CN108512859A - A kind of Web applications safety loophole mining method and device - Google Patents

A kind of Web applications safety loophole mining method and device Download PDF

Info

Publication number
CN108512859A
CN108512859A CN201810340130.8A CN201810340130A CN108512859A CN 108512859 A CN108512859 A CN 108512859A CN 201810340130 A CN201810340130 A CN 201810340130A CN 108512859 A CN108512859 A CN 108512859A
Authority
CN
China
Prior art keywords
security breaches
web
web applications
web application
loophole
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810340130.8A
Other languages
Chinese (zh)
Inventor
黄娜娜
钱亚东
周康
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou University
Original Assignee
Guizhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou University filed Critical Guizhou University
Priority to CN201810340130.8A priority Critical patent/CN108512859A/en
Publication of CN108512859A publication Critical patent/CN108512859A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

The present invention has separated a kind of Web applications safety loophole mining method and device.A kind of Web applications safety loophole mining method, the method includes:Collect Web application security breaches;Reappear the Web applications security breaches;The Web applications security breaches are analyzed, the Web applications security breaches are utilized based on reappearing and analyzing the result of the Web applications security breaches;Based on attention, analysis and using the Web applications security breaches result come Mining Web application security breaches.

Description

A kind of Web applications safety loophole mining method and device
Technical field
The present invention generally walks and network security, more particularly to a kind of Web applications safety loophole mining method and device.
Background technology
It is growing with network and computer technology, increased using the personnel of network, Network Security Environment is increasingly disliked Change.The gradual complexity of network and software technology turns to various network attacks and hacker's behavior provides fertile soil.On network The attack and the raw loophole that do not stop production to emerge one after another makes network user be pestered beyond endurance, especially wherein frequent with Internet contact Web developer, various websites administrator etc. deeply hurt.
In various network harms, the harm program of Web application security breaches is very big.Specifically, the safe leakage of Web applications Hole refers to security risk existing for Web applications, Web frames, Web language and Web server etc..The common safe leakage of Web applications It includes loophole, code execution loophole and document analysis loophole etc. that, which there are SQL injection loophole, XSS loopholes, file in hole,.Attacker utilizes Following malicious operation may be implemented in Web application security breaches:Obtain site databases data, website uploads back door, web page horse hanging Be implanted into dark chain etc..Web application security breaches harm why be seriously because Web using operating system and third All program errors in square application program or the loophole that can be utilized all are the sources of Web application security breaches.Even Error configurations can also generate loophole, and include the application journey that unsafe default setting or administrator do not carry out security configuration Sequence also will produce loophole.For example, Web server is configured to that any user can be allowed logical from any directory path in system It crosses, some sensitive informations that leakage is stored on Web server is may result in this way, such as password, source code or customer information Deng.
For above-mentioned Web applications security breaches, common detection and defence tool are Web security scanners and Web safety Fire wall.Web security scanners refer to being scanned detection for Web server, to find its equipment there are security risk. Web security firewalls refer to that the equipment excavated safely is provided for Web server.
Although detecting and defending tool however, having, if cannot be effectively that its setting scans and defend rule, The often excavation for Web application security breaches or helpless.And be arranged detection and defence rule must to loophole into Row is analyzed and obtains just being updated after its principle.This just makes the update of rule and is depended critically upon pair to the excavation of loophole Loophole researchs and analyses result.Only analysis result it is more careful, it is quicker and it is more comprehensive could be Web application security breaches It excavates and more advantageous condition is provided.The Web security studies carried out now for Mining Web application security breaches include that Web is answered It is utilized with security breaches collection, the reproduction of Web application security breaches, Web applications Analysis of Security Leaks and Web application security breaches, Ultimately form the description information to Web application security breaches:Web application security breaches title, Web application security breaches are applicable in version Originally, the description of Web application security breaches and Web application security breaches utilize method etc..And it is applied by the Web that this flow generates Security breaches excavation is not comprehensive enough, is ground to Web application security breaches because existing Web security studies scheme has lacked The comprehensive utilization studied carefully, that is, the reproduction of Web application security breaches, analysis and the result that utilizes will cannot be converted into for digging Dig the final scheme of loophole.In other words, in the prior art, reproduction, analysis and the utilization Web application security breaches made Just for the sake of studying the characteristic of the Web application security breaches, and obtained result is not fully utilized, this is detrimental to What Web application security breaches were excavated.And in the prior art, Web applications Analysis of Security Leaks link is not deep enough thorough, only It is formed and one of loophole is briefly described.
Therefore, in existing Web applications safety loophole mining method, surface is only resided within to the analysis and research of loophole, Also there was only a few isolated words and phrases to the description of the loophole origin cause of formation, only the analysis on surface, not deep enough, not can designate that the root of loophole Place, leak analysis simple in this way do not have any effect to subsequent excavation.In contrast, according to the present invention It is more thorough to the analysis of Web application security breaches in Web application safety loophole mining methods, it can point out the root of loophole Place, the whole process of analysis loophole triggering;By going deep into detailed leak analysis, finally provide targetedly recovery scenario, Scan method and defence method, this, which excavates Web application security breaches, has positive meaning.
In addition, existing Web applications safety loophole mining method lacks the comprehensive analysis to Web application security breaches and turns Ring change section, only to the analysis and research of single Web applications security breaches, the achievements conversion that Web security studies cannot be analyzed For the rule of Web security scanners and Web security firewalls.In Web applications safety loophole mining method according to the present invention, Can in time by for the reproduction of Web application security breaches, analysis and using result transformation at Web application security scans Rule and Web application security breaches defence rule, use, this is greatly improved for Web security scanners and Web security firewalls The promptness and accuracy of Web security sweeps and Web Prevention-Securities.It changes and says this, it is fully sharp according to the technique and scheme of the present invention It is safe with Web applications are developed to the analysis of Web application security breaches, reproduction and the achievement utilized, on the basis of achievement The effective scheme of bug excavation simultaneously can cover Web applications security breaches from the links generated to harm in all directions.
Invention content
It is a kind of for timely, accurate and complete it is an object of the invention to be provided for worsening Network Security Environment Face Mining Web application security breaches method and apparatus
In the first aspect of the present invention, the present invention provides a kind of Web applications safety loophole mining method.The method packet It includes:Collect Web application security breaches;Reappear the Web applications security breaches;Analyze the Web applications security breaches;Based on weight Now the Web applications security breaches are utilized with the result of the analysis Web applications security breaches;Based on reproduction, analysis and profit With the result of the Web applications security breaches come Mining Web application security breaches.
In a preferred embodiment of the present invention, the method further includes collecting the Web applications security breaches The collected Web applications security breaches are screened based on screening criteria later.
In a preferred embodiment of the invention, in the method, the screening criteria includes following at least one: The new and old program of the Web applications security breaches, the coverage of the Web applications security breaches are pacified using Web applications Difficulty or ease program, the extent of injury of the Web applications security breaches of full loophole.
In a preferred embodiment of the invention, in the method, the collection Web application security breaches are further Including collecting the Web applications security breaches from Web application security breaches source by network.
In a preferred embodiment of the invention, in the method, the Web applications security breaches source includes following It is at least one:Web application security breaches announce website and database, community's interactive web-site, news portal website.
In a preferred embodiment of the invention, in the method, the analysis Web application security breaches are further Including according to the Web applications security breaches trigger point by source code audit technique, analysis parameter transmittance process to obtain State the formation basic theory of the root and the Web of Web application security breaches.
In a preferred embodiment of the invention, in the method, it is described using the Web applications security breaches into One step includes product concept verification POC programs to realize that Web application security breaches utilize.
In a preferred embodiment of the invention, in the method, Web applications security breaches using include with down toward It is one few:Reading database content reads file content, uploads back door, code execution.
In a preferred embodiment of the invention, in the method, the Mining Web application security breaches are further Including following at least one:It forms the description to the root of the Web applications security breaches, generate for Web application peaces The recovery scenario of full loophole generates the detection method for the Web applications security breaches, generates for Web application peaces The defence method of full loophole.
In a preferred embodiment of the present invention, the method further includes being directed to the Web applications security breaches Detection method be converted to the scanning rule for security scanners, will be for the defence method of the Web applications security breaches Be converted to the defence rule for security firewall.
In the second aspect of the present invention, a kind of device of Mining Web application security breaches is provided.Described device includes: Collection device, for collecting Web application security breaches;Reproducer, for reappearing the Web applications security breaches;Analysis dress It sets, for analyzing the Web applications security breaches;Using device, the Web applications security breaches are reappeared and analyzed for being based on Result utilize the Web applications security breaches;Protective device reappears and analyzes the safe leakage of Web applications for being based on The result in hole utilizes the Web applications security breaches;Excavating gear, for being applied based on reproduction, analysis and using the Web The result of security breaches carrys out Mining Web application security breaches.
In a preferred embodiment of the invention, described device further comprises screening plant, for described in collection The collected Web applications security breaches are screened based on screening criteria after Web applications security breaches.
In a preferred embodiment of the invention, in said device, the screening criteria includes following at least one: The new and old program of the Web applications security breaches, the coverage of the Web applications security breaches are pacified using Web applications Difficulty or ease program, the harm program of the Web applications security breaches of full loophole.
In a preferred embodiment of the invention, in said device, the collection device further comprises that network is received Acquisition means, for collecting the Web applications security breaches from Web application security breaches source by network.
In a preferred embodiment of the invention, in the apparatus, the Web applications security breaches source includes following It is at least one:Web application security breaches announce website and database, community's interactive web-site, news portal website.
In a preferred embodiment of the invention, in the apparatus, the reproducer further comprises structure dress It sets, for reappearing the Web applications security breaches using virtual machine and relative program structure Range Environment.
In a preferred embodiment of the present invention, in the apparatus, the analytical equipment further comprises audit device, For according to the Web applications security breaches trigger point by source code audit technique, analysis parameter transmittance process to obtain State the formation basic theory of the root and the Web of Web application security breaches.
In a preferred embodiment of the invention, in said device, described to further comprise generating dress using device It sets, verifies POX programs for product concept to realize that Web application security breaches utilize.
In a preferred embodiment of the invention, in the apparatus, the Web applications security breaches using include with Under it is at least one:Reading database content reads file content, uploads back door, code execution.
In a preferred embodiment of the invention, in the apparatus, the excavating gear further comprise with down toward It is one few:Forming apparatus is used to form the description of the root to the Web applications security breaches;Recovery scenario generating means are used In generation for the recovery scenario of the Web applications security breaches;Detection method generating means are generated and are applied for the Web The detection method of security breaches;Defence method generating means, for generating the defender for the Web applications security breaches Method.
In a preferred embodiment of the invention, the equipment further comprises conversion equipment, described for that will be directed to The detection method of Web application security breaches be converted to the scanning rule for security scanners, will be directed to institute this Web application it is safe The defence method of loophole is converted to the defence rule for security firewall.
Method and apparatus according to the invention are can be seen that from the above various aspects of the invention compared with the existing technology to have There is following advantage:
Method and apparatus according to the present invention for Mining Web application security breaches are realized to the safe leakage of Web applications The intuitive reproduction in hole and Essential Analysis, provide recovery scenario, and provide for Web security scanners and Web security firewalls Rule greatly improves the promptness and accuracy of scanning and defence.Also, according to the method for the present invention in device, It is more thorough for the analysis of Web application security breaches, where capable of pointing out the root that loophole generates, analyze the triggering that springs a leak Whole process;By going deep into detailed leak analysis, it may be convenient to provide targetedly recovery scenario, scan method and prevent Imperial method, thus significantly enhances Web safeties.
Description of the drawings
Below with reference to the following description carried out in conjunction with attached drawing, to be best understood from present disclosure, in the accompanying drawings:
Fig. 1 is the method flow diagram according to the ... of the embodiment of the present invention for Mining Web application security breaches.
Fig. 2 is to be shown in detail to utilize the reproduction of Web application security breaches, Web applications Analysis of Security Leaks and Web application peaces The result of full vulnerability exploit carries out the block diagram of the excavation of Web application security breaches.
Fig. 3 is the block diagram of the equipment according to an embodiment of the invention for Mining Web application security breaches.
Specific implementation mode
Specific embodiments of the present invention are described more fully below, embodiment the invention is shown in the accompanying drawings.However, can To embody the present invention in many different forms, and it should not be construed as limited to embodiment set forth herein.On the contrary, carrying So that the disclosure will be thorough and complete for these embodiments, and will convey the present invention's comprehensively to those skilled in the art Range.Identical reference numeral indicates identical element from beginning to end.
Although should be understood that term " first ", " second " etc. herein can be used for describing various elements, these Element should not be limited by these terms.These terms are only used for differentiating an element with another.
Term as used herein and is not limiting as this hair merely for the sake of the purpose of description specific embodiment It is bright.Unless context clearly indicates, singulative used herein "one", "an" and "the" be intended to also include plural shape Formula.It is also to be understood that as used herein, term " include " and or " include " specify the feature, entirety, step, Operation, the presence of element and/or component, but it is not excluded for other one or more features, entirety, step, operation, element, group The presence or addition of part and/or its group.
Unless otherwise defined, all terms (including technical and scientific term) used herein have with belonging to the present invention The identical meaning that the those of ordinary skill in field is commonly understood by.It is also to be understood that term as used herein should be construed to With the meaning consistent with its meaning in the context of this specification and related field, and should not with idealization or excessively The meaning of formalization explains, unless clearly definition so herein.
In the following description, unless explicitly stated otherwise, term " Web applications security breaches " and " loophole " may be used interchangeably, They all indicate this meaning of Web applications security breaches.
The embodiment of the present invention is described below in conjunction with the accompanying drawings.
In fig. 1, the flow of the method according to the ... of the embodiment of the present invention for Mining Web application security breaches is shown Figure.
In the flow chart, step S101 is the step of collecting Web application security breaches.To Web application security breaches Collection is to realize the basis of entire Web applications safety loophole mining method.The whole feelings of Web application security breaches are only grasped Condition could be protected targetedly.Collection process inherently carries out the inherent law of Web applications security breaches prevalence The process of understanding.For example, during collection according to the present invention, it is found that it is explosive the quantity of certain loophole is presented suddenly in the recent period Increase, then can show that the recent condition for needing this kind of loophole of key protection and generating this kind of loophole may be draped over one's shoulders recently with regard to this Reveal or be found, even obtain the development of Web application security breaches certain macroscopical trend conclusion.This structure seems simple It is single, but can be that subsequent step provides guiding direction.So the step of collecting Web application security breaches is extremely important.
According to the present invention, collects Web application security breaches and automated manner and manual type may be used.Taking automatic side When formula, can using the automatic collection procedure of Web application security breaches, based on Web application security breaches feature databases come from can obtain It obtains or detects the various loophole sources of loophole to collect loophole.Automatic collection procedure can utilize built-in collection model (example Such as, the Object exchange model that Stanford University proposes) collect Web application security breaches.Automatically collection mode is unquestionably High efficiency can cope with big loophole collection work amount using automatic collection mode, so in general for Web with accurately Automatic collection mode is all used using the collection of security breaches.
However, automatic collection mode is also possible to, there are certain disadvantages, such as program to be possible to targetedly to receive Collect certain class loophole, the appearance situation of new loophole can not be understood etc..At this time can by the way of artificially collecting, and Loophole can be coped with more flexiblely a situation arises by artificially collecting.For example, after the loophole preliminary analysis broken out suddenly to certain class, Some or certain loopholes are targetedly collected further to analyze, rather than not distinguishes ground nothing as automatic collection procedure Difference is collected.This can also undoubtedly improve efficiency, promptness and the accuracy of loophole collection in some cases.
In one embodiment, after collecting Web application security breaches or in collection Web application security breaches processes Among, can also include the steps that collected Web applications security breaches are screened based on screening criteria.This screening walks Suddenly automated manner and manual type can also be used.The step of Web application security breaches collected by addition screening, has most Important advantage is exactly to reinforce specific aim.Because for the developer and webmaster of some Web applications, nearest flow is protected The Web that program degree is high, the serious Web applications security breaches of the extent of injury are obviously than only routinely protecting some common is answered It is more important with security breaches.
Therefore, in one embodiment, in screening process, screening criteria may include following at least one:Web is applied The new and old program of security breaches, the coverage of Web application security breaches, using Web application security breaches difficulty or ease program, The harm program of Web application security breaches.
It will be apparent that in same class Web application security breaches, newly generated Web applications security breaches are often than before The Web application security breaches of generation are more in break-up value, also with greater need for protection.So in screening, can be applied according to Web The new and old programs of security breaches is screened.Certainly, Web application security breaches perhaps long ago are produced in a new environment New harm is given birth to, then it may also have than newly generated Web applications security breaches for analysis program and personnel The value of bigger, then can also be screened.To sum up, the new and old program of Web application security breaches can be made It is used for one of screening criteria.Similarly, it can be screened using the coverage of screening criteria Web application security breaches Go out the Web application security breaches of Different Effects range.For example, being had an impact on the whole world, only influencing the country, even only influence some LAN or some Web applications etc..Equally, screening criteria can filter out profit using the complexity of Web application security breaches With the different Web application security breaches of complexity.For example, certain Web applications security breaches are easier to be utilized, then can Preferentially to be analyzed and be protected, and be not easy using Web applications security breaches can put behind and analyzed again.This Outside, more important screening criteria is exactly the extent of injury of Web application security breaches.This screening criteria can filter out harm The different Web application security breaches of degree.For example, only destroying the Web applications security breaches of some Web applications obviously than dynamic It is low often just to destroy whole system, the Web application security breaches extents of injury of even destruction whole network.
Subsequent analytical procedure is collected or instructed by using these above-mentioned screening criterias, Web application peaces can be made Full loophole means of defence carrys out the Web application security breaches that analyzing processing meets various criterion with certain priority, and then realizes high Effect, the protection of accurate Web applications security breaches.
In one embodiment, on collection mode, automatic collection procedure and artificially collect can be by network from Web The Web applications security breaches are collected using security breaches source.But both collection modes also will be to use other approach Collect loophole.For example, certain Web applications security breaches descriptions can be listened to or read to realize by being responsible for the personnel artificially collected It is safe can to collect Web applications using various communication exchanges means in this case for collection to Web application security breaches Loophole.
However, in one embodiment, by network come to collect Web application security breaches be clearly a kind of efficient side Formula, and the Web application security breaches source on network is also more abundant and accurate.Web application security breaches source may include with Under it is at least one:Web application security breaches announce website and database, community's interactive web-site, news portal website.For example, leakage Personnel are collected in hole or automatic collection procedure may browse through, search for Web application security breaches issuing web sites and database comprising But it is not limited to national information security breaches shared platform-www.cnvd.org.cn, China national information security vulnerability database- Www.cnnvd.org.cn, famous black clouds website-www.wooyun.org, www.securityfocus.com, Www.exploit-db.com etc..Loophole collect personnel or automatic collection procedure can also by Sina weibo, Tencent's microblogging, The social network sites such as twitter collect Web application security breaches.Even can also by some news portal websites (for example, Www.sohu.com, www.163.com etc.), arbitrary other websites, even some independent servers collect Web Using security breaches.
In one embodiment, during collecting Web application security breaches from these loophole sources, SQL may be used The mode of language inquiry vulnerability scan, can take parsing XML language obtain wherein the mode of data, network can be taken to climb The mode of worm, it may even go so far that taking the mode of the certain information of manual read to collect Web application security breaches.To sum up, The means that all obtain information may be used to collect Web application security breaches.
Complete collect Web application security breaches the step of after it is necessary to collected Web applications security breaches into Row reappears.As shown in the step S102 in Fig. 1.In one embodiment, it may include utilizing void to reappear Web application security breaches Quasi- machine and relative program build Range Environment to reappear the Web applications security breaches.Reappear the meaning of Web application security breaches It is to understand fully and check the various conditions for triggering the Web application security breaches comprising the generation of Web application security breaches Environment and direct trigger condition.
In order to reappear Web application security breaches, need to build Range Environment, usually virtual machine environment.Leakage can be referred to Hole announce information, for different Web application security breaches, in Range Environment use specific Web server operating system, Web container, Web language, database, Web applications, Web frames, Web plug-in units or Web browser.It finally can be referring again to Loophole announces information, and the specified conditions of structure loophole triggering reappear the Web application security breaches.In the mistake for building Range Environment Cheng Zhong it is important to note that needing using there are the versions of loophole, and ensures it not by patch installing.If according to loophole public affairs Method in cloth information does not succeed to reappear loophole, then it is contemplated that whether the triggering of the loophole depends on other specific items Part.
For each Web security breaches, such as a vmware virtual machine can be created, triggering is installed in the virtual machine The required each specific operating system of the loophole and Web programs.For example, operating system (windows, Linux etc.), Web hold Device (iis, apache, tomcat etc.), Web language (asp, php, jsp etc.), database (mysql, oracle, mssql etc.), Web application (Discuz, Wordpress etc.), Web frames (django, thinkphp etc.), Web plug-in units (Buddypress, TimThumb etc.), Web browser (IE, firefox, chrome etc.).
It on the basis of building Range Environment, releases news with reference to loophole, obtains the triggering required specific item of the loophole Part and trigger flow, such as access some url, or upload whip file etc..Item is triggered in conjunction with vmware virtual machines and loophole Part, we can reappear the Web application security breaches.
For example, in a SQL injection loophole for being directed to Discuz forums program (version 2 .0) for having collected announcement from network Reappear the loophole as follows later.First create a vmware virtual machine, in the virtual machine install (SuSE) Linux OS, Apache servers, php language, mysql databases, Discuz forums program (version 2 .0, non-patch installing).Installation is complete it Afterwards, execute the operation of a specific url using arbitrary browser access this Discuz forum, the operation the result is that display Go out the content in the forum data library.Which achieves the reproductions of the SQL injection loophole.
In the step of reappearing Web application security breaches, the trigger point of Web application security breaches, Jin Erjin can be learnt Enter the analytical procedure of loophole Web application security breaches.As shown in the step S103 in Fig. 1.Leak analysis link is that entire Web is answered With the core procedure of security breaches means of defence.By the Web application Analysis of Security Leaks links, Web application peaces can be obtained The generation root of full loophole.Loophole reproduction step has only reappeared the superficial phenomenon of Web application security breaches, but leak analysis Step is one by table to inner the step of being analyzed, and is make a thorough investigation, trace the origin the step of.
In one embodiment, analysis Web applications security breaches can also include logical according to Web application security breaches trigger point Source code audit technique, analysis parameter transmittance process are crossed to obtain the shape of the root and the Web of the Web applications security breaches At principle.In general, leak analysis method generally may include patch comparison, endpoint debugging, program incidence relation, data biography Pass tracking, program circuit tracking etc..The root of Web application security breaches may include that input is not verified, exports and do not verify, weigh Limit do not verify, logic error etc..
For example, in this Web application Analysis of Security Leaks step, it can be on source code level to the safe leakage of Web applications It is analyzed in hole:If there is the publication of official's patch, patch can be compared, navigate to loophole point, and according to data transfer flow and Program execution flow finds the trigger point of loophole;If there is no official's patch, with reference to the relevant information that loophole is announced, program is analyzed Between file association close the, the execution flow of tracing program and the transmittance process of data are debugged in conjunction with to breakpoint under program Method, where finding out the root of loophole, and illustrate under what conditions, program can lead to loophole in which kind of operational process Triggering.
It is further detailed with following Web application Analysis of Security Leaks examples.Discuz still is directed to regard to some The SQL injection loophole of forum's program (version 2 .0) illustrates.The loophole trigger point is to access some specific url.We are directed to Version 2 .0 folding Discuz forums program carries out source code audit, analyzes the special input parameter in the specific url, analytic process After receiving the parameter, how by multiple parameter transmission and parameter processing flow, the input of user is put into SQL query statement In, and by the result presentation of SQL query statement on the output page.So far, it exports the result presented on the page and provides loophole Root place and loophole formation basic theory.
After having carried out above-mentioned leak analysis and loophole reproduction step, based on reproduction and the analysis safe leakage of Web applications The result in hole utilizes the loophole.As shown in the step S104 of Fig. 1.Specifically, vulnerability exploit step can obtain Web On the basis of the place of security breaches root and the trigger flow of the Web application security breaches, specific and detailed land productivity Loophole is more thoroughly analyzed with certain means namely vulnerability exploit step is deeper into understanding the one of Web application security breaches A essential step.It is further to understand the Web application security breaches using the purpose of Web application security breaches Operation logic, verify whether the loophole root that is obtained in analytical procedure correct and it endangers the size of program, so as to More targetedly to be protected.
In one embodiment, using the step of Web application security breaches may include product concept verification POC programs come Realize that Web application security breaches utilize.POC (Proof of Concept) program, the i.e. major function of POC proving programs are exactly Formation basic theory and triggering method for loophole carry out program verification, in the target range ring for reappearing Web application security breaches The result of loophole generation and issuable harm are really specifically seen in border using analysis result.In short, being exactly needle To specific loophole principle, specific POC programs are write, realize specific target.
In one embodiment, it may include following at least one that Web applications security breaches, which utilize,:In reading database Hold, read file content, upload back door, code execution etc..These means usually contribute to for Web applications security breaches into The means of row attack.In other words, it is exactly that malicious attacker utilizes the function achieved by Web application security breaches.So only These set objectives for being directed to Web application security breaches are realized by POC programs, could specifically and truly understand the loophole Inside realize details or method, to provide various information to protect.
Now the still above review altar SQL injection loophole carrys out the process that brief explanation Web application security breaches utilize.For example, needle To the SQL injection loophole, POC programs are write.In conjunction with the Range Environment of Vmware virtual machines, this can be obtained using POC programs The data-base content of website.Loophole is executed for code, writes POC programs.In conjunction with the Range Environment of Vmware virtual machines, utilize The POC programs can obtain the back doors Webshell of website.
All it is to find to Web application security breaches to the reproduction of Web application security breaches, analysis and using purpose above Thorough understanding, so as to for protect the Web application security breaches submit necessary information.After having grasped these information, root Web application peaces can be protected according to the method for the present invention based on reproduction, analysis and using the result of the Web applications security breaches Full loophole, as shown in the step S105 of Fig. 1.
The Web application security breaches means of defences of the present invention as shown in Figure 1, it should be appreciated by those skilled in the art that its Shown in step be illustrative, can not also be executed in practice according to shown sequence.Alternatively, step can be added or be omitted Suddenly.For example, collection step can be omitted by executing the present invention on the basis of existing Web application security breaches.
Now, the method for digging that will combine Fig. 2 that Web application security breaches are described in detail.Fig. 2 is that utilization is shown in detail Web application security breaches reappear, Web applications Analysis of Security Leaks and Web applications security breaches using result answered to carry out Web The block diagram protected with security breaches.
In an embodiment of the method in accordance with the present invention and as shown in Fig. 2, can to the method 200 of Web application security breaches To include following at least one:As shown in block 201, description to the bases of Web application security breaches, as shown at block 202 is formed, The recovery scenario, as shown in block 203 for Web application security breaches is generated, the detection side for being directed to Web application security breaches is generated Case, as indicated in a block 204 generates the defense schemes for Web application security breaches.
It can be used alone and can also be applied in combination in terms of these above-mentioned Web application security breaches protection, and these sides Face can provide the protection comprehensive to Web application security breaches, that is, be the source of generation exploit person of Web application security breaches Member start until the victim of Web application security breaches may include webmaster (head of a station), Web using personnel etc., directly The scanner of the most fire wall of protection Web application security breaches provides comprehensive counte-rplan.This is answered in the Web of the prior art It is no in security breaches means of defence.Because the method for present technology is only to single Web applications security breaches Analysis and research, and cannot by Web analyze and research application of result in the generation of Web application security breaches, propagation, closure it is entire Chain.Method according to the method for the present invention therefore compared with the existing technology with protection comprehensively, with better promptness and The advantage of accuracy.
In the following, specifically illustrating these protection steps.It is because can be Web in terms of why using this four protection All personnel and the comprehensive corresponding scheme of program offer on chain is provided using security breaches.As shown, it may finally Applied to web developer 210, site owner, administrator 220, Web security scanners 230 and Web security firewalls 240. It should be appreciated by those skilled in the art that the attached drawing is merely illustrative and not restrictive.Also, generated final protectiving scheme It can be supplied to personnel at all levels or the equipment of needs in a variety of manners, and be not limited to shown in figure 210 to 240 this four sides Face.
It is being reappeared by Web application security breaches, after analysis and utilization, the root or tactile to Web application security breaches Hair flow etc. has very thorough understanding.But in terms of these understandings only reside within program operation result, for example, it is above-mentioned The operation result etc. of the data-base content, POC programs that are presented on webpage.And web developer may and not know about this, also It can not prevent the formation of Web application security breaches in the stage of programming and exploitation.So Web according to the present invention is answered With security breaches means of defence after obtaining the information such as the root of Web application security breaches, it can be formed safe to Web applications The various useful descriptions of the root of loophole.Mode includes but not limited to used by these descriptions:Personnel can be with natural reading Natural language description mode that mode obtains, the machine readable format formed in various formats, such as description that XML language is formed And any other describing mode obtained by Web application security breaches protected personnels or machine.Moreover, providing these The mode of description can also be varied.For example, being provided by webpage, being carried in the form of a message by various communication softwares or hardware For, by the natural language of voice mode provide and can make personnel or machine obtain information any other in a manner of provide.
This description obviously can make Web developer design and develop Web in application, not recommit similar mistake, It is exactly the generation that source prevents Web application security breaches.This mode is clearly the highest mode of efficiency, and the present invention One of advantage.And also not only Web developer can utilize the description of these roots, and the developer of any program or hardware is The information of oneself needs can therefrom be obtained to prevent the generation in leak-stopping hole.
Secondly, Web applications security breaches means of defence according to the present invention can form generation and be directed to the safe leakage of Web applications The recovery scenario in hole.
When Web application security breaches start in network vertical spread, various securing softwares are possible to not be directed to the loophole also It is updated.It is also of great significance so being protected at the initial stage of Web application security breaches development.And this unexpected Before the threat face of appearance, administrator, head of a station of various websites etc. are often helpless.Because they answer the Web to cause damages Known nothing with security breaches, and therefore also just without any safeguard procedures.However, means of defence according to the present invention exists The initial stage of Web application security breaches harm can provide the recovery scenario for the Web application security breaches so as to The personnel at all levels being compromised provides rapidly support, it is also possible to minimize the harmfulness of Web application security breaches.Example Such as, which can be the description that Web application security breaches are carried out with reparation hand-manipulated, can also be that a program is mended Fourth etc..This recovery scenario is possible to rapidly to be used without waiting for fire wall etc. by site owner, administrator The update of software.But for emergent purpose, such repair mode is possible to only for current fluent main harm mode It provides and repairs.In other words, recovery scenario possibly can not provide comprehensive defence.Therefore, after also providing according to the method for the present invention Continuous scheme further improves protection step.
Urgent coping style for Web application security breaches can be provided in terms of two above for personnel at all levels, be suitble to It is protected in time within the short time closed that Web threatens appearance.
In addition, the detection scheme for Web application security breaches can also be generated according to the method for the present invention and be directed to Web Using this group of the defence of security breaches.Both schemes can be directed to the offer of Web application security breaches and more fully protect.For Web application security breaches generate the scheme for being designed to provide Web applications security breaches existing for complete detection of detection scheme. Because therefore some Web application security breaches temporarily show in latence and not to endanger before not being triggered Property, at this moment if not detected, it is possible to become potential and threatens and quick-fried when unexpected Hair.So provide to the complete detection scheme of Web application security breaches be very it is necessary to.
Similarly, the all-around defense scheme provided for Web application security breaches is also necessary.Therefore, institute as above It states, recovery scenario may only provide the reparation for certain specific triggering mode, and can not all-around defense.It is possible that carrying later The all-around defense scheme of confession will can provide the all-around defense to Web application security breaches to prevent from utilizing the safe leakage of Web applications Any attack achieved by hole and hazard analysis and HACCP.
In one embodiment, it can also include according to the method for the present invention the detection that will be directed to Web application security breaches Scheme is converted to the scanning rule for security sweep, will be converted to for the defense schemes of Web application security breaches for pacifying The defence rule of full fire wall.
After all, it is inadequate, Web security firewalls to rely solely on manual type for the protection of Web application security breaches More quick, automatic and comprehensive protection can be provided with scanner.So detection scheme and defense schemes are converted to Web peaces The scanning of the scanner of full fire wall and defence rule are efficiently to protect the mode of Web application security breaches.
Web applications security breaches means of defence according to the present invention is illustrated with specific example below.People in the art Member is it should be understood that example shown in the present invention is illustrative and restrictive.
For example, for some web application SQL injection loophole, by Web application security breaches reappear, analyze and It utilizes, it is found that loophole has its source in program and id parameters input by user are not filtered effectively.SQL query in program Sentence is, for example, " selecttitle, contentfrom paper where id=$ id ", wherein needing to limit $ id parameters Input is digital shape parameter.But due to the carelessness of programmer, $ id parameters is not limited, cause user can be to $ The arbitrary assignment of id parameters, so as to cause the generation of SQL injection loophole.When malicious user is accessed shaped like http:// www.xxx.com/xxx.phpThe url of id=1union select username, password from admin is linked When, the $ id parameters that receive in program are that " 1union select username, password from admin " are not Numeric type, so as to cause the username and password of webmaster will be will appear in back page.
Protection, which is carried out, for this SQL injection loophole is embodied in following four aspect:
1. the programmer for forming the description to loophole root and the Web being supplied to apply:$ id parameters are not carried out effective Filtering and limitation, can be to the arbitrary assignment of $ id parameters so as to cause malicious user.Web application developers are receiving the description Later, can from the case chalk it up to experience, avoid the occurrence of and the mistake that does not limit inputted to user.
2. being directed to loophole root, loophole recovery scenario is proposed:Limitation is filtered to $ id parameters in a program, is only allowed It is entered in program for the $ id parameters of numeric type.The recovery scenario can be used for site owner, to avoid website from being attacked It hits.
3. proposing detection scheme to loophole from the angle of Hole Detection and being converted to security scanners rule.It can scan Detected rule below is added in device:" xxx.php is accessed respectivelyId=1and 1=1 " and " xxx.phpId=1and 1= 2 " two url, two back page contents are different, then illustrate that there are SQL injection loopholes for the website.
4. the angle defendd from loophole proposes defense schemes to loophole and is converted to security firewall rule.It can prevent fires Defence rule below is added in wall:When user submits url shaped like " xxx.phpId=1union select name, When password from admin ", id parameters are judged for nonnumeric type, and contain the key-strings such as union/select, Then prevent the secondary request of user.
In conclusion according to the present invention for protecting the method for Web application security breaches can be to the safe leakage of Web applications Hole forms comprehensive, protection timely and accurately.Also, it should be appreciated by those skilled in the art that the method for the present invention not only can be with For protecting Web application security breaches, other loopholes and harm in protected network can be used for.Moreover, describing this hair Certain steps can not be carried out or be omitted with the sequence of description sequentially nor restrictive the step of described in bright method Certain steps.It, can be without for example, if having certain understanding to the principle of some Web application security breaches in advance Loophole reproduction step and leap to analysis and using step to save the time.
The equipment according to the present invention for protecting Web application security breaches is described with reference to Fig. 3.Fig. 3 is according to this The block diagram of the equipment for protecting Web application security breaches of inventive embodiments.
In figure 3, the equipment 300 may include:Collection device 301 can be used for collecting Web application security breaches; Reproducer 302 can be used for reappearing the Web applications security breaches;Analytical equipment 303 can be used for analyzing the Web and answer Use security breaches;Using device 304, can be used for utilizing based on reappearing and analyzing the result of the Web applications security breaches The Web applications security breaches;Protective device 305 can be used for based on reproduction, analysis and utilize the safe leakage of Web applications The result in hole protects Web application security breaches.
Preferentially, which may further include screening plant, for after collecting the Web applications security breaches The collected Web applications security breaches are screened based on screening criteria.
And, it is preferable that the screening criteria may include following at least one:The Web applications security breaches it is new Old degree, the coverage of the Web applications security breaches, the difficulty or ease program, described using the Web applications security breaches The harm program of Web application security breaches.
Preferably, in the device, the collection device may further include network collection device, for passing through network The Web applications security breaches are collected from Web application security breaches source.
Preferably, in the device, the Web applications security breaches source may include following at least one:Web application peaces Full loophole announces website and database, community's interactive web-site, news portal website.
Preferably, in the device, the reproducer may further include construction device, for using virtual machine and Relative program wants Range Environment to reappear the Web applications security breaches.
Preferably, in the device, the analytical equipment may further include audit device, for the described of basis Web applications are pacified to obtain by source code audit technique, analysis parameter transmittance process the application security breaches trigger points Web The formation basic theory of the Web of the description of the root of full loophole.
Preferably, in the device, described to may further include generating means using device, it is verified for product concept POC programs come realize Web application security breaches utilize.
Preferably, in the device, it includes following at least one that the Web applications security breaches, which can utilize,:Read number According to library content, read file content, upload back door, code execution.
Preferably, in the device, the protective device may further include following at least one:Forming apparatus is used In description of the formation to the root of the Web applications security breaches;Recovery scenario generating means are directed to the Web for generating Using the recovery scenario of security breaches;Detection method generating means generate the detection side for the Web applications security breaches Case;Defence method generating means, for generating the defense schemes for the Web applications security breaches.
Preferably, which may further include conversion equipment, for that will be directed to the inspection of the Web applications security breaches Survey scheme is converted to the scanning rule for security scanners, will be converted for the defense schemes of the Web applications security breaches For the defence rule for security firewall.
Shown in sum up, it is safe that the method according to the present invention for protecting Web application security breaches can be directed to Web applications The entire chain of loophole form development is comprehensively protected.And can be related to Web application security breaches personnel at all levels and Program all provides reply protectiving scheme, and the protection to Web application security breaches is made to become timely, comprehensive, efficiently and accurately.
Although the above-mentioned attached drawing that has been combined describes specific embodiments of the present invention, those skilled in the art are not taking off In the case of from the spirit and scope of the present invention, various changes, modification and equivalent substitution can be carried out to the present invention.These change Become, modification and equivalent substitution all mean and fall within scope defined by appended claims.

Claims (10)

1. a kind of Web applications safety loophole mining method, it is characterised in that:The method includes:(1)It is safe to collect Web applications Loophole;(2)Reappear the Web applications security breaches;(3)Analyze the Web applications security breaches;(4)Based on reproduction and analysis The result of the Web applications security breaches utilizes the Web applications security breaches;(5)And based on reproduction, analysis and utilize institute The result for stating Web application security breaches carrys out Mining Web application security breaches.
2. being based on screening criteria pair later according to the method described in claim 1, being included in and collecting the Web applications security breaches The collected Web applications security breaches are screened.
3. according to the method described in claim 2, the screening criteria includes following at least one:The safe leakage of Web applications The new and old program in hole, utilizes the difficulty or ease program of the Web applications security breaches at the coverage of the Web applications security breaches With the extent of injury of the Web applications security breaches.
4. according to the method described in claim 1, the collection Web application security breaches further comprise through network from Web The Web applications security breaches are collected using security breaches source.
5. according to the method described in claim 4, the Web applications security breaches source includes following at least one:Web application peaces Full loophole announces website and database, community's interactive web-site and news portal website.
6. according to the method described in claim 1, the reproduction Web application security breaches further comprise utilizing virtual machine and phase It closes program construction Range Environment and carrys out again the Web applications security breaches.
7. according to the method described in claim 1, the analysis Web application security breaches further comprise being answered according to the Web It is obtained to the safe leakage of Web applications by source code audit technique, analysis parameter transmittance process with security breaches trigger point The description of the root in hole and the formation basic theory of the Web.
8. according to the method described in claim 1, described further comprise that product concept is tested using the Web applications security breaches POC programs are demonstrate,proved to realize that Web application security breaches utilize.
9. according to the method described in claim 8, it includes following at least one that the Web applications security breaches, which utilize,:Read number According to library content, read file content, upload back door, code execution.
10. method according to any one of claim 1 to 9, wherein the Mining Web application security breaches are further wrapped It includes following at least one:Formation is safe for the Web applications to description, the generation of the root of the Web applications security breaches The recovery scenario of loophole, generation are safe for the Web applications for the detection scheme of the Web applications security breaches, generation The defense schemes of loophole.
CN201810340130.8A 2018-04-16 2018-04-16 A kind of Web applications safety loophole mining method and device Pending CN108512859A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810340130.8A CN108512859A (en) 2018-04-16 2018-04-16 A kind of Web applications safety loophole mining method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810340130.8A CN108512859A (en) 2018-04-16 2018-04-16 A kind of Web applications safety loophole mining method and device

Publications (1)

Publication Number Publication Date
CN108512859A true CN108512859A (en) 2018-09-07

Family

ID=63381994

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810340130.8A Pending CN108512859A (en) 2018-04-16 2018-04-16 A kind of Web applications safety loophole mining method and device

Country Status (1)

Country Link
CN (1) CN108512859A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981563A (en) * 2019-01-23 2019-07-05 国家新闻出版广电总局广播电视规划院 A kind of automatic intelligent method for digging of radio and television key message infrastructure network security breaches
CN110059007A (en) * 2019-04-03 2019-07-26 北京奇安信科技有限公司 System vulnerability scan method, device, computer equipment and storage medium
CN110460571A (en) * 2019-07-05 2019-11-15 深圳壹账通智能科技有限公司 Operation system loophole processing method, device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098226A (en) * 2006-06-27 2008-01-02 飞塔信息科技(北京)有限公司 Online real-time virus processing system and method
CN101242279A (en) * 2008-03-07 2008-08-13 北京邮电大学 Automatic penetration testing system and method for WEB system
CN101388899A (en) * 2007-09-12 2009-03-18 北京启明星辰信息技术有限公司 Front-background related auditing method and system for Web server
CN104065645A (en) * 2014-05-28 2014-09-24 北京知道创宇信息技术有限公司 Web vulnerability protection method and apparatus
CN107368417A (en) * 2017-07-25 2017-11-21 中国人民解放军63928部队 A kind of bug excavation technical testing model and method of testing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098226A (en) * 2006-06-27 2008-01-02 飞塔信息科技(北京)有限公司 Online real-time virus processing system and method
CN101388899A (en) * 2007-09-12 2009-03-18 北京启明星辰信息技术有限公司 Front-background related auditing method and system for Web server
CN101242279A (en) * 2008-03-07 2008-08-13 北京邮电大学 Automatic penetration testing system and method for WEB system
CN104065645A (en) * 2014-05-28 2014-09-24 北京知道创宇信息技术有限公司 Web vulnerability protection method and apparatus
CN107368417A (en) * 2017-07-25 2017-11-21 中国人民解放军63928部队 A kind of bug excavation technical testing model and method of testing

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981563A (en) * 2019-01-23 2019-07-05 国家新闻出版广电总局广播电视规划院 A kind of automatic intelligent method for digging of radio and television key message infrastructure network security breaches
CN110059007A (en) * 2019-04-03 2019-07-26 北京奇安信科技有限公司 System vulnerability scan method, device, computer equipment and storage medium
CN110460571A (en) * 2019-07-05 2019-11-15 深圳壹账通智能科技有限公司 Operation system loophole processing method, device, computer equipment and storage medium
CN110460571B (en) * 2019-07-05 2022-11-04 深圳壹账通智能科技有限公司 Business system vulnerability processing method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN104065645A (en) Web vulnerability protection method and apparatus
Huang et al. Web application security assessment by fault injection and behavior monitoring
Kals et al. Secubat: a web vulnerability scanner
CN101808093B (en) System and method for automatically detecting WEB security
Scholte et al. Preventing input validation vulnerabilities in web applications through automated type analysis
CN103780614B (en) A kind of SQL injection loophole method for digging based on simulated strike extension
Deepa et al. DetLogic: A black-box approach for detecting logic vulnerabilities in web applications
Shar et al. Auditing the XSS defence features implemented in web application programs
CN103279710A (en) Method and system for detecting malicious codes of Internet information system
CN108512859A (en) A kind of Web applications safety loophole mining method and device
Marback et al. Security test generation using threat trees
Mathas et al. On the design of IoT security: Analysis of software vulnerabilities for smart grids
Sahu et al. Analysis of web application code vulnerabilities using secure coding standards
Subedi et al. Secure paradigm for web application development
Shi et al. Backporting security patches of web applications: A prototype design and implementation on injection vulnerability patches
Vijayalakshmi et al. Case Study: extenuation of XSS attacks through various detecting and defending techniques
Hsu Practical security automation and testing: tools and techniques for automated security scanning and testing in devsecops
Liban et al. Enhancing Mysql Injector vulnerability checker tool (Mysql Injector) using inference binary search algorithm for blind timing-based attack
Thai et al. A framework for website security assessment
McBride et al. Security analysis of Contiki IoT operating system
KR100614931B1 (en) Vulnerability analysis apparatus and method of web application
Hidhaya et al. Detection of vulnerabilities caused by webview exploitation in smartphone
KR101012335B1 (en) Secure information flow analysis using abstract domain based on regular expressions
Sivakumar et al. Constructing a “common cross site scripting vulnerabilities enumeration (cxe)” using cwe and cve
Kalaani OWASP ZAP vs Snort for SQLi Vulnerability Scanning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180907

WD01 Invention patent application deemed withdrawn after publication