CN106060090A - Website script attack prevention method and device - Google Patents
Website script attack prevention method and device Download PDFInfo
- Publication number
- CN106060090A CN106060090A CN201610617181.1A CN201610617181A CN106060090A CN 106060090 A CN106060090 A CN 106060090A CN 201610617181 A CN201610617181 A CN 201610617181A CN 106060090 A CN106060090 A CN 106060090A
- Authority
- CN
- China
- Prior art keywords
- website
- data
- script
- attack
- verified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a website script attack prevention method and device. The website script attack prevention method comprises the steps of intercepting each request data packet received by a website, wherein each request data packet comprises data contained in network requests which are received by a website and are transmitted based on a hyper text transfer protocol; unpacking each request data packet, thereby obtaining to-be-checked format data; carrying out matching checking on the to-be-checked format data according to a preset security rule, and outputting security data; and encapsulating the security data, thereby obtaining security data packets, and transmitting the security data packets to a core component of the website, wherein the core component comprises a management component and a payment component of the website. According to the method and the device, script attacks of an electronic commerce website can be efficiently and effectively prevented.
Description
Technical field
The present invention relates to computer techno-stress technical field, particularly relate to a kind of website script attack prevention method and dress
Put.
Background technology
At present the turnovers of e-commerce in global range sharp rises, the behind of this phenomenon also along with various for
Ecommerce and the attack of payment system thereof, wherein come from the attack pattern of WEB (the Internet) to user taking precautions against or
The biggest inconvenience is all brought in reparation.
During reality is taken precautions against for above-mentioned attack, inventor finds at least to exist in conventional art to ask as follows
Topic:
Traditional attack-defending measure imperfection, the designer of attack often can be by taking some targetedly
Strategy evades existing attack-defending measure, and attacking is general weakness based on general WEB application mostly, such as: SQL (structure
Change query language: Structured Query Language) inject or cause performing arbitrary script at client browser
Cross-site script vulnerability etc., in a word, website script cannot be attacked and carry out efficient and effectively take precautions against by conventional art.
Summary of the invention
Based on this, it is necessary to for traditional problem that attack-defending measure efficiency is low, cannot effectively take precautions against, it is provided that a kind of net
Stand script attack prevention method and device.
To achieve these goals, the embodiment of technical solution of the present invention is:
On the one hand, it is provided that a kind of website script attack prevention method, comprise the following steps:
Intercept each request data package that website receives;Request data package be website receive based on Hyper text transfer assist
The data that the network request of view transmission comprises;
Request data package is unpacked, obtains formatted data to be verified;
According to preset security rule, formatted data to be verified is carried out coupling verification, output safety data;
Secure data is carried out dress bag, obtains secure data bag, and secure data bag is transferred to the core component of website;
Core component includes the management assembly of website and pays assembly.
On the other hand, it is provided that a kind of website script attack-defending device, including:
Interception unit, for intercepting each request data package that website receives;Request data package is the base that website receives
In the data that the network request of http transport comprises;
Unpack unit, for request data package is unpacked, obtain formatted data to be verified;
Coupling verification unit, for according to preset security rule, carries out coupling verification, output peace to formatted data to be verified
Total evidence;
Dress packet transmission unit, for secure data carries out dress bag, obtains secure data bag, and is transmitted by secure data bag
To the core component of website;Core component includes the management assembly of website and pays assembly.
Technique scheme has the advantages that
Website of the present invention script attack prevention method and device, be applied to j2ee (Java 2Platform, Enterprise
Edition:java2 platform enterprise level application software), use HTTP (HTML (Hypertext Markup Language) HyperText user
Transfer Protocol) protocol access website, use blocker to using HTTP association before eventually arriving at concrete application resource
The content of view transmission carries out safety regulation filtration, it is ensured that the protocol contents being transferred to each core component is safe condition;The present invention
The script that can the most effectively take precautions against e-commerce website is attacked.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of website of the present invention script attack prevention method embodiment 1;
Fig. 2 is the configuration diagram of website of the present invention script attack prevention method embodiment 2;
Fig. 3 is the structural representation of website of the present invention script attack-defending device embodiment 1.
Detailed description of the invention
For the ease of understanding the present invention, below with reference to relevant drawings, the present invention is described more fully.In accompanying drawing
Give the first-selected embodiment of the present invention.But, the present invention can realize in many different forms, however it is not limited to institute herein
The embodiment described.On the contrary, providing the purpose of these embodiments is to make to the disclosure more thoroughly comprehensively.
Unless otherwise defined, all of technology used herein and scientific terminology and the technical field belonging to the present invention
The implication that technical staff is generally understood that is identical.The term used the most in the description of the invention is intended merely to describe tool
The purpose of the embodiment of body, it is not intended that in limiting the present invention.Term as used herein " and/or " include one or more phase
Arbitrary and all of combination of the Listed Items closed.
Website of the present invention script attack prevention method embodiment 1:
In order to solve traditional problem that attack-defending measure efficiency is low, cannot effectively take precautions against, the invention provides a kind of net
Standing script attack prevention method embodiment 1, Fig. 1 is the schematic flow sheet of website of the present invention script attack prevention method embodiment 1;
As it is shown in figure 1, may comprise steps of:
Step S110: intercept each request data package that website receives;Request data package be website receive based on super
The data that the network request of text transfer protocol transmission comprises;
Step S120: unpack request data package, obtains formatted data to be verified;
Step S130: according to preset security rule, carries out coupling verification, output safety data to formatted data to be verified;
Step S140: secure data is carried out dress bag, obtains secure data bag, and secure data bag is transferred to website
Core component;Core component includes the management assembly of website and pays assembly.
Specifically, the present invention relates to a kind of website visiting blocker, by blocker verification and filtering noxious script with
Reach the purpose of guarding website application.The purpose that HTTP request data is unpacked by blocker is in order to packet is split into
The data form (formatted data the most to be verified) of the manageable routine of checker, such as, packet is originally that the form of stream carries
Sending to e-commerce website, this data stream is just split into the data form of character string by blocker.And to the safe number after filtering
According to carrying out the purpose of dress bag, it is in order to data recovery is become original data form.Core component specifically can include electronics business
The business member management assembly of website, merchandise control assembly, order management assembly, payment assembly, marketing management assembly and form
Management assembly etc..
In a specific embodiment, step S130 carries out to formatted data to be verified coupling verification, output safety
The step of data may include that
By regular expression, formatted data regular and to be verified to preset security is mated, and obtains attack script;In advance
If safety regulation can include dangerous character and dangerous character string;
Filtering attack script, the formatted data to be verified after filtering exports as secure data.
In a specific embodiment, the above-mentioned step filtering attack script may include that
The character of attack script is carried out escape.
Specifically, the checker of blocker, it is possible to use the mode of regular expression, safety regulation and the number unpacked
According to carrying out coupling effect, as found attack script, then filter, i.e. the character of attack script is carried out escape.
In a specific embodiment, step can also be included before step S140:
According to request data package, generate audit log;Audit log can include that request accesses the reference address number of website
According to, access mode data and access content-data.
Specifically, after verification completes, audit log can be generated and recorded in storage, consult for management personnel.
Audit log have recorded and includes accessing IP (agreement interconnected between network: Internet Protocol), access mode, access
Contents etc., management personnel can carry out attack-defending analysis and upgrading of modifying safety regulation according to audit log.
In a specific embodiment, step can also be included before step S120:
According to the feature of website attack script, generate preset security rule;
According to the content of audit log, renewal that preset security rule is modified.
Specifically, attack script has and regular traffic required parameter You Hen great district another characteristic, therefore can root
According to the feature of attack script, write safety regulation in advance.Safety regulation can include some dangerous characters or dangerous character string, as
Under:
[1] | (vertical bar symbol)
[2] & (& symbol)
[3];(branch)
[4] $ (dollar mark ())
[5] % (percent symbol)
[6]@(at symbol)
[7] ' (single quotation marks)
[8] " (quotation marks)
[9] ' (back slash escape single quotation marks)
[10] " (back slash escape quotation marks)
[11]<>(angle brackets)
[12] () (bracket)
[13]+(plus sige)
[14] CR (carriage return character, ASCII 0x0d)
[15] LF (line feed, ASCII 0x0a)
[16], (comma)
[17] (back slash)
One example of safety regulation (can use space to separate) as follows between symbol:
|&;$ %@' " ' "<>()+CR LF,
In concrete operations, the safety regulation coupling whether a certain attack script can have been arranged can be carried out examination & verification inspection
Survey, if be detected that be not matched, be required for this attack script and improve old safety regulation or write new safety rule
Then.Therefore, it can safety regulation be saved in configurable file, in order to profit management personnel are to safety regulation amendment upgrading.
Management personnel can enter e-commerce website backstage web interface, then clicks on " menu of safety regulation management ", opens web
Editing machine, web editing machine reads safety regulation file and shows on editing machine, and entrance can edit pattern.Management personnel edit
After good safety regulation, click on save button.Editing machine can update safety regulation file data.
Website of the present invention script attack prevention method embodiment 1, provides a kind of height in j2ee applies based on http protocol
Effect is effective takes precautions against the method that script is attacked.When user uses http protocol to access website, eventually arrive at concrete application resource
Use blocker that the content using http protocol transmission is carried out safety regulation filtration, it is ensured that to be transferred to each core component before
Protocol contents is safe condition;Simultaneously for ensureing that safety regulation can persistently obtain upgrading and meet daily security audit, meeting
Interception log recording to storage will provide data analysis convenient for portal management personnel.
Website of the present invention script attack prevention method embodiment 2:
In order to solve traditional problem that attack-defending measure efficiency is low, cannot effectively take precautions against, present invention also offers one
Website script attack prevention method embodiment 2, Fig. 2 is the framework signal of website of the present invention script attack prevention method embodiment 2
Figure;As in figure 2 it is shown, browser, IOS APP, Android APP and external subsystems, all HTTP request the most all can be blocked
Cutting device to intercept, blocker can be handled as follows:
(1) HTTP request data intercepted is unpacked by blocker.
(2) checker of blocker, it is possible to use the mode of regular expression, carries out safety regulation and the data unpacked
Coupling effect, as found attack script, then filters.
(3) attack script suffers from and regular traffic required parameter You Hen great district another characteristic, therefore can be according to attacking
Hit the feature of script, pre-set safety regulation.And safety regulation can be stored in configurable file, in order to peace
Full rules modification upgrading.
(4) generate audit log after having verified and recorded in storage, for consulting.
(5) after generating audit log, the secure data after filtering being carried out fills bag and is then transferred to each core component.
(6) audit log have recorded and includes accessing IP, access mode, access content etc., can carry out according to audit log
Analyze and upgrading that safety regulation is modified.
Wherein, external subsystems specifically can refer to: the son application docked with e-commerce website generation data.Browser,
IOS app, Android APP, external subsystems, be all visitor, and they send asking of data acquisition to e-commerce website
Ask or submit to the request of data.Core component is the core of e-commerce website.
Website of the present invention script attack-defending device embodiment 1:
Technical scheme based on above website script attack prevention method, simultaneously in order to solve tradition attack-defending measure effect
The problem that rate is low, cannot effectively take precautions against, present invention also offers a kind of website script attack-defending device embodiment 1;Fig. 3 is this
The structural representation of invention website script attack-defending device embodiment 1, as it is shown on figure 3, may include that
Interception unit 310, for intercepting each request data package that website receives;Request data package is that website receives
The data that network request based on http transport comprises;
Unpack unit 320, for request data package is unpacked, obtain formatted data to be verified;
Coupling verification unit 330, for according to preset security rule, carries out coupling verification to formatted data to be verified, defeated
Go out secure data;
Dress packet transmission unit 340, for secure data carries out dress bag, obtains secure data bag, and by secure data bag
It is transferred to the core component of website;Core component includes the management assembly of website and pays assembly.
In a specific embodiment, coupling verification unit 330 may include that
Matching module 332, for by regular expression, formatted data regular and to be verified to preset security is carried out
Join, obtain attack script;Preset security rule can include dangerous character and dangerous character string;
Filtering module 334, for filtering attack script, the formatted data to be verified after filtering is as safety number
According to exporting.
In a specific embodiment, filtering module 334 is for carrying out escape to the character of attack script.
In a specific embodiment, website script attack-defending device can also include:
Auditable unit 360, for according to request data package, generates audit log;Audit log can include that request accesses
The reference address data of website, access mode data and access content-data.
In a specific embodiment, website script attack-defending device can also include:
Preset updating block 350, for the feature according to website attack script, generate preset security rule;And according to examining
The content of meter daily record, renewal that preset security rule is modified.
Website of the present invention script attack-defending device embodiment 1, provides a kind of height in j2ee applies based on http protocol
Effect is effective takes precautions against the method that script is attacked.When user uses http protocol to access website, eventually arrive at concrete application resource
Use blocker that the content using http protocol transmission is carried out safety regulation filtration, it is ensured that to be transferred to each core component before
Protocol contents is safe condition;Simultaneously for ensureing that safety regulation can persistently obtain upgrading and meet daily security audit, meeting
Interception log recording to storage will provide data analysis convenient for portal management personnel.
Each technical characteristic of embodiment described above can combine arbitrarily, for making description succinct, not to above-mentioned reality
The all possible combination of each technical characteristic executed in example is all described, but, as long as the combination of these technical characteristics is not deposited
In contradiction, all it is considered to be the scope that this specification is recorded.
Embodiment described above only have expressed the several embodiments of the present invention, and it describes more concrete and detailed, but also
Can not therefore be construed as limiting the scope of the patent.It should be pointed out that, come for those of ordinary skill in the art
Saying, without departing from the inventive concept of the premise, it is also possible to make some deformation and improvement, these broadly fall into the protection of the present invention
Scope.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.
Claims (10)
1. a website script attack prevention method, it is characterised in that comprise the following steps:
Intercept each request data package that website receives;Described request data package be described website receive based on hypertext pass
The data that the network request of transmission protocol transmission comprises;
Described request data package is unpacked, obtains formatted data to be verified;
According to preset security rule, described formatted data to be verified is carried out coupling verification, output safety data;
Described secure data is carried out dress bag, obtains secure data bag, and described secure data bag is transferred to described website
Core component;Described core component includes the management assembly of described website and pays assembly.
Website the most according to claim 1 script attack prevention method, it is characterised in that according to preset security rule, right
Described formatted data to be verified carries out coupling verification, and the step of output safety data includes:
By regular expression, to be verified formatted data regular and described to described preset security is mated, and obtains and attacks foot
This;Described preset security rule includes dangerous character and dangerous character string;
Filtering described attack script, the formatted data described to be verified after filtering carries out defeated as described secure data
Go out.
Website the most according to claim 2 script attack prevention method, it is characterised in that described attack script was carried out
The step of filter includes:
The character of described attack script is carried out escape.
4. according to the website script attack prevention method described in claims 1 to 3 any one, it is characterised in that to described peace
Total according to carrying out dress bag, obtain secure data bag, and described secure data bag is transferred to the step of the core component of described website
Further comprise the steps of: before rapid
According to described request data package and described secure data bag, generate audit log;Described audit log includes that request accesses
The reference address data of described website, access mode data and access content-data.
Website the most according to claim 4 script attack prevention method, it is characterised in that to the request data package intercepted
Unpack, further comprise the steps of: before obtaining the step of formatted data to be verified
According to the feature of website attack script, generate described preset security rule;
According to the content of described audit log, renewal that described preset security rule is modified.
6. a website script attack-defending device, it is characterised in that including:
Interception unit, for intercepting each request data package that website receives;Described request data package is that described website receives
The data that comprise of network request based on http transport;
Unpack unit, for described request data package is unpacked, obtain formatted data to be verified;
Coupling verification unit, for according to preset security rule, carries out coupling verification, output peace to described formatted data to be verified
Total evidence;
Dress packet transmission unit, for described secure data carries out dress bag, obtains secure data bag, and by described secure data bag
It is transferred to the core component of described website;Described core component includes the management assembly of described website and pays assembly.
Website the most according to claim 6 script attack-defending device, it is characterised in that described coupling verification unit bag
Include:
Matching module, for by regular expression, to be verified formatted data regular and described to described preset security is carried out
Join, obtain attack script;Described preset security rule includes dangerous character and dangerous character string;
Filtering module, for filtering described attack script, the formatted data described to be verified after filtering is as described
Secure data exports.
Website the most according to claim 7 script attack-defending device, it is characterised in that described filtering module is for institute
The character stating attack script carries out escape.
9. according to the website script attack-defending device described in claim 6 to 8 any one, it is characterised in that also include:
Auditable unit, for according to described request data package, generates audit log;It is described that described audit log includes that request accesses
The reference address data of website, access mode data and access content-data.
Website the most according to claim 9 script attack-defending device, it is characterised in that also include:
Preset updating block, for the feature according to website attack script, generate described preset security rule;And examine according to described
The content of meter daily record, renewal that described preset security rule is modified.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610617181.1A CN106060090A (en) | 2016-07-29 | 2016-07-29 | Website script attack prevention method and device |
| PCT/CN2016/097198 WO2018018699A1 (en) | 2016-07-29 | 2016-08-29 | Website scripting attack prevention method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610617181.1A CN106060090A (en) | 2016-07-29 | 2016-07-29 | Website script attack prevention method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106060090A true CN106060090A (en) | 2016-10-26 |
Family
ID=57196781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610617181.1A Pending CN106060090A (en) | 2016-07-29 | 2016-07-29 | Website script attack prevention method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106060090A (en) |
| WO (1) | WO2018018699A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506548A (en) * | 2016-12-23 | 2017-03-15 | 努比亚技术有限公司 | The defence installation of cross-site scripting attack and method |
| CN107437025A (en) * | 2017-08-07 | 2017-12-05 | 郑州云海信息技术有限公司 | A kind of Data Audit method and device |
| CN108108471A (en) * | 2018-01-02 | 2018-06-01 | 武汉斗鱼网络科技有限公司 | Data filtering method, device, server and readable storage medium storing program for executing |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769833B (en) * | 2021-01-12 | 2023-01-24 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
| CN112887274B (en) * | 2021-01-12 | 2023-04-14 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040073811A1 (en) * | 2002-10-15 | 2004-04-15 | Aleksey Sanin | Web service security filter |
| US20070136809A1 (en) * | 2005-12-08 | 2007-06-14 | Kim Hwan K | Apparatus and method for blocking attack against Web application |
| CN104079528A (en) * | 2013-03-26 | 2014-10-01 | 北大方正集团有限公司 | Method and system of safety protection of Web application |
| CN104519008A (en) * | 2013-09-26 | 2015-04-15 | 北大方正集团有限公司 | Cross-site scripting attack defense method and device and application server |
| CN104601540A (en) * | 2014-12-05 | 2015-05-06 | 华为技术有限公司 | Cross-site scripting (XSS) attack defense method and Web server |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291394B (en) * | 2011-07-22 | 2014-06-11 | 网宿科技股份有限公司 | Security defense system based on network accelerating equipment |
| CN104348789B (en) * | 2013-07-30 | 2018-04-27 | 中国银联股份有限公司 | For preventing the Web server and method of cross-site scripting attack |
-
2016
- 2016-07-29 CN CN201610617181.1A patent/CN106060090A/en active Pending
- 2016-08-29 WO PCT/CN2016/097198 patent/WO2018018699A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040073811A1 (en) * | 2002-10-15 | 2004-04-15 | Aleksey Sanin | Web service security filter |
| US20070136809A1 (en) * | 2005-12-08 | 2007-06-14 | Kim Hwan K | Apparatus and method for blocking attack against Web application |
| CN104079528A (en) * | 2013-03-26 | 2014-10-01 | 北大方正集团有限公司 | Method and system of safety protection of Web application |
| CN104519008A (en) * | 2013-09-26 | 2015-04-15 | 北大方正集团有限公司 | Cross-site scripting attack defense method and device and application server |
| CN104601540A (en) * | 2014-12-05 | 2015-05-06 | 华为技术有限公司 | Cross-site scripting (XSS) attack defense method and Web server |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506548A (en) * | 2016-12-23 | 2017-03-15 | 努比亚技术有限公司 | The defence installation of cross-site scripting attack and method |
| CN107437025A (en) * | 2017-08-07 | 2017-12-05 | 郑州云海信息技术有限公司 | A kind of Data Audit method and device |
| CN108108471A (en) * | 2018-01-02 | 2018-06-01 | 武汉斗鱼网络科技有限公司 | Data filtering method, device, server and readable storage medium storing program for executing |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018018699A1 (en) | 2018-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106060090A (en) | Website script attack prevention method and device | |
| CN101388768B (en) | Method and device for detecting malicious HTTP request | |
| US10110637B2 (en) | Directing audited data traffic to specific repositories | |
| US11886619B2 (en) | Apparatus and method for securing web application server source code | |
| US9740869B1 (en) | Enforcement of document element immutability | |
| CN102891897B (en) | Webpage sharing method and server and client | |
| CN103888490B (en) | A kind of man-machine knowledge method for distinguishing of full automatic WEB client side | |
| EP2521049B1 (en) | Methods and systems for validating input data | |
| KR100732689B1 (en) | Web Security Method and apparatus therefor | |
| CN111177779B (en) | Database auditing method, device, electronic equipment and computer storage medium | |
| CN101610264A (en) | The management method of a kind of firewall system, safety service platform and firewall system | |
| CN101834866A (en) | CC (Communication Center) attack protective method and system thereof | |
| Zhang et al. | Notice of retraction: A static analysis tool for detecting web application injection vulnerabilities for asp program | |
| CN103914655A (en) | Downloaded file security detection method and device | |
| CN111191246A (en) | Spring annotation based security development verification method | |
| CN110213375A (en) | A kind of method, apparatus and electronic equipment of the IP access control based on cloud WAF | |
| Sönmez | Security qualitative metrics for open web application security project compliance | |
| Tang et al. | L-WMxD: Lexical based webmail XSS discoverer | |
| CN112395485A (en) | Policy big data mining method and device, computer equipment and storage medium | |
| CN104579931B (en) | The access method and device of a kind of copending document based on mail | |
| CN106911649A (en) | A kind of method and apparatus for detecting network attack | |
| CN103581321B (en) | A kind of creation method of refer chains, device and safety detection method and client | |
| CN106911635A (en) | A kind of method and device of detection website with the presence or absence of backdoor programs | |
| CN116545674A (en) | Email phishing exercise method, system, equipment and medium free of privacy information collection | |
| CN110858836A (en) | Network attack defense method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161026 |
|
| RJ01 | Rejection of invention patent application after publication |