CN106897624A - A kind of leak detection method and its device - Google Patents
A kind of leak detection method and its device Download PDFInfo
- Publication number
- CN106897624A CN106897624A CN201710028752.2A CN201710028752A CN106897624A CN 106897624 A CN106897624 A CN 106897624A CN 201710028752 A CN201710028752 A CN 201710028752A CN 106897624 A CN106897624 A CN 106897624A
- Authority
- CN
- China
- Prior art keywords
- request
- page
- web server
- xss
- characteristic value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of leak detection method and device, wherein, the method includes:Response results of the Web server to treatment request are received, treatment request includes characteristic value, and the response results include page source code;Page source code is parsed to obtain analysis result according to virtual resolver, the analysis result includes the html pages;Characteristic value detection is carried out to the html pages to obtain XSS leaks, the XSS leaks correspond to dynamic page and generate element.The page source code of web server response is parsed invention introduces class browser virtual analytic technique, so as to the HTML structure for being ultimately generated(That is the html pages), the purpose that characteristic value detection just realizes the XSS Hole Detections to dynamic page generation element is further carried out to the page.
Description
Technical field
The present invention relates to Web application technical field of measurement and test, more particularly to a kind of leak detection method and its device.
Background technology
In recent years, with widely using that Web is applied, Web safety problems also become increasingly conspicuous.Wherein, XSS(Cross-
Site scripting, cross-site scripting attack)Leak has turned into one of most common leak in web application, therefore, it is right
The Aulomatizeted Detect of XSS leaks also becomes an important technology.
At present, general to detect instrument using XSS to detect XSS leaks, its detailed process is as follows:(1)XSS detection instruments are caught
Obtain client(Browser)Transmitted http request;(2)XSS detection instrument requests of the construction with characteristic value;(3)XSS is examined
Survey instrument sends to Web server the request with characteristic value, the web server response request;(4)XSS detection instruments exist
Characteristic value is detected in the page source code of request response, if somewhere detecting characteristic value, then it is assumed that be herein an XSS leakage
Hole.
Further, with the development of the technologies of Web 2.0, the page of Web applications not only has the work(of displaying static content
Can, also with the function of being interacted with user.Wherein, these interactive functions are generally embedded in largely by Web page
JavaScript and CSS scripts are realized.Specifically, by performing embedded JavaScript and CSS scripts, can be dynamic
Increase, delete and change various Web page surface elements.However, above-mentioned leak detection method is due to only have detected request response
Source code, the page elements of this partial dynamic generation cannot because JavaScript the and CSS scripts in the page are not carried out
It is detected, i.e., cannot detects that dynamic page generates the XSS leaks of element.
The content of the invention
The technical problems to be solved by the invention are:A kind of leak detection method is provided, to detect that dynamic page is generated
The XSS leaks of element.
In order to solve the above technical problems, the technical solution adopted by the present invention is as follows:
A kind of leak detection method is provided, including:
Response results of the Web server to treatment request are received, treatment request includes characteristic value, and the response results include the page
Source code;
Page source code is parsed to obtain analysis result according to virtual resolver, the analysis result includes the html pages;
Characteristic value detection is carried out to the html pages to obtain XSS leaks, the XSS leaks correspond to dynamic page and generate element;Its
In, dynamic page refers to performing the page after JavaScript scripts and CSS scripts.
Specifically, the XSS leaks include the leak that JavaScript scripts and CSS scripts are generated after performing.
Alternatively, after receiving Web server to the response results for the treatment of request, the method also includes:
Characteristic value detection is carried out to page source code to obtain XSS leaks, the XSS leaks correspond to static page and generate element.
Wherein, static page refers to being not carried out the page of JavaScript scripts and CSS scripts.
It is preferred that before receiving Web server to the response results for the treatment of request, the method also includes:
The user's request transmitted by client is received, and user's request is sent to Web server;
Receive response results of the Web server to user's request;
Construction treatment is asked, and treatment request is sent to Web server.
Specifically, the user's request includes http request.
Correspondingly, present invention also offers a kind of Hole Detection device, including:
Receiver module, for receiving response results of the Web server to treatment request, treatment request includes characteristic value, the sound
Should result include page source code;
Parsing module, for being parsed to page source code to obtain analysis result according to virtual resolver, the analysis result
Including the html pages;And
Detection module, for carrying out characteristic value detection to the html pages to obtain XSS leaks, the XSS leaks correspond to dynamic page
Face generates element.Wherein, dynamic page refers to performing the page after JavaScript scripts and CSS scripts.
Specifically, the XSS leaks include the leak that JavaScript scripts and CSS scripts are generated after performing.
Alternatively, after receiving Web server to the response results for the treatment of request, the detection module is additionally operable to:
Characteristic value detection is carried out to page source code to obtain XSS leaks, the XSS leaks correspond to static page and generate element.
Wherein, static page refers to being not carried out the page of JavaScript scripts and CSS scripts.
It is preferred that before receiving Web server to the response results for the treatment of request, the receiver module is additionally operable to:
The user's request transmitted by client is received, and user's request is sent to Web server;
Receive response results of the Web server to user's request;
The Hole Detection device also includes constructing module, is asked for Construction treatment and sends to Web server treatment request.
Specifically, the user's request includes http request.
Compared with prior art, the leak detection method and its device in the present invention, first receives Web server to including spy
The response results of the treatment request of value indicative, the response results include page source code, further according to virtual resolver to page source generation
Code is parsed to obtain including the analysis result of the html pages, and characteristic value detection is finally carried out to the html pages to obtain XSS
Leak, the XSS leaks correspond to dynamic page and generate element.That is, invention introduces the virtual analytic technique of class browser to Web
The page source code of server response is parsed, so as to the HTML structure for being ultimately generated(That is the html pages), enter one
Step ground carries out the purpose that characteristic value detection just realizes the XSS Hole Detections to dynamic page generation element to the page.
By following description and with reference to accompanying drawing, the present invention will become more fully apparent, and these accompanying drawings are used to explain the present invention
Embodiment.
Brief description of the drawings
Fig. 1 is the flow chart of leak detection method first embodiment of the present invention.
Fig. 2 is the flow chart of leak detection method second embodiment of the present invention.
Fig. 3 is jsp code sample surface charts.
Fig. 4 is the surface chart that Web request responds source code.
Fig. 5 is that Web request responds source code through the surface chart after virtual parsing.
Fig. 6 is the structure chart of invention Hole Detection device first embodiment.
Fig. 7 is the structure chart of invention Hole Detection device first embodiment.
Specific embodiment
With reference now to Description of Drawings embodiments of the invention, the element numbers being similar in accompanying drawing represent similar element.
Fig. 1 is refer to, is the leak detection method flow chart of first embodiment of the invention.As illustrated, the method can be with
Comprise the following steps:
S101, receives response results of the Web server to treatment request.
Specifically, XSS detections instrument(Hole Detection device i.e. described below)First to Web server transmission processe
Request, wherein, treatment request is to detect instrument the is constructed, request with characteristic value by XSS.Web server is received should
Treatment request, and respond thereto with the result that meets with a response, the response results are further back to XSS detection instruments.
Wherein, the response results include page source code.
It should be noted that characteristic value is typically all some character strings comprising spcial character, for destroying current output
Context html or the JavaScript structure of point, so as to the purpose of the injection that hits pay dirk.The following is showing for two characteristic values
Example:
<div name='xss10001001' id="101482402907">I am tester</div>
<script name='xss10001001' id="101483090516">alert(1)</script>
S102, is parsed to obtain analysis result according to virtual resolver to page source code, and the analysis result includes html
The page.
Specifically, XSS detections instrument utilizes virtual analytic technique, and page source code is parsed, it is hereby achieved that
The HTML structure for ultimately generating(That is the html pages).
S103, characteristic value detection is carried out to the html pages to obtain XSS leaks, and the XSS leaks are looked unfamiliar corresponding to dynamic page
Into element.Wherein, dynamic page refers to performing the page after JavaScript scripts and CSS scripts.
Specifically, XSS detections instrument carries out characteristic value detection to the html pages obtained by parsing, if by parsing
Request response(That is the html pages)In detect characteristic value, then the position where may determine that detected characteristic value is i.e.
It is an XSS leak.And, XSS leaks herein correspond to dynamic page generation element, and the XSS leaks are generally referred to
The leak that JavaScript scripts and CSS scripts are generated after performing.
From the above, it can be seen that in the embodiment of the present invention, first receiving Web server please to the treatment including characteristic value
The response results asked, the response results include page source code, further according to virtual resolver page source code is parsed with
Obtain including the analysis result of the html pages, characteristic value detection is finally carried out to the html pages to obtain XSS leaks, XSS leakages
Hole corresponds to dynamic page and generates element.That is, the embodiment of the present invention introduces the virtual analytic technique of class browser to Web server
The page source code of response is parsed, so as to the HTML structure for being ultimately generated(That is the html pages), it is further right
The page carries out the purpose that characteristic value detection just realizes the XSS Hole Detections to dynamic page generation element.
Fig. 2 is refer to, is the leak detection method flow chart of second embodiment of the invention.As illustrated, the method can be with
Comprise the following steps:
S201, receives the user's request transmitted by client, and user's request is sent to Web server.
Specifically, client(Browser)First by XSS detection instrument be set to agency, for follow-up agent client to
Web server sends request.Afterwards, client sends user's request to XSS detection instruments(Http request), XSS detection instruments
Receive the http request, preserve the information of the request.Further, XSS detections instrument sends to Web service http request
Device.
S202, receives response results of the Web server to user's request.
Specifically, Web server receives http request, and it is responded, and response results are back into XSS detection works
Tool.XSS detection instruments receive the response results from Web server to http request, and return it to client.
S203, Construction treatment request, and treatment request is sent to Web server.
Specifically, XSS detection instruments are asked according to http request treatment of the construction with characteristic value, and are sent it to
Web server.It should be noted that for example certain http request includes 10 parameters, for the purpose of the injection that hits pay dirk, often
Individual parameter may be required for injecting 10 kinds of different characteristic values, then XSS detections instrument can 10*10=100 treatment of construction please altogether
Ask.
S204, receives response results of the Web server to treatment request.
Specifically, Web server receives the treatment request transmitted by XSS detection instruments, and responds thereto to obtain
The response results are further back to XSS detection instruments by response results.Wherein, the response results include page source code.
It should be noted that characteristic value is typically all some character strings comprising spcial character, for destroying current output
Context html or the JavaScript structure of point, so as to the purpose of the injection that hits pay dirk.The following is showing for two characteristic values
Example:
<div name='xss10001001' id="101482402907">I am tester</div>
<script name='xss10001001' id="101483090516">alert(1)</script>
S205, characteristic value detection is carried out to page source code to obtain XSS leaks, and the XSS leaks are generated corresponding to static page
Element.Wherein, static page refers to being not carried out the page of JavaScript scripts and CSS scripts.
Specifically, XSS detections instrument carries out characteristic value detection to page source code, if detecting characteristic value, can
One XSS leak is with the position where the characteristic value detected by judgement.And, XSS leaks herein correspond to static page
Face generates element.It should be noted that step S201 to S205 descriptions is existing XSS leak detection methods.Namely
Say, to step S205, be only capable of detecting the XSS leaks corresponding to static page generation element, and dynamic page element institute is right
The XSS leaks answered cannot be detected due to not being performed.Accordingly, it would be desirable to carry out following steps to detect dynamic page
XSS leaks corresponding to element.
S206, is parsed to obtain analysis result according to virtual resolver to page source code, and the analysis result includes
The html pages.
Virtual analytic technique can be run with simulation browser, equivalent to the browser without interface, http request can be rung
The source code answered does the parsing of JavaScript, html and css.Because its operation does not need interface, the speed of service is very fast.
Current industry has had more ripe open source software storehouse, and the automatic test field of Web applications is used in mostly.
Specifically, in the step, XSS detection instruments utilize virtual analytic technique, and the source code to http request response enters
Row parsing, can obtain the HTML structure that Web request response is ultimately generated, can not such that it is able to solve traditional XSS detections instrument
Enough find the problem of the XSS leaks of this element dynamically generated by script.
Further, below with an effect for simply illustrating virtual analytic technique.Fig. 3 is refer to, it is one
The simple jsp code samples of section, the code of the 14th row will be put into the value of http request parameter name<a></a>In, then will
Complete<a>Dynamically it is added in the Div of the page.
If the name values of required parameter are ' peter ', the response source code of existing XSS detection tool analysis will be as
Code in Fig. 4 shown by the 14th row.But after being parsed to page source code according to virtual resolver, in XSS detection instruments
Can obtain interface as shown in Figure 5.It can be seen that the JavaScript code in the page has been performed, in the page the 9th
OK, it is complete<a>The content of label is dynamically inserted into the html pages.
S207, characteristic value detection is carried out to the html pages to obtain XSS leaks, and the XSS leaks are looked unfamiliar corresponding to dynamic page
Into element.Wherein, dynamic page refers to performing the page after JavaScript scripts and CSS scripts.
Here will be an XSS leak because the row of code 9 does not do coding protection to output.If using traditional
XSS leak detection methods, due to that can not be parsed after html structures, it is impossible to find this XSS leak.And it is of the invention
The XSS leak detection methods of embodiment employ virtual analytic technique, as shown in figure 5, having obtained complete ultimately generating
Html structures, thus can smoothly by XSS Hole Detections herein out.
Specifically, XSS detections instrument carries out characteristic value detection to the html pages obtained by parsing, if by parsing
Request response(That is the html pages)In detect characteristic value, then the position where may determine that detected characteristic value is i.e.
It is an XSS leak.And, XSS leaks herein correspond to dynamic page generation element, and the XSS leaks are generally referred to
The leak that JavaScript scripts and CSS scripts are generated after performing.
From the above, it can be seen that in the embodiment of the present invention, first receiving the user's request transmitted by client, and will use
Family request is sent to Web server, then receives response results of the Web server to user's request, and Construction treatment request afterwards is simultaneously
Treatment request is sent to Web server, response results of the Web server to treatment request, the response results bag are then received
Page source code is included, characteristic value detection is carried out to page source code to obtain corresponding to the XSS leaks that static page generates element,
Page source code is parsed according to virtual resolver to obtain including the analysis result of the html pages, finally to html simultaneously
The page carries out characteristic value detection to obtain XSS leaks, and the XSS leaks correspond to dynamic page and generate element.That is, the present invention is implemented
Example introduces class browser virtual analytic technique and the page source code of web server response is parsed, so as to obtain most
Throughout one's life into HTML structure(That is the html pages), characteristic value detection is further carried out to the page and is just realized to dynamic page
Generate the purpose of the XSS Hole Detections of element.Additionally, Hole Detection also has been carried out to page source code in the embodiment of the present invention,
The XSS leaks of element, and then more perfect Hole Detection scheme are generated corresponding to static page so as to detected, is improve
Hole Detection rate.
Fig. 6 is refer to, is the structure chart of the Hole Detection device of first embodiment of the invention.As illustrated, the Hole Detection is filled
Putting to include:
Receiver module 10, for receiving response results of the Web server to treatment request, treatment request includes characteristic value, should
Response results include page source code;
Parsing module 11, for being parsed to page source code to obtain analysis result according to virtual resolver, the parsing knot
Fruit includes the html pages;And
Detection module 12, for carrying out characteristic value detection to the html pages to obtain XSS leaks, the XSS leaks correspond to dynamic
The page generates element.Wherein, dynamic page refers to performing the page after JavaScript scripts and CSS scripts, the XSS leaks
Generally refer to the leak generated after JavaScript scripts and the execution of CSS scripts.
From the above, it can be seen that the Hole Detection device of the present embodiment, first passes through receiver module 10 and receives Web service
The response results that device is asked the treatment including characteristic value, the response results include page source code, then by parsing module 11
Page source code is parsed according to virtual resolver to obtain including the analysis result of the html pages, finally by detection mould
Block 12 carries out characteristic value detection to the html pages to obtain XSS leaks, and the XSS leaks correspond to dynamic page and generate element.That is,
The embodiment of the present invention introduces class browser virtual analytic technique and the page source code of web server response is parsed, from
And the HTML structure for being ultimately generated(That is the html pages), characteristic value detection is further carried out to the page and is just realized
To the purpose of the XSS Hole Detections of dynamic page generation element.
Fig. 7 is refer to, is the structure chart of the Hole Detection device of second embodiment of the invention.As illustrated, the Hole Detection is filled
Putting to include:Receiver module 20, parsing module 21, detection module 22 and constructing module 23.
Wherein, receiver module 20, parsing module 21, detection module 22 except in possessing first embodiment respective modules had
Outside some functions, receiver module 20 is additionally operable to:
The user's request transmitted by client is received, and user's request is sent to Web server, the user's request includes http
Request;
Receive response results of the Web server to user's request.
The detection module 22 is additionally operable to:
Characteristic value detection is carried out to page source code to obtain XSS leaks, the XSS leaks correspond to static page and generate element.
Wherein, static page refers to being not carried out the page of JavaScript scripts and CSS scripts.
The constructing module 23 is used for Construction treatment asks and sends to Web server treatment request.
From the above, it can be seen that in the embodiment of the present invention, first passing through receiver module 20 and receiving transmitted by client
User's request, and user's request is sent to Web server, then response results of the Web server to user's request are received, afterwards
Asked by the Construction treatment of constructing module 23 and transmission to Web server is asked into treatment, then receiver module 20 receives Web clothes
To the response results for the treatment of request, the response results include page source code to business device, by detection module 22 to page source code
Characteristic value detection is carried out to obtain corresponding to the XSS leaks that static page generates element, while by parsing module 21 according to void
Quasi-solution parser is parsed to page source code to obtain including the analysis result of the html pages, finally by detection module 22 pairs
The html pages carry out characteristic value detection to obtain XSS leaks, and the XSS leaks correspond to dynamic page and generate element.That is, the present invention
Embodiment introduces class browser virtual analytic technique and the page source code of web server response is parsed, so as to obtain
The HTML structure that ultimately generates(That is the html pages), characteristic value detection is further carried out to the page and is just realized to dynamic
The purpose of the XSS Hole Detections of page generation element.Additionally, also having carried out leak inspection to page source code in the embodiment of the present invention
Survey, generate the XSS leaks of element, and then more perfect Hole Detection scheme corresponding to static page so as to detected, carry
Hole Detection rate high.
Above in association with most preferred embodiment, invention has been described, but the invention is not limited in implementation disclosed above
Example, and modification, equivalent combinations that various essence of the invention are carried out should be covered.
Claims (10)
1. a kind of leak detection method, it is characterised in that including:
Response results of the Web server to treatment request are received, the treatment request includes characteristic value, and the response results include
Page source code;
The page source code is parsed according to virtual resolver to obtain analysis result, the analysis result includes html
The page;
Characteristic value detection is carried out to the html pages to obtain XSS leaks, the XSS leaks correspond to dynamic page and generate unit
Element.
2. leak detection method as claimed in claim 1, it is characterised in that the XSS leaks include JavaScript scripts
The leak generated after being performed with CSS scripts.
3. leak detection method as claimed in claim 1, it is characterised in that receive response of the Web server to treatment request
After result, methods described also includes:
Characteristic value detection is carried out to the page source code to obtain the XSS leaks, the XSS leaks correspond to static page
Generation element.
4. the leak detection method as described in any one of claims 1 to 3, it is characterised in that receiving Web server please to treatment
Before the response results asked, methods described also includes:
The user's request transmitted by client is received, and the user's request is sent to Web server;
Receive response results of the Web server to the user's request;
The construction treatment request, and the treatment request is sent to the Web server.
5. leak detection method as claimed in claim 4, it is characterised in that the user's request includes http request.
6. a kind of Hole Detection device, it is characterised in that including:
Receiver module, for receiving response results of the Web server to treatment request, the treatment request includes characteristic value, institute
Stating response results includes page source code;
Parsing module, for being parsed to obtain analysis result, the solution to the page source code according to virtual resolver
Analysis result includes the html pages;And
Detection module, for carrying out characteristic value detection to the html pages to obtain XSS leaks, the XSS leaks correspond to
Dynamic page generates element.
7. Hole Detection device as claimed in claim 6, it is characterised in that the XSS leaks include JavaScript scripts
The leak generated after being performed with CSS scripts.
8. Hole Detection device as claimed in claim 6, it is characterised in that receive response of the Web server to treatment request
After result, the detection module is additionally operable to:
Characteristic value detection is carried out to the page source code to obtain the XSS leaks, the XSS leaks correspond to static page
Generation element.
9. the Hole Detection device as described in claim any one of 6-8, it is characterised in that receiving Web server please to treatment
Before the response results asked, the receiver module is additionally operable to:
The user's request transmitted by client is received, and the user's request is sent to Web server;
Receive response results of the Web server to the user's request;
The Hole Detection device also includes:
Constructing module, for constructing the treatment request, and the treatment request is sent to the Web server.
10. Hole Detection device as claimed in claim 9, it is characterised in that the user's request includes http request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710028752.2A CN106897624A (en) | 2017-01-16 | 2017-01-16 | A kind of leak detection method and its device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710028752.2A CN106897624A (en) | 2017-01-16 | 2017-01-16 | A kind of leak detection method and its device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106897624A true CN106897624A (en) | 2017-06-27 |
Family
ID=59198368
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710028752.2A Pending CN106897624A (en) | 2017-01-16 | 2017-01-16 | A kind of leak detection method and its device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106897624A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107832622A (en) * | 2017-12-08 | 2018-03-23 | 平安科技(深圳)有限公司 | Leak detection method, device, computer equipment and storage medium |
CN109684847A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Self-repairing method, device, equipment and the storage medium of script loophole |
CN112364353A (en) * | 2020-11-03 | 2021-02-12 | 深圳开源互联网安全技术有限公司 | Xss vulnerability detection method and device based on nodejs express application |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103095681A (en) * | 2012-12-03 | 2013-05-08 | 微梦创科网络科技(中国)有限公司 | Loophole detection method and device |
CN104539605A (en) * | 2014-12-23 | 2015-04-22 | 北京奇虎科技有限公司 | Website XSS vulnerability detection method and equipment |
CN104657659A (en) * | 2013-11-20 | 2015-05-27 | 腾讯科技(深圳)有限公司 | Storage cross-site attack script vulnerability detection method, device and system |
CN104794396A (en) * | 2014-01-16 | 2015-07-22 | 腾讯科技(深圳)有限公司 | Cross-site script vulnerability detection method and device |
CN105160256A (en) * | 2015-08-10 | 2015-12-16 | 上海斐讯数据通信技术有限公司 | Web page vulnerability detection method and system |
CN105678170A (en) * | 2016-01-05 | 2016-06-15 | 广东工业大学 | Method for dynamically detecting cross site scripting (XSS) bugs |
-
2017
- 2017-01-16 CN CN201710028752.2A patent/CN106897624A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103095681A (en) * | 2012-12-03 | 2013-05-08 | 微梦创科网络科技(中国)有限公司 | Loophole detection method and device |
CN104657659A (en) * | 2013-11-20 | 2015-05-27 | 腾讯科技(深圳)有限公司 | Storage cross-site attack script vulnerability detection method, device and system |
CN104794396A (en) * | 2014-01-16 | 2015-07-22 | 腾讯科技(深圳)有限公司 | Cross-site script vulnerability detection method and device |
CN104539605A (en) * | 2014-12-23 | 2015-04-22 | 北京奇虎科技有限公司 | Website XSS vulnerability detection method and equipment |
CN105160256A (en) * | 2015-08-10 | 2015-12-16 | 上海斐讯数据通信技术有限公司 | Web page vulnerability detection method and system |
CN105678170A (en) * | 2016-01-05 | 2016-06-15 | 广东工业大学 | Method for dynamically detecting cross site scripting (XSS) bugs |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107832622A (en) * | 2017-12-08 | 2018-03-23 | 平安科技(深圳)有限公司 | Leak detection method, device, computer equipment and storage medium |
CN107832622B (en) * | 2017-12-08 | 2019-03-12 | 平安科技(深圳)有限公司 | Leak detection method, device, computer equipment and storage medium |
WO2019109528A1 (en) * | 2017-12-08 | 2019-06-13 | 平安科技(深圳)有限公司 | Vulnerability detection method and apparatus, computer device and storage medium |
CN109684847A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Self-repairing method, device, equipment and the storage medium of script loophole |
CN109684847B (en) * | 2018-09-07 | 2023-05-23 | 平安科技(深圳)有限公司 | Automatic repairing method, device, equipment and storage medium for script loopholes |
CN112364353A (en) * | 2020-11-03 | 2021-02-12 | 深圳开源互联网安全技术有限公司 | Xss vulnerability detection method and device based on nodejs express application |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5497173B2 (en) | XSS detection method and apparatus | |
TWI603600B (en) | Determine vulnerability using runtime agent and network sniffer | |
CN105068925B (en) | Software safety defect finds system | |
US9223977B2 (en) | Detection of DOM-based cross-site scripting vulnerabilities | |
CN104881603B (en) | Webpage redirects leak detection method and device | |
US20160110547A1 (en) | Systems and methods for analysis of cross-site scripting vulnerabilities | |
US8528093B1 (en) | Apparatus and method for performing dynamic security testing using static analysis data | |
CN104573520B (en) | The method and apparatus for detecting resident formula cross site scripting loophole | |
US9032529B2 (en) | Detecting vulnerabilities in web applications | |
CN111783096B (en) | Method and device for detecting security hole | |
CN106909846A (en) | One kind is based on empty quasi-analytic leak detection method and its device | |
US8572747B2 (en) | Policy-driven detection and verification of methods such as sanitizers and validators | |
CN104765682B (en) | Detection method and system under the line of cross site scripting leak | |
CN106897624A (en) | A kind of leak detection method and its device | |
US11847231B2 (en) | Detecting injection vulnerabilities of client-side templating systems | |
CN104462962B (en) | A kind of method for detecting unknown malicious code and binary vulnerability | |
US20150302191A1 (en) | Program execution apparatus and program analysis apparatus | |
CN104834588B (en) | The method and apparatus for detecting resident formula cross site scripting loophole | |
US9262309B2 (en) | Optimizing test data payload selection for testing computer software applications that employ data sanitizers and data validators | |
CN108804305A (en) | A kind of method and device of automatic test | |
CN109672658B (en) | JSON hijacking vulnerability detection method, device, equipment and storage medium | |
CN106682489A (en) | Password security detection method, password security reminding method and corresponding devices | |
CN106548075A (en) | leak detection method and device | |
CN106603572B (en) | Vulnerability detection method and device based on probe | |
CN103390129B (en) | Detect the method and apparatus of security of uniform resource locator |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170627 |
|
RJ01 | Rejection of invention patent application after publication |