CN107579983A - Code security auditing method and device based on web log file - Google Patents
Code security auditing method and device based on web log file Download PDFInfo
- Publication number
- CN107579983A CN107579983A CN201710824714.8A CN201710824714A CN107579983A CN 107579983 A CN107579983 A CN 107579983A CN 201710824714 A CN201710824714 A CN 201710824714A CN 107579983 A CN107579983 A CN 107579983A
- Authority
- CN
- China
- Prior art keywords
- daily record
- reports
- error
- log file
- targeted website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a kind of code security auditing method and device based on web log file, including one kind, applied to server, methods described includes:The daily record that reports an error in the preset time period of targeted website is obtained, the daily record that reports an error is generated after the test data bag of client transmission is received;When scanning is to default sensitive content in the daily record that reports an error, determine that the targeted website has bug in preset time period, reaching, which can utilize the mode of client and server cooperation to detect targeted website, whether there is bug, the technique effect for the daily record that reports an error, more accurately discovery procedure leak for detecting targeted website in real time can be passed through.
Description
Technical field
The present invention relates to field of information security technology, more particularly, to a kind of code security auditing party based on web log file
Method and device.
Background technology
Today that Information Technology Development makes rapid progress, information security also increasingly obtain the attention of people.Procedure site is made
For the door of enterprise, also it has been pulled at the teeth of the storm of information security, particularly the enterprise such as finance, internet, procedure site
Once it is broken, then will imply that the leakage of data, the threat of intranet security.Nowadays, the various nets increased income and do not increased income
Program of standing is countless, and its safe coefficient is also uneven.Relatively good phenomenon is net of the increasing user at oneself
Software or hardware class firewall are with the addition of in standing, keeps out the attack in the external world.Code development with awareness of safety, and protection are soft
The appearance of the fire wall of hardware classes, alleviates the tensity of web portal security to a certain extent, but uses with upper type still
Security hidden trouble can not just be prevented.Particularly in network station leakage, existence range is very wide for sql injection loopholes.
Protection for sql injection loopholes and bypass, web portal security scanning system common at present, especially sql injections
System, conventional mode are arrangement test leads, carry out vulnerability detection to target by way of black box, but this mode is likely to
It can fail to report and report some security hidden troubles by mistake.
The content of the invention
In view of this, it is an object of the invention to provide a kind of code security auditing method and dress based on web log file
Put, to alleviate the technical problem of code security auditing method and device present in prior art based on web log file.
In a first aspect, the embodiments of the invention provide a kind of code security auditing method based on web log file, it is applied to
Server, methods described include:
The daily record that reports an error in the preset time period of targeted website is obtained, the daily record that reports an error is sent receiving client
Generated after test data bag;
When scanning is to default sensitive content in the daily record that reports an error, determine the targeted website in preset time period
Bug be present.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the first of first aspect, wherein, institute
The daily record that reports an error obtained in the preset time period of targeted website is stated, including:
Daily record is obtained in the first log storage path of targeted website;
When obtaining daily record failure in first log storage path, show paths change prompting, so that user's root
Prompt to set the second log storage path according to the path change;
Daily record is obtained in second log storage path.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of second of first aspect, wherein, institute
Stating method also includes:
Sensitive content input prompting is shown, so that user inputs prompting according to the sensitive content sets sensitive content;
The sensitive content that user inputs is defined as default sensitive content.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the third of first aspect, wherein, institute
Stating method also includes:
When the targeted website has bug in preset time period, leak early warning is sent.
Second aspect, the embodiment of the present invention also provide a kind of code security auditing method based on web log file, are applied to
Client, methods described include:
The acquisition strategy information in default leak policy library;
When receiving the http request head configuration information of user's input, according to the http request head configuration information and plan
Slightly information generation test data bag;
When not receiving the http request head configuration information of user's input, test data is generated according to the policy information
Bag;
The test data bag is sent to server.
With reference to second aspect, the embodiments of the invention provide the possible embodiment of the first of second aspect, wherein, institute
Stating method also includes:
When receiving the configured information in escalation policy storehouse of user's input, upgrade the leak policy library;
And/or when receive user input it is self-defined tactful when, the self-defined tactful policy information storage is arrived
The leak policy library.
The third aspect, the embodiment of the present invention also provide a kind of code security audit device based on web log file, the dress
Put including:
First acquisition module, for obtaining the daily record that reports an error in the preset time period of targeted website, the daily record that reports an error be
Generated after receiving the test data bag of client transmission;
Determining module, for when scanning is to default sensitive content in the daily record that reports an error, determining the targeted website
Bug in preset time period be present.
Fourth aspect, the embodiment of the present invention also provide a kind of code security audit device based on web log file, the dress
Put including:
Second acquisition module, for the acquisition strategy information in default leak policy library;
First generation module, for when receive user input http request head configuration information when, according to the http
Request header configuration information and policy information generation test data bag;
Second generation module, for when do not receive user input http request head configuration information when, according to the plan
Slightly information generation test data bag;
Sending module, for sending the test data bag to server.
5th aspect, the embodiment of the present invention also provide a kind of electronic equipment, including memory, processor, the memory
In be stored with the computer program that can be run on the processor, described in the computing device during computer program realize on
The step of stating first aspect or method described in second aspect.
6th aspect, a kind of computer for the non-volatile program code that can perform with processor of the embodiment of the present invention can
Medium is read, described program code makes the method described in the computing device first aspect or second aspect.
The embodiment of the present invention brings following beneficial effect:The embodiment of the present invention is by obtaining targeted website preset time period
The interior daily record that reports an error, wherein, the daily record that reports an error is generated after the test data bag of client transmission is received, when in institute
State and scanned in the daily record that reports an error to when presetting sensitive content, it may be determined that the targeted website has program leakage in preset time period
Hole.
The mode that the embodiment of the present invention can utilize client and server to cooperate detects targeted website and whether there is program
Leak, can be by detecting the daily record that reports an error of targeted website in real time, more accurately discovery procedure leak.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages are in specification, claims
And specifically noted structure is realized and obtained in accompanying drawing.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate
Appended accompanying drawing, is described in detail below.
Brief description of the drawings
, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art
The required accompanying drawing used is briefly described in embodiment or description of the prior art, it should be apparent that, in describing below
Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid
Put, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of flow chart of the code security auditing method based on web log file provided in an embodiment of the present invention;
Fig. 2 is step S101 provided in an embodiment of the present invention flow chart;
Fig. 3 is the flow chart of another code security auditing method based on web log file provided in an embodiment of the present invention;
Fig. 4 is a kind of structure chart of the code security audit device based on web log file provided in an embodiment of the present invention;
Fig. 5 is the structure chart of another code security audit device based on web log file provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present invention
Technical scheme be clearly and completely described, it is clear that described embodiment is part of the embodiment of the present invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, belongs to the scope of protection of the invention.
Protection for sql injection loopholes at present and bypass, web portal security scanning system common at present, especially sql
Injected system, conventional mode are arrangement test leads, carry out vulnerability detection to target by way of black box, but this mode is very
It may fail to report and report some security hidden troubles, based on this, a kind of generation based on web log file provided in an embodiment of the present invention by mistake
Code method for auditing safely and device, the mode of client and server cooperation can be utilized to detect targeted website and whether there is program
Leak, can be by detecting the daily record that reports an error of targeted website in real time, more accurately discovery procedure leak.
For ease of understanding the present embodiment, first to a kind of disclosed in the embodiment of the present invention based on web log file
Code security auditing method describes in detail, and the code security auditing method based on web log file can apply to service
Device, as shown in figure 1, methods described may comprise steps of.
Step S101, obtain the daily record that reports an error in the preset time period of targeted website.
In embodiments of the present invention, the daily record that reports an error is generated after the test data bag of client transmission is received
's.Preset time period can be 10 minutes, 30 minutes or 1 hour etc., and targeted website can be asp (Active Server
Pages, Active Server Pages) website, php websites, aspx websites etc..
Step S102, when scanning is to default sensitive content in the daily record that reports an error, determine the targeted website pre-
If bug in the period be present.
In embodiments of the present invention, default sensitive content can refer to the information such as database version.
The embodiment of the present invention by obtaining the daily record that reports an error in the preset time period of targeted website, wherein, the daily record that reports an error
It is to be generated after the test data bag of client transmission is received, when default sensitive content is arrived in scanning in the daily record that reports an error
When, it may be determined that bug in preset time period be present in the targeted website.
The mode that the embodiment of the present invention can utilize client and server to cooperate detects targeted website and whether there is program
Leak, can be by detecting the daily record that reports an error of targeted website in real time, more accurately discovery procedure leak.
In another embodiment of the present invention, as shown in Fig. 2 the step S101 comprises the following steps.
Step S201, daily record is obtained in the first log storage path of targeted website.
In embodiments of the present invention, the first log storage path can refer to acquiescence log storage path of targeted website etc.,
Acquiescence log storage path can be read from configuration file.
Step S202, when obtaining daily record failure in first log storage path, show paths change prompting, with
User is set to be prompted to set the second log storage path according to the path change.
In embodiments of the present invention, the second log storage path can refer to user according to path change prompt input, with
The different log storage path of the acquiescence log storage path.
Step S203, daily record is obtained in second log storage path.
In the embodiment of the present invention, can self-defined addition log storage path, can according to actual environment switch daily record deposit
Storage path, the scene to be gone wrong suitable for acquiescence log storage path, method are more flexible.
In another embodiment of the present invention, methods described is further comprising the steps of.
Show sensitive content input prompting.
In embodiments of the present invention, sensitive content input prompting can be text information, such as " please input sensitive content "
Etc..
Sensitive content can be set in order to which user inputs prompting according to the sensitive content by above step.
The sensitive content that user inputs is defined as default sensitive content.
In another embodiment of the present invention, methods described can also comprise the following steps.
When the targeted website has bug in preset time period, leak early warning is sent.
In embodiments of the present invention, leak early warning can be sent by way of email notification webmaster,
Leak early warning can be sent by way of showing the procedure site miscue page, in addition, for discovery procedure leak when
Between, the information such as position recorded in detail.
In another embodiment of the present invention, as shown in figure 3, also providing a kind of code security audit based on web log file
Method, applied to client, methods described may comprise steps of.
Step S301, the acquisition strategy information in default leak policy library.
In embodiments of the present invention, in order to adapt to the script that different web sites use, leak policy library can be used for depositing
A variety of injection skills and guard system are stored up around strategy etc..
Step S302, when receiving the http request head configuration information of user's input, matched somebody with somebody according to the http request head
Confidence ceases and policy information generation test data bag.
Step S303, when not receiving the http request head configuration information of user's input, given birth to according to the policy information
Into test data bag.
In embodiments of the present invention, the configuration of http request head can include configuration Refer, User-agent, Method
(get/post/cookie) etc..
Step S304, the test data bag is sent to server.The time interval that probe data packet is sent can be advance
It is defined by the user, defines the transmission interval of test data bag, procedure site DOS (Disk Operating can be prevented
System, disc operating system).
In another embodiment of the present invention, methods described can also comprise the following steps.
When receiving the configured information in escalation policy storehouse of user's input, upgrade the leak policy library;
And/or when receive user input it is self-defined tactful when, the self-defined tactful policy information storage is arrived
The leak policy library.
In another embodiment of the present invention, the embodiment of the present invention also provides a kind of code security based on web log file and examined
Counter device, the device that the embodiment of the present invention is provided, its realization principle and caused technique effect and preceding method embodiment phase
Together, to briefly describe, device embodiment part does not refer to part, refers to corresponding contents in preceding method embodiment.Such as Fig. 4 institutes
Show, described device includes:
First acquisition module 11, for obtaining the daily record that reports an error in the preset time period of targeted website, the daily record that reports an error is
Generated after the test data bag of client transmission is received;
Determining module 12, for when scanning is to default sensitive content in the daily record that reports an error, determining the target network
Stand and bug in preset time period be present.
In another embodiment of the present invention, the embodiment of the present invention also provides a kind of code security based on web log file and examined
Counter device, the device that the embodiment of the present invention is provided, its realization principle and caused technique effect and preceding method embodiment phase
Together, to briefly describe, device embodiment part does not refer to part, refers to corresponding contents in preceding method embodiment.Such as Fig. 5 institutes
Show, described device includes:
Second acquisition module 21, for the acquisition strategy information in default leak policy library;
First generation module 22, for when receive user input http request head configuration information when, according to described
Http request head configuration information and policy information generation test data bag;
Second generation module 23, for when do not receive user input http request head configuration information when, according to described
Policy information generates test data bag;
Sending module 24, for sending the test data bag to server.
In another embodiment of the present invention, the embodiment of the present invention also provides a kind of electronic equipment, including memory, processing
Device, the computer program that can be run on the processor, calculating described in the computing device are stored with the memory
The step of method described in preceding method embodiment is realized during machine program.
In another embodiment of the present invention, the embodiment of the present invention also provide it is a kind of with processor can perform it is non-volatile
Program code computer-readable medium, described program code makes described in preceding method embodiment described in the computing device
Method.
The code security auditing method based on web log file and the computer program of device that the embodiment of the present invention is provided
Product, including the computer-readable recording medium of program code is stored, the instruction that described program code includes can be used for performing
Method described in previous methods embodiment, specific implementation can be found in embodiment of the method, will not be repeated here.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
With the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In addition, in the description of the embodiment of the present invention, unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or be integrally connected;Can
To be mechanical connection or electrical connection;Can be joined directly together, can also be indirectly connected by intermediary, Ke Yishi
The connection of two element internals.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at this
Concrete meaning in invention.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
In the description of the invention, it is necessary to explanation, term " " center ", " on ", " under ", "left", "right", " vertical ",
The orientation or position relationship of the instruction such as " level ", " interior ", " outer " be based on orientation shown in the drawings or position relationship, merely to
Be easy to the description present invention and simplify description, rather than instruction or imply signified device or element must have specific orientation,
With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.In addition, term " first ", " second ",
" the 3rd " is only used for describing purpose, and it is not intended that instruction or hint relative importance.
Finally it should be noted that:Embodiment described above, it is only the embodiment of the present invention, to illustrate the present invention
Technical scheme, rather than its limitations, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, it will be understood by those within the art that:Any one skilled in the art
The invention discloses technical scope in, it can still modify to the technical scheme described in previous embodiment or can be light
Change is readily conceivable that, or equivalent substitution is carried out to which part technical characteristic;And these modifications, change or replacement, do not make
The essence of appropriate technical solution departs from the spirit and scope of technical scheme of the embodiment of the present invention, should all cover the protection in the present invention
Within the scope of.Therefore, protection scope of the present invention described should be defined by scope of the claims.
Claims (10)
1. a kind of code security auditing method based on web log file, it is characterised in that applied to server, methods described bag
Include:
The daily record that reports an error in the preset time period of targeted website is obtained, the daily record that reports an error is to receive the test of client transmission
Generated after packet;
When scanning is to default sensitive content in the daily record that reports an error, determine that the targeted website exists in preset time period
Bug.
2. the code security auditing method according to claim 1 based on web log file, it is characterised in that the acquisition mesh
The daily record that reports an error in the preset time period of website is marked, including:
Daily record is obtained in the first log storage path of targeted website;
When obtaining daily record failure in first log storage path, show paths change prompting, so that user is according to institute
State path change prompting and the second log storage path is set;
Daily record is obtained in second log storage path.
3. the code security auditing method according to claim 2 based on web log file, it is characterised in that methods described is also
Including:
Sensitive content input prompting is shown, so that user inputs prompting according to the sensitive content sets sensitive content;
The sensitive content that user inputs is defined as default sensitive content.
4. the code security auditing method according to claim 3 based on web log file, it is characterised in that methods described is also
Including:
When the targeted website has bug in preset time period, leak early warning is sent.
5. a kind of code security auditing method based on web log file, it is characterised in that applied to client, methods described bag
Include:
The acquisition strategy information in default leak policy library;
When receiving the http request head configuration information of user's input, believed according to the http request head configuration information and strategy
Breath generation test data bag;
When not receiving the http request head configuration information of user's input, test data bag is generated according to the policy information;
The test data bag is sent to server.
6. the code security auditing method according to claim 5 based on web log file, it is characterised in that methods described is also
Including:
When receiving the configured information in escalation policy storehouse of user's input, upgrade the leak policy library;
And/or when receive user's input it is self-defined tactful when, by the self-defined tactful policy information storage to described
Leak policy library.
7. a kind of code security audit device based on web log file, it is characterised in that described device includes:
First acquisition module, for obtaining the daily record that reports an error in the preset time period of targeted website, the daily record that reports an error is to receive
Generated after the test data bag sent to client;
Determining module, for when scanning is to default sensitive content in the daily record that reports an error, determining the targeted website pre-
If bug in the period be present.
8. a kind of code security audit device based on web log file, it is characterised in that described device includes:
Second acquisition module, for the acquisition strategy information in default leak policy library;
First generation module, for when receive user input http request head configuration information when, according to the http request
Head configuration information and policy information generation test data bag;
Second generation module, for when not receiving the http request head configuration information of user's input, being believed according to the strategy
Breath generation test data bag;
Sending module, for sending the test data bag to server.
9. a kind of electronic equipment, including memory, processor, it is stored with what can be run on the processor in the memory
Computer program, it is characterised in that realize that the claims 1 to 4 are any during computer program described in the computing device
The step of method or 5 to 6 described in any described method.
10. a kind of computer-readable medium for the non-volatile program code that can perform with processor, it is characterised in that described
Program code makes any described methods of claim 1-4 described in the computing device or 5 to 6 any described methods.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710824714.8A CN107579983A (en) | 2017-09-13 | 2017-09-13 | Code security auditing method and device based on web log file |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710824714.8A CN107579983A (en) | 2017-09-13 | 2017-09-13 | Code security auditing method and device based on web log file |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107579983A true CN107579983A (en) | 2018-01-12 |
Family
ID=61036071
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710824714.8A Pending CN107579983A (en) | 2017-09-13 | 2017-09-13 | Code security auditing method and device based on web log file |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107579983A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111314326A (en) * | 2020-02-01 | 2020-06-19 | 深信服科技股份有限公司 | Method, device, equipment and medium for confirming HTTP vulnerability scanning host |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104091116A (en) * | 2014-06-30 | 2014-10-08 | 珠海市君天电子科技有限公司 | Method, device and terminal for monitoring website vulnerability information |
CN104901975A (en) * | 2015-06-30 | 2015-09-09 | 北京奇虎科技有限公司 | Web log safety analyzing method, device and gateway |
CN106302337A (en) * | 2015-05-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | leak detection method and device |
CN106375303A (en) * | 2016-08-30 | 2017-02-01 | 江苏博智软件科技有限公司 | Attack defense method and apparatus |
CN106485152A (en) * | 2016-09-30 | 2017-03-08 | 北京奇虎科技有限公司 | Leak detection method and device |
CN106953860A (en) * | 2017-03-20 | 2017-07-14 | 腾讯科技(深圳)有限公司 | A kind of data scanning method and scanning server |
-
2017
- 2017-09-13 CN CN201710824714.8A patent/CN107579983A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104091116A (en) * | 2014-06-30 | 2014-10-08 | 珠海市君天电子科技有限公司 | Method, device and terminal for monitoring website vulnerability information |
CN106302337A (en) * | 2015-05-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | leak detection method and device |
CN104901975A (en) * | 2015-06-30 | 2015-09-09 | 北京奇虎科技有限公司 | Web log safety analyzing method, device and gateway |
CN106375303A (en) * | 2016-08-30 | 2017-02-01 | 江苏博智软件科技有限公司 | Attack defense method and apparatus |
CN106485152A (en) * | 2016-09-30 | 2017-03-08 | 北京奇虎科技有限公司 | Leak detection method and device |
CN106953860A (en) * | 2017-03-20 | 2017-07-14 | 腾讯科技(深圳)有限公司 | A kind of data scanning method and scanning server |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111314326A (en) * | 2020-02-01 | 2020-06-19 | 深信服科技股份有限公司 | Method, device, equipment and medium for confirming HTTP vulnerability scanning host |
CN111314326B (en) * | 2020-02-01 | 2022-06-21 | 深信服科技股份有限公司 | Method, device, equipment and medium for confirming HTTP vulnerability scanning host |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8572750B2 (en) | Web application exploit mitigation in an information technology environment | |
US10503910B2 (en) | Security testing framework including virtualized server-side platform | |
US10834102B2 (en) | Client-side attack detection in web applications | |
US20220284106A1 (en) | Methods, systems, and media for testing insider threat detection systems | |
US9971891B2 (en) | Methods, systems, and media for detecting covert malware | |
CN107211016B (en) | Session security partitioning and application profiler | |
US10505966B2 (en) | Cross-site request forgery (CSRF) vulnerability detection | |
CN105512559B (en) | It is a kind of for providing the method and apparatus of accession page | |
CN104933362A (en) | Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software | |
US10599842B2 (en) | Deceiving attackers in endpoint systems | |
US10855722B1 (en) | Deception service for email attacks | |
WO2012065551A1 (en) | Method for cloud security download | |
CN103780450B (en) | The detection method and system of browser access network address | |
US20170242987A1 (en) | Method and system of hardening applications against security attacks | |
US20220027456A1 (en) | Rasp-based implementation using a security manager | |
CN116340943A (en) | Application program protection method, device, equipment, storage medium and program product | |
KR102159399B1 (en) | Device for monitoring web server and analysing malicious code | |
CN104852888B (en) | A kind of method and device that static authentication information is set | |
CN107360189A (en) | Break through the vulnerability scanning method and device of Web protection | |
Subramani et al. | PhishInPatterns: measuring elicited user interactions at scale on phishing websites | |
CN105471821A (en) | Browser-based information processing method and device | |
CN107579983A (en) | Code security auditing method and device based on web log file | |
US20230376587A1 (en) | Online command injection attacks identification | |
US20150066763A1 (en) | Method and apparatus for cross channel monitoring | |
Barhoom et al. | A new server-side solution for detecting cross site scripting attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180112 |