponding parameter value of URL parameter in the HTTP flow information, will
The step of URL parameter that value feature meets preset condition is identified as indexing parameter include:
Count the visit of the different value numbers of each URL parameter and each URL parameter of access in the HTTP flow information
Ask record strip number;
If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are recorded in the access
Proportion reaches preset ratio in item number, then identifies that the URL parameter is indexing parameter.
Preferably, described to each described when the session identification includes the first session identification and the second session identification
Privately owned parameter carries out preset loophole test operation of going beyond one's commission, and determines there is the step of the privately owned parameter for loophole of going beyond one's commission according to test result
Suddenly include:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains in first session identification
First parameter value of privately owned parameter described in corresponding session, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session
The second parameter value of privately owned parameter described in corresponding session is identified, and records the second return information of feedback;
Construction is accessed described privately owned using the HTTP test request of second session identification and first parameter value
Parameter, and record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first
Return information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
Preferably, described that preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter, according to test result
After the step of determining the privately owned parameter that there is loophole of going beyond one's commission further include:
Show there is the privately owned parameter for loophole of going beyond one's commission, so that user is corresponding for the privately owned parameter progress that there is loophole of going beyond one's commission
Risk fence operation.
In addition, to achieve the above object, the present invention also provides a kind of Hole Detection device of going beyond one's commission of web access, the web
Access Hole Detection device of going beyond one's commission include:
Acquisition module, for acquiring HTTP flow information to be detected in preset time, the HTTP flow information includes
URL parameter information and session identification, wherein the URL parameter information includes URL parameter and parameter value;
Identification module, for identifying the URL parameter by preset rules according to the URL parameter information and session identification
In be used for the indexing parameter of index server resource, and extract from the indexing parameter for indexing user's private privileges
Privately owned parameter;
Test module is tied for carrying out preset loophole test operation of going beyond one's commission to each privately owned parameter according to test
Fruit determines the privately owned parameter that there is loophole of going beyond one's commission.
Preferably, the identification module is specifically used for:
The value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information meets value feature pre-
If the URL parameter of condition is identified as indexing parameter, the indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to the session identification, if
The different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identifies that the indexing parameter is privately owned
Parameter, the private parameter is for indexing user's private privileges.
Preferably, the identification module is specifically used for:
Count the visit of the different value numbers of each URL parameter and each URL parameter of access in the HTTP flow information
Ask record strip number;
If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are recorded in the access
Proportion reaches preset ratio in item number, then identifies that the URL parameter is indexing parameter.
Preferably, when the session identification includes the first session identification and the second session identification, the test module tool
Body is used for:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains in first session identification
First parameter value of privately owned parameter described in corresponding session, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session
The second parameter value of privately owned parameter described in corresponding session is identified, and records the second return information of feedback;
Construction is accessed described privately owned using the HTTP test request of second session identification and first parameter value
Parameter, and record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first
Return information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
Preferably, the Hole Detection device of going beyond one's commission of the web access further include:
Display module, for showing the privately owned parameter in the presence of loophole of going beyond one's commission, so that user is directed to the private that there is loophole of going beyond one's commission
There is parameter to carry out corresponding risk fence operation.
Go beyond one's commission leak detection method and the device of a kind of web access proposed by the present invention, by the preset time of acquisition
URL parameter information to be detected and session identification are identified in URL parameter to be detected by preset rules for index server
The indexing parameter of resource, and extract from the indexing parameter the privately owned parameter for indexing user's private privileges;To each
The privately owned parameter carries out preset loophole test operation of going beyond one's commission and determines the privately owned parameter that there is loophole of going beyond one's commission.Due to only identifying survey
The indexing parameter in range in all URL parameters is tried, and only the privately owned parameter extracted from the indexing parameter is got over
Loophole test is weighed, detection efficiency is greatly improved, and all URL ginsengs that there is loophole of going beyond one's commission in detection test scope can be covered
Number, discrimination are high.
Detailed description of the invention
Fig. 1 is the flow diagram of the leak detection method first embodiment of going beyond one's commission of web of the present invention access;
Fig. 2 is the flow diagram of the leak detection method second embodiment of going beyond one's commission of web of the present invention access;
Fig. 3 is the functional block diagram of the Hole Detection device first embodiment of going beyond one's commission of web of the present invention access;
Fig. 4 is the functional block diagram of the Hole Detection device second embodiment of going beyond one's commission of web of the present invention access.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of leak detection method of going beyond one's commission of web access.
Referring to Fig.1, Fig. 1 is the flow diagram of the leak detection method first embodiment of going beyond one's commission of web of the present invention access.
In the first embodiment, the leak detection method of going beyond one's commission of web access includes:
Step S10, acquires HTTP flow information to be detected in preset time, and the HTTP flow information includes URL ginseng
Number information and session identification, wherein the URL parameter information includes URL parameter and parameter value;
In the present embodiment, when need to detect web access go beyond one's commission loophole when, can acquire in preset time by gateway
Hypertext transfer protocol (HyperText Transfer Protocol, abbreviation HTTP) flow information, the HTTP flow of acquisition
Information can include: IP information, URL, URL parameter information, session identification in cookie field etc., such as extractable HTTP request packet
The value of JSESSOINID, ASP.NET_SessionId, PHPSESSID field is as session identification in cookie header field.Wherein,
The acquisition duration of HTTP flow information to be detected can be preset by user or gateway according to the needs of detection, such as may be used
It is set as fixed duration, such as a length of 1 day, 7 days etc. when the settable acquisition;It may be alternatively provided as fixed quantity, for example, at some
When the access record of URL parameter reaches 1000, then stop the acquisition of the URL parameter;Here, to the acquisition side of HTTP flow information
Formula is not construed as limiting.URL parameter information in the HTTP flow information of acquisition may include the correlations such as URL parameter and corresponding parameter value
Information.
Step S20 is identified in the URL parameter by preset rules according to the URL parameter information and session identification and is used
It extracts in the indexing parameter of index server resource, and from the indexing parameter for indexing the privately owned of user's private privileges
Parameter;
Due in the HTTP flow information of acquisition include all URL parameters, parameter value and session identification, can be according to each
Frequency of occurrence, value feature etc. of the URL parameter in the HTTP flow information of acquisition identify the HTTP flow information of acquisition
The indexing parameter of index server resource is used in all URL parameters.Wherein, in the parameter that URL is passed to, some parameters are represented
To the index of a certain resource of server, parameter value identifies a specific resource, as in database a record, some
This URL parameter for index server resource is identified as indexing parameter by file, object etc..Such as url:
A.com? userId=10&errorId=0, wherein its value is the rope to user information in database for userId parameter
Draw, the information of some user can be inquired in the database according to the parameter value of userId, then identification userId is index ginseng
Number.And for errorId parameter, what its value represented is web program error type, not to the index of a certain resource, therefore
Identify that errorId parameter is not indexing parameter.
It, can also be further from institute after being used for the indexing parameter of index server resource in identifying the URL parameter
State the privately owned parameter extracted in indexing parameter for indexing user's private privileges.Wherein, the resource of indexing parameter mark may
For shared resource, all users can obtain or modify this resource, it is also possible to which some user is privately owned, other users
Do not have permission to access.If the resource of some indexing parameter mark is that specific user is privately owned, identify that the indexing parameter is privately owned
Parameter.Such as url:a.com? userId=10&articleId=1, there are two indexing parameter userId and
ArticleId, userId parameter are the indexes to user information, and each user is only capable of accessing the user information of oneself,
ArticleId parameter is the index of the article stored in server, and article is shared resource, and each user can access reading
Any article, therefore identify that userId parameter is privately owned parameter, and articleId parameter is not privately owned parameter.
After being used for the indexing parameter of index server resource in identifying the URL parameter, counted using session identification
One specific user index of reference parameter value situation in each session, is visited in each session according to a specific user
The indexing parameter value condition asked can extract the privately owned parameter for indexing user's private privileges from the indexing parameter.
Step S30 carries out preset loophole test operation of going beyond one's commission to each privately owned parameter, is determined according to test result
In the presence of the privately owned parameter for loophole of going beyond one's commission.
In lateral unauthorized access, if user A and user B belong to same role X, possess identical Permission Levels, user A
Respective private data (data A and data B) can be obtained with user B, but if system only demonstrates the role that can access data,
Without running business into particular one point to data or verification, cause user A that the data (data B) of user B can be accessed, then user A is accessed
This behavior of data B just constitutes lateral unauthorized access.In the present embodiment, it can be obtained by the privately owned parameter for user
Other side's private data causes to go beyond one's commission the feature of loophole, and the preset loophole test behaviour that goes beyond one's commission can be carried out to each privately owned parameter
Make, the value as changed the privately owned parameter formed test access link tested, change as described in the value of privately owned parameter access not
The modes such as the private data with user test privately owned parameter with the presence or absence of loophole of going beyond one's commission.It can determine to exist according to test result and get over
Weigh the privately owned parameter of loophole.
URL parameter information to be detected and session identification are by preset rules knowledge in the preset time that the present embodiment passes through acquisition
It Chu not be used for the indexing parameter of index server resource in URL parameter to be detected, and extract use from the indexing parameter
In the privately owned parameter of index user's private privileges;Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter to determine
In the presence of the privately owned parameter for loophole of going beyond one's commission.Due to only identifying the indexing parameter in test scope in all URL parameters, and only to from institute
It states the privately owned parameter extracted in indexing parameter and carries out loophole test of going beyond one's commission, greatly improve detection efficiency, and inspection can be covered
It is high to survey all URL parameters that there is loophole of going beyond one's commission, discrimination in test scope.
Further, in other embodiments, above-mentioned steps S20 may include:
The value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information meets value feature pre-
If the URL parameter of condition is identified as indexing parameter, the indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to the session identification, if
The different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identifies that the indexing parameter is privately owned
Parameter, the private parameter is for indexing user's private privileges.
In the present embodiment, since indexing parameter is the parameter for index server resource, and server resource is very numerous
More, the value for needing to index the indexing parameter of different server resource is also very much, in a large amount of HTTP flow informations of different user
The value number of middle indexing parameter also can be very much.Therefore, statistics available to obtain the HTTP stream using this feature of indexing parameter
The value feature for measuring URL parameter in information, is identified as indexing parameter for the URL parameter that value feature meets preset condition.Specifically
Ground, the different value numbers of each URL parameter and the access note of each URL parameter of access in the statistics available HTTP flow information
Record item number;If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are in the access record strip
Proportion reaches preset ratio in number, then identifies that the URL parameter is indexing parameter.Such as the HTTP flow information for acquisition
Each URL parameter of middle appearance can identify indexing parameter by the following conditions:
(1)n_total≥threshold1,
(2)rate≥threshold2,
Wherein, rate=n_unique/n_total, n_total are the record total number for accessing the URL parameter, n_
Unique is the number of the URL parameter difference value.threshold1、threshold2It can be configured according to specific requirements, such as
threshold1Desirable 1000, to guarantee sample size abundance;threshold2Desirable 0.1, certainly, also do not limit threshold1、
threshold2For other values.When URL parameter meets condition (1), (2) simultaneously, then identify the URL parameter for index ginseng
Number.Such as the url:a.com in the HTTP flow information of acquisition? userId=10&errorId=1 respectively has 1000 records
Access the two URL parameters of userId and errorId, in this 1000 records, userId parameter there are 350 different values, then
The corresponding rate value of userId parameter is 0.35, and errorId parameter only has 10 different values, then errorId parameter is corresponding
Rate value be 0.01, then according to the identification condition (1) of above-mentioned indexing parameter, (2), identification userId parameter is index ginseng
Number, and errorId parameter is not then indexing parameter.
And for privately owned parameter, each user is only capable of accessing the parameter value of one's own resource.Session identification exists
Its validity period internal labeling is a specific user, and therefore, the parameter value that a session identification is accessed within its period should
It is unique.Therefore, the different parameters of the average individual session access of each indexing parameter can be obtained according to the session identification
It is worth number, if the different parameters value number that the average individual session of indexing parameter accesses is less than predetermined number, identifies the index
Parameter is privately owned parameter.Specifically, in acquisition HTTP flow information, each session for counting each indexing parameter is accessed
Different parameters value number, and calculate obtain each indexing parameter average individual session access different parameters value number
values_per_session.If values_per_session < threshold3, then identify that the indexing parameter is privately owned ginseng
Number.In actual scene, since some special circumstances such as have attack traffic, a session identification is caused to be visited within its period
The parameter value asked also is not necessarily uniquely, i.e., the different parameters value number of the average individual session access of privately owned parameter
The value of values_per_session is without cease to be equal to 1, but is close to 1, therefore, in order to adapt in actual scene to privately owned ginseng
In the present embodiment, judgment threshold threshold is arranged in several identification3It is 1.5, it certainly, can also be as needed to threshold3
Value be adjusted, be not limited thereto.Such as the url:a.com in the HTTP flow information of acquisition? userId=10&
ArticleId=1 identifies two indexing parameter userId parameters and articleId parameter, and userId parameter is as server
The index of user information in database, the index for the article that articleId parameter is stored as server.The HTTP of statistics gatherer
The record of all access userId parameters, is obtained by calculation the individual session average access of userId parameter in flow information
1.05 different parameters values, the i.e. values_per_session=1.05 of userId parameter, that is to say, that all access
The session of userId parameter, substantially each session only access a parameter value, meet the criterion of privately owned parameter, so knowing
Other userId parameter is privately owned parameter.Equally, for articleId parameter, individual session average access 6.52 are counted on
Different parameters value, the i.e. values_per_session=6.52 of articleId parameter, illustrate the parameter value index resource with
User is not to correspond, so identification articleId parameter is non-private parameter.
In this way, the specific value feature of URL parameter in the HTTP flow information to acquisition can be passed through in the present embodiment
It is counted, identifies the indexing parameter for being used to index server resource in the HTTP flow information.Join again from the index
The privately owned parameter for indexing user's private privileges is extracted in number;For being got over subsequently through to the privately owned parameter identified
Power loophole is tested and monitors to detect in web access with the presence or absence of loophole of going beyond one's commission.
Further, in other embodiments, when the session identification includes the first session identification and the second session identification
When, above-mentioned steps S30 may include:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains in first session identification
First parameter value of privately owned parameter described in corresponding session, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session
The second parameter value of privately owned parameter described in corresponding session is identified, and records the second return information of feedback;
Construction is accessed described privately owned using the HTTP test request of second session identification and first parameter value
Parameter, and record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first
Return information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
In the present embodiment, to the privately owned parameter identified go beyond one's commission loophole test when, can be in gateway to each
Privately owned parameter carries out loophole test of going beyond one's commission.If listening to some HTTP request with session identification SessionIdAIt is privately owned to access this
Parameter, parameter value are denoted as ParamA, record back page note PageA;If listening to some HTTP request with session identification
SessionIdBThe privately owned parameter is accessed, parameter value is denoted as ParamB, record back page note PageB.HTTP request is constructed, is made
With session identification SessionIdB, parameter value ParamA, the parameter is accessed, back page Page is recordedBA.If PageA≠PageB,
And PageA=PageBA, it is determined that there is loophole of going beyond one's commission in the privately owned parameter.Such as userId is the privately owned parameter identified, is pair
The index of user information.The userId parameter is monitored in gateway, if monitoring that user A has accessed parameter
UserId=a, user B have accessed parameter userId=b, can construct HTTP request, access ginseng using the session identification of user B
Number userId=a illustrates that this parameter of userId has leakage of going beyond one's commission if the information that server returns is identical as user A
Hole.
By being monitored and tested to each privately owned parameter in the present embodiment, may recognize that in the presence of the privately owned of loophole of going beyond one's commission
Parameter, can cover it is all in detection test scope there are the URL parameters of loophole of going beyond one's commission, can go out that there are URL to get over automatic identification
It weighs the web application of loophole and specifically there are the URL parameters of loophole.
As shown in Fig. 2, second embodiment of the invention proposes a kind of leak detection method of going beyond one's commission of web access, in above-mentioned reality
On the basis of applying example, after above-mentioned steps S30 further include:
Step S40 shows there is the privately owned parameter for loophole of going beyond one's commission, so that user is directed to the privately owned parameter that there is loophole of going beyond one's commission
Carry out corresponding risk fence operation.
In the present embodiment after identifying in the presence of the privately owned parameter for loophole of going beyond one's commission, show there is the privately owned ginseng for loophole of going beyond one's commission
Number, to inform user in time, there is currently the URL parameters for loophole of going beyond one's commission, and user is prompted to be directed to the URL ginseng that there is loophole of going beyond one's commission
Number carries out corresponding risk fence operation, to be effectively prevented from because loophole of going beyond one's commission causes the sensitive data of user to leak.
The present invention further provides a kind of Hole Detection devices of going beyond one's commission of web access.
Referring to the functional module signal for the Hole Detection device first embodiment of going beyond one's commission that Fig. 3, Fig. 3 are web of the present invention access
Figure.
In the first embodiment, the Hole Detection device of going beyond one's commission of web access includes:
Acquisition module 01, for acquiring HTTP flow information to be detected in preset time, the HTTP flow information packet
Include URL parameter information and session identification, wherein the URL parameter information includes URL parameter and parameter value;
In the present embodiment, when need to detect web access go beyond one's commission loophole when, can acquire in preset time by gateway
Hypertext transfer protocol (HyperText Transfer Protocol, abbreviation HTTP) flow information, the HTTP flow of acquisition
Information can include: IP information, URL, URL parameter information, session identification in cookie field etc., such as extractable HTTP request packet
The value of JSESSOINID, ASP.NET_SessionId, PHPSESSID field is as session identification in cookie header field.Wherein,
The acquisition duration of HTTP flow information to be detected can be preset by user or gateway according to the needs of detection, such as may be used
It is set as fixed duration, such as a length of 1 day, 7 days etc. when the settable acquisition;It may be alternatively provided as fixed quantity, for example, at some
When the access record of URL parameter reaches 1000, then stop the acquisition of the URL parameter;Here, to the acquisition side of HTTP flow information
Formula is not construed as limiting.URL parameter information in the HTTP flow information of acquisition may include the correlations such as URL parameter and corresponding parameter value
Information.
Identification module 02, for identifying that the URL joins by preset rules according to the URL parameter information and session identification
It is used for the indexing parameter of index server resource in number, and extracts from the indexing parameter for indexing user's private privileges
Privately owned parameter;
Due in the HTTP flow information of acquisition include all URL parameters, parameter value and session identification, can be according to each
Frequency of occurrence, value feature etc. of the URL parameter in the HTTP flow information of acquisition identify the HTTP flow information of acquisition
The indexing parameter of index server resource is used in all URL parameters.Wherein, in the parameter that URL is passed to, some parameters are represented
To the index of a certain resource of server, parameter value identifies a specific resource, as in database a record, some
This URL parameter for index server resource is identified as indexing parameter by file, object etc..Such as url:
A.com? userId=10&errorId=0, wherein its value is the rope to user information in database for userId parameter
Draw, the information of some user can be inquired in the database according to the parameter value of userId, then identification userId is index ginseng
Number.And for errorId parameter, what its value represented is web program error type, not to the index of a certain resource, therefore
Identify that errorId parameter is not indexing parameter.
It, can also be further from institute after being used for the indexing parameter of index server resource in identifying the URL parameter
State the privately owned parameter extracted in indexing parameter for indexing user's private privileges.Wherein, the resource of indexing parameter mark may
For shared resource, all users can obtain or modify this resource, it is also possible to which some user is privately owned, other users
Do not have permission to access.If the resource of some indexing parameter mark is that specific user is privately owned, identify that the indexing parameter is privately owned
Parameter.Such as url:a.com? userId=10&articleId=1, there are two indexing parameter userId and
ArticleId, userId parameter are the indexes to user information, and each user is only capable of accessing the user information of oneself,
ArticleId parameter is the index of the article stored in server, and article is shared resource, and each user can access reading
Any article, therefore identify that userId parameter is privately owned parameter, and articleId parameter is not privately owned parameter.
After being used for the indexing parameter of index server resource in identifying the URL parameter, counted using session identification
One specific user index of reference parameter value situation in each session, is visited in each session according to a specific user
The indexing parameter value condition asked can extract the privately owned parameter for indexing user's private privileges from the indexing parameter.
Test module 03, for carrying out preset loophole test operation of going beyond one's commission to each privately owned parameter, according to test
As a result the privately owned parameter that there is loophole of going beyond one's commission is determined.
In lateral unauthorized access, if user A and user B belong to same role X, possess identical Permission Levels, user A
Respective private data (data A and data B) can be obtained with user B, but if system only demonstrates the role that can access data,
Without running business into particular one point to data or verification, cause user A that the data (data B) of user B can be accessed, then user A is accessed
This behavior of data B just constitutes lateral unauthorized access.In the present embodiment, it can be obtained by the privately owned parameter for user
Other side's private data causes to go beyond one's commission the feature of loophole, and the preset loophole test behaviour that goes beyond one's commission can be carried out to each privately owned parameter
Make, the value as changed the privately owned parameter formed test access link tested, change as described in the value of privately owned parameter access not
The modes such as the private data with user test privately owned parameter with the presence or absence of loophole of going beyond one's commission.It can determine to exist according to test result and get over
Weigh the privately owned parameter of loophole.
URL parameter information to be detected and session identification are by preset rules knowledge in the preset time that the present embodiment passes through acquisition
It Chu not be used for the indexing parameter of index server resource in URL parameter to be detected, and extract use from the indexing parameter
In the privately owned parameter of index user's private privileges;Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter to determine
In the presence of the privately owned parameter for loophole of going beyond one's commission.Due to only identifying the indexing parameter in test scope in all URL parameters, and only to from institute
It states the privately owned parameter extracted in indexing parameter and carries out loophole test of going beyond one's commission, greatly improve detection efficiency, and inspection can be covered
It is high to survey all URL parameters that there is loophole of going beyond one's commission, discrimination in test scope.
Further, in other embodiments, above-mentioned identification module 02 can be used for:
The value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information meets value feature pre-
If the URL parameter of condition is identified as indexing parameter, the indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to the session identification, if
The different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identifies that the indexing parameter is privately owned
Parameter, the private parameter is for indexing user's private privileges.
In the present embodiment, since indexing parameter is the parameter for index server resource, and server resource is very numerous
More, the value for needing to index the indexing parameter of different server resource is also very much, in a large amount of HTTP flow informations of different user
The value number of middle indexing parameter also can be very much.Therefore, statistics available to obtain the HTTP stream using this feature of indexing parameter
The value feature for measuring URL parameter in information, is identified as indexing parameter for the URL parameter that value feature meets preset condition.Specifically
Ground, the different value numbers of each URL parameter and the access note of each URL parameter of access in the statistics available HTTP flow information
Record item number;If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are in the access record strip
Proportion reaches preset ratio in number, then identifies that the URL parameter is indexing parameter.Such as the HTTP flow information for acquisition
Each URL parameter of middle appearance can identify indexing parameter by the following conditions:
(1)n_total≥threshold1,
(2)rate≥threshold2,
Wherein, rate=n_unique/n_total, n_total are the record total number for accessing the URL parameter, n_
Unique is the number of the URL parameter difference value.threshold1、threshold2It can be configured according to specific requirements, such as
threshold1Desirable 1000, to guarantee sample size abundance;threshold2Desirable 0.1, certainly, also do not limit threshold1、
threshold2For other values.When URL parameter meets condition (1), (2) simultaneously, then identify the URL parameter for index ginseng
Number.Such as the url:a.com in the HTTP flow information of acquisition? userId=10&errorId=1 respectively has 1000 records
Access the two URL parameters of userId and errorId, in this 1000 records, userId parameter there are 350 different values, then
The corresponding rate value of userId parameter is 0.35, and errorId parameter only has 10 different values, then errorId parameter is corresponding
Rate value be 0.01, then according to the identification condition (1) of above-mentioned indexing parameter, (2), identification userId parameter is index ginseng
Number, and errorId parameter is not then indexing parameter.
And for privately owned parameter, each user is only capable of accessing the parameter value of one's own resource.Session identification exists
Its validity period internal labeling is a specific user, and therefore, the parameter value that a session identification is accessed within its period should
It is unique.Therefore, the different parameters of the average individual session access of each indexing parameter can be obtained according to the session identification
It is worth number, if the different parameters value number that the average individual session of indexing parameter accesses is less than predetermined number, identifies the index
Parameter is privately owned parameter.Specifically, in acquisition HTTP flow information, each session for counting each indexing parameter is accessed
Different parameters value number, and calculate obtain each indexing parameter average individual session access different parameters value number
values_per_session.If values_per_session < threshold3, then identify that the indexing parameter is privately owned ginseng
Number.In actual scene, since some special circumstances such as have attack traffic, a session identification is caused to be visited within its period
The parameter value asked also is not necessarily uniquely, i.e., the different parameters value number of the average individual session access of privately owned parameter
The value of values_per_session is without cease to be equal to 1, but is close to 1, therefore, in order to adapt in actual scene to privately owned ginseng
In the present embodiment, judgment threshold threshold is arranged in several identification3It is 1.5, it certainly, can also be as needed to threshold3
Value be adjusted, be not limited thereto.Such as the url:a.com in the HTTP flow information of acquisition? userId=10&
ArticleId=1 identifies two indexing parameter userId parameters and articleId parameter, and userId parameter is as server
The index of user information in database, the index for the article that articleId parameter is stored as server.The HTTP of statistics gatherer
The record of all access userId parameters, is obtained by calculation the individual session average access of userId parameter in flow information
1.05 different parameters values, the i.e. values_per_session=1.05 of userId parameter, that is to say, that all access
The session of userId parameter, substantially each session only access a parameter value, meet the criterion of privately owned parameter, so knowing
Other userId parameter is privately owned parameter.Equally, for articleId parameter, individual session average access 6.52 are counted on
Different parameters value, the i.e. values_per_session=6.52 of articleId parameter, illustrate the parameter value index resource with
User is not to correspond, so identification articleId parameter is non-private parameter.
In this way, the specific value feature of URL parameter in the HTTP flow information to acquisition can be passed through in the present embodiment
It is counted, identifies the indexing parameter for being used to index server resource in the HTTP flow information.Join again from the index
The privately owned parameter for indexing user's private privileges is extracted in number;For being got over subsequently through to the privately owned parameter identified
Power loophole is tested and monitors to detect in web access with the presence or absence of loophole of going beyond one's commission.
Further, in other embodiments, when the session identification includes the first session identification and the second session identification
When, above-mentioned test module 03 can be used for:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains in first session identification
First parameter value of privately owned parameter described in corresponding session, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session
The second parameter value of privately owned parameter described in corresponding session is identified, and records the second return information of feedback;
Construction is accessed described privately owned using the HTTP test request of second session identification and first parameter value
Parameter, and record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first
Return information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
In the present embodiment, to the privately owned parameter identified go beyond one's commission loophole test when, can be in gateway to each
Privately owned parameter carries out loophole test of going beyond one's commission.If listening to some HTTP request with session identification SessionIdAIt is privately owned to access this
Parameter, parameter value are denoted as ParamA, record back page note PageA;If listening to some HTTP request with session identification
SessionIdBThe privately owned parameter is accessed, parameter value is denoted as ParamB, record back page note PageB.HTTP request is constructed, is made
With session identification SessionIdB, parameter value ParamA, the parameter is accessed, back page Page is recordedBA.If PageA≠PageB,
And PageA=PageBA, it is determined that there is loophole of going beyond one's commission in the privately owned parameter.Such as userId is the privately owned parameter identified, is pair
The index of user information.The userId parameter is monitored in gateway, if monitoring that user A has accessed parameter
UserId=a, user B have accessed parameter userId=b, can construct HTTP request, access ginseng using the session identification of user B
Number userId=a illustrates that this parameter of userId has leakage of going beyond one's commission if the information that server returns is identical as user A
Hole.
By being monitored and tested to each privately owned parameter in the present embodiment, may recognize that in the presence of the privately owned of loophole of going beyond one's commission
Parameter, can cover it is all in detection test scope there are the URL parameters of loophole of going beyond one's commission, can go out that there are URL to get over automatic identification
It weighs the web application of loophole and specifically there are the URL parameters of loophole.
As shown in figure 4, second embodiment of the invention proposes a kind of Hole Detection device of going beyond one's commission of web access, in above-mentioned reality
On the basis of applying example, further includes:
There is loophole of going beyond one's commission for showing the privately owned parameter in the presence of loophole of going beyond one's commission so that user is directed in display module 04
Privately owned parameter carries out corresponding risk fence operation.
In the present embodiment after identifying in the presence of the privately owned parameter for loophole of going beyond one's commission, show there is the privately owned ginseng for loophole of going beyond one's commission
Number, to inform user in time, there is currently the URL parameters for loophole of going beyond one's commission, and user is prompted to be directed to the URL ginseng that there is loophole of going beyond one's commission
Number carries out corresponding risk fence operation, to be effectively prevented from because loophole of going beyond one's commission causes the sensitive data of user to leak.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.Pass through above embodiment party
The description of formula, it is required general that those skilled in the art can be understood that above-described embodiment method can add by software
The mode of hardware platform is realized, naturally it is also possible to which by hardware, but in many cases, the former is more preferably embodiment.It is based on
Such understanding, substantially the part that contributes to existing technology can be with software product in other words for technical solution of the present invention
Form embody, which is stored in a storage medium (such as ROM/RAM, magnetic disk, CD), including
Some instructions are used so that a terminal device (can be mobile phone, computer, server or the network equipment etc.) executes this hair
Method described in bright each embodiment.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (8)
1. a kind of leak detection method of going beyond one's commission of web access, which is characterized in that the described method comprises the following steps:
HTTP flow information to be detected in preset time is acquired, the HTTP flow information includes URL parameter information and session
Mark, wherein the URL parameter information includes URL parameter and parameter value;
Value feature is met default item by the value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information
The URL parameter of part is identified as indexing parameter, and the indexing parameter is used for index server resource;
The different parameters value number that the average individual session access of each indexing parameter is obtained according to the session identification, if index
The different parameters value number of the average individual session access of parameter is less than predetermined number, then identifies that the indexing parameter is privately owned ginseng
Number, the privately owned parameter is for indexing user's private privileges;
Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter, determines there is loophole of going beyond one's commission according to test result
Privately owned parameter.
2. the leak detection method of going beyond one's commission of web access as described in claim 1, which is characterized in that described to obtain the HTTP
The value feature of the corresponding parameter value of URL parameter, the URL parameter that value feature meets preset condition is identified as in flow information
The step of indexing parameter includes:
Count the different value numbers and the every URL of access of the corresponding parameter value of each URL parameter in the HTTP flow information
The access record strip number of parameter;
If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are in the access record strip number
Middle proportion reaches preset ratio, then identifies that the URL parameter is indexing parameter.
3. the leak detection method of going beyond one's commission of web access as described in claim 1, which is characterized in that when the session identification packet
It is described that the preset loophole test behaviour that goes beyond one's commission is carried out to each privately owned parameter when including the first session identification and the second session identification
Make, according to test result determine exist go beyond one's commission loophole privately owned parameter the step of include:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains corresponding in first session identification
Session described in privately owned parameter the first parameter value, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session identification
Second parameter value of privately owned parameter described in corresponding session, and record the second return information of feedback;
Construction accesses the privately owned parameter using the HTTP test request of second session identification and first parameter value,
And record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first returns
Information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
4. the leak detection method of going beyond one's commission of web access as described in claim 1, which is characterized in that described to each private
The step of thering is parameter to carry out preset loophole test operation of going beyond one's commission, the privately owned parameter that there is loophole of going beyond one's commission is determined according to test result
Later further include:
It shows there is the privately owned parameter for loophole of going beyond one's commission, carries out corresponding wind so that user is directed to the privately owned parameter that there is loophole of going beyond one's commission
Dangerous fence operation.
5. a kind of Hole Detection device of going beyond one's commission of web access, which is characterized in that the Hole Detection device of going beyond one's commission of the web access
Include:
Acquisition module, for acquiring HTTP flow information to be detected in preset time, the HTTP flow information includes URL ginseng
Number information and session identification, wherein the URL parameter information includes URL parameter and parameter value;
Identification module is used for being identified in the URL parameter according to the URL parameter information and session identification by preset rules
It extracts in the indexing parameter of index server resource, and from the indexing parameter for indexing the privately owned of user's private privileges
Parameter;
Test module, it is true according to test result for carrying out preset loophole test operation of going beyond one's commission to each privately owned parameter
The fixed privately owned parameter that there is loophole of going beyond one's commission;
Wherein, the identification module is specifically used for:
Value feature is met default item by the value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information
The URL parameter of part is identified as indexing parameter, and the indexing parameter is used for index server resource;It is obtained according to the session identification
The different parameters value number of the average individual session access of each indexing parameter, if what the average individual session of indexing parameter accessed
Different parameters value number is less than predetermined number, then identifies that the indexing parameter is privately owned parameter, the privately owned parameter is used for indexing
Family private privileges.
6. the Hole Detection device of going beyond one's commission of web access as claimed in claim 5, which is characterized in that the identification module is specific
For:
Count the different value numbers and the every URL of access of the corresponding parameter value of each URL parameter in the HTTP flow information
The access record strip number of parameter;
If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are in the access record strip number
Middle proportion reaches preset ratio, then identifies that the URL parameter is indexing parameter.
7. the Hole Detection device of going beyond one's commission of web access as claimed in claim 5, which is characterized in that when the session identification packet
When including the first session identification and the second session identification, the test module is specifically used for:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains corresponding in first session identification
Session described in privately owned parameter the first parameter value, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session identification
Second parameter value of privately owned parameter described in corresponding session, and record the second return information of feedback;
Construction accesses the privately owned parameter using the HTTP test request of second session identification and first parameter value,
And record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first returns
Information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
8. the Hole Detection device of going beyond one's commission of web access as claimed in claim 5, which is characterized in that further include:
Display module, for showing the privately owned parameter in the presence of loophole of going beyond one's commission, so that user is directed to the privately owned ginseng that there is loophole of going beyond one's commission
Number carries out corresponding risk fence operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510728727.6A CN105357195B (en) | 2015-10-30 | 2015-10-30 | Go beyond one's commission leak detection method and the device of web access |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510728727.6A CN105357195B (en) | 2015-10-30 | 2015-10-30 | Go beyond one's commission leak detection method and the device of web access |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105357195A CN105357195A (en) | 2016-02-24 |
CN105357195B true CN105357195B (en) | 2019-06-14 |
Family
ID=55333059
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510728727.6A Active CN105357195B (en) | 2015-10-30 | 2015-10-30 | Go beyond one's commission leak detection method and the device of web access |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105357195B (en) |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294919A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of detection method and device of horizontal authority leak |
CN106027528B (en) * | 2016-05-24 | 2019-07-12 | 微梦创科网络科技(中国)有限公司 | A kind of method and device of the horizontal permission automatic identification of WEB |
CN106101082A (en) * | 2016-05-31 | 2016-11-09 | 乐视控股(北京)有限公司 | authority leak detection method and device |
CN107547490B (en) * | 2016-06-29 | 2020-12-04 | 阿里巴巴集团控股有限公司 | Scanner identification method, device and system |
CN106713347B (en) * | 2017-01-18 | 2019-06-11 | 国网江苏省电力公司电力科学研究院 | A kind of electric power mobile application unauthorized access leak detection method |
CN108334758B (en) * | 2017-01-20 | 2020-08-18 | 中国移动通信集团山西有限公司 | Method, device and equipment for detecting user unauthorized behavior |
CN108667770B (en) * | 2017-03-29 | 2020-12-18 | 腾讯科技(深圳)有限公司 | Website vulnerability testing method, server and system |
CN108696490A (en) * | 2017-04-11 | 2018-10-23 | 腾讯科技(深圳)有限公司 | The recognition methods of account permission and device |
CN108875368A (en) * | 2017-05-10 | 2018-11-23 | 北京金山云网络技术有限公司 | A kind of safety detection method, apparatus and system |
CN107577949A (en) * | 2017-09-05 | 2018-01-12 | 郑州云海信息技术有限公司 | A kind of Web goes beyond one's commission leak detection method and system |
CN107920062B (en) * | 2017-11-03 | 2020-06-05 | 北京知道创宇信息技术股份有限公司 | Construction method of business logic attack detection model and computing equipment |
CN108228791A (en) * | 2017-12-29 | 2018-06-29 | 北京奇虎科技有限公司 | The recognition methods of data and device |
CN108833365B (en) * | 2018-05-24 | 2021-06-15 | 杭州默安科技有限公司 | Traffic-based service logic vulnerability detection method and system |
CN110581835B (en) * | 2018-06-11 | 2022-04-12 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and device and terminal equipment |
CN108932426B (en) * | 2018-06-27 | 2022-05-03 | 平安科技(深圳)有限公司 | Unauthorized vulnerability detection method and device |
CN108769070A (en) * | 2018-06-30 | 2018-11-06 | 平安科技(深圳)有限公司 | One kind is gone beyond one's commission leak detection method and device |
CN110135166B (en) * | 2019-05-08 | 2021-03-30 | 北京国舜科技股份有限公司 | Detection method and system for service logic vulnerability attack |
CN111107052A (en) * | 2019-11-04 | 2020-05-05 | 广发银行股份有限公司 | Method, apparatus, computer device and storage medium for identifying unauthorized detection points |
CN111209565B (en) * | 2020-01-08 | 2022-12-23 | 招商银行股份有限公司 | Horizontal override vulnerability detection method, equipment and computer readable storage medium |
CN111427774A (en) * | 2020-03-09 | 2020-07-17 | 深圳开源互联网安全技术有限公司 | Request parameter modification method and system for application program test case |
CN111416811B (en) * | 2020-03-16 | 2022-07-22 | 携程旅游信息技术(上海)有限公司 | Unauthorized vulnerability detection method, system, equipment and storage medium |
CN111949548B (en) * | 2020-08-24 | 2022-08-26 | 福建国信立联科技集团有限公司 | Automatic unauthorized penetration testing method and storage device |
CN112118259B (en) * | 2020-09-17 | 2022-04-15 | 四川长虹电器股份有限公司 | Unauthorized vulnerability detection method based on classification model of lifting tree |
CN113111951B (en) * | 2021-04-20 | 2023-08-01 | 浙江网商银行股份有限公司 | Data processing method and device |
CN113590461B (en) * | 2021-06-01 | 2024-04-23 | 的卢技术有限公司 | Test method for realizing override of automobile user data based on fidder |
CN114826717B (en) * | 2022-04-18 | 2024-02-23 | 深信服科技股份有限公司 | Abnormal access detection method and device, electronic equipment and storage medium |
CN115664743A (en) * | 2022-10-17 | 2023-01-31 | 浙江网商银行股份有限公司 | Behavior detection method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104301302A (en) * | 2014-09-12 | 2015-01-21 | 深信服网络科技(深圳)有限公司 | Unauthorized attack detection method and device |
CN104519070A (en) * | 2014-12-31 | 2015-04-15 | 北京奇虎科技有限公司 | Method and system for detecting website permission vulnerabilities |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9112863B2 (en) * | 2009-12-14 | 2015-08-18 | International Business Machines Corporation | Method, program product and server for controlling a resource access to an electronic resource stored within a protected data environment |
-
2015
- 2015-10-30 CN CN201510728727.6A patent/CN105357195B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104301302A (en) * | 2014-09-12 | 2015-01-21 | 深信服网络科技(深圳)有限公司 | Unauthorized attack detection method and device |
CN104519070A (en) * | 2014-12-31 | 2015-04-15 | 北京奇虎科技有限公司 | Method and system for detecting website permission vulnerabilities |
Also Published As
Publication number | Publication date |
---|---|
CN105357195A (en) | 2016-02-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105357195B (en) | Go beyond one's commission leak detection method and the device of web access | |
CN104391979B (en) | Network malice reptile recognition methods and device | |
CN109951500A (en) | Network attack detecting method and device | |
CN104917643B (en) | Abnormal account detection method and device | |
CN104301302B (en) | Go beyond one's commission attack detection method and device | |
CN103368957B (en) | Method and system that web page access behavior is processed, client, server | |
CN107465651A (en) | Network attack detecting method and device | |
CN100362805C (en) | Multifunctional management system for detecting erotic images and unhealthy information in network | |
CN109039987A (en) | A kind of user account login method, device, electronic equipment and storage medium | |
CN103023906B (en) | Method and system aiming at remote procedure calling conventions to perform status tracking | |
CN108989150A (en) | A kind of login method for detecting abnormality and device | |
CN108540431A (en) | The recognition methods of account type, device and system | |
CN105471819A (en) | Account abnormity detection method and account abnormity detection device | |
CN108768883A (en) | A kind of network flow identification method and device | |
CN106302534B (en) | A kind of method and system of detection and processing illegal user | |
CN103259805B (en) | The domain name access control method evaluated based on user and system | |
CN104462973B (en) | The dynamic malicious act detecting system and method for application program in mobile terminal | |
CN107465648A (en) | The recognition methods of warping apparatus and device | |
CN103581909B (en) | The localization method of a kind of doubtful mobile phone Malware and device thereof | |
CN108206769A (en) | Method, apparatus, equipment and the medium of screen quality alarm | |
CN109831429A (en) | A kind of Webshell detection method and device | |
CN110417747A (en) | A kind of detection method and device of Brute Force behavior | |
CN104486320B (en) | Intranet sensitive information leakage evidence-obtaining system and method based on sweet network technology | |
CN107528812A (en) | A kind of attack detection method and device | |
Ding et al. | Stalking Beijing from Timbuktu: a generic measurement approach for exploiting location-based social discovery |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 518000 the first floor of A1 building, Nanshan Zhiyuan 1001, Nanshan District Xue Yuan Avenue, Shenzhen, Guangdong. Applicant after: SINFOR Polytron Technologies Inc Address before: 518052 the first floor of A1 building, Nanshan Zhiyuan 1001, Nanshan District Xue Yuan Avenue, Shenzhen, Guangdong. Applicant before: Shenxinfu Electronics Science and Technology Co., Ltd., Shenzhen |
|
GR01 | Patent grant | ||
GR01 | Patent grant |