CN108282478A - A kind of WEB site safeties detection method, device and computer-readable medium - Google Patents

A kind of WEB site safeties detection method, device and computer-readable medium Download PDF

Info

Publication number
CN108282478A
CN108282478A CN201810065019.2A CN201810065019A CN108282478A CN 108282478 A CN108282478 A CN 108282478A CN 201810065019 A CN201810065019 A CN 201810065019A CN 108282478 A CN108282478 A CN 108282478A
Authority
CN
China
Prior art keywords
detection
web
webpage
web site
websites
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810065019.2A
Other languages
Chinese (zh)
Inventor
李文
黄丽韶
扈乐华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University of Science and Engineering
Original Assignee
Hunan University of Science and Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University of Science and Engineering filed Critical Hunan University of Science and Engineering
Priority to CN201810065019.2A priority Critical patent/CN108282478A/en
Publication of CN108282478A publication Critical patent/CN108282478A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention relates to a kind of WEB site safeties detection method, device and computer-readable mediums, provide large-scale WEB site safeties detection, realize directional protection, timely processing can be carried out to corresponding security incident.This approach includes the following steps:The web page files of detected WEB websites are obtained using breadth first search by web crawlers, and parses the web page files using DOM DOM Document Object Models and obtains corresponding webpage source code;The detection of whole station safe condition and webpage Trojan horse detection are carried out to the webpage source code that parsing obtains;When detecting the bad result of safe condition or webpage Trojan horse alarm prompt is sent out to the user of the WEB websites.The present invention helps user to understand, track and analyze safe condition of the website residing for each period; so as to customizing the Safeguard tactics and emphasis that meet self-demand, the also indirect protection equity of site visitor while protect the vested interest of WEB site owners.

Description

A kind of WEB site safeties detection method, device and computer-readable medium
Technical field
The present invention relates to computer network security technology fields, and in particular to a kind of WEB site safeties detection method, device And computer-readable medium.
Background technology
The rapid development of Internet technology, Internet's is universal, profoundly changes the Working and life styles of the mankind. But computer and internet are a double-edged sword again, while being brought convenience to people's life and work, are also brought a series of Safety problem.How the normal operation of informationized society is ensured, the safety of the network information is one of most important one link.
With deepening continuously for network application, the website quantity on internet is just being in that geometry grade increases.Either political affairs Mansion department, enterprise or various management organizations form information platform and are answered to carry out various businesses all by establishing itself website With.Center of the websites WEB as information exchange stores a large amount of shared information and subscriber data in database.Therefore, it Ensure the normal operation of website, the safety of website is an important factor for having to fully consider in Web Hosting and operational process. Although internet is in explosive development using scale, the complexity of network environment, variability and information system it is crisp Weak property determines that the websites WEB are easy by rogue attacks.
Almost the moment all suffers from the malicious attacks such as Denial of Service attack, wooden horse injection, cross site scripting to WEB websites, and passes through Often therefore lead to the serious consequences such as service disruption, web site contents are maliciously tampered, customer information is revealed, greatly weakens Web The stability of website.
Invention content
The purpose of the present invention is to provide a kind of WEB site safeties detection method, device and computer-readable mediums, provide Large-scale WEB site safeties detection, realizes directional protection, timely processing can be carried out to corresponding security incident.
To achieve the above object, the technical scheme is that:
A kind of WEB site safeties detection method, this approach includes the following steps:
The web page files of detected WEB websites are obtained using breadth first search by web crawlers, and utilize DOM DOM Document Object Model parses the web page files and obtains corresponding webpage source code;
The detection of whole station safe condition and webpage Trojan horse detection are carried out to the webpage source code that parsing obtains;
Alarm is sent out when detecting the bad result of safe condition or webpage Trojan horse to the user of the WEB websites to carry Show.
Further, described to parse the web page files using DOM DOM Document Object Models and obtain corresponding webpage source code Before step, the method further includes:
The addresses URL for obtaining the detection WEB websites, judge WEB websites using the httpclient functions of web crawlers Whether may have access to.
Further, the whole station safe condition, which detects, includes:
Service state detects, and detects websites response state and response time;
Whole station link detection, detection website internal links obtain each chain with the presence or absence of dead link and false links The response time connect, to judge whether exception or respond slow;
Whether content of pages tampering detection, monitoring photo and word content are tampered;
Sensitive word detects, and detects in content of pages whether contain sensitive word.
Further, whole station safe condition detection the specific steps are:Http is carried out to the WEB websites that needs detect It accesses, carries out analyzing and determining whether website can normally access according to the http return values accessed, be parsed if it can normally access Whether whether webpage source code be tampered from the page, further analyzed containing sensitive word and to the return value that http is accessed, to sentence It is disconnected to fetch analyzing web site safe condition with the presence or absence of false links or dead chain.
Further, the step of webpage Trojan horse detection is:Parsing gives birth to the webpage source code after obtaining webpage source code At dom tree, and the webpage source code is scanned, is compared with the Trojan characteristics database pre-established.
Further, before the step of webpage Trojan horse detection, the method further includes:
The characteristic value per a kind of webpage Trojan horse is extracted using the rule symbol of regular expression, Trojan characteristics table is written, builds Found the Trojan characteristics database.
Further, after the step of webpage Trojan horse detection, the method further includes:
When detecting Webpage wooden horse, label set when Webpage wooden horse implantation and specific is inputted Attribute value generates the characteristic value of the corresponding regular expression of the Webpage wooden horse, updates the Trojan characteristics database.
Since webpage Trojan horse is hidden in web page files by html tag mostly, attacker is by adding Include the script of wooden horse link, and the particular community of label is set, wooden horse is implanted into website, user is caused not look into directly See webpage Trojan horse.According to this feature of webpage Trojan horse, in the case where user does not know about the application method of regular expression, By inputting necessary label and attribute value, Webpage wooden horse type is generated.
Further, it is described when detecting the bad result of safe condition or webpage Trojan horse to the use of the WEB websites After family sends out the step of alarm prompt, the method further includes:
By the testing result storage of the WEB websites to a periodic detection report, provided by the periodic detection report The safe condition of usertracking, analysis website in each period, from customization personalized secure prevention policies.
Based on same inventive concept, another aspect of the present invention provides a kind of WEB site safeties detection device, described WEB site safety detection devices include processor, memory and data/address bus;
The data/address bus is for realizing the connection communication between processor and memory;
The processor is used to execute the WEB site safeties detection program stored in memory, to realize following steps:
The web page files of detected WEB websites are obtained using breadth first search by web crawlers, and utilize DOM DOM Document Object Model parses the web page files and obtains corresponding webpage source code;
The detection of whole station safe condition and webpage Trojan horse detection are carried out to the webpage source code that parsing obtains;
Alarm is sent out when detecting the bad result of safe condition or webpage Trojan horse to the user of the WEB websites to carry Show.
Based on same inventive concept, another aspect of the present invention provides a kind of computer readable storage medium, the meter WEB site safeties detection program is stored on calculation machine readable storage medium storing program for executing, the WEB site safeties detection program is held by processor The step of above-mentioned WEB site safety detection methods are realized when row.
The method of the present invention has the following advantages that:
WEB site safeties detection method, device and the computer-readable medium of the application, webpage is captured by web crawlers Source code is simultaneously parsed, and the detection of network real-time status is recycled to patrol website, and main includes whether detecting website status Normally, whether there are word or picture to be tampered in webpage, whether imitated containing the influence network such as dead link, false links in website Rate problem, to ensure the stability of WEB websites;According to the webpage Trojan horse detection technique of current main-stream, Trojan characteristics data are established Library and detected website form carry out periodic detection by periodically obtaining website and webpage information to be detected to web page code, And real-time detection of the completion to trojan horse.Said two devices testing result is fed back into user in first time, contributes to user It eliminates safe hidden trouble and potential risk in time.In addition, also web portal security shape can be periodically generated according to the testing result of two broad aspects The report of state helps user to understand, track and analyze safe condition of the website residing for each period, so as to customize symbol The Safeguard tactics and emphasis of self-demand are closed, also indirect protection while protecting the vested interest of WEB site owners The equity of site visitor.
Description of the drawings
A kind of Fig. 1 WEB site safeties detection method flow diagrams provided in an embodiment of the present invention;
A kind of Fig. 2 WEB site safeties structure of the detecting device block diagrams provided in an embodiment of the present invention;
A kind of Fig. 3 WEB site safeties detection device flow chart of steps provided in an embodiment of the present invention.
Specific implementation mode
The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention..
Embodiment 1
As shown in Figure 1, a kind of WEB site safeties detection method, this approach includes the following steps:
S101, the web page files for obtaining detected WEB websites using breadth first search by web crawlers, and profit The web page files, which are parsed, with DOM DOM Document Object Models obtains corresponding webpage source code;
Wherein, web crawlers (be otherwise known as webpage spider, network robot) is a kind of according to certain regular, automatic Crawl web message program or script.
The crawl strategy of webpage can be divided into depth-first, breadth First and preferential three kinds best.This application involves ranges First search strategy, breadth first search refer in the process of grasping, after the search for completing current level, just carrying out down The search of one level., to cover webpage as much as possible, breadth first search method is generally used at present.
Web crawlers obtains the URL on Initial page since the URL of one or several Initial pages, in crawl webpage During, using breadth first search, new URL is constantly extracted from current page and is put into queue, be until meeting Certain stop condition of system.
S102, the detection of whole station safe condition and webpage Trojan horse detection are carried out to the webpage source code that parsing obtains;
S103, to the user of the WEB websites announcement is sent out when detecting the bad result of safe condition or webpage Trojan horse Alert prompt.
Wherein, described to parse the step of web page files obtain corresponding webpage source code using DOM DOM Document Object Models Before, the method further includes:
The addresses URL for obtaining the detection WEB websites, judge WEB websites using the httpclient functions of web crawlers Whether may have access to.
Httpclient is the sub-project under Apache Jakarta Common, can be used for providing efficient, newest , the client programming kit of feature-rich support http protocol, and it supports the newest version of http protocol and builds View.The main function that Httpdient is provided is as follows:(1) method (GET, POST, PUT, the HEAD of all HTTP are realized Deng);(2) auto-steering is supported;(3) HTTPS agreements are supported;(4) proxy server etc. is supported.
Wherein, the whole station safe condition, which detects, includes:
Service state detects, and detects websites response state and response time;
It first has to carry out self-test to network state, just starts to work in the case that ensureing that network service is normal, otherwise can Directly alarm to system manager.Http access is carried out to the website homepage that needs detect first, website is judged according to return value Whether can normally access, if can normally access, extract the response time, if the response time is further continued for giving in the reasonable scope Other function modules carry out subsequent processing;If access exception or response time exceed zone of reasonableness, first directly reported to user It is alert, then judge abnormal reason further according to return code or preserve the unreasonable response time, is finally collectively written into safety detection Report is inquired for user.
Whole station link detection, monitoring site internal links obtain each chain with the presence or absence of dead link and false links The response time connect, to judge whether exception or respond slow;
False links, dead link are detected by web crawlers.Dead link refers to original normal, the chain to fail later It connects.When dead chain receives and sends request, server returns to the 404 wrong pages.False links refer to the carelessness due to user, the chain of request It connects and is not present.When occurring the webpage that can not be accessed in detection process, the reason of cannot being accessed according to it, is divided into dead link and wrong It accidentally links, and is recorded.When being detected to whole station link, http access is carried out first or to the website that needs detect, Judge whether website can normally access according to return value, if can just access, continues to give the progress of other function modules subsequently Processing;If access exception, abnormal reason is judged according to return code, and safety detection report is written and shows user;If hair Existing false links and dead link then concentrate after the completion of the detection of all page links and give user's early warning.
Whether content of pages tampering detection, monitoring photo and word content are tampered;
When whether query webpage is tampered, first passes through the replace functions inside tidy tool combination String classes and replace Changed script the and style labels that content will not change substantially, then by md5 encryption webpage html codes and template into Row comparison illustrates not distort, otherwise carries out bytes match, inquiry is specific if the MD5 codings for obtaining webpage are identical as template Tampered position.
By the monitoring to web site contents, determine whether website is distorted by hackers, if there are the mutation of page byte. It can notify user, user that can check result in report by way of short message or mail if webpage is tampered.If literary Word is tampered, then saves the label where word together with word, user is facilitated to correct mistakes.User can look into report The particular content for being tampered information is got in inquiry.
Sensitive word detects, and detects in content of pages whether contain sensitive word.
When the page can be accessed normally, then all page source codes are downloaded by reptile, and gives the progress of source code parsing module Whether parsing, is scanned page word content and is compared with the sensitive word set, judge content of pages containing quick Feel word, reported an error by way of short message or mail after finding containing sensitive word and be written detection report, user obtain it is pre- The place page and the position of sensitive word appearance can be got after police by inquiring report.
Wherein, whole station safe condition detection the specific steps are:Http visits are carried out to the WEB websites that needs detect It asks, carries out analyzing and determining whether website can normally access according to the http return values accessed, net is parsed if it can normally access Whether whether page source code, be tampered from the page, further analyzed containing sensitive word and to the return value that http is accessed, to judge Analyzing web site safe condition is fetched with the presence or absence of false links or dead chain.
Wherein, the step of webpage Trojan horse detection is:The webpage source code is generated into DOM after parsing acquisition webpage source code Tree, and the webpage source code is scanned, it is compared with the Trojan characteristics database pre-established.
Document dbject model (Document Object Model, abbreviation DOM) is handling and being for W3C Organisation recommendations The standard programming interface of system platform and the unrelated extensible markup language of programming language.In the DOM documents of standard, document is solving Dom tree is converted into after analysis, each node of dom tree is an object.DOM model describes the structure of document, while also fixed The justice behavior of node object will very greatly to a certain degree by matching the method for object and attribute with Trojan characteristics value The upper matching efficiency for improving Trojan characteristics value.
After spiders crawls webpage source data to local, system can start to parse webpage source code.
Html files are converted to xhlml using jgroup resolvers, then generate xml document according to the libraries DOM and build first Vertical dom tree.It gets the label comprising picture and comprising word respectively from dom tree, records its attribute value, by comparing attribute Whether detection content of pages is tampered;Due to the node in dom tree by document label or information segment come what is formed, adding It carries after entire document successfully builds dom tree, the keyword that will meet the DOM tree node of web page horse hanging type is exported into event sequence Row, then according to these keywords again with webpage Trojan horse characterization rules attribute value in the webpage source code of this result label and database It is compared by KMP string matching algorithms.It can be utilized in tree type model after finding keyword in DOM tree node Specific oss message is found in node navigation, then is further compared with the regular expression in wooden horse library, to confirm that webpage is It is no by extension horse, the efficiency of detection webpage Trojan horse is improved with this, and reduce the resource consumed because establishing complete dom tree.
Wherein, before the step of webpage Trojan horse detection, the method further includes:
The characteristic value per a kind of webpage Trojan horse is extracted using the rule symbol of regular expression, Trojan characteristics table is written, builds Found the Trojan characteristics database.
Regular expression, also known as normal representation method, conventional expressing method (English:Regular Expression, in code Often it is abbreviated as regex, regexp or RE), it is a concept of computer science.Regular expression is retouched using single character string It states, match a series of character strings for meeting some syntactic rule.In many text editors, regular expression is usually used to It retrieves, replace those texts for meeting some pattern.
Wherein, after the step of webpage Trojan horse detection, the method further includes:
When detecting Webpage wooden horse, label set when Webpage wooden horse implantation and specific is inputted Attribute value generates the characteristic value of the corresponding regular expression of the Webpage wooden horse, updates the Trojan characteristics database.
Since webpage Trojan horse is hidden in web page files by html tag mostly, attacker is by adding Include the script of wooden horse link, and the particular community of label is set, wooden horse is implanted into website, user is caused not look into directly See webpage Trojan horse.According to this feature of webpage Trojan horse, in the case where user does not know about the application method of regular expression, By inputting necessary label and attribute value, Webpage wooden horse type is generated.
Wherein, described to be sent out to the user of the WEB websites when detecting the bad result of safe condition or webpage Trojan horse After the step of going out alarm prompt, the method further includes:
By the testing result storage of the WEB websites to a periodic detection report, provided by the periodic detection report The safe condition of usertracking, analysis website in each period, from customization personalized secure prevention policies.
Embodiment 2
Based on same inventive concept, another aspect of the present invention, as shown in Fig. 2, a kind of WEB provided in an embodiment of the present invention Site safety detection device hardware configuration, specifically, the WEB site safeties detection device 20 include at least processor 21, deposit Reservoir 22 and data/address bus 23.Data/address bus 23 is for realizing the connection communication between processor 21 and memory 22, storage Device 22 be used as a kind of computer readable storage medium, at least one computer program can be stored, these computer programs for Processor 21 reads, compiles and execute, to realize corresponding process flow.In the present embodiment, memory 22 is as a kind of Computer readable storage medium, wherein being stored with WEB site safeties detection program, which executes for processor 21, to The step of realizing following WEB site safety detection methods:
The web page files of detected WEB websites are obtained using breadth first search by web crawlers, and utilize DOM DOM Document Object Model parses the web page files and obtains corresponding webpage source code;
The detection of whole station safe condition and webpage Trojan horse detection are carried out to the webpage source code that parsing obtains;
Alarm is sent out when detecting the bad result of safe condition or webpage Trojan horse to the user of the WEB websites to carry Show.
As shown in figure 3, the first step, needs to obtain the detected website addresses URL;Second step, using in reptile Httpclient modules judge whether website may have access to, and crawl by the page file of website if it may have access to;Third walks, and makes With DOM DOM Document Object Model analyzing web page files, required label and attribute value are extracted;4th step, by the web page source after parsing Code gives web portal security state-detection respectively and trojan horse detection submodule is detected:5th step, if it is detected that it is bad as a result, It merits special attention then directly by short message or mail notification user, in addition all testing results, which all can periodically be written, detects report Table facilitates user's later stage to inquire and analyze;When all web page files have all detected, does not pinpoint the problems, then illustrate the website It is in a safe condition;6th step, the timer that can be arranged according to system after above-mentioned flow is completed and user's selection are matched Option is set, after completing a wheel detection, the corresponding time is spaced, automatically begins to detect again, and according to above-mentioned identical step It carries out.
Embodiment 3
Based on same inventive concept, another aspect of the present invention provides a kind of computer readable storage medium, the meter WEB site safeties detection program is stored on calculation machine readable storage medium storing program for executing, the WEB site safeties detection program is held by processor The step of above-mentioned WEB site safety detection methods are realized when row.
WEB site safeties detection method, device and the computer-readable medium of the application, webpage is captured by web crawlers Source code is simultaneously parsed, and the detection of network real-time status is recycled to patrol website, and main includes whether detecting website status Normally, whether there are word or picture to be tampered in webpage, whether imitated containing the influence network such as dead link, false links in website Rate problem, to ensure the stability of WEB websites;According to the webpage Trojan horse detection technique of current main-stream, Trojan characteristics data are established Library and detected website form carry out periodic detection by periodically obtaining website and webpage information to be detected to web page code, And real-time detection of the completion to trojan horse.Said two devices testing result is fed back into user in first time, contributes to user It eliminates safe hidden trouble and potential risk in time.In addition, also web portal security shape can be periodically generated according to the testing result of two broad aspects The report of state helps user to understand, track and analyze safe condition of the website residing for each period, so as to customize symbol The Safeguard tactics and emphasis of self-demand are closed, also indirect protection while protecting the vested interest of WEB site owners The equity of site visitor.
Although above having used general explanation and specific embodiment, the present invention is described in detail, at this On the basis of invention, it can be made some modifications or improvements, this will be apparent to those skilled in the art.Therefore, These modifications or improvements without departing from theon the basis of the spirit of the present invention belong to the scope of protection of present invention.

Claims (10)

1. a kind of WEB site safeties detection method, which is characterized in that the described method comprises the following steps:
The web page files of detected WEB websites are obtained using breadth first search by web crawlers, and utilize DOM documents Object model parses the web page files and obtains corresponding webpage source code;
The detection of whole station safe condition and webpage Trojan horse detection are carried out to the webpage source code that parsing obtains;
When detecting the bad result of safe condition or webpage Trojan horse alarm prompt is sent out to the user of the WEB websites.
2. a kind of WEB site safeties detection method according to claim 1, which is characterized in that described to utilize DOM documents pair Before the web page files as described in model analyzing obtain the step of corresponding webpage source code, the method further includes:
Whether the addresses URL for obtaining the detection WEB websites, judge WEB websites using the httpclient functions of web crawlers It may have access to.
3. a kind of WEB site safeties detection method according to claim 1, which is characterized in that the whole station safe condition Detection includes:
Service state detects, and detects websites response state and response time;
Whole station link detection, detection website internal links are obtained and are each linked with the presence or absence of dead link and false links Response time, to judge whether exception or respond slow;
Whether content of pages tampering detection, monitoring photo and word content are tampered;
Sensitive word detects, and detects in content of pages whether contain sensitive word.
4. a kind of WEB site safeties detection method according to claim 3, which is characterized in that the whole station safe condition Detection the specific steps are:Http access is carried out to the WEB websites that needs detect, is analyzed and determined according to the return value that http is accessed Whether whether website can normally access, the analyzing web page source code if it can normally access, be tampered from the page, containing sensitivity Word simultaneously further analyzes the http return values accessed, to judge whether that false links or dead chain fetch analyzing web site peace Total state.
5. a kind of WEB site safeties detection method according to claim 1, which is characterized in that the webpage Trojan horse detection The step of be:Parsing obtains and the webpage source code is generated dom tree after webpage source code, and scans the webpage source code, and advance The Trojan characteristics database of foundation is compared.
6. a kind of WEB site safeties detection method according to claim 5, which is characterized in that the webpage Trojan horse detection The step of before, the method further includes:
The characteristic value per a kind of webpage Trojan horse is extracted using the rule symbol of regular expression, Trojan characteristics table is written, establishes institute State Trojan characteristics database.
7. a kind of WEB site safeties detection method according to claim 5, which is characterized in that the webpage Trojan horse detection The step of after, the method further includes:
When detecting Webpage wooden horse, label and particular community set when the Webpage wooden horse implantation are inputted Value, generates the characteristic value of the corresponding regular expression of the Webpage wooden horse, updates the Trojan characteristics database.
8. a kind of WEB site safeties detection method according to claim 1, which is characterized in that described to detect safety After the step of alarm prompt being sent out when the bad result of state or webpage Trojan horse to the user of the WEB websites, the method Further include:
By the testing result storage of the WEB websites to a periodic detection report, user is provided by the periodic detection report The safe condition of tracking, analysis website in each period, from customization personalized secure prevention policies.
9. a kind of WEB site safeties detection device, which is characterized in that the WEB site safeties detection device includes processor, deposits Reservoir and data/address bus;
The data/address bus is for realizing the connection communication between processor and memory;
The processor is used to execute the WEB site safeties detection program stored in memory, to realize following steps:
The web page files of detected WEB websites are obtained using breadth first search by web crawlers, and utilize DOM documents Object model parses the web page files and obtains corresponding webpage source code;
The detection of whole station safe condition and webpage Trojan horse detection are carried out to the webpage source code that parsing obtains;
When detecting the bad result of safe condition or webpage Trojan horse alarm prompt is sent out to the user of the WEB websites.
10. a kind of computer readable storage medium, which is characterized in that be stored with the stations WEB on the computer readable storage medium Point safety detection program, the WEB site safeties detection program are realized when being executed by processor such as any one of claim 1-8 institutes The step of WEB site safety detection methods stated.
CN201810065019.2A 2018-01-23 2018-01-23 A kind of WEB site safeties detection method, device and computer-readable medium Pending CN108282478A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810065019.2A CN108282478A (en) 2018-01-23 2018-01-23 A kind of WEB site safeties detection method, device and computer-readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810065019.2A CN108282478A (en) 2018-01-23 2018-01-23 A kind of WEB site safeties detection method, device and computer-readable medium

Publications (1)

Publication Number Publication Date
CN108282478A true CN108282478A (en) 2018-07-13

Family

ID=62804647

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810065019.2A Pending CN108282478A (en) 2018-01-23 2018-01-23 A kind of WEB site safeties detection method, device and computer-readable medium

Country Status (1)

Country Link
CN (1) CN108282478A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159775A (en) * 2019-12-11 2020-05-15 中移(杭州)信息技术有限公司 Webpage tampering detection method, system and device and computer readable storage medium
CN111488623A (en) * 2019-01-25 2020-08-04 深信服科技股份有限公司 Webpage tampering detection method and related device
CN112052163A (en) * 2020-08-19 2020-12-08 北京天融信网络安全技术有限公司 High-concurrency webpage pressure testing method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101686239A (en) * 2009-05-26 2010-03-31 中山大学 Trojan discovery system
CN106022126A (en) * 2016-05-06 2016-10-12 哈尔滨工程大学 A webpage feature extracting method for WEB Trojan horse detection
CN107590227A (en) * 2017-09-05 2018-01-16 成都知道创宇信息技术有限公司 A kind of log analysis method of combination reptile

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101686239A (en) * 2009-05-26 2010-03-31 中山大学 Trojan discovery system
CN106022126A (en) * 2016-05-06 2016-10-12 哈尔滨工程大学 A webpage feature extracting method for WEB Trojan horse detection
CN107590227A (en) * 2017-09-05 2018-01-16 成都知道创宇信息技术有限公司 A kind of log analysis method of combination reptile

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张超: ""WEB网站安全检测系统设计与实现"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111488623A (en) * 2019-01-25 2020-08-04 深信服科技股份有限公司 Webpage tampering detection method and related device
CN111159775A (en) * 2019-12-11 2020-05-15 中移(杭州)信息技术有限公司 Webpage tampering detection method, system and device and computer readable storage medium
CN112052163A (en) * 2020-08-19 2020-12-08 北京天融信网络安全技术有限公司 High-concurrency webpage pressure testing method and device, electronic equipment and storage medium
CN112052163B (en) * 2020-08-19 2023-11-10 北京天融信网络安全技术有限公司 High concurrency webpage pressure testing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107918733B (en) System and method for detecting malicious elements of web page
CN106649810B (en) The grasping means and system of news web page dynamic data based on Ajax
US8943588B1 (en) Detecting unauthorized websites
CN103744802B (en) Method and device for identifying SQL injection attacks
CN103888490B (en) A kind of man-machine knowledge method for distinguishing of full automatic WEB client side
CN104348803B (en) Link kidnaps detection method, device, user equipment, Analysis server and system
US11818144B2 (en) Security appliance to monitor networked computing environment
CN103605926A (en) Webpage tampering detecting method and device
CN107341399B (en) Method and device for evaluating security of code file
CN104767757A (en) Multiple-dimension security monitoring method and system based on WEB services
CN108664559A (en) A kind of automatic crawling method of website and webpage source code
CN103605925A (en) Webpage tampering detecting method and device
EP2880580A1 (en) Vulnerability vector information analysis
CN103401835A (en) Method and device for presenting safety detection results of microblog page
CN109981664A (en) Website logging method, device and the realization device of page end
US20200336498A1 (en) Method and apparatus for detecting hidden link in website
Gärtner et al. Maintaining requirements for long-living software systems by incorporating security knowledge
CN108282478A (en) A kind of WEB site safeties detection method, device and computer-readable medium
CN111404937B (en) Method and device for detecting server vulnerability
CN103716394B (en) Download the management method and device of file
EP3745292A1 (en) Hidden link detection method and apparatus for website
CN107302586A (en) A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing
CN114528457A (en) Web fingerprint detection method and related equipment
Aliero et al. Review on SQL injection protection methods and tools
CN108183902A (en) A kind of recognition methods of malicious websites and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180713

RJ01 Rejection of invention patent application after publication