CN107451470A - Pages Security detection method, device and equipment - Google Patents

Pages Security detection method, device and equipment Download PDF

Info

Publication number
CN107451470A
CN107451470A CN201610371648.9A CN201610371648A CN107451470A CN 107451470 A CN107451470 A CN 107451470A CN 201610371648 A CN201610371648 A CN 201610371648A CN 107451470 A CN107451470 A CN 107451470A
Authority
CN
China
Prior art keywords
measured
safety detection
detection framework
page
framework
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610371648.9A
Other languages
Chinese (zh)
Inventor
姜晨炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610371648.9A priority Critical patent/CN107451470A/en
Publication of CN107451470A publication Critical patent/CN107451470A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application is included on Pages Security detection method, device and equipment, methods described:Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded, the safety detection framework includes the script that body to be measured is written over and detected;The body to be measured treated by the safety detection framework in loading page is written over;The recalls information of body to be measured operationally is monitored by the body to be measured after rewriting;Judge whether the body to be measured is safe based on the recalls information using the safety detection framework, so as to realize safety detection during code operation by Hook, so as to improve the ability for excavating web front-end leak and sensitive information.

Description

Pages Security detection method, device and equipment
Technical field
The application is related to detection technique field, more particularly to Pages Security detection method, device and equipment.
Background technology
Web applications gradually deeply and are popularized, and substantial amounts of important information is stored in wherein, simultaneously because web Application system have diversity and it is open the characteristics of, cause web application systems easily to be attacked as invader The object hit.By the importance of web application systems and its severe situation of the security threat faced, In order to improve the security of web application systems, whitepack detection or black box detection method can be used to excavate Web front-end leak and sensitive information.
Whitepack detects the logical consequence by checking software inhouse, and multiple checkpoints are set in software systems, To software carry out logical path traversal during, check program each monitoring point state whether with Expecting state is consistent, and then judges that software systems whether there is defect.It can be seen that being detected using whitepack is needed The code of functions/object to be measured in the page is parsed, leak can not be effectively found when code is more complicated Or sensitive information.Black box detection is a kind of test based on test case, by test case to software journey Sequence interface is tested, and checks whether program function is normal, and whether program can be correctly received input data And correct output information is produced, while the integrality of external information can be kept.It can be seen that dependent on test The detection of use-case is difficult that test is comprehensive, excavates the ability of web front-end leak or sensitive information.
The content of the invention
The application provides Pages Security detection method, device and equipment, to solve to excavate in the prior art The problem of ability of web front-end leak or sensitive information.
According to the first aspect of the embodiment of the present application, there is provided a kind of Pages Security detection method, methods described Including:
Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded, The safety detection framework includes the script that body to be measured is written over and detected;
The body to be measured treated by the safety detection framework in loading page is written over;
Obtained by the body to be measured after rewriting and the tune of body to be measured operationally is monitored by the body to be measured after rewriteeing Use information;
Judge whether the body to be measured is safe based on the recalls information using the safety detection framework.
According to the second aspect of the embodiment of the present application, there is provided a kind of Pages Security detection means, described device Including:
Framework injection module, for before loading page, being based on to the page to be loaded injection is default Hook safety detection framework, the safety detection framework include the pin that body to be measured is written over and detected This;
Rewriting module, the body to be measured for being treated by the safety detection framework in loading page carry out weight Write;
Information monitoring module, believe for monitoring the calling of body to be measured operationally by the body to be measured after rewriting Breath;
Analysis module, for being based on using the safety detection framework described in recalls information judgement Whether body to be measured is safe.
According to the third aspect of the embodiment of the present application, there is provided a kind of computer equipment, including:
Processor;For storing the memory of the processor-executable instruction;
Wherein, the processor is configured as:
Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded, The safety detection framework includes the script that body to be measured is written over and detected;
The body to be measured treated by the safety detection framework in loading page is written over;
Obtained by the body to be measured after rewriting and the tune of body to be measured operationally is monitored by the body to be measured after rewriteeing Use information;
Judge whether the body to be measured is safe based on the recalls information using the safety detection framework.
During using the embodiment of the present application Pages Security detection method, device and equipment, by page to be loaded The safety detection framework based on Hook is injected in face, is rewritten using safety detection framework in the page to be loaded Body to be measured, and the recalls information of body to be measured operationally is monitored by the body to be measured after rewriting, and according to tune Judge whether body to be measured is safe with information, safety when realizing that code is run by Hook so as to realize is examined Survey, so as to improve the ability for excavating web front-end leak and sensitive information.
It should be appreciated that the general description and following detailed description of the above are only exemplary and explanatory , the disclosure can not be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and forms the part of this specification, shows and meets the application Embodiment, and be used to together with specification to explain the principle of the disclosure.
Fig. 1 is one embodiment flow chart of the application Pages Security detection method.
Fig. 2 is a kind of hardware structure diagram of computer equipment where the application Pages Security detection means.
Fig. 3 is one embodiment block diagram of the application Pages Security detection means.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following retouches State when being related to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element. Embodiment described in following exemplary embodiment does not represent all embodiment party consistent with the disclosure Formula.On the contrary, they are only and some aspects phase one being described in detail in such as appended claims, the disclosure The example of the apparatus and method of cause.
It is only merely for the purpose of description specific embodiment in the term that the disclosure uses, and is not intended to be limiting this It is open." one kind " of singulative used in disclosure and the accompanying claims book, " described " and "the" is also intended to including most forms, unless context clearly shows that other implications.It is also understood that Term "and/or" used herein refer to and comprising the associated list items purposes of one or more it is any or It is possible to combine.
It will be appreciated that though various letters may be described using term first, second, third, etc. in the disclosure Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information area each other Separate.For example, without departing from the scope of this disclosure, the first information can also be referred to as the second information, Similarly, the second information can also be referred to as the first information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... when " or " in response to determine ".
With the development of information technology, network gradually penetrates into the every field of society, people either live, Work or amusement all be unable to do without network, so the network environment for having a safe and healthy stabilization is extremely important 's.Web applications enter a brand-new stage, and the mobilism and Real-Time Sharing of content, which allow, stops harmful content Become more complicated with Malware, the attack that web site is subjected to is also more and more.Web attacks can be black Visitor completes to attack by changing url, including obtains site databases content, obtains server root authority, Steal user data etc..Common web attack types such as web leaks, sensitive data etc..Web leaks lead to Refer to the leak on procedure site, it may be possible to due to written in code person when writing code inconsiderate congruence Reason and caused by leak, common web leaks have SQL injection, cross-site scripting attack (XSS), upload Leak etc..If website has web leaks and utilized by hacker attacker, attacker can be the ability to easily control whole Individual website, and Website server authority is obtained, control whole server.
Therefore, carrying out web safety detections, particularly web front-end safety detection, just seem more and more important. Need to parse the code of functions/object to be measured in the page using whitepack detection in conventional art, work as code Leak or sensitive information can not be effectively found when more complicated, and black box depends on test case, because test is used The imperfection of example, cause test not comprehensive, excavate the ability of web front-end leak or sensitive information.
The defects of in order to avoid excavating the ability of web front-end leak or sensitive information, the application provide a kind of Pages Security detection method, by injecting the safety detection framework based on Hook to the page to be loaded, utilize peace Full detection framework rewrites the body to be measured in the page to be loaded, and body to be measured is monitored, when execution body to be measured When, the recalls information of body to be measured operationally can be monitored by the body to be measured after rewriting, and believe according to calling Breath judges whether body to be measured is safe, and safety detection is carried out when code is run by Hook so as to realize, so as to Improve the ability for excavating web front-end leak and sensitive information.
As shown in figure 1, Fig. 1 is one embodiment flow chart of the application Pages Security detection method, the party Method can be applied on a computing device, comprise the following steps 101 to step 104:
In a step 101, before loading page, the default peace based on Hook is injected to the page to be loaded Full detection framework, the safety detection framework include the script that body to be measured is written over and detected.
In a step 102, the body to be measured treated by the safety detection framework in loading page is written over.
In step 103, the recalls information of body to be measured operationally is monitored by the body to be measured after rewriting.
At step 104, the body to be measured is judged based on the recalls information using the safety detection framework It is whether safe.
In the embodiment of the present application, computer equipment can be the various electronic equipments that can run web applications, Electronic equipment can be smart mobile phone, tablet PC, PDA (Personal Digital Assistant, individual Digital assistants), PC etc. there is the electronic equipments of web applications.
Body to be measured is the side for needing to detect in webpage.For example, body to be measured can be the interface of object to be measured, It can be function to be measured, can also be the attribute of object to be measured., can in an optional implementation To pre-set a watch-list, include in watch-list it is all be likely to occur safety problem function/ Object.Further, the functions/object in watch-list can be determined according to web attack types.For example, Attribute of overall situation function, global object's interface, some object etc. can be included in watch-list.
Opportunity for injecting safety detection framework, before step 101 is defined to loading page by the application, So as to realize before the other Javascript codes of the page are not carried out, the safety inspection based on Hook is injected Framework is surveyed, so as to other Javascript code detections.Wherein, JavaScript is that one kind belongs to network Script.Due to that can be able to be then page loading with loading page when page loading environment meets When condition meets and before loading page, step 101 is performed.It can connect that page loading environment, which meets, Receive page load request.It is understood that it can be noted every time before loading page to the page to be loaded Enter the default safety detection framework based on Hook, to carry out safety detection.
Safety detection framework based on Hook is properly termed as Hook frameworks again, and Hook frameworks are used to treat Body is surveyed to be written over and detect.
Wherein, Hook technologies are also known as Hook Technique, hook technology, are windows messaging processors One platform of system.Hook can be intercepted and captured with the various event messages in monitoring system or process and be sent to target The message of window is simultaneously handled.The application rewrites body to be measured by Hook technologies and it is run with realizing Monitoring.Safety detection framework based on Hook can include the pin that body to be measured is written over and detected This, as a kind of preferred embodiment, script can be Javascript scripts.
In an optional implementation, it can be injected and preset to the page to be loaded by browser plug-in The safety detection framework based on Hook.It is for instance possible to use chrome browser plug-ins are to be loaded The page injects the default safety detection framework based on Hook.
It can be seen that easily realized by way of browser plug-in injects framework to the page to be loaded.
Because safety detection framework includes script that body to be measured is written over and detected, therefore to be loaded After page injection safety detection framework, the body to be measured that needs detect can be carried out using safety detection framework Rewrite and monitor.
Wherein, in Java, subclass can inherit the method in parent, without writing identical again Method.But subclass is not intended to the method for intactly inheriting parent sometimes, but thought of as certain modification, This just needs the rewriting using method.The present embodiment passes through the rewriting to body to be measured, in order to increases The calling detection method of the body to be measured, can get corresponding recalls information when being called every time so as to body to be measured. Recalls information can be call parameters/calling data etc. caused by calling.
For example, when body to be measured is overall situation function, weight can be carried out to overall situation function by safety detection framework Write, so as to obtain the recalls information of the function operationally by the overall situation function after rewriting, so as to Realize and the function of the overall situation is linked up with.
And for example, can be by safety detection framework to specifying object when body to be measured is global object's interface Interface is written over, so as to obtain the recalls information of the interface operationally by the interface after rewriting, from And realize to calling the interface to be monitored.
And for example, when body to be measured is localStorage getItem function and setItem functions, Ke Yitong GetItem functions and setItem functions that safety detection framework rewrites localStorage are crossed, so as to pass through The getItem functions and setItem function pairs of localStorage after rewriting is locally stored and is monitored.
And for example, when body to be measured is XML Http Request.prototype open function and send functions, XML Http Request.prototype open functions and send can be rewritten by safety detection framework Function, realize the monitoring that data are sent and received to Asynchronous Request.
In an optional implementation, the body to be measured includes the attribute of object to be tested, described logical The body to be measured that the safety detection framework is treated in loading page is crossed to be written over, including:The safety inspection Survey framework by call object to be tested in the page to be loaded getter functions and setter functions to rewrite State the attribute of object to be tested.The body to be measured by after rewriting monitors the calling of body to be measured operationally Information, including:Obtained by the attribute of the object to be tested after rewriting when the attribute is read or changed Recalls information.
It can be seen that can by calling getter functions and setter functions to rewrite the attribute of object, so as to The attribute of object is read or gets recalls information when changing.
In an optional implementation, safety detection framework can be by calling document's Getter functions and setter functions, can be with to rewrite document getter functions and setter functions It is monitored by the reading of the document of rewriting getter functions and setter function pairs cookie.
In an optional implementation, safety detection framework can be by calling window getter Function and setter functions, to rewrite window getter functions and setter functions, pass through rewriting Window getter functions and setter functions monitors some global variable and read in which place And modification, it can detect whether some key messages are compromised.
On step 104, after monitoring obtains recalls information, body to be measured can be judged according to recalls information It is whether safe.As one of which judgment mode, it can be determined that with the presence or absence of default quick in recalls information Keyword is felt, if in the presence of judging that the body to be measured is dangerous.For example, in being monitored to cookie, pass through Whether the cookie values for judging to read are crucial session session, so as to judge whether danger.Again Such as, when being monitored to global variable, the position that specified global variable is read out and changed can be monitored Put, so as to detect whether some key messages are compromised.And for example, can for the monitoring being locally stored To be locally stored by having detected whether that sensitive data is written into judge whether safety.And for example, for different The monitoring of request is walked, can be by detecting in recalls information whether contain the information not desensitized to judge whether Safety.
It is described to be based on the calling letter using the safety detection framework in an optional implementation Breath judges whether the body to be measured is safe, including:Obtained by the safety detection framework and call body to be measured Called side, according to the called side and the recalls information judge the body to be measured whether safety.
In this embodiment it is possible to the mode in inter-trust domain or untrusted domain is set to carry out security judgement.It is logical Allocating stack can be printed by crossing safety detection framework, so that it is determined that calling the called side of body to be measured, judge to adjust With side whether in default inter-trust domain or untrusted domain, when called side is in untrusted domain or not in inter-trust domain When, it is possible to determine that current function/object there may be safety problem.
In an optional implementation, the prison to jsonp can also be realized by safety detection framework Control, the new script elements that the createElement functions by rewriteeing document are created, so The getter functions and setter functions of script elements are rewritten afterwards, and rewrite the return letter of jsonp in connection Number, to realize to the cross-domain monitoring for calling transmission data.
Further, methods described also includes:Testing result is output to console (console), with Just user checks testing result.
Corresponding with the embodiment of the application Pages Security detection method, present invention also provides Pages Security The embodiment of detection means and computer equipment.
The embodiment of the application Pages Security detection means, which can be applied, is being provided with the various calculating of browser On machine equipment, for example, the computer equipment can include mobile phone, tablet personal computer, PC etc..Wherein, fill Putting embodiment can be realized by software, can also be realized by way of hardware or software and hardware combining. It is by computer equipment where it as the device on a logical meaning exemplified by implemented in software Corresponding computer program instructions in nonvolatile memory 220 are read internal memory 230 by processor 210 What middle operation was formed.For hardware view, as shown in Fig. 2 being the application Pages Security detection means A kind of hardware structure diagram of place computer equipment, except the processor 210 shown in Fig. 2, internal memory 230, Outside network interface 240 and nonvolatile memory 220, the computer in embodiment where device Equipment can also include other hardware, no longer show one by one in Fig. 2 generally according to the actual functional capability of the equipment Go out.
Referring to Fig. 3, for one embodiment block diagram of the application Pages Security detection means:
The device includes:Framework injection module 310, rewriting module 320, information monitoring module 330 and peace Full judge module 340.
Wherein, framework injection module 310, for before loading page, being injected to the page to be loaded pre- If the safety detection framework based on Hook, the safety detection framework include body to be measured is written over With the script of detection.
Rewriting module 320, enter for treating the body to be measured in loading page by the safety detection framework Row is rewritten.
Information monitoring module 330, for monitoring the tune of body to be measured operationally by the body to be measured after rewriting Use information.
Analysis module 340, for being judged using the safety detection framework based on the recalls information Whether the body to be measured is safe.
In an optional implementation, the framework injection module includes:
Framework injects submodule, for before loading page, by browser plug-in to the page to be loaded Inject the default safety detection framework based on Hook.
It is the interface of the body to be measured including object to be tested, to be tested in an optional implementation Function, object to be tested attribute in one or more, the script is Javascript scripts.
In an optional implementation, the body to be measured includes the attribute of object to be tested, described heavy Writing module includes:
Submodule is rewritten, for the safety detection framework by calling object to be tested in the page to be loaded Getter functions and setter functions to rewrite the attribute of the object to be tested.
Described information monitoring modular includes:
Information monitoring submodule, read for obtaining the attribute by the attribute of the object to be tested after rewriting Recalls information when taking or changing.
In an optional implementation, the analysis module, including:
Analysis submodule, the called side of body to be measured is called for being obtained by the safety detection framework, Judge whether the body to be measured is safe according to the called side and the recalls information.
Based on this, the application also provides a kind of computer equipment, including:
Processor;For storing the memory of the processor-executable instruction;
Wherein, the processor is configured as:
Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded, The safety detection framework includes the script that body to be measured is written over and detected.
The body to be measured treated by the safety detection framework in loading page is written over.
Obtained by the body to be measured after rewriting and the tune of body to be measured operationally is monitored by the body to be measured after rewriteeing Use information.
Judge whether the body to be measured is safe based on the recalls information using the safety detection framework.
The function of unit and the implementation process of effect specifically refer to corresponding in the above method in said apparatus The implementation process of step, will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is joined See the part explanation of embodiment of the method.Device embodiment described above is only schematical, The wherein described unit illustrated as separating component can be or may not be it is physically separate, make It can be for the part that unit is shown or may not be physical location, you can with positioned at a place, Or it can also be distributed on multiple NEs.Can select according to the actual needs part therein or Person's whole module realizes the purpose of application scheme.Those of ordinary skill in the art are not paying creativeness In the case of work, you can to understand and implement.
As seen from the above-described embodiment, by injecting the safety detection framework based on Hook to the page to be loaded, The body to be measured in the page to be loaded is rewritten using safety detection framework, and is monitored by the body to be measured after rewriting The recalls information of body to be measured operationally, and judge whether body to be measured is safe according to recalls information, so as to real Safety detection when now realizing that code is run by Hook, web front-end leak and quick is excavated so as to improve Feel the ability of information.
Those skilled in the art will readily occur to this after considering specification and putting into practice invention disclosed herein Other embodiments of application.The application is intended to any modification, purposes or the adaptability of the application Change, these modifications, purposes or adaptations follow the general principle of the application and including this Shens Please undocumented common knowledge or conventional techniques in the art.Description and embodiments only by It is considered as exemplary, the true scope of the application and spirit are pointed out by following claim.
It should be appreciated that the application be not limited to be described above and be shown in the drawings it is accurate Structure, and various modifications and changes can be being carried out without departing from the scope.Scope of the present application is only by institute Attached claim limits.

Claims (11)

1. a kind of Pages Security detection method, this method is applied to computer equipment, it is characterised in that Methods described includes:
Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded, The safety detection framework includes the script that body to be measured is written over and detected;
The body to be measured treated by the safety detection framework in loading page is written over;
The recalls information of body to be measured operationally is monitored by the body to be measured after rewriting;
Judge whether the body to be measured is safe based on the recalls information using the safety detection framework.
2. according to the method for claim 1, it is characterised in that described to be injected to the page to be loaded The default safety detection framework based on Hook, including:
The default safety detection framework based on Hook is injected to the page to be loaded by browser plug-in.
3. according to the method for claim 1, it is characterised in that the body to be measured includes to be tested The interface of object, trial function to be measured, object to be tested attribute in one or more, the script is Javascript scripts.
4. according to the method for claim 1, it is characterised in that the body to be measured includes to be tested The attribute of object, the body to be measured treated by the safety detection framework in loading page are written over, Including:
The safety detection framework by call object to be tested in the page to be loaded getter functions and Setter functions are to rewrite the attribute of the object to be tested;
The body to be measured by after rewriting monitors the recalls information of body to be measured operationally, including:
The calling when attribute is read or changed is obtained by the attribute of the object to be tested after rewriting to believe Breath.
5. method according to any one of claims 1 to 4, it is characterised in that utilize the safety Detection framework judges whether the body to be measured is safe based on the recalls information, including:
The called side for calling body to be measured is obtained by the safety detection framework, according to the called side and institute State recalls information and judge whether the body to be measured is safe.
6. a kind of Pages Security detection means, the device is applied to computer equipment, it is characterised in that Described device includes:
Framework injection module, for before loading page, being based on to the page to be loaded injection is default Hook safety detection framework, the safety detection framework include the pin that body to be measured is written over and detected This;
Rewriting module, the body to be measured for being treated by the safety detection framework in loading page carry out weight Write;
Information monitoring module, believe for monitoring the calling of body to be measured operationally by the body to be measured after rewriting Breath;
Analysis module, for being based on using the safety detection framework described in recalls information judgement Whether body to be measured is safe.
7. device according to claim 6, it is characterised in that the framework injection module includes:
Framework injects submodule, for before loading page, by browser plug-in to the page to be loaded Inject the default safety detection framework based on Hook.
8. device according to claim 6, it is characterised in that the body to be measured includes to be tested The interface of object, trial function to be measured, object to be tested attribute in one or more, the script is Javascript scripts.
9. device according to claim 6, it is characterised in that the body to be measured includes to be tested The attribute of object, the rewriting module include:
Submodule is rewritten, for the safety detection framework by calling object to be tested in the page to be loaded Getter functions and setter functions to rewrite the attribute of the object to be tested;
Described information monitoring modular includes:
Information monitoring submodule, read for obtaining the attribute by the attribute of the object to be tested after rewriting Recalls information when taking or changing.
10. according to any described device of claim 6 to 9, it is characterised in that the analysis Module, including:
Analysis submodule, the called side of body to be measured is called for being obtained by the safety detection framework, Judge whether the body to be measured is safe according to the called side and the recalls information.
A kind of 11. computer equipment, it is characterised in that including:
Processor;For storing the memory of the processor-executable instruction;
Wherein, the processor is configured as:
Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded, The safety detection framework includes the script that body to be measured is written over and detected;
The body to be measured treated by the safety detection framework in loading page is written over;
Obtained by body to be measured after rewriting and body to be measured is monitored operationally by body to be measured after rewriteeing Recalls information;
Judge whether the body to be measured is safe based on the recalls information using the safety detection framework.
CN201610371648.9A 2016-05-30 2016-05-30 Pages Security detection method, device and equipment Pending CN107451470A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610371648.9A CN107451470A (en) 2016-05-30 2016-05-30 Pages Security detection method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610371648.9A CN107451470A (en) 2016-05-30 2016-05-30 Pages Security detection method, device and equipment

Publications (1)

Publication Number Publication Date
CN107451470A true CN107451470A (en) 2017-12-08

Family

ID=60484583

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610371648.9A Pending CN107451470A (en) 2016-05-30 2016-05-30 Pages Security detection method, device and equipment

Country Status (1)

Country Link
CN (1) CN107451470A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110008657A (en) * 2018-01-05 2019-07-12 武汉斗鱼网络科技有限公司 A kind of method, storage medium, electronic equipment and system for protecting web page code
CN114816558A (en) * 2022-03-07 2022-07-29 深圳开源互联网安全技术有限公司 Script injection method and device and computer readable storage medium
CN117806971A (en) * 2024-01-03 2024-04-02 北京北大软件工程股份有限公司 Self-adaptive analysis configuration method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101408917A (en) * 2008-10-22 2009-04-15 厦门市美亚柏科资讯科技有限公司 Method and system for detecting application program behavior legality
CN102375946A (en) * 2010-08-19 2012-03-14 腾讯科技(深圳)有限公司 Method and device for detecting webpage trojan
CN102651060A (en) * 2012-03-31 2012-08-29 北京奇虎科技有限公司 Method and system for detecting vulnerability
CN102737188A (en) * 2012-06-27 2012-10-17 北京奇虎科技有限公司 Method and device for detecting malicious webpage

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101408917A (en) * 2008-10-22 2009-04-15 厦门市美亚柏科资讯科技有限公司 Method and system for detecting application program behavior legality
CN102375946A (en) * 2010-08-19 2012-03-14 腾讯科技(深圳)有限公司 Method and device for detecting webpage trojan
CN102651060A (en) * 2012-03-31 2012-08-29 北京奇虎科技有限公司 Method and system for detecting vulnerability
CN102737188A (en) * 2012-06-27 2012-10-17 北京奇虎科技有限公司 Method and device for detecting malicious webpage

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110008657A (en) * 2018-01-05 2019-07-12 武汉斗鱼网络科技有限公司 A kind of method, storage medium, electronic equipment and system for protecting web page code
CN110008657B (en) * 2018-01-05 2021-07-23 武汉斗鱼网络科技有限公司 Method, storage medium, electronic device and system for protecting webpage code
CN114816558A (en) * 2022-03-07 2022-07-29 深圳开源互联网安全技术有限公司 Script injection method and device and computer readable storage medium
CN114816558B (en) * 2022-03-07 2023-06-30 深圳市九州安域科技有限公司 Script injection method, equipment and computer readable storage medium
CN117806971A (en) * 2024-01-03 2024-04-02 北京北大软件工程股份有限公司 Self-adaptive analysis configuration method and system

Similar Documents

Publication Publication Date Title
US10057280B2 (en) Methods and systems of detecting and analyzing correlated operations in a common storage
Shahriar et al. Client-side detection of cross-site request forgery attacks
US20170208093A1 (en) Detection of Vulnerabilities in Computer Systems
US20180075233A1 (en) Systems and methods for agent-based detection of hacking attempts
US20170316202A1 (en) Rasp for scripting languages
Elia et al. Comparing SQL injection detection tools using attack injection: An experimental study
US11811824B2 (en) Security system for detecting malicious actor's observation
Yang et al. Study and mitigation of origin stripping vulnerabilities in hybrid-postmessage enabled mobile applications
Rocha et al. Etssdetector: A tool to automatically detect cross-site scripting vulnerabilities
US11444970B2 (en) Dynamic security test system
US11595436B2 (en) Rule-based dynamic security test system
Bugliesi et al. Automatic and robust client-side protection for cookie-based sessions
CN106250761B (en) Equipment, device and method for identifying web automation tool
Wang et al. A new cross-site scripting detection mechanism integrated with HTML5 and CORS properties by using browser extensions
Yang et al. {Iframes/Popups} Are Dangerous in Mobile {WebView}: Studying and Mitigating Differential Context Vulnerabilities
Chaudhary et al. A novel framework to alleviate dissemination of XSS worms in online social network (OSN) using view segregation.
CN107451470A (en) Pages Security detection method, device and equipment
CN116340943A (en) Application program protection method, device, equipment, storage medium and program product
Yulianto et al. Mitigation of cryptojacking attacks using taint analysis
Rautenstrauch et al. The leaky web: Automated discovery of cross-site information leaks in browsers and the web
Pieczul et al. Runtime detection of zero-day vulnerability exploits in contemporary software systems
Heiderich et al. The bug that made me president a browser-and web-security case study on helios voting
Jannett et al. DISTINCT: identity theft using in-browser communications in dual-window single sign-on
Maurya Positive security model based server-side solution for prevention of cross-site scripting attacks
CN107800692A (en) A kind of XSS leak detection methods and system based on web browser

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200923

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200923

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20171208

RJ01 Rejection of invention patent application after publication