CN107896219B - Method, system and related device for detecting website vulnerability - Google Patents

Method, system and related device for detecting website vulnerability Download PDF

Info

Publication number
CN107896219B
CN107896219B CN201711229693.1A CN201711229693A CN107896219B CN 107896219 B CN107896219 B CN 107896219B CN 201711229693 A CN201711229693 A CN 201711229693A CN 107896219 B CN107896219 B CN 107896219B
Authority
CN
China
Prior art keywords
vulnerability
detection
plug
general
website
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711229693.1A
Other languages
Chinese (zh)
Other versions
CN107896219A (en
Inventor
柳正青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenxinfu Information Security Co ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201711229693.1A priority Critical patent/CN107896219B/en
Publication of CN107896219A publication Critical patent/CN107896219A/en
Application granted granted Critical
Publication of CN107896219B publication Critical patent/CN107896219B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

The application discloses a website vulnerability detection method, which comprises the following steps: performing data crawling operation with a preset depth on a target website by using a preset number of web crawlers to obtain characteristic information and an Http request; determining a general vulnerability included in a target website according to the characteristic information and the Http request, and selecting a corresponding active detection plug-in to detect the general vulnerability to obtain a general vulnerability detection result; selecting a corresponding fuzzy detection plug-in to execute conventional vulnerability detection operation on a target website according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result; and after the bug is repaired, retesting the bug. The method has the advantages of more comprehensive vulnerability detection mode, controllable vulnerability detection time, more timely website security condition acquisition and capability of sustainably providing website vulnerability monitoring. The application also discloses a system and a device for detecting the vulnerability of the website and a computer readable storage medium, and the system and the device have the beneficial effects.

Description

Method, system and related device for detecting website vulnerability
Technical Field
The present application relates to the field of website vulnerability detection technologies, and in particular, to a method, a system, an apparatus, and a computer-readable storage medium for detecting website vulnerability.
Background
With the high-speed development of the internet, more and more internet-oriented services are provided, and it is more and more important to ensure the security of the internet services. Enterprises attach more and more importance to the security of internet services due to frequent outbreaks of 0Day vulnerability (vulnerability information that is grasped or disclosed by a system manufacturer before knowing and releasing relevant patches) events, which are caused by frequent occurrence of penetration of internet services, continuous development of hacker technology.
In order to solve the Security problem of the enterprise internet Service, many Security enterprises begin to provide related services of SECaaS (Security as a Service, information Security Service provided based on a cloud computing manner), one of which is website vulnerability detection. The website vulnerability detection is mainly used for providing penetration detection service for users and helping the users to find hidden potential safety hazards in advance.
The existing website vulnerability detection mechanism has some defects, one of which is that the vulnerability detection mode is not comprehensive: the method is mainly divided into two types according to the detection mode of the vulnerability, wherein one type of system focuses on detecting the general vulnerability, the other type of system focuses on detecting the conventional vulnerability, the detection effect of the system on the website which is not built by using a general framework and a building assembly is poor, and the detection effect of the system on the website which is not built by using the general framework and the building assembly is single, and the vulnerability formed by complex and combined attack is easy to leak; secondly, the detection time is uncontrollable: when the website is comprehensively detected by fuzzy detection, the overall detection time is too long to enable a user to obtain the current safety condition of a target website in time; thirdly, continuous monitoring cannot be performed: most of the existing website vulnerability detection mechanisms are disposable, and the first detection result is completely abandoned by the second detection aiming at the same website. In conclusion, the existing website vulnerability detection method is poor in actual use effect and poor in customer experience.
Therefore, how to overcome various technical defects of the existing website vulnerability detection method, and provide a more scientific and comprehensive vulnerability detection method, and a website vulnerability detection mechanism capable of providing continuous website vulnerability monitoring for clients is a problem to be solved by those skilled in the art.
Disclosure of Invention
The method integrates the detection of a general vulnerability and a conventional vulnerability, utilizes the characteristic information of a target website and an obtained Http request to perform general vulnerability detection, utilizes the Http request and a PayLoad insertion mechanism to perform conventional vulnerability detection, provides more comprehensive vulnerability detection for the website, and is provided with a vulnerability retesting mechanism for vulnerabilities discovered through first vulnerability detection, so that real vulnerability repair conditions can be fed back to clients, and the use experience and satisfaction of the clients are improved.
Another object of the present application is to provide a system, an apparatus and a computer-readable storage medium for detecting website vulnerability.
In order to achieve the above object, the present application provides a method for detecting website vulnerability, including:
performing data crawling operation with a preset depth on a target website by using a preset number of web crawlers to obtain characteristic information and an Http request;
determining a universal vulnerability included in the target website according to the feature information and the Http request, and selecting a corresponding active detection plug-in to detect the universal vulnerability to obtain a universal vulnerability detection result;
selecting a corresponding fuzzy detection plug-in to perform conventional vulnerability detection operation on the target website according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result;
and after the bug repairing is finished, selecting corresponding active detection plug-ins and fuzzy detection plug-ins for bug retesting according to the general bug detection result and the conventional bug detection result.
Optionally, the method for performing data crawling operation of a preset depth on the target website by using a preset number of web crawlers obtains feature information and Http requests, and includes:
crawling the home page feature information of the target website and the page feature information under a preset target path by using the web crawler;
determining a general composition frame and website building component information used by the target website according to the home page characteristic information and the page characteristic information;
and acquiring an Http request obtained in the process of executing the data crawling operation.
Optionally, determining a general vulnerability included in the target website according to the feature information and the Http request, and selecting a corresponding active detection plug-in to detect the general vulnerability to obtain a general vulnerability detection result, including:
determining corresponding public general loopholes according to the general composition framework and the station building component information;
performing feature extraction operation on the Http request to obtain request features, and determining corresponding public general vulnerabilities according to the request features;
and generating a corresponding harmless attack packet according to the disclosed general vulnerability, and finally confirming the general vulnerability existing in the target website by using the harmless attack packet to obtain a general vulnerability detection result.
Optionally, according to the Http request and a preset PayLoad insertion mechanism, selecting a corresponding fuzzy detection plug-in to perform a conventional vulnerability detection operation on the target website, so as to obtain a conventional vulnerability detection result, where the method includes:
dividing the PayLoad insertion mechanism into a first preset number of PayLoad insertion types according to different insertion points;
dividing the PayLoad in the PayLoad insertion mechanism into a second preset number of PayLoad grades according to different concealment properties of the conventional loopholes;
generating a corresponding fuzzy detection plug-in according to the request parameters contained in the Http request, the received PayLoad insertion type selection information and PayLoad grade selection information;
and injecting corresponding PayLoad into the target website by using the fuzzy detection plug-in, and determining whether a conventional vulnerability exists according to response information of the target website to obtain a conventional vulnerability detection result.
Optionally, selecting a corresponding active detection plug-in and a corresponding fuzzy detection plug-in for vulnerability retest according to the general vulnerability detection result and the conventional vulnerability detection result, including:
extracting the disclosed general vulnerability and the conventional vulnerability contained in the general vulnerability detection result and the conventional vulnerability detection result, and corresponding active detection plug-ins and fuzzy detection plug-ins;
judging whether a preset vulnerability retest trigger condition is met; the vulnerability retest trigger condition comprises a time trigger condition and an event trigger condition;
and if so, calling the same active detection plug-in and fuzzy detection plug-in to carry out the vulnerability retest on the target website.
Optionally, the detection method further includes:
executing deduplication operation on the Http request according to the PayLoad insertion type selection information so as to improve detection efficiency;
recording and storing the general vulnerability detection result and the conventional vulnerability detection result to obtain a first vulnerability detection log;
generating a vulnerability retest log according to the testing result of the vulnerability retest;
and generating a vulnerability detection report according to the first vulnerability detection log and the vulnerability retest log, and sending the vulnerability detection report through a preset path.
In order to achieve the above object, the present application further provides a system for detecting website vulnerability, including:
the data crawling unit is used for executing data crawling operation with preset depth on the target website by utilizing a preset number of web crawlers to obtain characteristic information and an Http request;
the universal vulnerability detection unit is used for determining the universal vulnerability contained in the target website according to the feature information and the Http request, and selecting a corresponding active detection plug-in to detect the universal vulnerability to obtain a universal vulnerability detection result;
the conventional vulnerability detection unit is used for selecting a corresponding fuzzy detection plug-in to execute conventional vulnerability detection operation on the target website according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result;
and the vulnerability retest unit is used for selecting corresponding active detection plug-ins and fuzzy detection plug-ins for vulnerability retest according to the general vulnerability detection result and the conventional vulnerability detection result.
Optionally, the data crawling unit includes:
the page feature crawling subunit is used for crawling the home page feature information of the target website and the page feature information under a preset target path by using the web crawler;
the frame and component determining subunit is used for determining a general composition frame and website building component information used by the target website according to the home page characteristic information and the page characteristic information;
and the request acquisition subunit is used for acquiring the Http request obtained in the process of executing the data crawling operation.
Optionally, the universal vulnerability detection unit includes:
the first general vulnerability determining subunit is used for determining corresponding public general vulnerabilities according to the general composition framework and the website building component information;
the second universal vulnerability determining subunit is used for executing feature extraction operation on the Http request to obtain request features, and determining corresponding public universal vulnerabilities according to the request features;
and the general vulnerability detection subunit is used for generating a corresponding harmless attack packet according to the disclosed general vulnerability, and finally confirming the general vulnerability existing in the target website by using the harmless attack packet to obtain the general vulnerability detection result.
Optionally, the conventional vulnerability detection unit includes:
the insertion type dividing subunit is used for dividing the PayLoad insertion mechanism into a first preset number of PayLoad insertion types according to different insertion points;
the grade dividing subunit is used for dividing the PayLoad in the PayLoad insertion mechanism into a second preset number of PayLoad grades according to different concealment properties of the conventional loopholes;
the fuzzy plug-in generation subunit is used for generating a corresponding fuzzy detection plug-in according to the request parameters contained in the Http request, the received PayLoad insertion type selection information and the PayLoad grade selection information;
and the conventional vulnerability detection subunit is used for injecting corresponding PayLoad into the target website by using the fuzzy detection plug-in, and determining whether conventional vulnerabilities exist according to response information of the target website to obtain a conventional vulnerability detection result.
Optionally, the vulnerability retest unit includes:
the extraction subunit is used for extracting the disclosed general vulnerability and the conventional vulnerability contained in the general vulnerability detection result and the conventional vulnerability detection result, and the corresponding active detection plug-in and the corresponding fuzzy detection plug-in;
the trigger judgment subunit is used for judging whether the preset vulnerability retest trigger condition is met; the vulnerability retest trigger condition comprises a time trigger condition and an event trigger condition;
and the retest subunit is used for calling the same active detection plug-in and fuzzy detection plug-in to retest the vulnerability of the target website.
Optionally, the detection system further includes:
the deduplication processing unit is used for executing deduplication operation on the Http request according to the PayLoad insertion type selection information so as to improve detection efficiency;
the first detection recording unit is used for recording and storing the general vulnerability detection result and the conventional vulnerability detection result to obtain a first vulnerability detection log;
the retest recording unit is used for generating a vulnerability retest log according to the testing result of the vulnerability retest;
and the detection report generating unit is used for generating a vulnerability detection report according to the first vulnerability detection log and the vulnerability retest log, and sending the vulnerability detection report through a preset path.
In order to achieve the above object, the present application further provides a website vulnerability detection apparatus, including:
a memory for storing a computer program;
a processor for implementing the steps of the website vulnerability detection method as described in the above when the computer program is executed.
To achieve the above object, the present application also provides a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to implement the steps of the website vulnerability detection method as described in the above.
According to the website vulnerability detection method, a preset number of web crawlers are used for executing data crawling operation with a preset depth on a target website to obtain characteristic information and an Http request; determining a universal vulnerability included in the target website according to the feature information and the Http request, and selecting a corresponding active detection plug-in to detect the universal vulnerability to obtain a universal vulnerability detection result; selecting a corresponding fuzzy detection plug-in to perform conventional vulnerability detection operation on the target website according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result; and after the bug repairing is finished, selecting corresponding active detection plug-ins and fuzzy detection plug-ins for bug retesting according to the general bug detection result and the conventional bug detection result.
Obviously, the technical scheme provided by the application integrates the detection of the universal vulnerability and the conventional vulnerability, utilizes the characteristic information of the target website and the acquired Http request to perform universal vulnerability detection, and utilizes the Http request and the PayLoad insertion mechanism to perform conventional vulnerability detection, thereby providing more comprehensive vulnerability detection for the website. The application also provides a system and a device for detecting website vulnerability and a computer readable storage medium, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for detecting web site vulnerability according to an embodiment of the present application;
FIG. 2 is a flowchart of another method for detecting web site vulnerability according to an embodiment of the present application;
fig. 3 is a flowchart of a vulnerability detection report generation method in the website vulnerability detection method according to the embodiment of the present application;
fig. 4 is a block diagram illustrating a website vulnerability detection system according to an embodiment of the present disclosure.
Detailed Description
The core of the application is to provide a method, a system, a device and a computer readable storage medium for detecting website vulnerability, which integrate the detection of general vulnerability and conventional vulnerability, carry out general vulnerability detection by using the characteristic information of a target website and an obtained Http request, and carry out conventional vulnerability detection by using the Http request and a PayLoad insertion mechanism, thereby providing more comprehensive vulnerability detection for the website.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Some art-specific terms appearing in the present application are explained below:
general vulnerability: widely recognized or discovered information security vulnerabilities found in commonly used operating systems, system components, critical frameworks and applications.
Conventional vulnerabilities: common vulnerabilities including SQL injection (which finally achieves to deceive a server to execute a malicious SQL command by inserting an SQL command into a web form submission and inputting a domain name or a query string of a page request), XSS injection (Cross site scripting, Cross site scripting attack in which a malicious attacker inserts a malicious Script code into a web page, and when a user browses the page, the malicious Script code embedded in the web page is executed to achieve the purpose of maliciously attacking the user) and the like are usually detected by sending abnormal data to detect whether a vulnerability exists.
Wherein, SQL is called English: structured Query Language, the Chinese name is: the structured query language is a database query and programming language for accessing data and querying, updating and managing a relational database system, and is also an extension of a database script file.
Script is an extension of batch files, and is a program for storing plain text, and a general computer Script program is a combination of a specific series of operations for controlling a computer to perform an arithmetic operation, and can realize a certain logical branch in the computer Script program.
Http request is a request message from a client to a server, and when a browser sends a request to a Web server, it transfers a data block, i.e. request information, to the server, where Http request information consists of three parts: (1) request method URI (Uniform Resource Identifier) protocol/version (2) request header (RequestHeader) (3) request body.
Response data is also included corresponding to the Http request.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for detecting web site vulnerability according to an embodiment of the present disclosure.
The method specifically comprises the following steps:
s101: performing data crawling operation with a preset depth on a target website by using a preset number of web crawlers to obtain characteristic information and an Http request;
the method comprises the steps of carrying out data crawling operation on a website needing vulnerability detection by using a web crawler to obtain characteristic information and an Http request of a target website. Wherein, for increasing data crawling efficiency, a plurality of web crawlers can be used and distributed with different data crawling tasks. Meanwhile, the crawling depth of data on a target website can be limited, all information of the whole website does not need to be crawled, in most cases, features and Http requests contained on home pages and web pages under a certain depth can sufficiently reflect most easily-appearing website vulnerabilities, and if vulnerabilities exist on web pages under a certain depth, the same vulnerabilities usually exist on deeper web pages.
Specifically, the set number of the web crawlers and the data crawling depth can be set by self, and the most appropriate scheme should be considered and selected comprehensively according to vulnerability detection time, vulnerability detection comprehensive degree, load performance upper limit of the entity hardware and the like set by a user under the actual condition.
The characteristic information is used for reflecting construction information of the target website and identifying a component framework, a site construction component and the like used by the target website in a construction process. For example, some smaller-scale enterprises generally use a website building template with a wider stream in the process of building their own websites, and a simple enterprise website can be formed only by modifying some contents in the template, and websites built on the basis of the template have the same component framework and website building components, so that they also have the same website vulnerability. Meanwhile, some commercial payment templates are continuously updated to repair the vulnerability of the previous version to form templates of versions 1.1 and 1.2, and whether the target website has a universal component framework and a website building component can be obtained through the identification of the characteristic information, so that the published vulnerabilities of the same component framework, website building component and template version can be quickly searched, and corresponding vulnerability tests are carried out.
The method for detecting the target website vulnerability by using the Http request is different from the characteristic information, and the conventional vulnerability of the target website is found by probing whether abnormal response data occurs or not through some conventional vulnerability attack means, such as SQL injection, XSS injection and the like, instead of directly determining which published vulnerabilities are possessed. How to detect the conventional vulnerability will be described in detail in the following embodiments.
S102: determining a general vulnerability included in a target website according to the characteristic information and the Http request, and selecting a corresponding active detection plug-in to detect the general vulnerability to obtain a general vulnerability detection result;
on the basis of S101, the step aims to determine the universal vulnerability contained in the target website, and combines the definition of the universal vulnerability, and the step uses the target website feature information obtained by crawling and the Http request.
And determining whether the composition framework and the station building component used for building the target website are widely used and the disclosed general composition framework and the disclosed station building component according to the characteristic information, and if so, finding the disclosed general vulnerability according to the determined general composition framework and the station building component. On the basis of determining the disclosed general vulnerabilities, selecting corresponding active detection plug-ins based on each determined disclosed general vulnerability for verifying whether the general vulnerabilities really exist in the target website or not so as to eliminate vulnerability misjudgment caused by abnormality of each link.
The method is characterized in that the target website comprises public general vulnerabilities which can be determined only according to the public general vulnerability library, once the vulnerabilities are disclosed, the vulnerability detection mode can be correspondingly given, and the active detection plug-in is generated based on the vulnerability detection mode. Specifically, the active detection plug-in may be an attack packet with pertinence, and if the attack packet is valid, it indicates that the corresponding vulnerability really exists. Due to the vulnerability detection of the target website, the purpose is to detect rather than attack, and harmless means can be selected as much as possible in the aspect of selecting the active detection plug-in so as to prevent the target website from being damaged.
Specifically, the expression form of the active detection plug-in is various and is not limited to the form of an attack packet, and meanwhile, the corresponding active detection plug-in can be set for each different general vulnerability, so that the active detection plug-ins are mutually independent and do not interfere with each other during operation, parallel detection can be realized, and vulnerability detection efficiency is improved. Certainly, serial vulnerability detection can also be performed according to the needs of users, the performance limit of the entity hardware, the load capacity of the target website and the like, that is, vulnerability detection is performed on the target website by starting one or a few active detection plug-ins each time so as not to affect the normal operation of the target website.
S103: selecting a corresponding fuzzy detection plug-in to execute conventional vulnerability detection operation on a target website according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result;
on the basis of S101, the step aims to determine the conventional vulnerability contained in the target website, and in combination with the definition of the conventional vulnerability, the step uses the crawled Http request of the target website.
For the detection of conventional vulnerabilities, the PayLoad insertion mechanism is inevitably involved. Computer viruses often compute operations at a target that are harmful or malignant in nature, and the portion of the virus code that performs this function is called the "PayLoad, PayLoad". PayLoad may do what any program running in the victim environment can do, and can perform actions including destroying files, deleting files, sending sensitive information to the author of the virus or any recipient, and providing backdoors to infected computers, among other operations.
According to the composition structure of the Http request, there are many places where the insertion of the PayLoad can be performed, and one classification method is to classify the insertion position into three categories: path class PayLoad insertion, file class PayLoad insertion, and other class PayLoad insertion. The insertion position of the path class PayLoad insertion is in the path information of the Http request, the insertion position of the file class PayLoad insertion is in the file name of the end of the Http request, and the other class PayLoad insertion includes any position of the Http request.
The following is illustrated by way of an example: http:// www.abc.com/xxx/yyy/zzz. php, where "Http:// www.abc.com" in the Http request is the top page address, "xxx" is a path under the top page, "yyy" is a path under "xxx", and "zzz. php" is a file under the "yy" path, in this example, the insertion of PayLoad after the top page address, "xxx" and "yy" each belongs to the insertion of PayLoad of the path class, and the insertion of PayLoad after "zzz. php" belongs to the insertion of PayLoad of the file class, and both belong to the insertion of PayLoad of other classes, that is, the insertion of PayLoad of other classes includes not only the insertion of PayLoad of the path class and the insertion of PayLoad of the file class, but also includes the insertion of PayLoad at other positions.
The expression of the inserted PayLoad is diverse, such as the simpler quotation marks, the double quotation marks, and 1 ═ 1, and 1 ═ 2, the more complex ') and 1 ═ 1or (' xy, or 1 ═ 1, ' -order by 3, and the more complex ')) and 1 ═ 1or ((' xy,; update t1set content is 'aaaaaaaaaaaa', payloads of different degrees of complexity can be used to detect conventional vulnerabilities of different degrees of concealment, and the level of PayLoad insertion can be divided accordingly, thereby controlling the fuzzy detection time for performing conventional vulnerabilities.
Of course, the PayLoad insertion position classification method and the PayLoad ranking classification method are not unique, and the most appropriate classification and setting can be performed according to different requirements and in combination with actual situations, so as to better provide the detection efficiency of the conventional vulnerability.
Further, according to the above mentioned PayLoad insertion category division method and PayLoad grading division method, a corresponding fuzzy detection plug-in can be generated for discovering a potential conventional vulnerability of a target website. Meanwhile, the fuzzy detection plug-in may also be used in parallel or in series like the active detection plug-in S102, which is not described herein again.
Furthermore, on the basis of dividing the PayLoad insertion categories, deduplication processing can be performed on Http requests according to different PayLoad insertion categories to improve conventional vulnerability detection efficiency, which will be elaborated in the following embodiments.
S104: and after the bug repairing is finished, selecting corresponding active detection plug-ins and fuzzy detection plug-ins according to the general bug detection result and the conventional bug detection result to carry out bug retesting.
After determining the general vulnerability and the conventional vulnerability existing in the target website in S102 and S103, the corresponding vulnerability fixing work must be performed, the vulnerability fixing technology in the field is already disclosed sufficiently, and the focus of the application is not how to perform vulnerability fixing. After receiving the input vulnerability repair complete information, the method provides continuous vulnerability monitoring for the target website, namely, the vulnerability monitoring is carried out in a vulnerability retest mode.
And searching the active detection plug-in and the fuzzy detection plug-in selected at the time from the general vulnerability detection result and the conventional vulnerability detection result generated in S102 and S103, and calling the active detection plug-in and the fuzzy detection plug-in again to perform vulnerability retest of the target website.
Furthermore, the detection results obtained in each step can be summarized to generate a vulnerability detection report of the website, so that corresponding vulnerability repair suggestions are provided for clients.
Based on the technical scheme, the method for detecting the website vulnerability integrates the detection of the general vulnerability and the conventional vulnerability, utilizes the characteristic information of the target website and the acquired Http request to perform the general vulnerability detection, utilizes the Http request and the PayLoad insertion mechanism to perform the conventional vulnerability detection, provides more comprehensive vulnerability detection for the website, and is also provided with a vulnerability retesting mechanism for the vulnerability discovered through the vulnerability detection for the first time, so that the real vulnerability repairing condition can be fed back to a client, and the use experience and satisfaction degree of the client are improved.
Referring to fig. 2, fig. 2 is a flowchart of another website vulnerability detection method provided in the embodiment of the present application.
The method specifically comprises the following steps:
s201: crawling the home page characteristic information of the target website and the page characteristic information under a preset target path by using a web crawler;
s202: determining a general composition frame and website building component information used by a target website according to the home page characteristic information and the page characteristic information;
since the home page feature information of the website and the page feature information under the specific path can most feed back the information of the general composition framework and the website building component used for building the website, S201 and S202 utilize the web crawler to acquire the information to determine the feature information of the target website.
S203: obtaining an Http request obtained in the process of executing data crawling operation;
s204: determining corresponding public general loopholes according to the general composition framework and the station building component information;
in this step, the corresponding public general vulnerability is determined according to the determined general composition framework and the station building component information, the content is the same as that in S101 and S102, and reference may be made to corresponding parts, which are not described herein again.
S205: performing feature extraction operation on the Http request to obtain request features, and determining corresponding public general vulnerabilities according to the request features;
this step is based on the Http request obtained in S203, and is intended to extract the request features from the Http request, compare the request features with the request feature library included in the published universal vulnerability library, and determine the corresponding published universal vulnerability.
S206: generating a corresponding harmless attack packet according to the disclosed general vulnerability, and finally confirming the general vulnerability existing in the target website by using the harmless attack packet to obtain a general vulnerability detection result;
the step aims to adopt a harmless attack packet as a concrete expression form of each active detection vulnerability so as to finally confirm the general vulnerability existing in the target website.
S207: dividing a PayLoad insertion mechanism into a first preset number of PayLoad insertion types according to different insertion points; dividing the PayLoad in the PayLoad insertion mechanism into a second preset number of PayLoad grades according to different concealment properties of the conventional vulnerability;
the method comprises the steps of dividing the PayLoad insertion types and the PayLoad grades according to different actual conditions and different requirements, covering all PayLoad insertion conditions through division, and providing different selection mechanisms for clients to control the detection degree and time of conventional vulnerabilities and acquire the security condition of a target website in time.
The first preset number and the second preset number may be flexibly set according to actual situations, and are not specifically limited herein.
S208: generating a corresponding fuzzy detection plug-in according to the request parameters contained in the Http request, the received PayLoad insertion type selection information and PayLoad grade selection information;
s209: injecting corresponding PayLoad into a target website by using a fuzzy detection plug-in, and determining whether a conventional vulnerability exists according to response information of the target website to obtain a conventional vulnerability detection result;
based on S207, S208 determines the conventional vulnerability detection degree selected by the user according to the received PayLoad insertion category selection information and PayLoad level selection information, and generates a corresponding fuzzy detection plug-in according to the conventional vulnerability detection degree, S209 performs conventional vulnerability detection on the request parameter included in the Http request by using the fuzzy detection plug-in, and determines whether a conventional vulnerability exists according to the response data sent back.
S210: extracting the disclosed general vulnerability and the conventional vulnerability contained in the general vulnerability detection result and the conventional vulnerability detection result, and corresponding active detection plug-in and fuzzy detection plug-in;
s211: judging whether a preset vulnerability retest trigger condition is met;
s212: and calling the same active detection plug-in and fuzzy detection plug-in to carry out vulnerability retesting on the target website.
S210, S211, and S212 provide a way of how to perform the vulnerability retest, wherein the preset vulnerability retest trigger conditions have a plurality of expressions, such as a time trigger way, an event trigger way, and the like, which will be described in detail in the following system embodiments.
With reference to fig. 3, fig. 3 is a flowchart of generating a vulnerability detection report in the website vulnerability detection method according to the embodiment of the present application.
In this embodiment, how to generate the bug detection report is described based on other embodiments, other steps are substantially the same as those in other embodiments, and reference may be made to corresponding parts in other embodiments, which are not described herein again.
The method specifically comprises the following steps:
s301: recording and storing a general vulnerability detection result and a conventional vulnerability detection result to obtain a first vulnerability detection log;
s302: generating a vulnerability retest log according to a test result of the vulnerability retest;
s303: and generating a vulnerability detection report according to the first vulnerability detection log and the vulnerability retest log, and sending the vulnerability detection report through a preset path.
According to the method, firstly, a general vulnerability detection result and a conventional vulnerability detection result are recorded, a first vulnerability detection log of a target website is obtained, then a vulnerability retest log is generated according to a testing result of the vulnerability retest, finally, a vulnerability detection report is generated according to the first vulnerability detection log and the vulnerability retest log, and the vulnerability detection report is sent through various paths, such as a mailbox, instant messaging software, a management platform and the like.
Based on the technical scheme, the method for detecting the vulnerability of the website integrates the detection of the general vulnerability and the conventional vulnerability, and provides a more comprehensive vulnerability detection mode for the website: for the test of the general vulnerability, selecting a corresponding active detection plug-in according to website information and request characteristics; for fuzzy detection of conventional vulnerabilities, a PayLoad insertion mechanism is divided into different types and grades, a user can select different test modes and grades according to needs, vulnerability detection time of a target website is controlled accordingly, and a vulnerability retest mechanism is arranged for vulnerabilities discovered through first vulnerability detection, so that real vulnerability repair conditions are fed back to the user in time, and use experience and satisfaction of the user are improved.
Because the situation is complicated and cannot be illustrated by a list, a person skilled in the art can realize that many examples exist according to the basic method principle provided by the application and the practical situation, and the protection scope of the application should be protected without enough inventive work.
Referring to fig. 4, fig. 4 is a block diagram illustrating a structure of a system for detecting website vulnerability according to an embodiment of the present disclosure.
The detection system may include:
the data crawling unit 100 is configured to perform data crawling operation of a preset depth on a target website by using a preset number of web crawlers to obtain feature information and Http requests;
the universal vulnerability detection unit 200 is used for determining a universal vulnerability included in the target website according to the feature information and the Http request, and selecting a corresponding active detection plug-in to detect the universal vulnerability to obtain a universal vulnerability detection result;
the conventional vulnerability detection unit 300 is used for selecting a corresponding fuzzy detection plug-in to execute conventional vulnerability detection operation on the target website according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result;
and the vulnerability retest unit 400 is used for selecting corresponding active detection plug-ins and fuzzy detection plug-ins for vulnerability retest according to the general vulnerability detection result and the conventional vulnerability detection result.
Wherein, the data crawling unit 100 includes:
the page feature crawling subunit is used for crawling the home page feature information of the target website and the page feature information under the preset target path by using a web crawler;
the frame and component determining subunit is used for determining a general composition frame and website building component information used by the target website according to the home page characteristic information and the page characteristic information;
and the request acquisition subunit is used for acquiring the Http request obtained in the process of executing the data crawling operation.
Wherein, general vulnerability detection unit 200 includes:
the first general vulnerability determining subunit is used for determining corresponding public general vulnerabilities according to the general composition framework and the website building component information;
the second universal vulnerability determining subunit is used for executing feature extraction operation on the Http request to obtain request features, and determining corresponding public universal vulnerabilities according to the request features;
and the general vulnerability detection subunit is used for generating a corresponding harmless attack packet according to the disclosed general vulnerability, and finally confirming the general vulnerability existing in the target website by using the harmless attack packet to obtain a general vulnerability detection result.
Wherein, the conventional vulnerability detection unit 300 includes:
the insertion type dividing subunit is used for dividing a PayLoad insertion mechanism into a first preset number of PayLoad insertion types according to different insertion points;
the grade dividing subunit is used for dividing the PayLoad in the PayLoad insertion mechanism into a second preset number of PayLoad grades according to different concealment performances of the conventional loopholes;
the fuzzy plug-in generation subunit is used for generating a corresponding fuzzy detection plug-in according to the request parameters contained in the Http request, the received PayLoad insertion type selection information and the PayLoad grade selection information;
and the conventional vulnerability detection subunit is used for injecting the corresponding PayLoad into the target website by using the fuzzy detection plug-in, and determining whether a conventional vulnerability exists according to the corresponding information of the target website to obtain a conventional vulnerability detection result.
Wherein, the vulnerability retest unit 400 includes:
the extraction subunit is used for extracting the disclosed general vulnerability and the conventional vulnerability contained in the general vulnerability detection result and the conventional vulnerability detection result, and the corresponding active detection plug-in and the corresponding fuzzy detection plug-in;
the trigger judgment subunit is used for judging whether the preset vulnerability retest trigger condition is met; the vulnerability retest trigger conditions comprise time trigger conditions and event trigger conditions;
and the retest subunit is used for calling the same active detection plug-in and fuzzy detection plug-in to retest the vulnerability of the target website.
Further, the detection system may further include:
the deduplication processing unit is used for executing deduplication operation on the Http request according to the PayLoad insertion type selection information so as to improve the detection efficiency;
the first detection recording unit is used for recording and storing the general vulnerability detection result and the conventional vulnerability detection result to obtain a first vulnerability detection log;
the retest recording unit is used for generating a vulnerability retest log according to the test result of the vulnerability retest;
and the detection report generating unit is used for generating a vulnerability detection report according to the first vulnerability detection log and the vulnerability retest log, and sending the vulnerability detection report through a preset path.
The above units can be applied to the following specific practical example:
the website vulnerability detection system provided by the embodiment comprises a vulnerability detection system and a vulnerability retesting system, wherein the vulnerability detection system scans vulnerabilities of a website and stores detected website vulnerabilities into a database; and the vulnerability retest system is used for taking out vulnerability data from the database according to the setting and retesting whether the vulnerability is repaired or not.
The specific process and method of the vulnerability detection system are as follows:
1. the data crawling unit crawls a website to be detected at a certain depth by using a web crawler and records a crawled Http request and response;
2. the data crawling unit identifies information such as a frame and a website building component used by a website by detecting characteristics of a home page of the website or detecting characteristics of a page of a specific path;
3. the universal vulnerability detection unit comprises a series of active detection plug-ins, each active plug-in comprises a vulnerability detection logic, and the active plug-ins verify whether vulnerabilities exist by sending attack packets to specific pages.
And the universal vulnerability detection unit screens out the active detection plug-in which meets the requirements through the characteristics of the website and the Http request, and detects whether the website has a vulnerability. When a new universal bug is disclosed, an active plug-in is added in time to ensure that the universal bug detection unit can detect the latest bug.
The universal vulnerability detection unit screens the active plug-ins in two ways. Because each active plug-in is used for detecting one or more frames and website building components, and the data crawling unit identifies the information of the frames, the website building components and the like of the website. And the general vulnerability detection unit selects a corresponding active detection plug-in to detect the website through the identified website information.
Secondly, most of the general vulnerabilities are vulnerabilities under a specific page, so that active plug-ins basically detect vulnerability conditions by requesting the specific page. For each Http request, the universal vulnerability detection unit identifies whether the request discloses a universal vulnerability according to the request characteristics. And if the vulnerability is disclosed, calling a corresponding active detection plug-in for detection.
The method for identifying whether the disclosed vulnerability exists in the request page comprises the following steps:
(1) for each active detection plug-in, if a specific page is detected, extracting features of Http requests for accessing the page. The characteristics include information such as relative path of the page request, request parameter name, etc. Storing the characteristics as rules and recording the rules; (2) for each crawled Http request, searching whether the rule conforms to the request; (3) and when the matched rule is searched, detecting the request page by using the active detection plug-in corresponding to the rule.
The plug-in is actively detected in a hot plug-in mode, when a new bug is exploded, the plug-in can be timely updated, and the comprehensive detection of the general bug of the website is guaranteed. Because the website vulnerability monitoring system runs on the server side, the process of adding the plug-in is transparent to the user.
4. The plug-in the conventional vulnerability detection unit is a fuzzy detection plug-in. Each fuzzy detection plug-in detects a certain type of vulnerability, and the potential vulnerability is discovered by carrying out fuzzy test on PayLoad with relevant vulnerabilities attached to each possible input point of the Http request.
The fuzzy detection plug-ins are divided into three types, namely path plug-ins, file plug-ins and other plug-ins according to the position of the fuzzy detection plug-ins for injecting attack data. The injection points of the path type plug-ins are only on the path, and different requests of the same path are the same for the path type plug-ins; the injection points of the file plug-in are on the path and the file; while the injection points for other plug-ins include path, file, and request parameters, etc.
Before detecting each Http request page, the conventional vulnerability detection unit performs deduplication on Http requests. Corresponding to the type of the fuzzy detection plug-in, the duplicate removal method is also divided into three types, namely path duplicate removal, file duplicate removal and request duplicate removal.
The path deduplication takes the link path of the Http request as a feature, and judges whether the request under the path is tested before. After the request is input, whether the previously tested request has the same path or not is checked, if the request does not have the same path, the request is output to the plug-in, and if the request with the repeated path is processed, the request is filtered.
If the following are input in sequence:
Http://www.abc.com/xxx/yyy/zzz.php?a=5
Http://www.abc.com/xxx/yyy/mm.php?b=5
Http://www.abc.com/xxx/yyy/zzz.php?c=5
since the path characteristics of all three links are Http:// www.abc.com/xxx/yyy/, the de-duplication result is that only: http:// www.abc.com/xxx/yyy/zzz. php? and a is 5.
The file deduplication takes the link path and the file name of the Http request as features, and judges whether the request for the file is tested. After the request is input, whether the previous request has the same path and file name is checked, if not, the request is output to the plug-in, and if the request with the same characteristic is processed, the request is filtered.
If the following are input in sequence:
Http://www.abc.com/xxx/yyy/zzz.php?a=5
Http://www.abc.com/xxx/yyy/mm.php?b=5
Http://www.abc.com/xxx/yyy/zzz.php?c=5
the path and file name of the first link and the third link are the same, so the result after deduplication is:
Http://www.abc.com/xxx/yyy/zzz.php?a=5
Http://www.abc.com/xxx/yyy/mm.php?b=5
the request deduplication is characterized by a request method, a request URL and parameters contained in the request, whether similar requests are tested or not is judged, similarly, whether each input request has the same characteristics with the previous request or not is checked, if not, the request is output to the plug-in, and otherwise, the request is filtered.
And selecting different duplication removing methods for fuzzy detection plug-ins in the conventional vulnerability detection unit according to the types of the plug-ins. For example, the principle of finding the plug-in of the sensitive file is that the sensitive file name is added after each path, and whether the vulnerability exists is judged according to the website response. Since the injection point is only on the requested path, the sensitive file finds that the plug-in is a path type plug-in, and the path is selected for deduplication in a deduplication mode. The SQL injection detection plug-in and the XSS injection detection plug-in inject test PayLoad into each path and parameter of the request, so that a request deduplication method is selected for other plug-ins.
Similarly, the plug-in unit in the fuzzy test can be designed to be in a hot plug-in mode, so that the plug-in unit can be optimized and improved in time when a new vulnerability type or vulnerability detection method exists.
Each fuzzy detection plug-in has a test PayLoad with a plurality of grades, and for each Http request to be detected, the plug-in can carry out the screening of the PayLoad according to the test grade selected by the user. Taking SQL injection plug-in as an example, PayLoad can be divided into three levels, where the first level is used to discover vulnerabilities with high vulnerability occurrence probability and poor imperceptibility, such as single quotation mark, double quotation mark, and 1 ═ 1, and 1 ═ 2, and the like; the second level is used for discovering bugs with a general and more covert occurrence probability, such as ') and 1 ═ 1or (' xy, or 1 ═ 1, ' -order by 3 — etc.; the third level is used to discover holes with low probability of occurrence but deep hidden, such as ')) and 1 ═ 1or ((' xy,; update t1set content ═ aaaaaaaa'. If the user selects a test rank of two, then PayLoads at a rank of one and a rank of two are injected, and PayLoads at a rank of three do not send a detection.
No matter the plug-in is actively detected or the plug-in is detected in a fuzzy mode, all the plug-ins are independent of each other and do not depend on detection results of other plug-ins, therefore, the plug-ins can run in parallel, and detection time is shortened.
And the vulnerability retest system acquires the vulnerability found by the vulnerability detection system, retests the vulnerability repair condition according to the user requirement, and informs the user of the vulnerability repair condition by outputting a retest report and the like.
The specific process is as follows:
1. and the vulnerability retest system acquires the website vulnerability discovered by the vulnerability detection system.
2. And triggering a retest process according to the retest requirement of the user, and retesting the vulnerability of the user website.
And calling the corresponding detection plug-in again to detect the bugs discovered by the universal bug detection module.
And for the bugs discovered by the conventional bug detection module, determining the detection mode of the bugs according to bug details and the like, and reconstructing a data packet capable of triggering the bugs according to the original request, test data corresponding to the bugs, the bug details and other information. The packet is transmitted and re-detected. The vulnerability is retested while sending a small number of packets.
3. After all bugs of a certain website are retested, displaying information such as repaired bug conditions, unrepaired bug detection methods, repair suggestions and the like to a user in a bug retest report mode, so that the user can track the repair conditions of the website in real time.
The retest process is triggered in two ways, namely a time trigger way and an event trigger way. The time triggering mode is that when the detection time of the previous bug exceeds the retest period set by the user, the retest of the user bug is triggered. The event triggering mode is that when a user clicks a retest button on a page and the like, a retest request is sent to the server, and retest of the user vulnerability is triggered.
Based on the foregoing embodiments, the present application further provides a website vulnerability detection apparatus, which may include a memory and a processor, where the memory stores a computer program, and the processor may implement the steps provided by the foregoing embodiments when calling the computer program in the memory. Of course, the detection device may also include various necessary network interfaces, power supplies, other components, and the like.
The present application also provides a computer-readable storage medium, on which a computer program is stored, which, when executed by an execution terminal or processor, can implement the steps provided by the above-mentioned embodiments. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (16)

1. A method for detecting website vulnerability is characterized by comprising the following steps:
performing data crawling operation with a preset depth on a target website by using a preset number of web crawlers to obtain characteristic information and an Http request;
determining a universal vulnerability included in the target website according to the feature information and the Http request, and selecting a corresponding active detection plug-in to detect the universal vulnerability to obtain a universal vulnerability detection result; the general vulnerability is determined according to the general composition frame and the website building component information of the target website; the active detection plug-in is a plug-in for detecting the general vulnerability in an attack detection mode;
selecting a corresponding fuzzy detection plug-in to perform conventional vulnerability detection operation on the target website according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result; the conventional vulnerability is a vulnerability which can be attacked by abnormal data obtained based on a PayLoad insertion mechanism; the fuzzy detection plug-in is a plug-in obtained based on a PayLoad insertion mechanism;
and after the bug repairing is finished, selecting corresponding active detection plug-ins and fuzzy detection plug-ins for bug retesting according to the general bug detection result and the conventional bug detection result.
2. The detection method according to claim 1, wherein performing a data crawling operation at a preset depth on a target website by using a preset number of web crawlers to obtain feature information and Http requests comprises:
crawling the home page feature information of the target website and the page feature information under a preset target path by using the web crawler;
determining a general composition frame and website building component information used by the target website according to the home page characteristic information and the page characteristic information;
and acquiring an Http request obtained in the process of executing the data crawling operation.
3. The detection method according to claim 2, wherein the step of determining the general vulnerability included in the target website according to the feature information and the Http request, and selecting a corresponding active detection plug-in to detect the general vulnerability to obtain a general vulnerability detection result comprises:
determining corresponding public general loopholes according to the general composition framework and the station building component information;
performing feature extraction operation on the Http request to obtain request features, and determining corresponding public general vulnerabilities according to the request features;
and generating a corresponding harmless attack packet according to the disclosed general vulnerability, and finally confirming the general vulnerability existing in the target website by using the harmless attack packet to obtain a general vulnerability detection result.
4. The detection method according to claim 3, wherein performing a conventional vulnerability detection operation on the target website by using a corresponding fuzzy detection plug-in according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result comprises:
dividing the PayLoad insertion mechanism into a first preset number of PayLoad insertion types according to different insertion points;
dividing the PayLoad in the PayLoad insertion mechanism into a second preset number of PayLoad grades according to different concealment properties of the conventional loopholes;
generating a corresponding fuzzy detection plug-in according to the request parameters contained in the Http request, the received PayLoad insertion type selection information and PayLoad grade selection information;
and injecting corresponding PayLoad into the target website by using the fuzzy detection plug-in, and determining whether a conventional vulnerability exists according to response information of the target website to obtain a conventional vulnerability detection result.
5. The detection method according to claim 4, wherein selecting corresponding active detection plug-ins and fuzzy detection plug-ins for vulnerability retest according to the general vulnerability detection result and the conventional vulnerability detection result comprises:
extracting the disclosed general vulnerability and the conventional vulnerability contained in the general vulnerability detection result and the conventional vulnerability detection result, and corresponding active detection plug-ins and fuzzy detection plug-ins;
judging whether a preset vulnerability retest trigger condition is met; the vulnerability retest trigger condition comprises a time trigger condition and an event trigger condition;
and if so, calling the same active detection plug-in and fuzzy detection plug-in to carry out the vulnerability retest on the target website.
6. The detection method according to claim 4, further comprising:
and executing deduplication operation on the Http request according to the PayLoad insertion type selection information so as to improve detection efficiency.
7. The detection method according to claim 5, further comprising:
recording and storing the general vulnerability detection result and the conventional vulnerability detection result to obtain a first vulnerability detection log;
generating a vulnerability retest log according to the testing result of the vulnerability retest;
and generating a vulnerability detection report according to the first vulnerability detection log and the vulnerability retest log, and sending the vulnerability detection report through a preset path.
8. A system for detecting web site vulnerabilities, comprising:
the data crawling unit is used for executing data crawling operation with preset depth on the target website by utilizing a preset number of web crawlers to obtain characteristic information and an Http request;
the universal vulnerability detection unit is used for determining the universal vulnerability contained in the target website according to the feature information and the Http request, and selecting a corresponding active detection plug-in to detect the universal vulnerability to obtain a universal vulnerability detection result; the general vulnerability is determined according to the general composition frame and the website building component information of the target website; the active detection plug-in is a plug-in for detecting the general vulnerability in an attack detection mode;
the conventional vulnerability detection unit is used for selecting a corresponding fuzzy detection plug-in to execute conventional vulnerability detection operation on the target website according to the Http request and a preset PayLoad insertion mechanism to obtain a conventional vulnerability detection result; the conventional vulnerability is a vulnerability which can be attacked by abnormal data obtained based on a PayLoad insertion mechanism; the fuzzy detection plug-in is a plug-in obtained based on a PayLoad insertion mechanism;
and the vulnerability retest unit is used for selecting corresponding active detection plug-ins and fuzzy detection plug-ins for vulnerability retest according to the general vulnerability detection result and the conventional vulnerability detection result.
9. The detection system according to claim 8, wherein the data crawling unit comprises:
the page feature crawling subunit is used for crawling the home page feature information of the target website and the page feature information under a preset target path by using the web crawler;
the frame and component determining subunit is used for determining a general composition frame and website building component information used by the target website according to the home page characteristic information and the page characteristic information;
and the request acquisition subunit is used for acquiring the Http request obtained in the process of executing the data crawling operation.
10. The detection system according to claim 9, wherein the universal vulnerability detection unit comprises:
the first general vulnerability determining subunit is used for determining corresponding public general vulnerabilities according to the general composition framework and the website building component information;
the second universal vulnerability determining subunit is used for executing feature extraction operation on the Http request to obtain request features, and determining corresponding public universal vulnerabilities according to the request features;
and the general vulnerability detection subunit is used for generating a corresponding harmless attack packet according to the disclosed general vulnerability, and finally confirming the general vulnerability existing in the target website by using the harmless attack packet to obtain the general vulnerability detection result.
11. The detection system according to claim 10, wherein the conventional vulnerability detection unit includes:
the insertion type dividing subunit is used for dividing the PayLoad insertion mechanism into a first preset number of PayLoad insertion types according to different insertion points;
the grade dividing subunit is used for dividing the PayLoad in the PayLoad insertion mechanism into a second preset number of PayLoad grades according to different concealment properties of the conventional loopholes;
the fuzzy plug-in generation subunit is used for generating a corresponding fuzzy detection plug-in according to the request parameters contained in the Http request, the received PayLoad insertion type selection information and the PayLoad grade selection information;
and the conventional vulnerability detection subunit is used for injecting corresponding PayLoad into the target website by using the fuzzy detection plug-in, and determining whether conventional vulnerabilities exist according to response information of the target website to obtain a conventional vulnerability detection result.
12. The detection system according to claim 11, wherein the vulnerability retesting unit comprises:
the extraction subunit is used for extracting the disclosed general vulnerability and the conventional vulnerability contained in the general vulnerability detection result and the conventional vulnerability detection result, and the corresponding active detection plug-in and the corresponding fuzzy detection plug-in;
the trigger judgment subunit is used for judging whether the preset vulnerability retest trigger condition is met; the vulnerability retest trigger condition comprises a time trigger condition and an event trigger condition;
and the retest subunit is used for calling the same active detection plug-in and fuzzy detection plug-in to retest the vulnerability of the target website.
13. The detection system of claim 11, further comprising:
and the deduplication processing unit is used for executing deduplication operation on the Http request according to the PayLoad insertion type selection information so as to improve the detection efficiency.
14. The detection system of claim 12, further comprising:
the first detection recording unit is used for recording and storing the general vulnerability detection result and the conventional vulnerability detection result to obtain a first vulnerability detection log;
the retest recording unit is used for generating a vulnerability retest log according to the testing result of the vulnerability retest;
and the detection report generating unit is used for generating a vulnerability detection report according to the first vulnerability detection log and the vulnerability retest log, and sending the vulnerability detection report through a preset path.
15. An apparatus for detecting web site vulnerability, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the website vulnerability detection method according to any of claims 1 to 7 when executing said computer program.
16. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the website vulnerability detection method according to any of claims 1 to 7.
CN201711229693.1A 2017-11-29 2017-11-29 Method, system and related device for detecting website vulnerability Active CN107896219B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711229693.1A CN107896219B (en) 2017-11-29 2017-11-29 Method, system and related device for detecting website vulnerability

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711229693.1A CN107896219B (en) 2017-11-29 2017-11-29 Method, system and related device for detecting website vulnerability

Publications (2)

Publication Number Publication Date
CN107896219A CN107896219A (en) 2018-04-10
CN107896219B true CN107896219B (en) 2020-10-30

Family

ID=61806711

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711229693.1A Active CN107896219B (en) 2017-11-29 2017-11-29 Method, system and related device for detecting website vulnerability

Country Status (1)

Country Link
CN (1) CN107896219B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110321514A (en) * 2019-07-10 2019-10-11 湖北长久欣信息科技股份有限公司 A kind of modularization intelligent website website self-building management system
CN111680303B (en) * 2020-06-10 2023-02-07 北京天融信网络安全技术有限公司 Vulnerability scanning method and device, storage medium and electronic equipment
CN112615848B (en) * 2020-12-14 2023-03-14 北京达佳互联信息技术有限公司 Vulnerability repair state detection method and system
CN112866051B (en) * 2020-12-31 2023-05-16 深信服科技股份有限公司 Vulnerability processing method, vulnerability processing device, server and medium
CN113312633A (en) * 2021-06-25 2021-08-27 深信服科技股份有限公司 Website vulnerability scanning method, device, equipment and storage medium
CN114124567A (en) * 2021-12-07 2022-03-01 哈尔滨班竹科技有限公司 Cloud service processing method based on big data vulnerability mining and artificial intelligence system
CN114338240B (en) * 2022-03-07 2022-08-26 浙江网商银行股份有限公司 Vulnerability scanning method and device
CN114826756A (en) * 2022-05-10 2022-07-29 深信服科技股份有限公司 WEB vulnerability detection method and related components

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103065095A (en) * 2013-01-29 2013-04-24 四川大学 WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology
CN103632100A (en) * 2013-11-08 2014-03-12 北京奇虎科技有限公司 Method and device for detecting website bugs
CN103685258A (en) * 2013-12-06 2014-03-26 北京奇虎科技有限公司 Method and device for fast scanning website loopholes
CN104063309A (en) * 2013-03-22 2014-09-24 南京理工大学常熟研究院有限公司 Web application program bug detection method based on simulated strike
CN105141647A (en) * 2014-06-04 2015-12-09 中国银联股份有限公司 Method and system for detecting Web application
CN105391729A (en) * 2015-11-30 2016-03-09 中国航天科工集团第二研究院七〇六所 Web loophole automatic mining method based on fuzzy test

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8997235B2 (en) * 2012-02-07 2015-03-31 Microsoft Technology Licensing, Llc Adaptive fuzzing system for web services

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103065095A (en) * 2013-01-29 2013-04-24 四川大学 WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology
CN104063309A (en) * 2013-03-22 2014-09-24 南京理工大学常熟研究院有限公司 Web application program bug detection method based on simulated strike
CN103632100A (en) * 2013-11-08 2014-03-12 北京奇虎科技有限公司 Method and device for detecting website bugs
CN103685258A (en) * 2013-12-06 2014-03-26 北京奇虎科技有限公司 Method and device for fast scanning website loopholes
CN105141647A (en) * 2014-06-04 2015-12-09 中国银联股份有限公司 Method and system for detecting Web application
CN105391729A (en) * 2015-11-30 2016-03-09 中国航天科工集团第二研究院七〇六所 Web loophole automatic mining method based on fuzzy test

Also Published As

Publication number Publication date
CN107896219A (en) 2018-04-10

Similar Documents

Publication Publication Date Title
CN107896219B (en) Method, system and related device for detecting website vulnerability
Gupta et al. XSS-secure as a service for the platforms of online social network-based multimedia web applications in cloud
Sarmah et al. A survey of detection methods for XSS attacks
EP3113064B1 (en) System and method for determining modified web pages
US8677481B1 (en) Verification of web page integrity
US9596255B2 (en) Honey monkey network exploration
Egele et al. Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks
Wurzinger et al. SWAP: Mitigating XSS attacks using a reverse proxy
KR101558715B1 (en) System and Method for Server-Coupled Malware Prevention
Gupta et al. JS‐SAN: defense mechanism for HTML5‐based web applications against javascript code injection vulnerabilities
US9147067B2 (en) Security method and apparatus
Stock et al. Protecting users against XSS-based password manager abuse
RU2726032C2 (en) Systems and methods for detecting malicious programs with a domain generation algorithm (dga)
CN102546576A (en) Webpagehanging trojan detecting and protecting method and system as well as method for extracting corresponding code
KR101902747B1 (en) Method and Apparatus for Analyzing Web Vulnerability for Client-side
Gupta et al. An infrastructure-based framework for the alleviation of JavaScript worms from OSN in mobile cloud platforms
CN106250761B (en) Equipment, device and method for identifying web automation tool
US20210006592A1 (en) Phishing Detection based on Interaction with End User
Canfora et al. A set of features to detect web security threats
KR101372906B1 (en) Method and system to prevent malware code
Shukla et al. PythonHoneyMonkey: Detecting malicious web URLs on client side honeypot systems
Gupta et al. Alleviating the proliferation of JavaScript worms from online social network in cloud platforms
JP6169497B2 (en) Connection destination information determination device, connection destination information determination method, and program
Cable et al. Stratosphere: Finding vulnerable cloud storage buckets
US20230094119A1 (en) Scanning of Content in Weblink

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20221028

Address after: Floor 3, Building A1, Nanshan Zhiyuan, No. 1001, Xueyuan Avenue, Nanshan District, Shenzhen, Guangdong 518000

Patentee after: Shenzhen Shenxinfu Information Security Co.,Ltd.

Address before: 518055 First Floor, Building A1, Nanshan Zhiyuan, 1001 Xueyuan Avenue, Nanshan District, Shenzhen City, Guangdong Province

Patentee before: SANGFOR TECHNOLOGIES Inc.

TR01 Transfer of patent right