CN106027528B - A kind of method and device of the horizontal permission automatic identification of WEB - Google Patents

A kind of method and device of the horizontal permission automatic identification of WEB Download PDF

Info

Publication number
CN106027528B
CN106027528B CN201610350375.XA CN201610350375A CN106027528B CN 106027528 B CN106027528 B CN 106027528B CN 201610350375 A CN201610350375 A CN 201610350375A CN 106027528 B CN106027528 B CN 106027528B
Authority
CN
China
Prior art keywords
url
parameter
web
cookie
library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610350375.XA
Other languages
Chinese (zh)
Other versions
CN106027528A (en
Inventor
谢作孟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weimeng Chuangke Network Technology China Co Ltd
Original Assignee
Weimeng Chuangke Network Technology China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weimeng Chuangke Network Technology China Co Ltd filed Critical Weimeng Chuangke Network Technology China Co Ltd
Priority to CN201610350375.XA priority Critical patent/CN106027528B/en
Publication of CN106027528A publication Critical patent/CN106027528A/en
Application granted granted Critical
Publication of CN106027528B publication Critical patent/CN106027528B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The embodiment of the present invention provides a kind of method and device of horizontal permission automatic identification of WEB, which comprises collects WEB log, extracts and summarize the uniform resource position mark URL in the WEB log, obtain the library URL to be detected;For the library URL to be detected, each URL is classified by the parameter in analysis URL, obtains the sorted library URL;Using the corresponding scanner of URL each in the sorted library URL, the detection of horizontal permission is carried out in URL by way of parameter changing.Above-mentioned technical proposal has the following beneficial effects: effective detection method for current horizontal permission, that is the defect of manual inspection, the embodiment of the present invention provides a kind of method of horizontal permission of effective automatic detection, by analyzing log, URL classification is detected, detection coverage rate is improved, rate of failing to report is reduced.Automatic scanning system can quickly recognize water outlet equal rights limit, improve Hole Detection efficiency.

Description

A kind of method and device of the horizontal permission automatic identification of WEB
Technical field
The present invention relates to network technique field more particularly to a kind of method and devices of the horizontal permission automatic identification of WEB.
Background technique
Currently, security audit personnel generally use the horizontal permission of manual inspection WEB.For other security breaches, Horizontal permission is often related with specific service authorization logic.Horizontal privilege loophole generally requires in security audit personnel's analysis system Sensitive data operation pages, the operating right of hand-kept user (for example creates new record, obtains information, deletion record Deng), it then attempts to go to access these functions by other user, checks whether its page returns reasonable one by one.
Horizontal permission is exactly the content-data that website party A-subscriber can only operate party A-subscriber oneself, such as modifies head portrait, dispatch chapter.And The content-data of party B-subscriber cannot be operated;Some operating rights of webmaster cannot more be used.Horizontal permission loophole: all It is that user A can use to access the loophole of the sensitive resource of user B.In general, horizontal permission loophole Producing reason is: opening up When existing user information, the identity foundation for being easier to be forged has been used.
The horizontal permission Hole Detection of manual inspection is at high cost, difficult for large-scale WEB application.Large-scale WEB is answered Page resource in is very more, and corresponding authorization logic is also extremely complex, if it is desired to the horizontal permission loophole of manual inspection, work Work amount can be very big, its test coverage is often also difficult to ensure in real work.Meanwhile horizontal permission Hole Detection is with respect to it It is more time-consuming and laborious for his test, necessarily affect the quick delivery of application system.
The prior art also uses vulnerability scanners to pass through the active horizontal permission of Scanning Detction WEB.Common vulnerability scanning Device accesses WEB application entrance, and URL (Uniform Resource Locator, the unified money for being exposed to user are crawled by crawler Source finger URL), the URL that solves and can not crawl is guessed in conjunction with preset dictionary, is completed previous information and is collected.Then to the URL of collection Similitude identification, duplicate removal are carried out, URL to be detected is obtained.It is (fuzzy to survey by automatic fuzz for each URL to be detected Examination), various aggressive data are filled, detect whether to return to suspicious URL, and mark there are horizontal permission according to returning the result Infuse loophole grade and payload (payload).But vulnerability scanners pass through the horizontal permission loophole rate of failing to report of active Scanning Detction Height influences operation system stability.Permission detection first needs tester to be familiar with the setting of permission, and tool is unable to complete such Work can not handle the application of high interactive mode, it is difficult to cover 100% URL.In addition WEB application system function is more complicated, main A large amount of dirty datas can be written in dynamic formula scanning, influence the stability of operation system.
Summary of the invention
The embodiment of the present invention provides a kind of method and device of horizontal permission automatic identification of WEB, to improve detection covering Rate reduces rate of failing to report.
On the one hand, the embodiment of the invention provides a kind of method of the horizontal permission automatic identification of WEB, the method packets It includes:
WEB log is collected, extracts and summarizes the uniform resource position mark URL in the WEB log, obtain to be detected The library URL;
For the library URL to be detected, each URL is classified by the parameter in analysis URL, obtains sorted URL Library;
Using the corresponding scanner of URL each in the sorted library URL, level is carried out by way of parameter changing in URL The detection of permission.
On the other hand, the embodiment of the invention provides a kind of device of the horizontal permission automatic identification of WEB, described device packets It includes:
URL acquisition unit, for collecting WEB log, extracting and summarizing the uniform resource locator in the WEB log URL obtains the library URL to be detected;
URL Dispatching Unit is classified each URL by the parameter in analysis URL for being directed to the library URL to be detected, Obtain the sorted library URL;
Scanner unit, for passing through parameter in change URL using the corresponding scanner of URL each in the sorted library URL Mode carry out the detection of horizontal permission.
Above-mentioned technical proposal has the following beneficial effects: effective detection method for current horizontal permission, i.e. inspection by hand The defect of survey, the embodiment of the present invention provide a kind of method of horizontal permission of effective automatic detection, right by analyzing log Url classification and Detection improves detection coverage rate, reduces rate of failing to report.Automatic scanning system can quickly recognize water outlet equal rights Limit improves Hole Detection efficiency.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of method flow diagram of the horizontal permission automatic identification of WEB of the embodiment of the present invention;
Fig. 2 is a kind of apparatus structure schematic diagram of the horizontal permission automatic identification of WEB of the embodiment of the present invention;
Fig. 3 is URL of embodiment of the present invention Dispatching Unit structural schematic diagram;
Fig. 4 is scanner unit of embodiment of the present invention structural schematic diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, being a kind of method flow diagram of the horizontal permission automatic identification of WEB of the embodiment of the present invention, the side Method includes:
101, WEB log is collected, extracts and summarizes the uniform resource position mark URL in the WEB log, obtain to be detected The library URL;
102, it is directed to the library URL to be detected, each URL is classified by the parameter in analysis URL, is obtained sorted The library URL;
103, it using the corresponding scanner of URL each in the sorted library URL, is carried out by way of parameter changing in URL The detection of horizontal permission.
Preferably, the WEB log includes one or more of following log: proxy server log, WEB service Device log, bypass mirror image log.
Preferably, further includes: after extracting and summarizing the URL in the WEB log, carry out similarization and identify and except locating again Reason, to obtain the library URL to be detected.
Preferably, for the library URL to be detected, each URL is classified by analyzing the parameter in the URL, is obtained The sorted library URL, specifically includes:
For each of the library URL to be detected URL, following processing is executed respectively:
Judge whether the parameter in current URL includes parameter using signature algorithm, if it is, current URL, which belongs to, to be had Otherwise signature parameter URL belongs to no name parameter URL;
And/or judge whether the parameter in current URL includes cookie parameter, if it is, current URL, which belongs to, to be had Otherwise cookie parameter URL belongs to no cookie parameter URL;
And/or judge whether the parameter in current URL includes crucial form parameters, if it is, current URL, which belongs to, to be had Otherwise crucial form parameters URL belongs to unrelated key table one-parameter URL;
The classification information for summarizing each of the library URL to be detected URL obtains the sorted library URL.
Preferably, the scanner includes one or more of following module: signature scan module, cookie parameter are swept Retouch module and form parameters scan module;And using the corresponding scanner of URL each in the sorted library URL, by changing URL The mode of middle parameter carries out the detection of horizontal permission, specifically includes:
Using there is the corresponding signature scan module of signature parameter URL, there is signature parameter for each obtained after classification URL, if detection does not submit whether the signature in URL can be normally carried out the label in the corresponding request of URL, and detection URL Whether name can be cracked;
It is every for what is obtained after classification and/or using there is the corresponding cookie parameter scanning module of cookie parameter URL One has cookie parameter URL, if the cookie in URL is not submitted in detection, submits whether request can pass through;And by repairing Change the parameter for being used for user identity identification in cookie, submits whether request can pass through;
It is every for what is obtained after classification and/or using the corresponding form parameters scan module of related key table one-parameter URL One related key table one-parameter URL, if the value of crucial form parameters is modified in detection, if it is corresponding URL can be normally carried out Request;
Summarize testing result, generate and exports examining report.
It as indicated with 2, is a kind of apparatus structure schematic diagram of the horizontal permission automatic identification of WEB of the embodiment of the present invention, it is described Device includes:
URL acquisition unit 21, for collecting WEB log, extracting and summarizing the uniform resource locator in the WEB log URL obtains the library URL to be detected;
URL Dispatching Unit 22 is divided each URL by the parameter in analysis URL for being directed to the library URL to be detected Class obtains the sorted library URL;
Scanner unit 23, for being joined by changing in URL using the corresponding scanner of URL each in the sorted library URL Several modes carries out the detection of horizontal permission.
Preferably, the WEB log includes one or more of following log: proxy server log, WEB service Device log, bypass mirror image log.
Preferably, the URL acquisition unit 21 carries out after extracting and summarizing the URL in the WEB log Similarization identifies and except handling again, to obtain the library URL to be detected.
Preferably, as shown in figure 3, being URL of embodiment of the present invention Dispatching Unit structural schematic diagram, the URL Dispatching Unit 22, including one or more of following module: signature recognition module 221, cookie parameter identification module 222 and form parameters Identification module 223, the URL Dispatching Unit 22 are used for for each of the library URL to be detected URL, are executed respectively as follows Processing, in which:
The signature recognition module 221, for judging whether the parameter in current URL includes ginseng using signature algorithm Otherwise number, belongs to no name parameter URL if it is, current URL, which belongs to, signature parameter URL;
The cookie parameter identification module 222, for judging whether the parameter in current URL includes cookie parameter, If it is, current URL, which belongs to, cookie parameter URL, otherwise, belong to no cookie parameter URL;
The form parameters identification module 223, for judging whether the parameter in current URL includes crucial form parameters, If it is, current URL belongs to related key table one-parameter URL, otherwise, belong to unrelated key table one-parameter URL;
The URL Dispatching Unit 22 is also used to summarize the classification information of each of the library URL to be detected URL, obtains The sorted library URL.
Preferably, as shown in figure 4, being scanner unit of embodiment of the present invention structural schematic diagram, the scanner unit 23 Further include one or more of following module including report generation module 234: signature scan module 231, cookie parameter are swept Retouch module 232, form parameters scan module 233, in which:
The signature scan module 231 has the corresponding signature scan module of signature parameter URL for utilizing, for classification Each obtained afterwards has signature parameter URL, corresponds to if detection does not submit the signature in URL whether can be normally carried out URL Request, and detection URL in signature whether can be cracked;
The cookie parameter scanning module 232 has the corresponding cookie parameter scanning of cookie parameter URL for utilizing Module has cookie parameter URL for each obtained after classification, if the cookie in URL is not submitted in detection, submission is asked Seeking Truth is no to be passed through;And the parameter by being used for user identity identification in modification cookie, submit whether request can pass through;
The form parameters scan module 233, for scanning mould using the corresponding form parameters of related key table one-parameter URL Block, for each obtained after classification in relation to key table one-parameter URL, if the value of crucial form parameters is modified in detection, if The corresponding request of URL can be normally carried out;
The report generation module 234, for summarizing testing result, generating and exporting examining report.
Above-mentioned technical proposal has the following beneficial effects: effective detection method for current horizontal permission, i.e. inspection by hand The defect of survey, the embodiment of the present invention provide a kind of method of horizontal permission of effective automatic detection, right by analyzing log URL classification detection improves detection coverage rate, reduces rate of failing to report.Automatic scanning system can quickly recognize water outlet equal rights Limit improves Hole Detection efficiency.
The above embodiment of the present invention is described in detail below in conjunction with application example:
The device of the horizontal permission automatic identification of application example WEB of the present invention includes 3 units: URL acquisition unit, URL Dispatching Unit, scanner unit.
URL acquisition unit:
This unit has collected proxy server, Web server and the log for bypassing mirror image, then extracts in log one by one URL information.URL information is aggregated into one piece, carry out similarization identification and except weight, obtains the library URL to be detected.
URL Dispatching Unit:
For the library URL to be detected, the parameter in URL is analyzed.It is identified respectively by signature recognition module, cookie parameter URL classification is facilitated scanner unit to be detected by module and form parameters identification module.Wherein:
Signature recognition module: for using the parameter of the MD5 signature algorithm such as sign to identify, sorted out;
Cookie parameter identification module: whether cookie sorts out request URL;
Form parameters identification module: judging whether there is key parameter in form parameters, may can change its value come into The URL of row unauthorized operation is sorted out.
Scanner unit:
URL is taken out respectively by signature scan module, cookie parameter scanning module and list ginseng from the sorted library URL Number scan module.These modules can targetedly change the detection of the horizontal permission of parameter carry out according to the feature of URL, then summarize Testing result exports examining report by report generation module.Wherein:
Sign scan module: for the parameter for signature, if detection do not submit sign whether can with normal request, and And attempt to crack sign with some algorithms, it detects whether to be cracked;
Cookie parameter scanning module: if cookie is not submitted in detection, submit whether request can pass through.It modifies in cookie The crucial parameter as user identity identification, submit and request whether to pass through;
Form parameters scan module: when the value for modifying crucial form parameters, judging whether can be with normal request for detection.Than Such as: order_id=123 can only check 123 this order for user;Order_id=133 is modified, checks that can request give birth to Effect.
For example, following specific application example:
Step 1: extracting URL from log:
Here is that the key code of URL is extracted from bypass mirror image log:
Step 2: URL recognition unit
The various parameters in URL are analyzed, are scanner unit by URL according to needing the module by detecting to classify The URL handled well is provided.
Step 3: scanner unit
Change URL in parameter, reduced parameter change front and back return as a result, determining whether that there are horizontal permissions.For Problematic URL can record payload and returning the result, be aggregated into inside scan report.
Application example technical solution bring of the present invention improves leakage the utility model has the advantages that the horizontal permission loophole of automatic identification WEB Hole recognition efficiency, it is ensured that WEB application is safer.
It should be understood that the particular order or level of the step of during disclosed are the examples of illustrative methods.Based on setting Count preference, it should be appreciated that in the process the step of particular order or level can be in the feelings for the protection scope for not departing from the disclosure It is rearranged under condition.Appended claim to a method is not illustratively sequentially to give the element of various steps, and not It is to be limited to the particular order or level.
In above-mentioned detailed description, various features are combined together in single embodiment, to simplify the disclosure.No This published method should be construed to reflect such intention, that is, the embodiment of theme claimed needs to compare The more features of the feature clearly stated in each claim.On the contrary, as appended claims is reflected Like that, the present invention is in the state fewer than whole features of disclosed single embodiment.Therefore, appended claims It is hereby expressly incorporated into detailed description, wherein each claim is used as alone the individual preferred embodiment of the present invention.
For can be realized any technical staff in the art or using the present invention, above to disclosed embodiment into Description is gone.To those skilled in the art;The various modifications mode of these embodiments will be apparent from, and this The General Principle of text definition can also be suitable for other embodiments on the basis of not departing from the spirit and scope of the disclosure. Therefore, the disclosure is not limited to embodiments set forth herein, but most wide with principle disclosed in the present application and novel features Range is consistent.
Description above includes the citing of one or more embodiments.Certainly, in order to describe above-described embodiment and description portion The all possible combination of part or method is impossible, but it will be appreciated by one of ordinary skill in the art that each implementation Example can do further combinations and permutations.Therefore, embodiment described herein is intended to cover fall into the appended claims Protection scope in all such changes, modifications and variations.In addition, with regard to term used in specification or claims The mode that covers of "comprising", the word is similar to term " includes ", just as " including " solved in the claims as transitional word As releasing.In addition, the use of any one of specification in claims term "or" being to indicate " non-exclusionism Or ".
Those skilled in the art will also be appreciated that the various illustrative components, blocks that the embodiment of the present invention is listed (illustrative logical block), unit and step can by electronic hardware, computer software, or both knot Conjunction is realized.For the replaceability (interchangeability) for clearly showing that hardware and software, above-mentioned various explanations Property component (illustrative components), unit and step universally describe their function.Such function It can be that the design requirement for depending on specific application and whole system is realized by hardware or software.Those skilled in the art Can be can be used by various methods and realize the function, but this realization is understood not to for every kind of specific application Range beyond protection of the embodiment of the present invention.
Various illustrative logical blocks or unit described in the embodiment of the present invention can by general processor, Digital signal processor, specific integrated circuit (ASIC), field programmable gate array or other programmable logic devices, discrete gate Or transistor logic, discrete hardware components or above-mentioned any combination of design carry out implementation or operation described function.General place Managing device can be microprocessor, and optionally, which may be any traditional processor, controller, microcontroller Device or state machine.Processor can also be realized by the combination of computing device, such as digital signal processor and microprocessor, Multi-microprocessor, one or more microprocessors combine a digital signal processor core or any other like configuration To realize.
The step of method described in the embodiment of the present invention or algorithm can be directly embedded into hardware, processor execute it is soft The combination of part module or the two.Software module can store in RAM memory, flash memory, ROM memory, EPROM storage Other any form of storaging mediums in device, eeprom memory, register, hard disk, moveable magnetic disc, CD-ROM or this field In.Illustratively, storaging medium can be connect with processor, so that processor can read information from storaging medium, and It can be to storaging medium stored and written information.Optionally, storaging medium can also be integrated into the processor.Processor and storaging medium can To be set in asic, ASIC be can be set in user terminal.Optionally, processor and storaging medium also can be set in In different components in the terminal of family.
In one or more exemplary designs, above-mentioned function described in the embodiment of the present invention can be in hardware, soft Part, firmware or any combination of this three are realized.If realized in software, these functions be can store and computer-readable On medium, or it is transferred on a computer readable medium in the form of one or more instructions or code forms.Computer readable medium includes electricity Brain storaging medium and convenient for so that computer program is allowed to be transferred to from a place telecommunication media in other places.Storaging medium can be with It is that any general or special computer can be with the useable medium of access.For example, such computer readable media may include but It is not limited to RAM, ROM, EEPROM, CD-ROM or other optical disc storages, disk storage or other magnetic storage devices or other What can be used for carry or store with instruct or data structure and it is other can be by general or special computer or general or specially treated The medium of the program code of device reading form.In addition, any connection can be properly termed computer readable medium, example Such as, if software is to pass through a coaxial cable, fiber optic cables, double from a web-site, server or other remote resources Twisted wire, Digital Subscriber Line (DSL) are defined with being also contained in for the wireless way for transmitting such as example infrared, wireless and microwave In computer readable medium.The disk (disk) and disk (disc) includes compress disk, radium-shine disk, CD, DVD, floppy disk And Blu-ray Disc, disk is usually with magnetic replicate data, and disk usually carries out optically replicated data with laser.Combinations of the above Also it may be embodied in computer readable medium.
Above-described specific embodiment has carried out further the purpose of the present invention, technical scheme and beneficial effects It is described in detail, it should be understood that being not intended to limit the present invention the foregoing is merely a specific embodiment of the invention Protection scope, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should all include Within protection scope of the present invention.

Claims (8)

1. a kind of method of the horizontal permission automatic identification of WEB, which is characterized in that the described method includes:
WEB log is collected, extracts and summarizes the uniform resource position mark URL in the WEB log, obtain the library URL to be detected;
For the library URL to be detected, each URL is classified by the parameter in analysis URL, obtains the sorted library URL;Tool Body includes:
For each of the library URL to be detected URL, following processing is executed respectively: judging whether the parameter in current URL wraps The parameter using signature algorithm is included, if it is, current URL, which belongs to, signature parameter URL, otherwise, belongs to no name parameter URL;And/or judge whether the parameter in current URL includes cookie parameter, if it is, current URL, which belongs to, cookie Otherwise parameter URL belongs to no cookie parameter URL;
And/or judge whether the parameter in current URL includes crucial form parameters, if it is, current URL, which belongs to, key Otherwise form parameters URL belongs to unrelated key table one-parameter URL;
The classification information for summarizing each of the library URL to be detected URL obtains the sorted library URL;Using sorted The corresponding scanner of each URL in the library URL carries out the detection of horizontal permission changing by way of parameter in URL.
2. the method for the horizontal permission automatic identification of WEB as described in claim 1, which is characterized in that the WEB log includes such as One or more of lower log:
Proxy server log, WEB server log, bypass mirror image log.
3. the method for the horizontal permission automatic identification of WEB as claimed in claim 1 or 2, which is characterized in that further include:
After extracting and summarizing the URL in the WEB log, progress similarization identifies and except handling again, to obtain described to be checked The library URL of survey.
4. the method for the horizontal permission automatic identification of WEB as described in claim 1, which is characterized in that the scanner includes such as One or more of lower module: signature scan module, cookie parameter scanning module and form parameters scan module;And
Using the corresponding scanner of URL each in the sorted library URL, horizontal permission is carried out by way of parameter changing in URL Detection, specifically include:
Using there is the corresponding signature scan module of signature parameter URL, there is signature parameter URL for each obtained after classification, If the signature whether detection does not submit the signature in URL that can be normally carried out in the corresponding request of URL, and detection URL is It is no to be cracked;
And/or using there is the corresponding cookie parameter scanning module of cookie parameter URL, for each obtained after classification There is cookie parameter URL, if the cookie in URL is not submitted in detection, submits whether request can pass through;And pass through modification It is used for the parameter of user identity identification in cookie, submits whether request can pass through;
And/or using the corresponding form parameters scan module of related key table one-parameter URL, for each obtained after classification Related key table one-parameter URL, if the value of crucial form parameters is modified in detection, if the corresponding request of URL can be normally carried out;
Summarize testing result, generate and exports examining report.
5. a kind of device of the horizontal permission automatic identification of WEB, which is characterized in that described device includes:
URL acquisition unit extracts and summarizes the uniform resource position mark URL in the WEB log for collecting WEB log, obtain To the library URL to be detected;
Each URL is classified by the parameter in analysis URL, is obtained for being directed to the library URL to be detected by URL Dispatching Unit The sorted library URL;
Scanner unit, for passing through the side of parameter in change URL using the corresponding scanner of URL each in the sorted library URL Formula carries out the detection of horizontal permission;
One or more of described URL Dispatching Unit, including following module: signature recognition module, cookie parameter identify mould Block and form parameters identification module, the URL Dispatching Unit are used to hold respectively for each of the library URL to be detected URL The following processing of row, in which:
The signature recognition module, for judging whether the parameter in current URL includes parameter using signature algorithm, if It is that then current URL, which belongs to, signature parameter URL, otherwise, belongs to no name parameter URL;
The cookie parameter identification module, for judging whether the parameter in current URL includes cookie parameter, if so, Then current URL, which belongs to, cookie parameter URL, otherwise, belongs to no cookie parameter URL;
The form parameters identification module, for judging whether the parameter in current URL includes crucial form parameters, if so, Then current URL belongs to related key table one-parameter URL, otherwise, belongs to unrelated key table one-parameter URL;
The URL Dispatching Unit is also used to summarize the classification information of each of the library URL to be detected URL, after obtaining classification The library URL.
6. the device of the horizontal permission automatic identification of WEB as claimed in claim 5, which is characterized in that the WEB log includes such as One or more of lower log:
Proxy server log, WEB server log, bypass mirror image log.
7. the device of the horizontal permission automatic identification of the WEB as described in claim 5 or 6, which is characterized in that
The URL acquisition unit carries out similarization identification and removes after extracting and summarizing the URL in the WEB log It handles again, to obtain the library URL to be detected.
8. the device of the horizontal permission automatic identification of WEB as claimed in claim 5, which is characterized in that the scanner unit packet Include report generation module, further include one or more of following module: signature scan module, cookie parameter scanning module, Form parameters scan module, in which:
The signature scan module has the corresponding signature scan module of signature parameter URL for utilizing, for what is obtained after classification Each has signature parameter URL, if detection does not submit whether the signature in URL can be normally carried out the corresponding request of URL, with And whether the signature in detection URL can be cracked;
The cookie parameter scanning module has the corresponding cookie parameter scanning module of cookie parameter URL, needle for utilizing There is cookie parameter URL to each obtained after classification, if the cookie in URL is not submitted in detection, whether submits request It can pass through;And the parameter by being used for user identity identification in modification cookie, submit whether request can pass through;
The form parameters scan module, for utilizing the corresponding form parameters scan module of related key table one-parameter URL, for Each obtained after classification is in relation to key table one-parameter URL, if the value of crucial form parameters is modified in detection, if can be normal Carry out the corresponding request of URL;
The report generation module, for summarizing testing result, generating and exporting examining report.
CN201610350375.XA 2016-05-24 2016-05-24 A kind of method and device of the horizontal permission automatic identification of WEB Active CN106027528B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610350375.XA CN106027528B (en) 2016-05-24 2016-05-24 A kind of method and device of the horizontal permission automatic identification of WEB

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610350375.XA CN106027528B (en) 2016-05-24 2016-05-24 A kind of method and device of the horizontal permission automatic identification of WEB

Publications (2)

Publication Number Publication Date
CN106027528A CN106027528A (en) 2016-10-12
CN106027528B true CN106027528B (en) 2019-07-12

Family

ID=57093791

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610350375.XA Active CN106027528B (en) 2016-05-24 2016-05-24 A kind of method and device of the horizontal permission automatic identification of WEB

Country Status (1)

Country Link
CN (1) CN106027528B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108287831B (en) * 2017-01-09 2022-08-05 阿里巴巴集团控股有限公司 URL classification method and system and data processing method and system
CN107609020B (en) * 2017-08-07 2020-06-05 北京京东尚科信息技术有限公司 Log classification method and device based on labels
CN108667689A (en) * 2018-05-16 2018-10-16 上海携程国际旅行社有限公司 Network layer Cookie monitor and detections method, apparatus, electronic equipment, storage medium
CN110909355A (en) * 2018-09-17 2020-03-24 北京京东金融科技控股有限公司 Unauthorized vulnerability detection method, system, electronic device and medium
CN113949578B (en) * 2021-10-20 2023-11-24 广州名控网络科技有限公司 Automatic detection method and device for unauthorized loopholes based on flow and computer equipment
CN114138661B (en) * 2021-12-08 2022-08-05 国家工业信息安全发展研究中心 Dynamic security detection method and system for test target
CN116471131B (en) * 2023-06-20 2023-09-08 北京门石信息技术有限公司 Processing method and processing device for logical link information asset

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558605A (en) * 2004-01-19 2004-12-29 上海交通大学 Method for realizing loophole scanning
CN103501304A (en) * 2013-10-12 2014-01-08 深信服网络科技(深圳)有限公司 Method and device for controlling unauthorized access of web system
CN104144142A (en) * 2013-05-07 2014-11-12 阿里巴巴集团控股有限公司 Web vulnerability discovery method and system
CN104301302A (en) * 2014-09-12 2015-01-21 深信服网络科技(深圳)有限公司 Unauthorized attack detection method and device
CN104519070A (en) * 2014-12-31 2015-04-15 北京奇虎科技有限公司 Method and system for detecting website permission vulnerabilities
CN105357195A (en) * 2015-10-30 2016-02-24 深圳市深信服电子科技有限公司 Unauthorized web access vulnerability detecting method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060026680A1 (en) * 2004-07-29 2006-02-02 Zakas Phillip H System and method of characterizing and managing electronic traffic

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558605A (en) * 2004-01-19 2004-12-29 上海交通大学 Method for realizing loophole scanning
CN104144142A (en) * 2013-05-07 2014-11-12 阿里巴巴集团控股有限公司 Web vulnerability discovery method and system
CN103501304A (en) * 2013-10-12 2014-01-08 深信服网络科技(深圳)有限公司 Method and device for controlling unauthorized access of web system
CN104301302A (en) * 2014-09-12 2015-01-21 深信服网络科技(深圳)有限公司 Unauthorized attack detection method and device
CN104519070A (en) * 2014-12-31 2015-04-15 北京奇虎科技有限公司 Method and system for detecting website permission vulnerabilities
CN105357195A (en) * 2015-10-30 2016-02-24 深圳市深信服电子科技有限公司 Unauthorized web access vulnerability detecting method and device

Also Published As

Publication number Publication date
CN106027528A (en) 2016-10-12

Similar Documents

Publication Publication Date Title
CN106027528B (en) A kind of method and device of the horizontal permission automatic identification of WEB
CN109325351B (en) Security hole automatic verification system based on public testing platform
CN101808093B (en) System and method for automatically detecting WEB security
CN104767757B (en) Various dimensions safety monitoring method and system based on WEB service
CN103942497B (en) Forensics type website vulnerability scanning method and system
CN101751535B (en) Data loss protection through application data access classification
CN112866023B (en) Network detection method, model training method, device, equipment and storage medium
CN108920954B (en) Automatic malicious code detection platform and method
CN103428196A (en) URL white list-based WEB application intrusion detecting method and apparatus
WO2010012170A1 (en) Database security monitoring method, device and system
CN102663052B (en) Method and device for providing search results of search engine
CN108334758A (en) A kind of detection method, device and the equipment of user's ultra vires act
Li et al. Sentinel: securing database from logic flaws in web applications
CN107688743A (en) The determination method and system of a kind of rogue program
WO2021169730A1 (en) Method and device for data processing, and storage medium
CN110457626A (en) A kind of abnormal access request screening technique and device
CN110262965A (en) A kind of test method and equipment of application program
CN113132311A (en) Abnormal access detection method, device and equipment
CN112104613B (en) Honey net testing system based on data flow packet analysis and testing method thereof
CN108959065A (en) The verification method and system of software interface test parameter
CN109391624A (en) A kind of terminal access data exception detection method and device based on machine learning
CN109829304A (en) A kind of method for detecting virus and device
Li et al. Automated black-box detection of access control vulnerabilities in web applications
CN105429996A (en) Method for intelligently finding and locating address translation equipment
CN103368970B (en) A kind of automation safety detection method for network objectives

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant