CN106027528B - A kind of method and device of the horizontal permission automatic identification of WEB - Google Patents
A kind of method and device of the horizontal permission automatic identification of WEB Download PDFInfo
- Publication number
- CN106027528B CN106027528B CN201610350375.XA CN201610350375A CN106027528B CN 106027528 B CN106027528 B CN 106027528B CN 201610350375 A CN201610350375 A CN 201610350375A CN 106027528 B CN106027528 B CN 106027528B
- Authority
- CN
- China
- Prior art keywords
- url
- parameter
- web
- cookie
- library
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The embodiment of the present invention provides a kind of method and device of horizontal permission automatic identification of WEB, which comprises collects WEB log, extracts and summarize the uniform resource position mark URL in the WEB log, obtain the library URL to be detected;For the library URL to be detected, each URL is classified by the parameter in analysis URL, obtains the sorted library URL;Using the corresponding scanner of URL each in the sorted library URL, the detection of horizontal permission is carried out in URL by way of parameter changing.Above-mentioned technical proposal has the following beneficial effects: effective detection method for current horizontal permission, that is the defect of manual inspection, the embodiment of the present invention provides a kind of method of horizontal permission of effective automatic detection, by analyzing log, URL classification is detected, detection coverage rate is improved, rate of failing to report is reduced.Automatic scanning system can quickly recognize water outlet equal rights limit, improve Hole Detection efficiency.
Description
Technical field
The present invention relates to network technique field more particularly to a kind of method and devices of the horizontal permission automatic identification of WEB.
Background technique
Currently, security audit personnel generally use the horizontal permission of manual inspection WEB.For other security breaches,
Horizontal permission is often related with specific service authorization logic.Horizontal privilege loophole generally requires in security audit personnel's analysis system
Sensitive data operation pages, the operating right of hand-kept user (for example creates new record, obtains information, deletion record
Deng), it then attempts to go to access these functions by other user, checks whether its page returns reasonable one by one.
Horizontal permission is exactly the content-data that website party A-subscriber can only operate party A-subscriber oneself, such as modifies head portrait, dispatch chapter.And
The content-data of party B-subscriber cannot be operated;Some operating rights of webmaster cannot more be used.Horizontal permission loophole: all
It is that user A can use to access the loophole of the sensitive resource of user B.In general, horizontal permission loophole Producing reason is: opening up
When existing user information, the identity foundation for being easier to be forged has been used.
The horizontal permission Hole Detection of manual inspection is at high cost, difficult for large-scale WEB application.Large-scale WEB is answered
Page resource in is very more, and corresponding authorization logic is also extremely complex, if it is desired to the horizontal permission loophole of manual inspection, work
Work amount can be very big, its test coverage is often also difficult to ensure in real work.Meanwhile horizontal permission Hole Detection is with respect to it
It is more time-consuming and laborious for his test, necessarily affect the quick delivery of application system.
The prior art also uses vulnerability scanners to pass through the active horizontal permission of Scanning Detction WEB.Common vulnerability scanning
Device accesses WEB application entrance, and URL (Uniform Resource Locator, the unified money for being exposed to user are crawled by crawler
Source finger URL), the URL that solves and can not crawl is guessed in conjunction with preset dictionary, is completed previous information and is collected.Then to the URL of collection
Similitude identification, duplicate removal are carried out, URL to be detected is obtained.It is (fuzzy to survey by automatic fuzz for each URL to be detected
Examination), various aggressive data are filled, detect whether to return to suspicious URL, and mark there are horizontal permission according to returning the result
Infuse loophole grade and payload (payload).But vulnerability scanners pass through the horizontal permission loophole rate of failing to report of active Scanning Detction
Height influences operation system stability.Permission detection first needs tester to be familiar with the setting of permission, and tool is unable to complete such
Work can not handle the application of high interactive mode, it is difficult to cover 100% URL.In addition WEB application system function is more complicated, main
A large amount of dirty datas can be written in dynamic formula scanning, influence the stability of operation system.
Summary of the invention
The embodiment of the present invention provides a kind of method and device of horizontal permission automatic identification of WEB, to improve detection covering
Rate reduces rate of failing to report.
On the one hand, the embodiment of the invention provides a kind of method of the horizontal permission automatic identification of WEB, the method packets
It includes:
WEB log is collected, extracts and summarizes the uniform resource position mark URL in the WEB log, obtain to be detected
The library URL;
For the library URL to be detected, each URL is classified by the parameter in analysis URL, obtains sorted URL
Library;
Using the corresponding scanner of URL each in the sorted library URL, level is carried out by way of parameter changing in URL
The detection of permission.
On the other hand, the embodiment of the invention provides a kind of device of the horizontal permission automatic identification of WEB, described device packets
It includes:
URL acquisition unit, for collecting WEB log, extracting and summarizing the uniform resource locator in the WEB log
URL obtains the library URL to be detected;
URL Dispatching Unit is classified each URL by the parameter in analysis URL for being directed to the library URL to be detected,
Obtain the sorted library URL;
Scanner unit, for passing through parameter in change URL using the corresponding scanner of URL each in the sorted library URL
Mode carry out the detection of horizontal permission.
Above-mentioned technical proposal has the following beneficial effects: effective detection method for current horizontal permission, i.e. inspection by hand
The defect of survey, the embodiment of the present invention provide a kind of method of horizontal permission of effective automatic detection, right by analyzing log
Url classification and Detection improves detection coverage rate, reduces rate of failing to report.Automatic scanning system can quickly recognize water outlet equal rights
Limit improves Hole Detection efficiency.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of method flow diagram of the horizontal permission automatic identification of WEB of the embodiment of the present invention;
Fig. 2 is a kind of apparatus structure schematic diagram of the horizontal permission automatic identification of WEB of the embodiment of the present invention;
Fig. 3 is URL of embodiment of the present invention Dispatching Unit structural schematic diagram;
Fig. 4 is scanner unit of embodiment of the present invention structural schematic diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, being a kind of method flow diagram of the horizontal permission automatic identification of WEB of the embodiment of the present invention, the side
Method includes:
101, WEB log is collected, extracts and summarizes the uniform resource position mark URL in the WEB log, obtain to be detected
The library URL;
102, it is directed to the library URL to be detected, each URL is classified by the parameter in analysis URL, is obtained sorted
The library URL;
103, it using the corresponding scanner of URL each in the sorted library URL, is carried out by way of parameter changing in URL
The detection of horizontal permission.
Preferably, the WEB log includes one or more of following log: proxy server log, WEB service
Device log, bypass mirror image log.
Preferably, further includes: after extracting and summarizing the URL in the WEB log, carry out similarization and identify and except locating again
Reason, to obtain the library URL to be detected.
Preferably, for the library URL to be detected, each URL is classified by analyzing the parameter in the URL, is obtained
The sorted library URL, specifically includes:
For each of the library URL to be detected URL, following processing is executed respectively:
Judge whether the parameter in current URL includes parameter using signature algorithm, if it is, current URL, which belongs to, to be had
Otherwise signature parameter URL belongs to no name parameter URL;
And/or judge whether the parameter in current URL includes cookie parameter, if it is, current URL, which belongs to, to be had
Otherwise cookie parameter URL belongs to no cookie parameter URL;
And/or judge whether the parameter in current URL includes crucial form parameters, if it is, current URL, which belongs to, to be had
Otherwise crucial form parameters URL belongs to unrelated key table one-parameter URL;
The classification information for summarizing each of the library URL to be detected URL obtains the sorted library URL.
Preferably, the scanner includes one or more of following module: signature scan module, cookie parameter are swept
Retouch module and form parameters scan module;And using the corresponding scanner of URL each in the sorted library URL, by changing URL
The mode of middle parameter carries out the detection of horizontal permission, specifically includes:
Using there is the corresponding signature scan module of signature parameter URL, there is signature parameter for each obtained after classification
URL, if detection does not submit whether the signature in URL can be normally carried out the label in the corresponding request of URL, and detection URL
Whether name can be cracked;
It is every for what is obtained after classification and/or using there is the corresponding cookie parameter scanning module of cookie parameter URL
One has cookie parameter URL, if the cookie in URL is not submitted in detection, submits whether request can pass through;And by repairing
Change the parameter for being used for user identity identification in cookie, submits whether request can pass through;
It is every for what is obtained after classification and/or using the corresponding form parameters scan module of related key table one-parameter URL
One related key table one-parameter URL, if the value of crucial form parameters is modified in detection, if it is corresponding URL can be normally carried out
Request;
Summarize testing result, generate and exports examining report.
It as indicated with 2, is a kind of apparatus structure schematic diagram of the horizontal permission automatic identification of WEB of the embodiment of the present invention, it is described
Device includes:
URL acquisition unit 21, for collecting WEB log, extracting and summarizing the uniform resource locator in the WEB log
URL obtains the library URL to be detected;
URL Dispatching Unit 22 is divided each URL by the parameter in analysis URL for being directed to the library URL to be detected
Class obtains the sorted library URL;
Scanner unit 23, for being joined by changing in URL using the corresponding scanner of URL each in the sorted library URL
Several modes carries out the detection of horizontal permission.
Preferably, the WEB log includes one or more of following log: proxy server log, WEB service
Device log, bypass mirror image log.
Preferably, the URL acquisition unit 21 carries out after extracting and summarizing the URL in the WEB log
Similarization identifies and except handling again, to obtain the library URL to be detected.
Preferably, as shown in figure 3, being URL of embodiment of the present invention Dispatching Unit structural schematic diagram, the URL Dispatching Unit
22, including one or more of following module: signature recognition module 221, cookie parameter identification module 222 and form parameters
Identification module 223, the URL Dispatching Unit 22 are used for for each of the library URL to be detected URL, are executed respectively as follows
Processing, in which:
The signature recognition module 221, for judging whether the parameter in current URL includes ginseng using signature algorithm
Otherwise number, belongs to no name parameter URL if it is, current URL, which belongs to, signature parameter URL;
The cookie parameter identification module 222, for judging whether the parameter in current URL includes cookie parameter,
If it is, current URL, which belongs to, cookie parameter URL, otherwise, belong to no cookie parameter URL;
The form parameters identification module 223, for judging whether the parameter in current URL includes crucial form parameters,
If it is, current URL belongs to related key table one-parameter URL, otherwise, belong to unrelated key table one-parameter URL;
The URL Dispatching Unit 22 is also used to summarize the classification information of each of the library URL to be detected URL, obtains
The sorted library URL.
Preferably, as shown in figure 4, being scanner unit of embodiment of the present invention structural schematic diagram, the scanner unit 23
Further include one or more of following module including report generation module 234: signature scan module 231, cookie parameter are swept
Retouch module 232, form parameters scan module 233, in which:
The signature scan module 231 has the corresponding signature scan module of signature parameter URL for utilizing, for classification
Each obtained afterwards has signature parameter URL, corresponds to if detection does not submit the signature in URL whether can be normally carried out URL
Request, and detection URL in signature whether can be cracked;
The cookie parameter scanning module 232 has the corresponding cookie parameter scanning of cookie parameter URL for utilizing
Module has cookie parameter URL for each obtained after classification, if the cookie in URL is not submitted in detection, submission is asked
Seeking Truth is no to be passed through;And the parameter by being used for user identity identification in modification cookie, submit whether request can pass through;
The form parameters scan module 233, for scanning mould using the corresponding form parameters of related key table one-parameter URL
Block, for each obtained after classification in relation to key table one-parameter URL, if the value of crucial form parameters is modified in detection, if
The corresponding request of URL can be normally carried out;
The report generation module 234, for summarizing testing result, generating and exporting examining report.
Above-mentioned technical proposal has the following beneficial effects: effective detection method for current horizontal permission, i.e. inspection by hand
The defect of survey, the embodiment of the present invention provide a kind of method of horizontal permission of effective automatic detection, right by analyzing log
URL classification detection improves detection coverage rate, reduces rate of failing to report.Automatic scanning system can quickly recognize water outlet equal rights
Limit improves Hole Detection efficiency.
The above embodiment of the present invention is described in detail below in conjunction with application example:
The device of the horizontal permission automatic identification of application example WEB of the present invention includes 3 units: URL acquisition unit, URL
Dispatching Unit, scanner unit.
URL acquisition unit:
This unit has collected proxy server, Web server and the log for bypassing mirror image, then extracts in log one by one
URL information.URL information is aggregated into one piece, carry out similarization identification and except weight, obtains the library URL to be detected.
URL Dispatching Unit:
For the library URL to be detected, the parameter in URL is analyzed.It is identified respectively by signature recognition module, cookie parameter
URL classification is facilitated scanner unit to be detected by module and form parameters identification module.Wherein:
Signature recognition module: for using the parameter of the MD5 signature algorithm such as sign to identify, sorted out;
Cookie parameter identification module: whether cookie sorts out request URL;
Form parameters identification module: judging whether there is key parameter in form parameters, may can change its value come into
The URL of row unauthorized operation is sorted out.
Scanner unit:
URL is taken out respectively by signature scan module, cookie parameter scanning module and list ginseng from the sorted library URL
Number scan module.These modules can targetedly change the detection of the horizontal permission of parameter carry out according to the feature of URL, then summarize
Testing result exports examining report by report generation module.Wherein:
Sign scan module: for the parameter for signature, if detection do not submit sign whether can with normal request, and
And attempt to crack sign with some algorithms, it detects whether to be cracked;
Cookie parameter scanning module: if cookie is not submitted in detection, submit whether request can pass through.It modifies in cookie
The crucial parameter as user identity identification, submit and request whether to pass through;
Form parameters scan module: when the value for modifying crucial form parameters, judging whether can be with normal request for detection.Than
Such as: order_id=123 can only check 123 this order for user;Order_id=133 is modified, checks that can request give birth to
Effect.
For example, following specific application example:
Step 1: extracting URL from log:
Here is that the key code of URL is extracted from bypass mirror image log:
Step 2: URL recognition unit
The various parameters in URL are analyzed, are scanner unit by URL according to needing the module by detecting to classify
The URL handled well is provided.
Step 3: scanner unit
Change URL in parameter, reduced parameter change front and back return as a result, determining whether that there are horizontal permissions.For
Problematic URL can record payload and returning the result, be aggregated into inside scan report.
Application example technical solution bring of the present invention improves leakage the utility model has the advantages that the horizontal permission loophole of automatic identification WEB
Hole recognition efficiency, it is ensured that WEB application is safer.
It should be understood that the particular order or level of the step of during disclosed are the examples of illustrative methods.Based on setting
Count preference, it should be appreciated that in the process the step of particular order or level can be in the feelings for the protection scope for not departing from the disclosure
It is rearranged under condition.Appended claim to a method is not illustratively sequentially to give the element of various steps, and not
It is to be limited to the particular order or level.
In above-mentioned detailed description, various features are combined together in single embodiment, to simplify the disclosure.No
This published method should be construed to reflect such intention, that is, the embodiment of theme claimed needs to compare
The more features of the feature clearly stated in each claim.On the contrary, as appended claims is reflected
Like that, the present invention is in the state fewer than whole features of disclosed single embodiment.Therefore, appended claims
It is hereby expressly incorporated into detailed description, wherein each claim is used as alone the individual preferred embodiment of the present invention.
For can be realized any technical staff in the art or using the present invention, above to disclosed embodiment into
Description is gone.To those skilled in the art;The various modifications mode of these embodiments will be apparent from, and this
The General Principle of text definition can also be suitable for other embodiments on the basis of not departing from the spirit and scope of the disclosure.
Therefore, the disclosure is not limited to embodiments set forth herein, but most wide with principle disclosed in the present application and novel features
Range is consistent.
Description above includes the citing of one or more embodiments.Certainly, in order to describe above-described embodiment and description portion
The all possible combination of part or method is impossible, but it will be appreciated by one of ordinary skill in the art that each implementation
Example can do further combinations and permutations.Therefore, embodiment described herein is intended to cover fall into the appended claims
Protection scope in all such changes, modifications and variations.In addition, with regard to term used in specification or claims
The mode that covers of "comprising", the word is similar to term " includes ", just as " including " solved in the claims as transitional word
As releasing.In addition, the use of any one of specification in claims term "or" being to indicate " non-exclusionism
Or ".
Those skilled in the art will also be appreciated that the various illustrative components, blocks that the embodiment of the present invention is listed
(illustrative logical block), unit and step can by electronic hardware, computer software, or both knot
Conjunction is realized.For the replaceability (interchangeability) for clearly showing that hardware and software, above-mentioned various explanations
Property component (illustrative components), unit and step universally describe their function.Such function
It can be that the design requirement for depending on specific application and whole system is realized by hardware or software.Those skilled in the art
Can be can be used by various methods and realize the function, but this realization is understood not to for every kind of specific application
Range beyond protection of the embodiment of the present invention.
Various illustrative logical blocks or unit described in the embodiment of the present invention can by general processor,
Digital signal processor, specific integrated circuit (ASIC), field programmable gate array or other programmable logic devices, discrete gate
Or transistor logic, discrete hardware components or above-mentioned any combination of design carry out implementation or operation described function.General place
Managing device can be microprocessor, and optionally, which may be any traditional processor, controller, microcontroller
Device or state machine.Processor can also be realized by the combination of computing device, such as digital signal processor and microprocessor,
Multi-microprocessor, one or more microprocessors combine a digital signal processor core or any other like configuration
To realize.
The step of method described in the embodiment of the present invention or algorithm can be directly embedded into hardware, processor execute it is soft
The combination of part module or the two.Software module can store in RAM memory, flash memory, ROM memory, EPROM storage
Other any form of storaging mediums in device, eeprom memory, register, hard disk, moveable magnetic disc, CD-ROM or this field
In.Illustratively, storaging medium can be connect with processor, so that processor can read information from storaging medium, and
It can be to storaging medium stored and written information.Optionally, storaging medium can also be integrated into the processor.Processor and storaging medium can
To be set in asic, ASIC be can be set in user terminal.Optionally, processor and storaging medium also can be set in
In different components in the terminal of family.
In one or more exemplary designs, above-mentioned function described in the embodiment of the present invention can be in hardware, soft
Part, firmware or any combination of this three are realized.If realized in software, these functions be can store and computer-readable
On medium, or it is transferred on a computer readable medium in the form of one or more instructions or code forms.Computer readable medium includes electricity
Brain storaging medium and convenient for so that computer program is allowed to be transferred to from a place telecommunication media in other places.Storaging medium can be with
It is that any general or special computer can be with the useable medium of access.For example, such computer readable media may include but
It is not limited to RAM, ROM, EEPROM, CD-ROM or other optical disc storages, disk storage or other magnetic storage devices or other
What can be used for carry or store with instruct or data structure and it is other can be by general or special computer or general or specially treated
The medium of the program code of device reading form.In addition, any connection can be properly termed computer readable medium, example
Such as, if software is to pass through a coaxial cable, fiber optic cables, double from a web-site, server or other remote resources
Twisted wire, Digital Subscriber Line (DSL) are defined with being also contained in for the wireless way for transmitting such as example infrared, wireless and microwave
In computer readable medium.The disk (disk) and disk (disc) includes compress disk, radium-shine disk, CD, DVD, floppy disk
And Blu-ray Disc, disk is usually with magnetic replicate data, and disk usually carries out optically replicated data with laser.Combinations of the above
Also it may be embodied in computer readable medium.
Above-described specific embodiment has carried out further the purpose of the present invention, technical scheme and beneficial effects
It is described in detail, it should be understood that being not intended to limit the present invention the foregoing is merely a specific embodiment of the invention
Protection scope, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should all include
Within protection scope of the present invention.
Claims (8)
1. a kind of method of the horizontal permission automatic identification of WEB, which is characterized in that the described method includes:
WEB log is collected, extracts and summarizes the uniform resource position mark URL in the WEB log, obtain the library URL to be detected;
For the library URL to be detected, each URL is classified by the parameter in analysis URL, obtains the sorted library URL;Tool
Body includes:
For each of the library URL to be detected URL, following processing is executed respectively: judging whether the parameter in current URL wraps
The parameter using signature algorithm is included, if it is, current URL, which belongs to, signature parameter URL, otherwise, belongs to no name parameter
URL;And/or judge whether the parameter in current URL includes cookie parameter, if it is, current URL, which belongs to, cookie
Otherwise parameter URL belongs to no cookie parameter URL;
And/or judge whether the parameter in current URL includes crucial form parameters, if it is, current URL, which belongs to, key
Otherwise form parameters URL belongs to unrelated key table one-parameter URL;
The classification information for summarizing each of the library URL to be detected URL obtains the sorted library URL;Using sorted
The corresponding scanner of each URL in the library URL carries out the detection of horizontal permission changing by way of parameter in URL.
2. the method for the horizontal permission automatic identification of WEB as described in claim 1, which is characterized in that the WEB log includes such as
One or more of lower log:
Proxy server log, WEB server log, bypass mirror image log.
3. the method for the horizontal permission automatic identification of WEB as claimed in claim 1 or 2, which is characterized in that further include:
After extracting and summarizing the URL in the WEB log, progress similarization identifies and except handling again, to obtain described to be checked
The library URL of survey.
4. the method for the horizontal permission automatic identification of WEB as described in claim 1, which is characterized in that the scanner includes such as
One or more of lower module: signature scan module, cookie parameter scanning module and form parameters scan module;And
Using the corresponding scanner of URL each in the sorted library URL, horizontal permission is carried out by way of parameter changing in URL
Detection, specifically include:
Using there is the corresponding signature scan module of signature parameter URL, there is signature parameter URL for each obtained after classification,
If the signature whether detection does not submit the signature in URL that can be normally carried out in the corresponding request of URL, and detection URL is
It is no to be cracked;
And/or using there is the corresponding cookie parameter scanning module of cookie parameter URL, for each obtained after classification
There is cookie parameter URL, if the cookie in URL is not submitted in detection, submits whether request can pass through;And pass through modification
It is used for the parameter of user identity identification in cookie, submits whether request can pass through;
And/or using the corresponding form parameters scan module of related key table one-parameter URL, for each obtained after classification
Related key table one-parameter URL, if the value of crucial form parameters is modified in detection, if the corresponding request of URL can be normally carried out;
Summarize testing result, generate and exports examining report.
5. a kind of device of the horizontal permission automatic identification of WEB, which is characterized in that described device includes:
URL acquisition unit extracts and summarizes the uniform resource position mark URL in the WEB log for collecting WEB log, obtain
To the library URL to be detected;
Each URL is classified by the parameter in analysis URL, is obtained for being directed to the library URL to be detected by URL Dispatching Unit
The sorted library URL;
Scanner unit, for passing through the side of parameter in change URL using the corresponding scanner of URL each in the sorted library URL
Formula carries out the detection of horizontal permission;
One or more of described URL Dispatching Unit, including following module: signature recognition module, cookie parameter identify mould
Block and form parameters identification module, the URL Dispatching Unit are used to hold respectively for each of the library URL to be detected URL
The following processing of row, in which:
The signature recognition module, for judging whether the parameter in current URL includes parameter using signature algorithm, if
It is that then current URL, which belongs to, signature parameter URL, otherwise, belongs to no name parameter URL;
The cookie parameter identification module, for judging whether the parameter in current URL includes cookie parameter, if so,
Then current URL, which belongs to, cookie parameter URL, otherwise, belongs to no cookie parameter URL;
The form parameters identification module, for judging whether the parameter in current URL includes crucial form parameters, if so,
Then current URL belongs to related key table one-parameter URL, otherwise, belongs to unrelated key table one-parameter URL;
The URL Dispatching Unit is also used to summarize the classification information of each of the library URL to be detected URL, after obtaining classification
The library URL.
6. the device of the horizontal permission automatic identification of WEB as claimed in claim 5, which is characterized in that the WEB log includes such as
One or more of lower log:
Proxy server log, WEB server log, bypass mirror image log.
7. the device of the horizontal permission automatic identification of the WEB as described in claim 5 or 6, which is characterized in that
The URL acquisition unit carries out similarization identification and removes after extracting and summarizing the URL in the WEB log
It handles again, to obtain the library URL to be detected.
8. the device of the horizontal permission automatic identification of WEB as claimed in claim 5, which is characterized in that the scanner unit packet
Include report generation module, further include one or more of following module: signature scan module, cookie parameter scanning module,
Form parameters scan module, in which:
The signature scan module has the corresponding signature scan module of signature parameter URL for utilizing, for what is obtained after classification
Each has signature parameter URL, if detection does not submit whether the signature in URL can be normally carried out the corresponding request of URL, with
And whether the signature in detection URL can be cracked;
The cookie parameter scanning module has the corresponding cookie parameter scanning module of cookie parameter URL, needle for utilizing
There is cookie parameter URL to each obtained after classification, if the cookie in URL is not submitted in detection, whether submits request
It can pass through;And the parameter by being used for user identity identification in modification cookie, submit whether request can pass through;
The form parameters scan module, for utilizing the corresponding form parameters scan module of related key table one-parameter URL, for
Each obtained after classification is in relation to key table one-parameter URL, if the value of crucial form parameters is modified in detection, if can be normal
Carry out the corresponding request of URL;
The report generation module, for summarizing testing result, generating and exporting examining report.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610350375.XA CN106027528B (en) | 2016-05-24 | 2016-05-24 | A kind of method and device of the horizontal permission automatic identification of WEB |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610350375.XA CN106027528B (en) | 2016-05-24 | 2016-05-24 | A kind of method and device of the horizontal permission automatic identification of WEB |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106027528A CN106027528A (en) | 2016-10-12 |
CN106027528B true CN106027528B (en) | 2019-07-12 |
Family
ID=57093791
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610350375.XA Active CN106027528B (en) | 2016-05-24 | 2016-05-24 | A kind of method and device of the horizontal permission automatic identification of WEB |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106027528B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108287831B (en) * | 2017-01-09 | 2022-08-05 | 阿里巴巴集团控股有限公司 | URL classification method and system and data processing method and system |
CN107609020B (en) * | 2017-08-07 | 2020-06-05 | 北京京东尚科信息技术有限公司 | Log classification method and device based on labels |
CN108667689A (en) * | 2018-05-16 | 2018-10-16 | 上海携程国际旅行社有限公司 | Network layer Cookie monitor and detections method, apparatus, electronic equipment, storage medium |
CN110909355A (en) * | 2018-09-17 | 2020-03-24 | 北京京东金融科技控股有限公司 | Unauthorized vulnerability detection method, system, electronic device and medium |
CN113949578B (en) * | 2021-10-20 | 2023-11-24 | 广州名控网络科技有限公司 | Automatic detection method and device for unauthorized loopholes based on flow and computer equipment |
CN114138661B (en) * | 2021-12-08 | 2022-08-05 | 国家工业信息安全发展研究中心 | Dynamic security detection method and system for test target |
CN116471131B (en) * | 2023-06-20 | 2023-09-08 | 北京门石信息技术有限公司 | Processing method and processing device for logical link information asset |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1558605A (en) * | 2004-01-19 | 2004-12-29 | 上海交通大学 | Method for realizing loophole scanning |
CN103501304A (en) * | 2013-10-12 | 2014-01-08 | 深信服网络科技(深圳)有限公司 | Method and device for controlling unauthorized access of web system |
CN104144142A (en) * | 2013-05-07 | 2014-11-12 | 阿里巴巴集团控股有限公司 | Web vulnerability discovery method and system |
CN104301302A (en) * | 2014-09-12 | 2015-01-21 | 深信服网络科技(深圳)有限公司 | Unauthorized attack detection method and device |
CN104519070A (en) * | 2014-12-31 | 2015-04-15 | 北京奇虎科技有限公司 | Method and system for detecting website permission vulnerabilities |
CN105357195A (en) * | 2015-10-30 | 2016-02-24 | 深圳市深信服电子科技有限公司 | Unauthorized web access vulnerability detecting method and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060026680A1 (en) * | 2004-07-29 | 2006-02-02 | Zakas Phillip H | System and method of characterizing and managing electronic traffic |
-
2016
- 2016-05-24 CN CN201610350375.XA patent/CN106027528B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1558605A (en) * | 2004-01-19 | 2004-12-29 | 上海交通大学 | Method for realizing loophole scanning |
CN104144142A (en) * | 2013-05-07 | 2014-11-12 | 阿里巴巴集团控股有限公司 | Web vulnerability discovery method and system |
CN103501304A (en) * | 2013-10-12 | 2014-01-08 | 深信服网络科技(深圳)有限公司 | Method and device for controlling unauthorized access of web system |
CN104301302A (en) * | 2014-09-12 | 2015-01-21 | 深信服网络科技(深圳)有限公司 | Unauthorized attack detection method and device |
CN104519070A (en) * | 2014-12-31 | 2015-04-15 | 北京奇虎科技有限公司 | Method and system for detecting website permission vulnerabilities |
CN105357195A (en) * | 2015-10-30 | 2016-02-24 | 深圳市深信服电子科技有限公司 | Unauthorized web access vulnerability detecting method and device |
Also Published As
Publication number | Publication date |
---|---|
CN106027528A (en) | 2016-10-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106027528B (en) | A kind of method and device of the horizontal permission automatic identification of WEB | |
CN109325351B (en) | Security hole automatic verification system based on public testing platform | |
CN101808093B (en) | System and method for automatically detecting WEB security | |
CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
CN103942497B (en) | Forensics type website vulnerability scanning method and system | |
CN101751535B (en) | Data loss protection through application data access classification | |
CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
CN108920954B (en) | Automatic malicious code detection platform and method | |
CN103428196A (en) | URL white list-based WEB application intrusion detecting method and apparatus | |
WO2010012170A1 (en) | Database security monitoring method, device and system | |
CN102663052B (en) | Method and device for providing search results of search engine | |
CN108334758A (en) | A kind of detection method, device and the equipment of user's ultra vires act | |
Li et al. | Sentinel: securing database from logic flaws in web applications | |
CN107688743A (en) | The determination method and system of a kind of rogue program | |
WO2021169730A1 (en) | Method and device for data processing, and storage medium | |
CN110457626A (en) | A kind of abnormal access request screening technique and device | |
CN110262965A (en) | A kind of test method and equipment of application program | |
CN113132311A (en) | Abnormal access detection method, device and equipment | |
CN112104613B (en) | Honey net testing system based on data flow packet analysis and testing method thereof | |
CN108959065A (en) | The verification method and system of software interface test parameter | |
CN109391624A (en) | A kind of terminal access data exception detection method and device based on machine learning | |
CN109829304A (en) | A kind of method for detecting virus and device | |
Li et al. | Automated black-box detection of access control vulnerabilities in web applications | |
CN105429996A (en) | Method for intelligently finding and locating address translation equipment | |
CN103368970B (en) | A kind of automation safety detection method for network objectives |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |