CN105357195B - Go beyond one's commission leak detection method and the device of web access - Google Patents

Go beyond one's commission leak detection method and the device of web access Download PDF

Info

Publication number
CN105357195B
CN105357195B CN201510728727.6A CN201510728727A CN105357195B CN 105357195 B CN105357195 B CN 105357195B CN 201510728727 A CN201510728727 A CN 201510728727A CN 105357195 B CN105357195 B CN 105357195B
Authority
CN
China
Prior art keywords
parameter
privately owned
commission
url
indexing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510728727.6A
Other languages
Chinese (zh)
Other versions
CN105357195A (en
Inventor
王蔚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201510728727.6A priority Critical patent/CN105357195B/en
Publication of CN105357195A publication Critical patent/CN105357195A/en
Application granted granted Critical
Publication of CN105357195B publication Critical patent/CN105357195B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Abstract

The invention discloses a kind of leak detection methods of going beyond one's commission of web access, the following steps are included: HTTP flow information to be detected in acquisition preset time, the HTTP flow information includes URL parameter and session identification, wherein the URL parameter information includes URL parameter and parameter value;The indexing parameter for being used for index server resource in the URL parameter is identified by preset rules according to the URL parameter information and session identification, and extracts the privately owned parameter for indexing user's private privileges from the indexing parameter;Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter, determines there is the privately owned parameter for loophole of going beyond one's commission according to test result.The invention also discloses a kind of Hole Detection devices of going beyond one's commission of web access.It is high that the present invention can cover all URL parameters that there is loophole of going beyond one's commission, discrimination in detection test scope.

Description

Go beyond one's commission leak detection method and the device of web access
Technical field
The present invention relates to go beyond one's commission leak detection method and dresses that technical field of network security more particularly to a kind of web access It sets.
Background technique
At present the loophole of most serious present in internet first is that this kind of loophole of unauthorized access, such as positioned in unified resource It accords in (Uniform Resource Locator, abbreviation URL) loophole of going beyond one's commission, due to web programming defect, is passed using URL The property guessed for entering parameter passes through the parameter value of change input, it is possible to cause lateral unauthorized access, take other people privately owned letters Breath.URL loophole of going beyond one's commission is a kind of very big service logic loophole of harm, it can be directly around the Network Security Service on basis Defence, loophole of going beyond one's commission find that difficulty is big.In the prior art, website designer can carry out authorization check to these parameters, it is ensured that use Family is only capable of that one's own resource is accessed, but in this type of application, suchlike data are so more, from number of addresses According to, order information, payment information etc., none does not need to be handled with care.When business complexity to a certain extent after, it is difficult to ensure that this The access of a little data all have passed through stringent authorization check, go beyond one's commission loophole to produce URL.URL loophole of going beyond one's commission can be attacked The person of hitting utilizes, and causes lateral unauthorized access, leads to the leakage of user sensitive information.
In the prior art, the go beyond one's commission detection of loophole of URL is mainly passed through by tester carries out infiltration survey to web program Examination, artificial detection spring a leak, i.e., find to exist and get over manually handling the indiscriminate artificial detection of various URL parameters progress entirely The URL parameter of loophole is weighed, not only efficiency is lower, labor intensive, and it is all in test scope to cannot ensure that covering detects URL parameter.
Summary of the invention
The main purpose of the present invention is to provide go beyond one's commission leak detection method and the devices of a kind of web access, it is intended to efficiently Cover to rate all URL parameters that there is loophole of going beyond one's commission in detection test scope.
To achieve the above object, the leak detection method of going beyond one's commission of a kind of web access provided by the invention, the method includes Following steps:
Acquire preset time in HTTP flow information to be detected, the HTTP flow information include URL parameter information and Session identification, wherein the URL parameter information includes URL parameter and parameter value;
It is identified in the URL parameter by preset rules for indexing clothes according to the URL parameter information and session identification The indexing parameter for device resource of being engaged in, and extract from the indexing parameter the privately owned parameter for indexing user's private privileges;
Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter, is determined to exist according to test result and be gone beyond one's commission The privately owned parameter of loophole.
Preferably, described to be identified in the URL parameter according to the URL parameter information and session identification by preset rules For the indexing parameter of index server resource, and extract from the indexing parameter private for indexing user's private privileges There is the step of parameter to include:
The value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information meets value feature pre- If the URL parameter of condition is identified as indexing parameter, the indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to the session identification, if The different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identifies that the indexing parameter is privately owned Parameter, the private parameter is for indexing user's private privileges.
Preferably, the statistics obtains the value feature of the corresponding parameter value of URL parameter in the HTTP flow information, will The step of URL parameter that value feature meets preset condition is identified as indexing parameter include:
Count the visit of the different value numbers of each URL parameter and each URL parameter of access in the HTTP flow information Ask record strip number;
If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are recorded in the access Proportion reaches preset ratio in item number, then identifies that the URL parameter is indexing parameter.
Preferably, described to each described when the session identification includes the first session identification and the second session identification Privately owned parameter carries out preset loophole test operation of going beyond one's commission, and determines there is the step of the privately owned parameter for loophole of going beyond one's commission according to test result Suddenly include:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains in first session identification First parameter value of privately owned parameter described in corresponding session, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session The second parameter value of privately owned parameter described in corresponding session is identified, and records the second return information of feedback;
Construction is accessed described privately owned using the HTTP test request of second session identification and first parameter value Parameter, and record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first Return information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
Preferably, described that preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter, according to test result After the step of determining the privately owned parameter that there is loophole of going beyond one's commission further include:
Show there is the privately owned parameter for loophole of going beyond one's commission, so that user is corresponding for the privately owned parameter progress that there is loophole of going beyond one's commission Risk fence operation.
In addition, to achieve the above object, the present invention also provides a kind of Hole Detection device of going beyond one's commission of web access, the web Access Hole Detection device of going beyond one's commission include:
Acquisition module, for acquiring HTTP flow information to be detected in preset time, the HTTP flow information includes URL parameter information and session identification, wherein the URL parameter information includes URL parameter and parameter value;
Identification module, for identifying the URL parameter by preset rules according to the URL parameter information and session identification In be used for the indexing parameter of index server resource, and extract from the indexing parameter for indexing user's private privileges Privately owned parameter;
Test module is tied for carrying out preset loophole test operation of going beyond one's commission to each privately owned parameter according to test Fruit determines the privately owned parameter that there is loophole of going beyond one's commission.
Preferably, the identification module is specifically used for:
The value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information meets value feature pre- If the URL parameter of condition is identified as indexing parameter, the indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to the session identification, if The different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identifies that the indexing parameter is privately owned Parameter, the private parameter is for indexing user's private privileges.
Preferably, the identification module is specifically used for:
Count the visit of the different value numbers of each URL parameter and each URL parameter of access in the HTTP flow information Ask record strip number;
If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are recorded in the access Proportion reaches preset ratio in item number, then identifies that the URL parameter is indexing parameter.
Preferably, when the session identification includes the first session identification and the second session identification, the test module tool Body is used for:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains in first session identification First parameter value of privately owned parameter described in corresponding session, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session The second parameter value of privately owned parameter described in corresponding session is identified, and records the second return information of feedback;
Construction is accessed described privately owned using the HTTP test request of second session identification and first parameter value Parameter, and record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first Return information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
Preferably, the Hole Detection device of going beyond one's commission of the web access further include:
Display module, for showing the privately owned parameter in the presence of loophole of going beyond one's commission, so that user is directed to the private that there is loophole of going beyond one's commission There is parameter to carry out corresponding risk fence operation.
Go beyond one's commission leak detection method and the device of a kind of web access proposed by the present invention, by the preset time of acquisition URL parameter information to be detected and session identification are identified in URL parameter to be detected by preset rules for index server The indexing parameter of resource, and extract from the indexing parameter the privately owned parameter for indexing user's private privileges;To each The privately owned parameter carries out preset loophole test operation of going beyond one's commission and determines the privately owned parameter that there is loophole of going beyond one's commission.Due to only identifying survey The indexing parameter in range in all URL parameters is tried, and only the privately owned parameter extracted from the indexing parameter is got over Loophole test is weighed, detection efficiency is greatly improved, and all URL ginsengs that there is loophole of going beyond one's commission in detection test scope can be covered Number, discrimination are high.
Detailed description of the invention
Fig. 1 is the flow diagram of the leak detection method first embodiment of going beyond one's commission of web of the present invention access;
Fig. 2 is the flow diagram of the leak detection method second embodiment of going beyond one's commission of web of the present invention access;
Fig. 3 is the functional block diagram of the Hole Detection device first embodiment of going beyond one's commission of web of the present invention access;
Fig. 4 is the functional block diagram of the Hole Detection device second embodiment of going beyond one's commission of web of the present invention access.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of leak detection method of going beyond one's commission of web access.
Referring to Fig.1, Fig. 1 is the flow diagram of the leak detection method first embodiment of going beyond one's commission of web of the present invention access.
In the first embodiment, the leak detection method of going beyond one's commission of web access includes:
Step S10, acquires HTTP flow information to be detected in preset time, and the HTTP flow information includes URL ginseng Number information and session identification, wherein the URL parameter information includes URL parameter and parameter value;
In the present embodiment, when need to detect web access go beyond one's commission loophole when, can acquire in preset time by gateway Hypertext transfer protocol (HyperText Transfer Protocol, abbreviation HTTP) flow information, the HTTP flow of acquisition Information can include: IP information, URL, URL parameter information, session identification in cookie field etc., such as extractable HTTP request packet The value of JSESSOINID, ASP.NET_SessionId, PHPSESSID field is as session identification in cookie header field.Wherein, The acquisition duration of HTTP flow information to be detected can be preset by user or gateway according to the needs of detection, such as may be used It is set as fixed duration, such as a length of 1 day, 7 days etc. when the settable acquisition;It may be alternatively provided as fixed quantity, for example, at some When the access record of URL parameter reaches 1000, then stop the acquisition of the URL parameter;Here, to the acquisition side of HTTP flow information Formula is not construed as limiting.URL parameter information in the HTTP flow information of acquisition may include the correlations such as URL parameter and corresponding parameter value Information.
Step S20 is identified in the URL parameter by preset rules according to the URL parameter information and session identification and is used It extracts in the indexing parameter of index server resource, and from the indexing parameter for indexing the privately owned of user's private privileges Parameter;
Due in the HTTP flow information of acquisition include all URL parameters, parameter value and session identification, can be according to each Frequency of occurrence, value feature etc. of the URL parameter in the HTTP flow information of acquisition identify the HTTP flow information of acquisition The indexing parameter of index server resource is used in all URL parameters.Wherein, in the parameter that URL is passed to, some parameters are represented To the index of a certain resource of server, parameter value identifies a specific resource, as in database a record, some This URL parameter for index server resource is identified as indexing parameter by file, object etc..Such as url: A.com? userId=10&errorId=0, wherein its value is the rope to user information in database for userId parameter Draw, the information of some user can be inquired in the database according to the parameter value of userId, then identification userId is index ginseng Number.And for errorId parameter, what its value represented is web program error type, not to the index of a certain resource, therefore Identify that errorId parameter is not indexing parameter.
It, can also be further from institute after being used for the indexing parameter of index server resource in identifying the URL parameter State the privately owned parameter extracted in indexing parameter for indexing user's private privileges.Wherein, the resource of indexing parameter mark may For shared resource, all users can obtain or modify this resource, it is also possible to which some user is privately owned, other users Do not have permission to access.If the resource of some indexing parameter mark is that specific user is privately owned, identify that the indexing parameter is privately owned Parameter.Such as url:a.com? userId=10&articleId=1, there are two indexing parameter userId and ArticleId, userId parameter are the indexes to user information, and each user is only capable of accessing the user information of oneself, ArticleId parameter is the index of the article stored in server, and article is shared resource, and each user can access reading Any article, therefore identify that userId parameter is privately owned parameter, and articleId parameter is not privately owned parameter.
After being used for the indexing parameter of index server resource in identifying the URL parameter, counted using session identification One specific user index of reference parameter value situation in each session, is visited in each session according to a specific user The indexing parameter value condition asked can extract the privately owned parameter for indexing user's private privileges from the indexing parameter.
Step S30 carries out preset loophole test operation of going beyond one's commission to each privately owned parameter, is determined according to test result In the presence of the privately owned parameter for loophole of going beyond one's commission.
In lateral unauthorized access, if user A and user B belong to same role X, possess identical Permission Levels, user A Respective private data (data A and data B) can be obtained with user B, but if system only demonstrates the role that can access data, Without running business into particular one point to data or verification, cause user A that the data (data B) of user B can be accessed, then user A is accessed This behavior of data B just constitutes lateral unauthorized access.In the present embodiment, it can be obtained by the privately owned parameter for user Other side's private data causes to go beyond one's commission the feature of loophole, and the preset loophole test behaviour that goes beyond one's commission can be carried out to each privately owned parameter Make, the value as changed the privately owned parameter formed test access link tested, change as described in the value of privately owned parameter access not The modes such as the private data with user test privately owned parameter with the presence or absence of loophole of going beyond one's commission.It can determine to exist according to test result and get over Weigh the privately owned parameter of loophole.
URL parameter information to be detected and session identification are by preset rules knowledge in the preset time that the present embodiment passes through acquisition It Chu not be used for the indexing parameter of index server resource in URL parameter to be detected, and extract use from the indexing parameter In the privately owned parameter of index user's private privileges;Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter to determine In the presence of the privately owned parameter for loophole of going beyond one's commission.Due to only identifying the indexing parameter in test scope in all URL parameters, and only to from institute It states the privately owned parameter extracted in indexing parameter and carries out loophole test of going beyond one's commission, greatly improve detection efficiency, and inspection can be covered It is high to survey all URL parameters that there is loophole of going beyond one's commission, discrimination in test scope.
Further, in other embodiments, above-mentioned steps S20 may include:
The value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information meets value feature pre- If the URL parameter of condition is identified as indexing parameter, the indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to the session identification, if The different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identifies that the indexing parameter is privately owned Parameter, the private parameter is for indexing user's private privileges.
In the present embodiment, since indexing parameter is the parameter for index server resource, and server resource is very numerous More, the value for needing to index the indexing parameter of different server resource is also very much, in a large amount of HTTP flow informations of different user The value number of middle indexing parameter also can be very much.Therefore, statistics available to obtain the HTTP stream using this feature of indexing parameter The value feature for measuring URL parameter in information, is identified as indexing parameter for the URL parameter that value feature meets preset condition.Specifically Ground, the different value numbers of each URL parameter and the access note of each URL parameter of access in the statistics available HTTP flow information Record item number;If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are in the access record strip Proportion reaches preset ratio in number, then identifies that the URL parameter is indexing parameter.Such as the HTTP flow information for acquisition Each URL parameter of middle appearance can identify indexing parameter by the following conditions:
(1)n_total≥threshold1,
(2)rate≥threshold2,
Wherein, rate=n_unique/n_total, n_total are the record total number for accessing the URL parameter, n_ Unique is the number of the URL parameter difference value.threshold1、threshold2It can be configured according to specific requirements, such as threshold1Desirable 1000, to guarantee sample size abundance;threshold2Desirable 0.1, certainly, also do not limit threshold1、 threshold2For other values.When URL parameter meets condition (1), (2) simultaneously, then identify the URL parameter for index ginseng Number.Such as the url:a.com in the HTTP flow information of acquisition? userId=10&errorId=1 respectively has 1000 records Access the two URL parameters of userId and errorId, in this 1000 records, userId parameter there are 350 different values, then The corresponding rate value of userId parameter is 0.35, and errorId parameter only has 10 different values, then errorId parameter is corresponding Rate value be 0.01, then according to the identification condition (1) of above-mentioned indexing parameter, (2), identification userId parameter is index ginseng Number, and errorId parameter is not then indexing parameter.
And for privately owned parameter, each user is only capable of accessing the parameter value of one's own resource.Session identification exists Its validity period internal labeling is a specific user, and therefore, the parameter value that a session identification is accessed within its period should It is unique.Therefore, the different parameters of the average individual session access of each indexing parameter can be obtained according to the session identification It is worth number, if the different parameters value number that the average individual session of indexing parameter accesses is less than predetermined number, identifies the index Parameter is privately owned parameter.Specifically, in acquisition HTTP flow information, each session for counting each indexing parameter is accessed Different parameters value number, and calculate obtain each indexing parameter average individual session access different parameters value number values_per_session.If values_per_session < threshold3, then identify that the indexing parameter is privately owned ginseng Number.In actual scene, since some special circumstances such as have attack traffic, a session identification is caused to be visited within its period The parameter value asked also is not necessarily uniquely, i.e., the different parameters value number of the average individual session access of privately owned parameter The value of values_per_session is without cease to be equal to 1, but is close to 1, therefore, in order to adapt in actual scene to privately owned ginseng In the present embodiment, judgment threshold threshold is arranged in several identification3It is 1.5, it certainly, can also be as needed to threshold3 Value be adjusted, be not limited thereto.Such as the url:a.com in the HTTP flow information of acquisition? userId=10& ArticleId=1 identifies two indexing parameter userId parameters and articleId parameter, and userId parameter is as server The index of user information in database, the index for the article that articleId parameter is stored as server.The HTTP of statistics gatherer The record of all access userId parameters, is obtained by calculation the individual session average access of userId parameter in flow information 1.05 different parameters values, the i.e. values_per_session=1.05 of userId parameter, that is to say, that all access The session of userId parameter, substantially each session only access a parameter value, meet the criterion of privately owned parameter, so knowing Other userId parameter is privately owned parameter.Equally, for articleId parameter, individual session average access 6.52 are counted on Different parameters value, the i.e. values_per_session=6.52 of articleId parameter, illustrate the parameter value index resource with User is not to correspond, so identification articleId parameter is non-private parameter.
In this way, the specific value feature of URL parameter in the HTTP flow information to acquisition can be passed through in the present embodiment It is counted, identifies the indexing parameter for being used to index server resource in the HTTP flow information.Join again from the index The privately owned parameter for indexing user's private privileges is extracted in number;For being got over subsequently through to the privately owned parameter identified Power loophole is tested and monitors to detect in web access with the presence or absence of loophole of going beyond one's commission.
Further, in other embodiments, when the session identification includes the first session identification and the second session identification When, above-mentioned steps S30 may include:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains in first session identification First parameter value of privately owned parameter described in corresponding session, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session The second parameter value of privately owned parameter described in corresponding session is identified, and records the second return information of feedback;
Construction is accessed described privately owned using the HTTP test request of second session identification and first parameter value Parameter, and record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first Return information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
In the present embodiment, to the privately owned parameter identified go beyond one's commission loophole test when, can be in gateway to each Privately owned parameter carries out loophole test of going beyond one's commission.If listening to some HTTP request with session identification SessionIdAIt is privately owned to access this Parameter, parameter value are denoted as ParamA, record back page note PageA;If listening to some HTTP request with session identification SessionIdBThe privately owned parameter is accessed, parameter value is denoted as ParamB, record back page note PageB.HTTP request is constructed, is made With session identification SessionIdB, parameter value ParamA, the parameter is accessed, back page Page is recordedBA.If PageA≠PageB, And PageA=PageBA, it is determined that there is loophole of going beyond one's commission in the privately owned parameter.Such as userId is the privately owned parameter identified, is pair The index of user information.The userId parameter is monitored in gateway, if monitoring that user A has accessed parameter UserId=a, user B have accessed parameter userId=b, can construct HTTP request, access ginseng using the session identification of user B Number userId=a illustrates that this parameter of userId has leakage of going beyond one's commission if the information that server returns is identical as user A Hole.
By being monitored and tested to each privately owned parameter in the present embodiment, may recognize that in the presence of the privately owned of loophole of going beyond one's commission Parameter, can cover it is all in detection test scope there are the URL parameters of loophole of going beyond one's commission, can go out that there are URL to get over automatic identification It weighs the web application of loophole and specifically there are the URL parameters of loophole.
As shown in Fig. 2, second embodiment of the invention proposes a kind of leak detection method of going beyond one's commission of web access, in above-mentioned reality On the basis of applying example, after above-mentioned steps S30 further include:
Step S40 shows there is the privately owned parameter for loophole of going beyond one's commission, so that user is directed to the privately owned parameter that there is loophole of going beyond one's commission Carry out corresponding risk fence operation.
In the present embodiment after identifying in the presence of the privately owned parameter for loophole of going beyond one's commission, show there is the privately owned ginseng for loophole of going beyond one's commission Number, to inform user in time, there is currently the URL parameters for loophole of going beyond one's commission, and user is prompted to be directed to the URL ginseng that there is loophole of going beyond one's commission Number carries out corresponding risk fence operation, to be effectively prevented from because loophole of going beyond one's commission causes the sensitive data of user to leak.
The present invention further provides a kind of Hole Detection devices of going beyond one's commission of web access.
Referring to the functional module signal for the Hole Detection device first embodiment of going beyond one's commission that Fig. 3, Fig. 3 are web of the present invention access Figure.
In the first embodiment, the Hole Detection device of going beyond one's commission of web access includes:
Acquisition module 01, for acquiring HTTP flow information to be detected in preset time, the HTTP flow information packet Include URL parameter information and session identification, wherein the URL parameter information includes URL parameter and parameter value;
In the present embodiment, when need to detect web access go beyond one's commission loophole when, can acquire in preset time by gateway Hypertext transfer protocol (HyperText Transfer Protocol, abbreviation HTTP) flow information, the HTTP flow of acquisition Information can include: IP information, URL, URL parameter information, session identification in cookie field etc., such as extractable HTTP request packet The value of JSESSOINID, ASP.NET_SessionId, PHPSESSID field is as session identification in cookie header field.Wherein, The acquisition duration of HTTP flow information to be detected can be preset by user or gateway according to the needs of detection, such as may be used It is set as fixed duration, such as a length of 1 day, 7 days etc. when the settable acquisition;It may be alternatively provided as fixed quantity, for example, at some When the access record of URL parameter reaches 1000, then stop the acquisition of the URL parameter;Here, to the acquisition side of HTTP flow information Formula is not construed as limiting.URL parameter information in the HTTP flow information of acquisition may include the correlations such as URL parameter and corresponding parameter value Information.
Identification module 02, for identifying that the URL joins by preset rules according to the URL parameter information and session identification It is used for the indexing parameter of index server resource in number, and extracts from the indexing parameter for indexing user's private privileges Privately owned parameter;
Due in the HTTP flow information of acquisition include all URL parameters, parameter value and session identification, can be according to each Frequency of occurrence, value feature etc. of the URL parameter in the HTTP flow information of acquisition identify the HTTP flow information of acquisition The indexing parameter of index server resource is used in all URL parameters.Wherein, in the parameter that URL is passed to, some parameters are represented To the index of a certain resource of server, parameter value identifies a specific resource, as in database a record, some This URL parameter for index server resource is identified as indexing parameter by file, object etc..Such as url: A.com? userId=10&errorId=0, wherein its value is the rope to user information in database for userId parameter Draw, the information of some user can be inquired in the database according to the parameter value of userId, then identification userId is index ginseng Number.And for errorId parameter, what its value represented is web program error type, not to the index of a certain resource, therefore Identify that errorId parameter is not indexing parameter.
It, can also be further from institute after being used for the indexing parameter of index server resource in identifying the URL parameter State the privately owned parameter extracted in indexing parameter for indexing user's private privileges.Wherein, the resource of indexing parameter mark may For shared resource, all users can obtain or modify this resource, it is also possible to which some user is privately owned, other users Do not have permission to access.If the resource of some indexing parameter mark is that specific user is privately owned, identify that the indexing parameter is privately owned Parameter.Such as url:a.com? userId=10&articleId=1, there are two indexing parameter userId and ArticleId, userId parameter are the indexes to user information, and each user is only capable of accessing the user information of oneself, ArticleId parameter is the index of the article stored in server, and article is shared resource, and each user can access reading Any article, therefore identify that userId parameter is privately owned parameter, and articleId parameter is not privately owned parameter.
After being used for the indexing parameter of index server resource in identifying the URL parameter, counted using session identification One specific user index of reference parameter value situation in each session, is visited in each session according to a specific user The indexing parameter value condition asked can extract the privately owned parameter for indexing user's private privileges from the indexing parameter.
Test module 03, for carrying out preset loophole test operation of going beyond one's commission to each privately owned parameter, according to test As a result the privately owned parameter that there is loophole of going beyond one's commission is determined.
In lateral unauthorized access, if user A and user B belong to same role X, possess identical Permission Levels, user A Respective private data (data A and data B) can be obtained with user B, but if system only demonstrates the role that can access data, Without running business into particular one point to data or verification, cause user A that the data (data B) of user B can be accessed, then user A is accessed This behavior of data B just constitutes lateral unauthorized access.In the present embodiment, it can be obtained by the privately owned parameter for user Other side's private data causes to go beyond one's commission the feature of loophole, and the preset loophole test behaviour that goes beyond one's commission can be carried out to each privately owned parameter Make, the value as changed the privately owned parameter formed test access link tested, change as described in the value of privately owned parameter access not The modes such as the private data with user test privately owned parameter with the presence or absence of loophole of going beyond one's commission.It can determine to exist according to test result and get over Weigh the privately owned parameter of loophole.
URL parameter information to be detected and session identification are by preset rules knowledge in the preset time that the present embodiment passes through acquisition It Chu not be used for the indexing parameter of index server resource in URL parameter to be detected, and extract use from the indexing parameter In the privately owned parameter of index user's private privileges;Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter to determine In the presence of the privately owned parameter for loophole of going beyond one's commission.Due to only identifying the indexing parameter in test scope in all URL parameters, and only to from institute It states the privately owned parameter extracted in indexing parameter and carries out loophole test of going beyond one's commission, greatly improve detection efficiency, and inspection can be covered It is high to survey all URL parameters that there is loophole of going beyond one's commission, discrimination in test scope.
Further, in other embodiments, above-mentioned identification module 02 can be used for:
The value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information meets value feature pre- If the URL parameter of condition is identified as indexing parameter, the indexing parameter is used for index server resource;
The different parameters value number of the average individual session access of each indexing parameter is obtained according to the session identification, if The different parameters value number of the average individual session access of indexing parameter is less than predetermined number, then identifies that the indexing parameter is privately owned Parameter, the private parameter is for indexing user's private privileges.
In the present embodiment, since indexing parameter is the parameter for index server resource, and server resource is very numerous More, the value for needing to index the indexing parameter of different server resource is also very much, in a large amount of HTTP flow informations of different user The value number of middle indexing parameter also can be very much.Therefore, statistics available to obtain the HTTP stream using this feature of indexing parameter The value feature for measuring URL parameter in information, is identified as indexing parameter for the URL parameter that value feature meets preset condition.Specifically Ground, the different value numbers of each URL parameter and the access note of each URL parameter of access in the statistics available HTTP flow information Record item number;If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are in the access record strip Proportion reaches preset ratio in number, then identifies that the URL parameter is indexing parameter.Such as the HTTP flow information for acquisition Each URL parameter of middle appearance can identify indexing parameter by the following conditions:
(1)n_total≥threshold1,
(2)rate≥threshold2,
Wherein, rate=n_unique/n_total, n_total are the record total number for accessing the URL parameter, n_ Unique is the number of the URL parameter difference value.threshold1、threshold2It can be configured according to specific requirements, such as threshold1Desirable 1000, to guarantee sample size abundance;threshold2Desirable 0.1, certainly, also do not limit threshold1、 threshold2For other values.When URL parameter meets condition (1), (2) simultaneously, then identify the URL parameter for index ginseng Number.Such as the url:a.com in the HTTP flow information of acquisition? userId=10&errorId=1 respectively has 1000 records Access the two URL parameters of userId and errorId, in this 1000 records, userId parameter there are 350 different values, then The corresponding rate value of userId parameter is 0.35, and errorId parameter only has 10 different values, then errorId parameter is corresponding Rate value be 0.01, then according to the identification condition (1) of above-mentioned indexing parameter, (2), identification userId parameter is index ginseng Number, and errorId parameter is not then indexing parameter.
And for privately owned parameter, each user is only capable of accessing the parameter value of one's own resource.Session identification exists Its validity period internal labeling is a specific user, and therefore, the parameter value that a session identification is accessed within its period should It is unique.Therefore, the different parameters of the average individual session access of each indexing parameter can be obtained according to the session identification It is worth number, if the different parameters value number that the average individual session of indexing parameter accesses is less than predetermined number, identifies the index Parameter is privately owned parameter.Specifically, in acquisition HTTP flow information, each session for counting each indexing parameter is accessed Different parameters value number, and calculate obtain each indexing parameter average individual session access different parameters value number values_per_session.If values_per_session < threshold3, then identify that the indexing parameter is privately owned ginseng Number.In actual scene, since some special circumstances such as have attack traffic, a session identification is caused to be visited within its period The parameter value asked also is not necessarily uniquely, i.e., the different parameters value number of the average individual session access of privately owned parameter The value of values_per_session is without cease to be equal to 1, but is close to 1, therefore, in order to adapt in actual scene to privately owned ginseng In the present embodiment, judgment threshold threshold is arranged in several identification3It is 1.5, it certainly, can also be as needed to threshold3 Value be adjusted, be not limited thereto.Such as the url:a.com in the HTTP flow information of acquisition? userId=10& ArticleId=1 identifies two indexing parameter userId parameters and articleId parameter, and userId parameter is as server The index of user information in database, the index for the article that articleId parameter is stored as server.The HTTP of statistics gatherer The record of all access userId parameters, is obtained by calculation the individual session average access of userId parameter in flow information 1.05 different parameters values, the i.e. values_per_session=1.05 of userId parameter, that is to say, that all access The session of userId parameter, substantially each session only access a parameter value, meet the criterion of privately owned parameter, so knowing Other userId parameter is privately owned parameter.Equally, for articleId parameter, individual session average access 6.52 are counted on Different parameters value, the i.e. values_per_session=6.52 of articleId parameter, illustrate the parameter value index resource with User is not to correspond, so identification articleId parameter is non-private parameter.
In this way, the specific value feature of URL parameter in the HTTP flow information to acquisition can be passed through in the present embodiment It is counted, identifies the indexing parameter for being used to index server resource in the HTTP flow information.Join again from the index The privately owned parameter for indexing user's private privileges is extracted in number;For being got over subsequently through to the privately owned parameter identified Power loophole is tested and monitors to detect in web access with the presence or absence of loophole of going beyond one's commission.
Further, in other embodiments, when the session identification includes the first session identification and the second session identification When, above-mentioned test module 03 can be used for:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains in first session identification First parameter value of privately owned parameter described in corresponding session, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session The second parameter value of privately owned parameter described in corresponding session is identified, and records the second return information of feedback;
Construction is accessed described privately owned using the HTTP test request of second session identification and first parameter value Parameter, and record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first Return information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
In the present embodiment, to the privately owned parameter identified go beyond one's commission loophole test when, can be in gateway to each Privately owned parameter carries out loophole test of going beyond one's commission.If listening to some HTTP request with session identification SessionIdAIt is privately owned to access this Parameter, parameter value are denoted as ParamA, record back page note PageA;If listening to some HTTP request with session identification SessionIdBThe privately owned parameter is accessed, parameter value is denoted as ParamB, record back page note PageB.HTTP request is constructed, is made With session identification SessionIdB, parameter value ParamA, the parameter is accessed, back page Page is recordedBA.If PageA≠PageB, And PageA=PageBA, it is determined that there is loophole of going beyond one's commission in the privately owned parameter.Such as userId is the privately owned parameter identified, is pair The index of user information.The userId parameter is monitored in gateway, if monitoring that user A has accessed parameter UserId=a, user B have accessed parameter userId=b, can construct HTTP request, access ginseng using the session identification of user B Number userId=a illustrates that this parameter of userId has leakage of going beyond one's commission if the information that server returns is identical as user A Hole.
By being monitored and tested to each privately owned parameter in the present embodiment, may recognize that in the presence of the privately owned of loophole of going beyond one's commission Parameter, can cover it is all in detection test scope there are the URL parameters of loophole of going beyond one's commission, can go out that there are URL to get over automatic identification It weighs the web application of loophole and specifically there are the URL parameters of loophole.
As shown in figure 4, second embodiment of the invention proposes a kind of Hole Detection device of going beyond one's commission of web access, in above-mentioned reality On the basis of applying example, further includes:
There is loophole of going beyond one's commission for showing the privately owned parameter in the presence of loophole of going beyond one's commission so that user is directed in display module 04 Privately owned parameter carries out corresponding risk fence operation.
In the present embodiment after identifying in the presence of the privately owned parameter for loophole of going beyond one's commission, show there is the privately owned ginseng for loophole of going beyond one's commission Number, to inform user in time, there is currently the URL parameters for loophole of going beyond one's commission, and user is prompted to be directed to the URL ginseng that there is loophole of going beyond one's commission Number carries out corresponding risk fence operation, to be effectively prevented from because loophole of going beyond one's commission causes the sensitive data of user to leak.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.Pass through above embodiment party The description of formula, it is required general that those skilled in the art can be understood that above-described embodiment method can add by software The mode of hardware platform is realized, naturally it is also possible to which by hardware, but in many cases, the former is more preferably embodiment.It is based on Such understanding, substantially the part that contributes to existing technology can be with software product in other words for technical solution of the present invention Form embody, which is stored in a storage medium (such as ROM/RAM, magnetic disk, CD), including Some instructions are used so that a terminal device (can be mobile phone, computer, server or the network equipment etc.) executes this hair Method described in bright each embodiment.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (8)

1. a kind of leak detection method of going beyond one's commission of web access, which is characterized in that the described method comprises the following steps:
HTTP flow information to be detected in preset time is acquired, the HTTP flow information includes URL parameter information and session Mark, wherein the URL parameter information includes URL parameter and parameter value;
Value feature is met default item by the value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information The URL parameter of part is identified as indexing parameter, and the indexing parameter is used for index server resource;
The different parameters value number that the average individual session access of each indexing parameter is obtained according to the session identification, if index The different parameters value number of the average individual session access of parameter is less than predetermined number, then identifies that the indexing parameter is privately owned ginseng Number, the privately owned parameter is for indexing user's private privileges;
Preset loophole test operation of going beyond one's commission is carried out to each privately owned parameter, determines there is loophole of going beyond one's commission according to test result Privately owned parameter.
2. the leak detection method of going beyond one's commission of web access as described in claim 1, which is characterized in that described to obtain the HTTP The value feature of the corresponding parameter value of URL parameter, the URL parameter that value feature meets preset condition is identified as in flow information The step of indexing parameter includes:
Count the different value numbers and the every URL of access of the corresponding parameter value of each URL parameter in the HTTP flow information The access record strip number of parameter;
If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are in the access record strip number Middle proportion reaches preset ratio, then identifies that the URL parameter is indexing parameter.
3. the leak detection method of going beyond one's commission of web access as described in claim 1, which is characterized in that when the session identification packet It is described that the preset loophole test behaviour that goes beyond one's commission is carried out to each privately owned parameter when including the first session identification and the second session identification Make, according to test result determine exist go beyond one's commission loophole privately owned parameter the step of include:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains corresponding in first session identification Session described in privately owned parameter the first parameter value, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session identification Second parameter value of privately owned parameter described in corresponding session, and record the second return information of feedback;
Construction accesses the privately owned parameter using the HTTP test request of second session identification and first parameter value, And record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first returns Information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
4. the leak detection method of going beyond one's commission of web access as described in claim 1, which is characterized in that described to each private The step of thering is parameter to carry out preset loophole test operation of going beyond one's commission, the privately owned parameter that there is loophole of going beyond one's commission is determined according to test result Later further include:
It shows there is the privately owned parameter for loophole of going beyond one's commission, carries out corresponding wind so that user is directed to the privately owned parameter that there is loophole of going beyond one's commission Dangerous fence operation.
5. a kind of Hole Detection device of going beyond one's commission of web access, which is characterized in that the Hole Detection device of going beyond one's commission of the web access Include:
Acquisition module, for acquiring HTTP flow information to be detected in preset time, the HTTP flow information includes URL ginseng Number information and session identification, wherein the URL parameter information includes URL parameter and parameter value;
Identification module is used for being identified in the URL parameter according to the URL parameter information and session identification by preset rules It extracts in the indexing parameter of index server resource, and from the indexing parameter for indexing the privately owned of user's private privileges Parameter;
Test module, it is true according to test result for carrying out preset loophole test operation of going beyond one's commission to each privately owned parameter The fixed privately owned parameter that there is loophole of going beyond one's commission;
Wherein, the identification module is specifically used for:
Value feature is met default item by the value feature for obtaining the corresponding parameter value of URL parameter in the HTTP flow information The URL parameter of part is identified as indexing parameter, and the indexing parameter is used for index server resource;It is obtained according to the session identification The different parameters value number of the average individual session access of each indexing parameter, if what the average individual session of indexing parameter accessed Different parameters value number is less than predetermined number, then identifies that the indexing parameter is privately owned parameter, the privately owned parameter is used for indexing Family private privileges.
6. the Hole Detection device of going beyond one's commission of web access as claimed in claim 5, which is characterized in that the identification module is specific For:
Count the different value numbers and the every URL of access of the corresponding parameter value of each URL parameter in the HTTP flow information The access record strip number of parameter;
If the access record strip number reaches default number of branches, and the different value numbers of URL parameter are in the access record strip number Middle proportion reaches preset ratio, then identifies that the URL parameter is indexing parameter.
7. the Hole Detection device of going beyond one's commission of web access as claimed in claim 5, which is characterized in that when the session identification packet When including the first session identification and the second session identification, the test module is specifically used for:
If monitoring, the first HTTP request accesses privately owned parameter with the first session identification, obtains corresponding in first session identification Session described in privately owned parameter the first parameter value, and record the first return information of feedback;
If monitoring, the second HTTP request accesses the privately owned parameter with the second session identification, obtains in second session identification Second parameter value of privately owned parameter described in corresponding session, and record the second return information of feedback;
Construction accesses the privately owned parameter using the HTTP test request of second session identification and first parameter value, And record the test return information of feedback;
If first return information is different from second return information, and the test return information and described first returns Information is identical, it is determined that the privately owned parameter has loophole of going beyond one's commission.
8. the Hole Detection device of going beyond one's commission of web access as claimed in claim 5, which is characterized in that further include:
Display module, for showing the privately owned parameter in the presence of loophole of going beyond one's commission, so that user is directed to the privately owned ginseng that there is loophole of going beyond one's commission Number carries out corresponding risk fence operation.
CN201510728727.6A 2015-10-30 2015-10-30 Go beyond one's commission leak detection method and the device of web access Active CN105357195B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510728727.6A CN105357195B (en) 2015-10-30 2015-10-30 Go beyond one's commission leak detection method and the device of web access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510728727.6A CN105357195B (en) 2015-10-30 2015-10-30 Go beyond one's commission leak detection method and the device of web access

Publications (2)

Publication Number Publication Date
CN105357195A CN105357195A (en) 2016-02-24
CN105357195B true CN105357195B (en) 2019-06-14

Family

ID=55333059

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510728727.6A Active CN105357195B (en) 2015-10-30 2015-10-30 Go beyond one's commission leak detection method and the device of web access

Country Status (1)

Country Link
CN (1) CN105357195B (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294919A (en) * 2016-03-31 2017-10-24 阿里巴巴集团控股有限公司 A kind of detection method and device of horizontal authority leak
CN106027528B (en) * 2016-05-24 2019-07-12 微梦创科网络科技(中国)有限公司 A kind of method and device of the horizontal permission automatic identification of WEB
CN106101082A (en) * 2016-05-31 2016-11-09 乐视控股(北京)有限公司 authority leak detection method and device
CN107547490B (en) * 2016-06-29 2020-12-04 阿里巴巴集团控股有限公司 Scanner identification method, device and system
CN106713347B (en) * 2017-01-18 2019-06-11 国网江苏省电力公司电力科学研究院 A kind of electric power mobile application unauthorized access leak detection method
CN108334758B (en) * 2017-01-20 2020-08-18 中国移动通信集团山西有限公司 Method, device and equipment for detecting user unauthorized behavior
CN108667770B (en) * 2017-03-29 2020-12-18 腾讯科技(深圳)有限公司 Website vulnerability testing method, server and system
CN108696490A (en) * 2017-04-11 2018-10-23 腾讯科技(深圳)有限公司 The recognition methods of account permission and device
CN108875368A (en) * 2017-05-10 2018-11-23 北京金山云网络技术有限公司 A kind of safety detection method, apparatus and system
CN107577949A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A kind of Web goes beyond one's commission leak detection method and system
CN107920062B (en) * 2017-11-03 2020-06-05 北京知道创宇信息技术股份有限公司 Construction method of business logic attack detection model and computing equipment
CN108228791A (en) * 2017-12-29 2018-06-29 北京奇虎科技有限公司 The recognition methods of data and device
CN108833365B (en) * 2018-05-24 2021-06-15 杭州默安科技有限公司 Traffic-based service logic vulnerability detection method and system
CN110581835B (en) * 2018-06-11 2022-04-12 阿里巴巴集团控股有限公司 Vulnerability detection method and device and terminal equipment
CN108932426B (en) * 2018-06-27 2022-05-03 平安科技(深圳)有限公司 Unauthorized vulnerability detection method and device
CN108769070A (en) * 2018-06-30 2018-11-06 平安科技(深圳)有限公司 One kind is gone beyond one's commission leak detection method and device
CN110135166B (en) * 2019-05-08 2021-03-30 北京国舜科技股份有限公司 Detection method and system for service logic vulnerability attack
CN111107052A (en) * 2019-11-04 2020-05-05 广发银行股份有限公司 Method, apparatus, computer device and storage medium for identifying unauthorized detection points
CN111209565B (en) * 2020-01-08 2022-12-23 招商银行股份有限公司 Horizontal override vulnerability detection method, equipment and computer readable storage medium
CN111427774A (en) * 2020-03-09 2020-07-17 深圳开源互联网安全技术有限公司 Request parameter modification method and system for application program test case
CN111416811B (en) * 2020-03-16 2022-07-22 携程旅游信息技术(上海)有限公司 Unauthorized vulnerability detection method, system, equipment and storage medium
CN111949548B (en) * 2020-08-24 2022-08-26 福建国信立联科技集团有限公司 Automatic unauthorized penetration testing method and storage device
CN112118259B (en) * 2020-09-17 2022-04-15 四川长虹电器股份有限公司 Unauthorized vulnerability detection method based on classification model of lifting tree
CN113111951B (en) * 2021-04-20 2023-08-01 浙江网商银行股份有限公司 Data processing method and device
CN113590461B (en) * 2021-06-01 2024-04-23 的卢技术有限公司 Test method for realizing override of automobile user data based on fidder
CN114826717B (en) * 2022-04-18 2024-02-23 深信服科技股份有限公司 Abnormal access detection method and device, electronic equipment and storage medium
CN115664743A (en) * 2022-10-17 2023-01-31 浙江网商银行股份有限公司 Behavior detection method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301302A (en) * 2014-09-12 2015-01-21 深信服网络科技(深圳)有限公司 Unauthorized attack detection method and device
CN104519070A (en) * 2014-12-31 2015-04-15 北京奇虎科技有限公司 Method and system for detecting website permission vulnerabilities

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9112863B2 (en) * 2009-12-14 2015-08-18 International Business Machines Corporation Method, program product and server for controlling a resource access to an electronic resource stored within a protected data environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301302A (en) * 2014-09-12 2015-01-21 深信服网络科技(深圳)有限公司 Unauthorized attack detection method and device
CN104519070A (en) * 2014-12-31 2015-04-15 北京奇虎科技有限公司 Method and system for detecting website permission vulnerabilities

Also Published As

Publication number Publication date
CN105357195A (en) 2016-02-24

Similar Documents

Publication Publication Date Title
CN105357195B (en) Go beyond one&#39;s commission leak detection method and the device of web access
CN104391979B (en) Network malice reptile recognition methods and device
CN109951500A (en) Network attack detecting method and device
CN104917643B (en) Abnormal account detection method and device
CN104301302B (en) Go beyond one&#39;s commission attack detection method and device
CN103368957B (en) Method and system that web page access behavior is processed, client, server
CN107465651A (en) Network attack detecting method and device
CN100362805C (en) Multifunctional management system for detecting erotic images and unhealthy information in network
CN109039987A (en) A kind of user account login method, device, electronic equipment and storage medium
CN103023906B (en) Method and system aiming at remote procedure calling conventions to perform status tracking
CN108989150A (en) A kind of login method for detecting abnormality and device
CN108540431A (en) The recognition methods of account type, device and system
CN105471819A (en) Account abnormity detection method and account abnormity detection device
CN108768883A (en) A kind of network flow identification method and device
CN106302534B (en) A kind of method and system of detection and processing illegal user
CN103259805B (en) The domain name access control method evaluated based on user and system
CN104462973B (en) The dynamic malicious act detecting system and method for application program in mobile terminal
CN107465648A (en) The recognition methods of warping apparatus and device
CN103581909B (en) The localization method of a kind of doubtful mobile phone Malware and device thereof
CN108206769A (en) Method, apparatus, equipment and the medium of screen quality alarm
CN109831429A (en) A kind of Webshell detection method and device
CN110417747A (en) A kind of detection method and device of Brute Force behavior
CN104486320B (en) Intranet sensitive information leakage evidence-obtaining system and method based on sweet network technology
CN107528812A (en) A kind of attack detection method and device
Ding et al. Stalking Beijing from Timbuktu: a generic measurement approach for exploiting location-based social discovery

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 518000 the first floor of A1 building, Nanshan Zhiyuan 1001, Nanshan District Xue Yuan Avenue, Shenzhen, Guangdong.

Applicant after: SINFOR Polytron Technologies Inc

Address before: 518052 the first floor of A1 building, Nanshan Zhiyuan 1001, Nanshan District Xue Yuan Avenue, Shenzhen, Guangdong.

Applicant before: Shenxinfu Electronics Science and Technology Co., Ltd., Shenzhen

GR01 Patent grant
GR01 Patent grant