CN108512859A - A kind of Web applications safety loophole mining method and device - Google Patents
A kind of Web applications safety loophole mining method and device Download PDFInfo
- Publication number
- CN108512859A CN108512859A CN201810340130.8A CN201810340130A CN108512859A CN 108512859 A CN108512859 A CN 108512859A CN 201810340130 A CN201810340130 A CN 201810340130A CN 108512859 A CN108512859 A CN 108512859A
- Authority
- CN
- China
- Prior art keywords
- security breaches
- web
- web applications
- web application
- loophole
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The present invention has separated a kind of Web applications safety loophole mining method and device.A kind of Web applications safety loophole mining method, the method includes:Collect Web application security breaches;Reappear the Web applications security breaches;The Web applications security breaches are analyzed, the Web applications security breaches are utilized based on reappearing and analyzing the result of the Web applications security breaches;Based on attention, analysis and using the Web applications security breaches result come Mining Web application security breaches.
Description
Technical field
The present invention generally walks and network security, more particularly to a kind of Web applications safety loophole mining method and device.
Background technology
It is growing with network and computer technology, increased using the personnel of network, Network Security Environment is increasingly disliked
Change.The gradual complexity of network and software technology turns to various network attacks and hacker's behavior provides fertile soil.On network
The attack and the raw loophole that do not stop production to emerge one after another makes network user be pestered beyond endurance, especially wherein frequent with Internet contact
Web developer, various websites administrator etc. deeply hurt.
In various network harms, the harm program of Web application security breaches is very big.Specifically, the safe leakage of Web applications
Hole refers to security risk existing for Web applications, Web frames, Web language and Web server etc..The common safe leakage of Web applications
It includes loophole, code execution loophole and document analysis loophole etc. that, which there are SQL injection loophole, XSS loopholes, file in hole,.Attacker utilizes
Following malicious operation may be implemented in Web application security breaches:Obtain site databases data, website uploads back door, web page horse hanging
Be implanted into dark chain etc..Web application security breaches harm why be seriously because Web using operating system and third
All program errors in square application program or the loophole that can be utilized all are the sources of Web application security breaches.Even
Error configurations can also generate loophole, and include the application journey that unsafe default setting or administrator do not carry out security configuration
Sequence also will produce loophole.For example, Web server is configured to that any user can be allowed logical from any directory path in system
It crosses, some sensitive informations that leakage is stored on Web server is may result in this way, such as password, source code or customer information
Deng.
For above-mentioned Web applications security breaches, common detection and defence tool are Web security scanners and Web safety
Fire wall.Web security scanners refer to being scanned detection for Web server, to find its equipment there are security risk.
Web security firewalls refer to that the equipment excavated safely is provided for Web server.
Although detecting and defending tool however, having, if cannot be effectively that its setting scans and defend rule,
The often excavation for Web application security breaches or helpless.And be arranged detection and defence rule must to loophole into
Row is analyzed and obtains just being updated after its principle.This just makes the update of rule and is depended critically upon pair to the excavation of loophole
Loophole researchs and analyses result.Only analysis result it is more careful, it is quicker and it is more comprehensive could be Web application security breaches
It excavates and more advantageous condition is provided.The Web security studies carried out now for Mining Web application security breaches include that Web is answered
It is utilized with security breaches collection, the reproduction of Web application security breaches, Web applications Analysis of Security Leaks and Web application security breaches,
Ultimately form the description information to Web application security breaches:Web application security breaches title, Web application security breaches are applicable in version
Originally, the description of Web application security breaches and Web application security breaches utilize method etc..And it is applied by the Web that this flow generates
Security breaches excavation is not comprehensive enough, is ground to Web application security breaches because existing Web security studies scheme has lacked
The comprehensive utilization studied carefully, that is, the reproduction of Web application security breaches, analysis and the result that utilizes will cannot be converted into for digging
Dig the final scheme of loophole.In other words, in the prior art, reproduction, analysis and the utilization Web application security breaches made
Just for the sake of studying the characteristic of the Web application security breaches, and obtained result is not fully utilized, this is detrimental to
What Web application security breaches were excavated.And in the prior art, Web applications Analysis of Security Leaks link is not deep enough thorough, only
It is formed and one of loophole is briefly described.
Therefore, in existing Web applications safety loophole mining method, surface is only resided within to the analysis and research of loophole,
Also there was only a few isolated words and phrases to the description of the loophole origin cause of formation, only the analysis on surface, not deep enough, not can designate that the root of loophole
Place, leak analysis simple in this way do not have any effect to subsequent excavation.In contrast, according to the present invention
It is more thorough to the analysis of Web application security breaches in Web application safety loophole mining methods, it can point out the root of loophole
Place, the whole process of analysis loophole triggering;By going deep into detailed leak analysis, finally provide targetedly recovery scenario,
Scan method and defence method, this, which excavates Web application security breaches, has positive meaning.
In addition, existing Web applications safety loophole mining method lacks the comprehensive analysis to Web application security breaches and turns
Ring change section, only to the analysis and research of single Web applications security breaches, the achievements conversion that Web security studies cannot be analyzed
For the rule of Web security scanners and Web security firewalls.In Web applications safety loophole mining method according to the present invention,
Can in time by for the reproduction of Web application security breaches, analysis and using result transformation at Web application security scans
Rule and Web application security breaches defence rule, use, this is greatly improved for Web security scanners and Web security firewalls
The promptness and accuracy of Web security sweeps and Web Prevention-Securities.It changes and says this, it is fully sharp according to the technique and scheme of the present invention
It is safe with Web applications are developed to the analysis of Web application security breaches, reproduction and the achievement utilized, on the basis of achievement
The effective scheme of bug excavation simultaneously can cover Web applications security breaches from the links generated to harm in all directions.
Invention content
It is a kind of for timely, accurate and complete it is an object of the invention to be provided for worsening Network Security Environment
Face Mining Web application security breaches method and apparatus
In the first aspect of the present invention, the present invention provides a kind of Web applications safety loophole mining method.The method packet
It includes:Collect Web application security breaches;Reappear the Web applications security breaches;Analyze the Web applications security breaches;Based on weight
Now the Web applications security breaches are utilized with the result of the analysis Web applications security breaches;Based on reproduction, analysis and profit
With the result of the Web applications security breaches come Mining Web application security breaches.
In a preferred embodiment of the present invention, the method further includes collecting the Web applications security breaches
The collected Web applications security breaches are screened based on screening criteria later.
In a preferred embodiment of the invention, in the method, the screening criteria includes following at least one:
The new and old program of the Web applications security breaches, the coverage of the Web applications security breaches are pacified using Web applications
Difficulty or ease program, the extent of injury of the Web applications security breaches of full loophole.
In a preferred embodiment of the invention, in the method, the collection Web application security breaches are further
Including collecting the Web applications security breaches from Web application security breaches source by network.
In a preferred embodiment of the invention, in the method, the Web applications security breaches source includes following
It is at least one:Web application security breaches announce website and database, community's interactive web-site, news portal website.
In a preferred embodiment of the invention, in the method, the analysis Web application security breaches are further
Including according to the Web applications security breaches trigger point by source code audit technique, analysis parameter transmittance process to obtain
State the formation basic theory of the root and the Web of Web application security breaches.
In a preferred embodiment of the invention, in the method, it is described using the Web applications security breaches into
One step includes product concept verification POC programs to realize that Web application security breaches utilize.
In a preferred embodiment of the invention, in the method, Web applications security breaches using include with down toward
It is one few:Reading database content reads file content, uploads back door, code execution.
In a preferred embodiment of the invention, in the method, the Mining Web application security breaches are further
Including following at least one:It forms the description to the root of the Web applications security breaches, generate for Web application peaces
The recovery scenario of full loophole generates the detection method for the Web applications security breaches, generates for Web application peaces
The defence method of full loophole.
In a preferred embodiment of the present invention, the method further includes being directed to the Web applications security breaches
Detection method be converted to the scanning rule for security scanners, will be for the defence method of the Web applications security breaches
Be converted to the defence rule for security firewall.
In the second aspect of the present invention, a kind of device of Mining Web application security breaches is provided.Described device includes:
Collection device, for collecting Web application security breaches;Reproducer, for reappearing the Web applications security breaches;Analysis dress
It sets, for analyzing the Web applications security breaches;Using device, the Web applications security breaches are reappeared and analyzed for being based on
Result utilize the Web applications security breaches;Protective device reappears and analyzes the safe leakage of Web applications for being based on
The result in hole utilizes the Web applications security breaches;Excavating gear, for being applied based on reproduction, analysis and using the Web
The result of security breaches carrys out Mining Web application security breaches.
In a preferred embodiment of the invention, described device further comprises screening plant, for described in collection
The collected Web applications security breaches are screened based on screening criteria after Web applications security breaches.
In a preferred embodiment of the invention, in said device, the screening criteria includes following at least one:
The new and old program of the Web applications security breaches, the coverage of the Web applications security breaches are pacified using Web applications
Difficulty or ease program, the harm program of the Web applications security breaches of full loophole.
In a preferred embodiment of the invention, in said device, the collection device further comprises that network is received
Acquisition means, for collecting the Web applications security breaches from Web application security breaches source by network.
In a preferred embodiment of the invention, in the apparatus, the Web applications security breaches source includes following
It is at least one:Web application security breaches announce website and database, community's interactive web-site, news portal website.
In a preferred embodiment of the invention, in the apparatus, the reproducer further comprises structure dress
It sets, for reappearing the Web applications security breaches using virtual machine and relative program structure Range Environment.
In a preferred embodiment of the present invention, in the apparatus, the analytical equipment further comprises audit device,
For according to the Web applications security breaches trigger point by source code audit technique, analysis parameter transmittance process to obtain
State the formation basic theory of the root and the Web of Web application security breaches.
In a preferred embodiment of the invention, in said device, described to further comprise generating dress using device
It sets, verifies POX programs for product concept to realize that Web application security breaches utilize.
In a preferred embodiment of the invention, in the apparatus, the Web applications security breaches using include with
Under it is at least one:Reading database content reads file content, uploads back door, code execution.
In a preferred embodiment of the invention, in the apparatus, the excavating gear further comprise with down toward
It is one few:Forming apparatus is used to form the description of the root to the Web applications security breaches;Recovery scenario generating means are used
In generation for the recovery scenario of the Web applications security breaches;Detection method generating means are generated and are applied for the Web
The detection method of security breaches;Defence method generating means, for generating the defender for the Web applications security breaches
Method.
In a preferred embodiment of the invention, the equipment further comprises conversion equipment, described for that will be directed to
The detection method of Web application security breaches be converted to the scanning rule for security scanners, will be directed to institute this Web application it is safe
The defence method of loophole is converted to the defence rule for security firewall.
Method and apparatus according to the invention are can be seen that from the above various aspects of the invention compared with the existing technology to have
There is following advantage:
Method and apparatus according to the present invention for Mining Web application security breaches are realized to the safe leakage of Web applications
The intuitive reproduction in hole and Essential Analysis, provide recovery scenario, and provide for Web security scanners and Web security firewalls
Rule greatly improves the promptness and accuracy of scanning and defence.Also, according to the method for the present invention in device,
It is more thorough for the analysis of Web application security breaches, where capable of pointing out the root that loophole generates, analyze the triggering that springs a leak
Whole process;By going deep into detailed leak analysis, it may be convenient to provide targetedly recovery scenario, scan method and prevent
Imperial method, thus significantly enhances Web safeties.
Description of the drawings
Below with reference to the following description carried out in conjunction with attached drawing, to be best understood from present disclosure, in the accompanying drawings:
Fig. 1 is the method flow diagram according to the ... of the embodiment of the present invention for Mining Web application security breaches.
Fig. 2 is to be shown in detail to utilize the reproduction of Web application security breaches, Web applications Analysis of Security Leaks and Web application peaces
The result of full vulnerability exploit carries out the block diagram of the excavation of Web application security breaches.
Fig. 3 is the block diagram of the equipment according to an embodiment of the invention for Mining Web application security breaches.
Specific implementation mode
Specific embodiments of the present invention are described more fully below, embodiment the invention is shown in the accompanying drawings.However, can
To embody the present invention in many different forms, and it should not be construed as limited to embodiment set forth herein.On the contrary, carrying
So that the disclosure will be thorough and complete for these embodiments, and will convey the present invention's comprehensively to those skilled in the art
Range.Identical reference numeral indicates identical element from beginning to end.
Although should be understood that term " first ", " second " etc. herein can be used for describing various elements, these
Element should not be limited by these terms.These terms are only used for differentiating an element with another.
Term as used herein and is not limiting as this hair merely for the sake of the purpose of description specific embodiment
It is bright.Unless context clearly indicates, singulative used herein "one", "an" and "the" be intended to also include plural shape
Formula.It is also to be understood that as used herein, term " include " and or " include " specify the feature, entirety, step,
Operation, the presence of element and/or component, but it is not excluded for other one or more features, entirety, step, operation, element, group
The presence or addition of part and/or its group.
Unless otherwise defined, all terms (including technical and scientific term) used herein have with belonging to the present invention
The identical meaning that the those of ordinary skill in field is commonly understood by.It is also to be understood that term as used herein should be construed to
With the meaning consistent with its meaning in the context of this specification and related field, and should not with idealization or excessively
The meaning of formalization explains, unless clearly definition so herein.
In the following description, unless explicitly stated otherwise, term " Web applications security breaches " and " loophole " may be used interchangeably,
They all indicate this meaning of Web applications security breaches.
The embodiment of the present invention is described below in conjunction with the accompanying drawings.
In fig. 1, the flow of the method according to the ... of the embodiment of the present invention for Mining Web application security breaches is shown
Figure.
In the flow chart, step S101 is the step of collecting Web application security breaches.To Web application security breaches
Collection is to realize the basis of entire Web applications safety loophole mining method.The whole feelings of Web application security breaches are only grasped
Condition could be protected targetedly.Collection process inherently carries out the inherent law of Web applications security breaches prevalence
The process of understanding.For example, during collection according to the present invention, it is found that it is explosive the quantity of certain loophole is presented suddenly in the recent period
Increase, then can show that the recent condition for needing this kind of loophole of key protection and generating this kind of loophole may be draped over one's shoulders recently with regard to this
Reveal or be found, even obtain the development of Web application security breaches certain macroscopical trend conclusion.This structure seems simple
It is single, but can be that subsequent step provides guiding direction.So the step of collecting Web application security breaches is extremely important.
According to the present invention, collects Web application security breaches and automated manner and manual type may be used.Taking automatic side
When formula, can using the automatic collection procedure of Web application security breaches, based on Web application security breaches feature databases come from can obtain
It obtains or detects the various loophole sources of loophole to collect loophole.Automatic collection procedure can utilize built-in collection model (example
Such as, the Object exchange model that Stanford University proposes) collect Web application security breaches.Automatically collection mode is unquestionably
High efficiency can cope with big loophole collection work amount using automatic collection mode, so in general for Web with accurately
Automatic collection mode is all used using the collection of security breaches.
However, automatic collection mode is also possible to, there are certain disadvantages, such as program to be possible to targetedly to receive
Collect certain class loophole, the appearance situation of new loophole can not be understood etc..At this time can by the way of artificially collecting, and
Loophole can be coped with more flexiblely a situation arises by artificially collecting.For example, after the loophole preliminary analysis broken out suddenly to certain class,
Some or certain loopholes are targetedly collected further to analyze, rather than not distinguishes ground nothing as automatic collection procedure
Difference is collected.This can also undoubtedly improve efficiency, promptness and the accuracy of loophole collection in some cases.
In one embodiment, after collecting Web application security breaches or in collection Web application security breaches processes
Among, can also include the steps that collected Web applications security breaches are screened based on screening criteria.This screening walks
Suddenly automated manner and manual type can also be used.The step of Web application security breaches collected by addition screening, has most
Important advantage is exactly to reinforce specific aim.Because for the developer and webmaster of some Web applications, nearest flow is protected
The Web that program degree is high, the serious Web applications security breaches of the extent of injury are obviously than only routinely protecting some common is answered
It is more important with security breaches.
Therefore, in one embodiment, in screening process, screening criteria may include following at least one:Web is applied
The new and old program of security breaches, the coverage of Web application security breaches, using Web application security breaches difficulty or ease program,
The harm program of Web application security breaches.
It will be apparent that in same class Web application security breaches, newly generated Web applications security breaches are often than before
The Web application security breaches of generation are more in break-up value, also with greater need for protection.So in screening, can be applied according to Web
The new and old programs of security breaches is screened.Certainly, Web application security breaches perhaps long ago are produced in a new environment
New harm is given birth to, then it may also have than newly generated Web applications security breaches for analysis program and personnel
The value of bigger, then can also be screened.To sum up, the new and old program of Web application security breaches can be made
It is used for one of screening criteria.Similarly, it can be screened using the coverage of screening criteria Web application security breaches
Go out the Web application security breaches of Different Effects range.For example, being had an impact on the whole world, only influencing the country, even only influence some
LAN or some Web applications etc..Equally, screening criteria can filter out profit using the complexity of Web application security breaches
With the different Web application security breaches of complexity.For example, certain Web applications security breaches are easier to be utilized, then can
Preferentially to be analyzed and be protected, and be not easy using Web applications security breaches can put behind and analyzed again.This
Outside, more important screening criteria is exactly the extent of injury of Web application security breaches.This screening criteria can filter out harm
The different Web application security breaches of degree.For example, only destroying the Web applications security breaches of some Web applications obviously than dynamic
It is low often just to destroy whole system, the Web application security breaches extents of injury of even destruction whole network.
Subsequent analytical procedure is collected or instructed by using these above-mentioned screening criterias, Web application peaces can be made
Full loophole means of defence carrys out the Web application security breaches that analyzing processing meets various criterion with certain priority, and then realizes high
Effect, the protection of accurate Web applications security breaches.
In one embodiment, on collection mode, automatic collection procedure and artificially collect can be by network from Web
The Web applications security breaches are collected using security breaches source.But both collection modes also will be to use other approach
Collect loophole.For example, certain Web applications security breaches descriptions can be listened to or read to realize by being responsible for the personnel artificially collected
It is safe can to collect Web applications using various communication exchanges means in this case for collection to Web application security breaches
Loophole.
However, in one embodiment, by network come to collect Web application security breaches be clearly a kind of efficient side
Formula, and the Web application security breaches source on network is also more abundant and accurate.Web application security breaches source may include with
Under it is at least one:Web application security breaches announce website and database, community's interactive web-site, news portal website.For example, leakage
Personnel are collected in hole or automatic collection procedure may browse through, search for Web application security breaches issuing web sites and database comprising
But it is not limited to national information security breaches shared platform-www.cnvd.org.cn, China national information security vulnerability database-
Www.cnnvd.org.cn, famous black clouds website-www.wooyun.org, www.securityfocus.com,
Www.exploit-db.com etc..Loophole collect personnel or automatic collection procedure can also by Sina weibo, Tencent's microblogging,
The social network sites such as twitter collect Web application security breaches.Even can also by some news portal websites (for example,
Www.sohu.com, www.163.com etc.), arbitrary other websites, even some independent servers collect Web
Using security breaches.
In one embodiment, during collecting Web application security breaches from these loophole sources, SQL may be used
The mode of language inquiry vulnerability scan, can take parsing XML language obtain wherein the mode of data, network can be taken to climb
The mode of worm, it may even go so far that taking the mode of the certain information of manual read to collect Web application security breaches.To sum up,
The means that all obtain information may be used to collect Web application security breaches.
Complete collect Web application security breaches the step of after it is necessary to collected Web applications security breaches into
Row reappears.As shown in the step S102 in Fig. 1.In one embodiment, it may include utilizing void to reappear Web application security breaches
Quasi- machine and relative program build Range Environment to reappear the Web applications security breaches.Reappear the meaning of Web application security breaches
It is to understand fully and check the various conditions for triggering the Web application security breaches comprising the generation of Web application security breaches
Environment and direct trigger condition.
In order to reappear Web application security breaches, need to build Range Environment, usually virtual machine environment.Leakage can be referred to
Hole announce information, for different Web application security breaches, in Range Environment use specific Web server operating system,
Web container, Web language, database, Web applications, Web frames, Web plug-in units or Web browser.It finally can be referring again to
Loophole announces information, and the specified conditions of structure loophole triggering reappear the Web application security breaches.In the mistake for building Range Environment
Cheng Zhong it is important to note that needing using there are the versions of loophole, and ensures it not by patch installing.If according to loophole public affairs
Method in cloth information does not succeed to reappear loophole, then it is contemplated that whether the triggering of the loophole depends on other specific items
Part.
For each Web security breaches, such as a vmware virtual machine can be created, triggering is installed in the virtual machine
The required each specific operating system of the loophole and Web programs.For example, operating system (windows, Linux etc.), Web hold
Device (iis, apache, tomcat etc.), Web language (asp, php, jsp etc.), database (mysql, oracle, mssql etc.),
Web application (Discuz, Wordpress etc.), Web frames (django, thinkphp etc.), Web plug-in units (Buddypress,
TimThumb etc.), Web browser (IE, firefox, chrome etc.).
It on the basis of building Range Environment, releases news with reference to loophole, obtains the triggering required specific item of the loophole
Part and trigger flow, such as access some url, or upload whip file etc..Item is triggered in conjunction with vmware virtual machines and loophole
Part, we can reappear the Web application security breaches.
For example, in a SQL injection loophole for being directed to Discuz forums program (version 2 .0) for having collected announcement from network
Reappear the loophole as follows later.First create a vmware virtual machine, in the virtual machine install (SuSE) Linux OS,
Apache servers, php language, mysql databases, Discuz forums program (version 2 .0, non-patch installing).Installation is complete it
Afterwards, execute the operation of a specific url using arbitrary browser access this Discuz forum, the operation the result is that display
Go out the content in the forum data library.Which achieves the reproductions of the SQL injection loophole.
In the step of reappearing Web application security breaches, the trigger point of Web application security breaches, Jin Erjin can be learnt
Enter the analytical procedure of loophole Web application security breaches.As shown in the step S103 in Fig. 1.Leak analysis link is that entire Web is answered
With the core procedure of security breaches means of defence.By the Web application Analysis of Security Leaks links, Web application peaces can be obtained
The generation root of full loophole.Loophole reproduction step has only reappeared the superficial phenomenon of Web application security breaches, but leak analysis
Step is one by table to inner the step of being analyzed, and is make a thorough investigation, trace the origin the step of.
In one embodiment, analysis Web applications security breaches can also include logical according to Web application security breaches trigger point
Source code audit technique, analysis parameter transmittance process are crossed to obtain the shape of the root and the Web of the Web applications security breaches
At principle.In general, leak analysis method generally may include patch comparison, endpoint debugging, program incidence relation, data biography
Pass tracking, program circuit tracking etc..The root of Web application security breaches may include that input is not verified, exports and do not verify, weigh
Limit do not verify, logic error etc..
For example, in this Web application Analysis of Security Leaks step, it can be on source code level to the safe leakage of Web applications
It is analyzed in hole:If there is the publication of official's patch, patch can be compared, navigate to loophole point, and according to data transfer flow and
Program execution flow finds the trigger point of loophole;If there is no official's patch, with reference to the relevant information that loophole is announced, program is analyzed
Between file association close the, the execution flow of tracing program and the transmittance process of data are debugged in conjunction with to breakpoint under program
Method, where finding out the root of loophole, and illustrate under what conditions, program can lead to loophole in which kind of operational process
Triggering.
It is further detailed with following Web application Analysis of Security Leaks examples.Discuz still is directed to regard to some
The SQL injection loophole of forum's program (version 2 .0) illustrates.The loophole trigger point is to access some specific url.We are directed to
Version 2 .0 folding Discuz forums program carries out source code audit, analyzes the special input parameter in the specific url, analytic process
After receiving the parameter, how by multiple parameter transmission and parameter processing flow, the input of user is put into SQL query statement
In, and by the result presentation of SQL query statement on the output page.So far, it exports the result presented on the page and provides loophole
Root place and loophole formation basic theory.
After having carried out above-mentioned leak analysis and loophole reproduction step, based on reproduction and the analysis safe leakage of Web applications
The result in hole utilizes the loophole.As shown in the step S104 of Fig. 1.Specifically, vulnerability exploit step can obtain Web
On the basis of the place of security breaches root and the trigger flow of the Web application security breaches, specific and detailed land productivity
Loophole is more thoroughly analyzed with certain means namely vulnerability exploit step is deeper into understanding the one of Web application security breaches
A essential step.It is further to understand the Web application security breaches using the purpose of Web application security breaches
Operation logic, verify whether the loophole root that is obtained in analytical procedure correct and it endangers the size of program, so as to
More targetedly to be protected.
In one embodiment, using the step of Web application security breaches may include product concept verification POC programs come
Realize that Web application security breaches utilize.POC (Proof of Concept) program, the i.e. major function of POC proving programs are exactly
Formation basic theory and triggering method for loophole carry out program verification, in the target range ring for reappearing Web application security breaches
The result of loophole generation and issuable harm are really specifically seen in border using analysis result.In short, being exactly needle
To specific loophole principle, specific POC programs are write, realize specific target.
In one embodiment, it may include following at least one that Web applications security breaches, which utilize,:In reading database
Hold, read file content, upload back door, code execution etc..These means usually contribute to for Web applications security breaches into
The means of row attack.In other words, it is exactly that malicious attacker utilizes the function achieved by Web application security breaches.So only
These set objectives for being directed to Web application security breaches are realized by POC programs, could specifically and truly understand the loophole
Inside realize details or method, to provide various information to protect.
Now the still above review altar SQL injection loophole carrys out the process that brief explanation Web application security breaches utilize.For example, needle
To the SQL injection loophole, POC programs are write.In conjunction with the Range Environment of Vmware virtual machines, this can be obtained using POC programs
The data-base content of website.Loophole is executed for code, writes POC programs.In conjunction with the Range Environment of Vmware virtual machines, utilize
The POC programs can obtain the back doors Webshell of website.
All it is to find to Web application security breaches to the reproduction of Web application security breaches, analysis and using purpose above
Thorough understanding, so as to for protect the Web application security breaches submit necessary information.After having grasped these information, root
Web application peaces can be protected according to the method for the present invention based on reproduction, analysis and using the result of the Web applications security breaches
Full loophole, as shown in the step S105 of Fig. 1.
The Web application security breaches means of defences of the present invention as shown in Figure 1, it should be appreciated by those skilled in the art that its
Shown in step be illustrative, can not also be executed in practice according to shown sequence.Alternatively, step can be added or be omitted
Suddenly.For example, collection step can be omitted by executing the present invention on the basis of existing Web application security breaches.
Now, the method for digging that will combine Fig. 2 that Web application security breaches are described in detail.Fig. 2 is that utilization is shown in detail
Web application security breaches reappear, Web applications Analysis of Security Leaks and Web applications security breaches using result answered to carry out Web
The block diagram protected with security breaches.
In an embodiment of the method in accordance with the present invention and as shown in Fig. 2, can to the method 200 of Web application security breaches
To include following at least one:As shown in block 201, description to the bases of Web application security breaches, as shown at block 202 is formed,
The recovery scenario, as shown in block 203 for Web application security breaches is generated, the detection side for being directed to Web application security breaches is generated
Case, as indicated in a block 204 generates the defense schemes for Web application security breaches.
It can be used alone and can also be applied in combination in terms of these above-mentioned Web application security breaches protection, and these sides
Face can provide the protection comprehensive to Web application security breaches, that is, be the source of generation exploit person of Web application security breaches
Member start until the victim of Web application security breaches may include webmaster (head of a station), Web using personnel etc., directly
The scanner of the most fire wall of protection Web application security breaches provides comprehensive counte-rplan.This is answered in the Web of the prior art
It is no in security breaches means of defence.Because the method for present technology is only to single Web applications security breaches
Analysis and research, and cannot by Web analyze and research application of result in the generation of Web application security breaches, propagation, closure it is entire
Chain.Method according to the method for the present invention therefore compared with the existing technology with protection comprehensively, with better promptness and
The advantage of accuracy.
In the following, specifically illustrating these protection steps.It is because can be Web in terms of why using this four protection
All personnel and the comprehensive corresponding scheme of program offer on chain is provided using security breaches.As shown, it may finally
Applied to web developer 210, site owner, administrator 220, Web security scanners 230 and Web security firewalls 240.
It should be appreciated by those skilled in the art that the attached drawing is merely illustrative and not restrictive.Also, generated final protectiving scheme
It can be supplied to personnel at all levels or the equipment of needs in a variety of manners, and be not limited to shown in figure 210 to 240 this four sides
Face.
It is being reappeared by Web application security breaches, after analysis and utilization, the root or tactile to Web application security breaches
Hair flow etc. has very thorough understanding.But in terms of these understandings only reside within program operation result, for example, it is above-mentioned
The operation result etc. of the data-base content, POC programs that are presented on webpage.And web developer may and not know about this, also
It can not prevent the formation of Web application security breaches in the stage of programming and exploitation.So Web according to the present invention is answered
With security breaches means of defence after obtaining the information such as the root of Web application security breaches, it can be formed safe to Web applications
The various useful descriptions of the root of loophole.Mode includes but not limited to used by these descriptions:Personnel can be with natural reading
Natural language description mode that mode obtains, the machine readable format formed in various formats, such as description that XML language is formed
And any other describing mode obtained by Web application security breaches protected personnels or machine.Moreover, providing these
The mode of description can also be varied.For example, being provided by webpage, being carried in the form of a message by various communication softwares or hardware
For, by the natural language of voice mode provide and can make personnel or machine obtain information any other in a manner of provide.
This description obviously can make Web developer design and develop Web in application, not recommit similar mistake,
It is exactly the generation that source prevents Web application security breaches.This mode is clearly the highest mode of efficiency, and the present invention
One of advantage.And also not only Web developer can utilize the description of these roots, and the developer of any program or hardware is
The information of oneself needs can therefrom be obtained to prevent the generation in leak-stopping hole.
Secondly, Web applications security breaches means of defence according to the present invention can form generation and be directed to the safe leakage of Web applications
The recovery scenario in hole.
When Web application security breaches start in network vertical spread, various securing softwares are possible to not be directed to the loophole also
It is updated.It is also of great significance so being protected at the initial stage of Web application security breaches development.And this unexpected
Before the threat face of appearance, administrator, head of a station of various websites etc. are often helpless.Because they answer the Web to cause damages
Known nothing with security breaches, and therefore also just without any safeguard procedures.However, means of defence according to the present invention exists
The initial stage of Web application security breaches harm can provide the recovery scenario for the Web application security breaches so as to
The personnel at all levels being compromised provides rapidly support, it is also possible to minimize the harmfulness of Web application security breaches.Example
Such as, which can be the description that Web application security breaches are carried out with reparation hand-manipulated, can also be that a program is mended
Fourth etc..This recovery scenario is possible to rapidly to be used without waiting for fire wall etc. by site owner, administrator
The update of software.But for emergent purpose, such repair mode is possible to only for current fluent main harm mode
It provides and repairs.In other words, recovery scenario possibly can not provide comprehensive defence.Therefore, after also providing according to the method for the present invention
Continuous scheme further improves protection step.
Urgent coping style for Web application security breaches can be provided in terms of two above for personnel at all levels, be suitble to
It is protected in time within the short time closed that Web threatens appearance.
In addition, the detection scheme for Web application security breaches can also be generated according to the method for the present invention and be directed to Web
Using this group of the defence of security breaches.Both schemes can be directed to the offer of Web application security breaches and more fully protect.For
Web application security breaches generate the scheme for being designed to provide Web applications security breaches existing for complete detection of detection scheme.
Because therefore some Web application security breaches temporarily show in latence and not to endanger before not being triggered
Property, at this moment if not detected, it is possible to become potential and threatens and quick-fried when unexpected
Hair.So provide to the complete detection scheme of Web application security breaches be very it is necessary to.
Similarly, the all-around defense scheme provided for Web application security breaches is also necessary.Therefore, institute as above
It states, recovery scenario may only provide the reparation for certain specific triggering mode, and can not all-around defense.It is possible that carrying later
The all-around defense scheme of confession will can provide the all-around defense to Web application security breaches to prevent from utilizing the safe leakage of Web applications
Any attack achieved by hole and hazard analysis and HACCP.
In one embodiment, it can also include according to the method for the present invention the detection that will be directed to Web application security breaches
Scheme is converted to the scanning rule for security sweep, will be converted to for the defense schemes of Web application security breaches for pacifying
The defence rule of full fire wall.
After all, it is inadequate, Web security firewalls to rely solely on manual type for the protection of Web application security breaches
More quick, automatic and comprehensive protection can be provided with scanner.So detection scheme and defense schemes are converted to Web peaces
The scanning of the scanner of full fire wall and defence rule are efficiently to protect the mode of Web application security breaches.
Web applications security breaches means of defence according to the present invention is illustrated with specific example below.People in the art
Member is it should be understood that example shown in the present invention is illustrative and restrictive.
For example, for some web application SQL injection loophole, by Web application security breaches reappear, analyze and
It utilizes, it is found that loophole has its source in program and id parameters input by user are not filtered effectively.SQL query in program
Sentence is, for example, " selecttitle, contentfrom paper where id=$ id ", wherein needing to limit $ id parameters
Input is digital shape parameter.But due to the carelessness of programmer, $ id parameters is not limited, cause user can be to $
The arbitrary assignment of id parameters, so as to cause the generation of SQL injection loophole.When malicious user is accessed shaped like http://
www.xxx.com/xxx.phpThe url of id=1union select username, password from admin is linked
When, the $ id parameters that receive in program are that " 1union select username, password from admin " are not
Numeric type, so as to cause the username and password of webmaster will be will appear in back page.
Protection, which is carried out, for this SQL injection loophole is embodied in following four aspect:
1. the programmer for forming the description to loophole root and the Web being supplied to apply:$ id parameters are not carried out effective
Filtering and limitation, can be to the arbitrary assignment of $ id parameters so as to cause malicious user.Web application developers are receiving the description
Later, can from the case chalk it up to experience, avoid the occurrence of and the mistake that does not limit inputted to user.
2. being directed to loophole root, loophole recovery scenario is proposed:Limitation is filtered to $ id parameters in a program, is only allowed
It is entered in program for the $ id parameters of numeric type.The recovery scenario can be used for site owner, to avoid website from being attacked
It hits.
3. proposing detection scheme to loophole from the angle of Hole Detection and being converted to security scanners rule.It can scan
Detected rule below is added in device:" xxx.php is accessed respectivelyId=1and 1=1 " and " xxx.phpId=1and 1=
2 " two url, two back page contents are different, then illustrate that there are SQL injection loopholes for the website.
4. the angle defendd from loophole proposes defense schemes to loophole and is converted to security firewall rule.It can prevent fires
Defence rule below is added in wall:When user submits url shaped like " xxx.phpId=1union select name,
When password from admin ", id parameters are judged for nonnumeric type, and contain the key-strings such as union/select,
Then prevent the secondary request of user.
In conclusion according to the present invention for protecting the method for Web application security breaches can be to the safe leakage of Web applications
Hole forms comprehensive, protection timely and accurately.Also, it should be appreciated by those skilled in the art that the method for the present invention not only can be with
For protecting Web application security breaches, other loopholes and harm in protected network can be used for.Moreover, describing this hair
Certain steps can not be carried out or be omitted with the sequence of description sequentially nor restrictive the step of described in bright method
Certain steps.It, can be without for example, if having certain understanding to the principle of some Web application security breaches in advance
Loophole reproduction step and leap to analysis and using step to save the time.
The equipment according to the present invention for protecting Web application security breaches is described with reference to Fig. 3.Fig. 3 is according to this
The block diagram of the equipment for protecting Web application security breaches of inventive embodiments.
In figure 3, the equipment 300 may include:Collection device 301 can be used for collecting Web application security breaches;
Reproducer 302 can be used for reappearing the Web applications security breaches;Analytical equipment 303 can be used for analyzing the Web and answer
Use security breaches;Using device 304, can be used for utilizing based on reappearing and analyzing the result of the Web applications security breaches
The Web applications security breaches;Protective device 305 can be used for based on reproduction, analysis and utilize the safe leakage of Web applications
The result in hole protects Web application security breaches.
Preferentially, which may further include screening plant, for after collecting the Web applications security breaches
The collected Web applications security breaches are screened based on screening criteria.
And, it is preferable that the screening criteria may include following at least one:The Web applications security breaches it is new
Old degree, the coverage of the Web applications security breaches, the difficulty or ease program, described using the Web applications security breaches
The harm program of Web application security breaches.
Preferably, in the device, the collection device may further include network collection device, for passing through network
The Web applications security breaches are collected from Web application security breaches source.
Preferably, in the device, the Web applications security breaches source may include following at least one:Web application peaces
Full loophole announces website and database, community's interactive web-site, news portal website.
Preferably, in the device, the reproducer may further include construction device, for using virtual machine and
Relative program wants Range Environment to reappear the Web applications security breaches.
Preferably, in the device, the analytical equipment may further include audit device, for the described of basis
Web applications are pacified to obtain by source code audit technique, analysis parameter transmittance process the application security breaches trigger points Web
The formation basic theory of the Web of the description of the root of full loophole.
Preferably, in the device, described to may further include generating means using device, it is verified for product concept
POC programs come realize Web application security breaches utilize.
Preferably, in the device, it includes following at least one that the Web applications security breaches, which can utilize,:Read number
According to library content, read file content, upload back door, code execution.
Preferably, in the device, the protective device may further include following at least one:Forming apparatus is used
In description of the formation to the root of the Web applications security breaches;Recovery scenario generating means are directed to the Web for generating
Using the recovery scenario of security breaches;Detection method generating means generate the detection side for the Web applications security breaches
Case;Defence method generating means, for generating the defense schemes for the Web applications security breaches.
Preferably, which may further include conversion equipment, for that will be directed to the inspection of the Web applications security breaches
Survey scheme is converted to the scanning rule for security scanners, will be converted for the defense schemes of the Web applications security breaches
For the defence rule for security firewall.
Shown in sum up, it is safe that the method according to the present invention for protecting Web application security breaches can be directed to Web applications
The entire chain of loophole form development is comprehensively protected.And can be related to Web application security breaches personnel at all levels and
Program all provides reply protectiving scheme, and the protection to Web application security breaches is made to become timely, comprehensive, efficiently and accurately.
Although the above-mentioned attached drawing that has been combined describes specific embodiments of the present invention, those skilled in the art are not taking off
In the case of from the spirit and scope of the present invention, various changes, modification and equivalent substitution can be carried out to the present invention.These change
Become, modification and equivalent substitution all mean and fall within scope defined by appended claims.
Claims (10)
1. a kind of Web applications safety loophole mining method, it is characterised in that:The method includes:(1)It is safe to collect Web applications
Loophole;(2)Reappear the Web applications security breaches;(3)Analyze the Web applications security breaches;(4)Based on reproduction and analysis
The result of the Web applications security breaches utilizes the Web applications security breaches;(5)And based on reproduction, analysis and utilize institute
The result for stating Web application security breaches carrys out Mining Web application security breaches.
2. being based on screening criteria pair later according to the method described in claim 1, being included in and collecting the Web applications security breaches
The collected Web applications security breaches are screened.
3. according to the method described in claim 2, the screening criteria includes following at least one:The safe leakage of Web applications
The new and old program in hole, utilizes the difficulty or ease program of the Web applications security breaches at the coverage of the Web applications security breaches
With the extent of injury of the Web applications security breaches.
4. according to the method described in claim 1, the collection Web application security breaches further comprise through network from Web
The Web applications security breaches are collected using security breaches source.
5. according to the method described in claim 4, the Web applications security breaches source includes following at least one:Web application peaces
Full loophole announces website and database, community's interactive web-site and news portal website.
6. according to the method described in claim 1, the reproduction Web application security breaches further comprise utilizing virtual machine and phase
It closes program construction Range Environment and carrys out again the Web applications security breaches.
7. according to the method described in claim 1, the analysis Web application security breaches further comprise being answered according to the Web
It is obtained to the safe leakage of Web applications by source code audit technique, analysis parameter transmittance process with security breaches trigger point
The description of the root in hole and the formation basic theory of the Web.
8. according to the method described in claim 1, described further comprise that product concept is tested using the Web applications security breaches
POC programs are demonstrate,proved to realize that Web application security breaches utilize.
9. according to the method described in claim 8, it includes following at least one that the Web applications security breaches, which utilize,:Read number
According to library content, read file content, upload back door, code execution.
10. method according to any one of claim 1 to 9, wherein the Mining Web application security breaches are further wrapped
It includes following at least one:Formation is safe for the Web applications to description, the generation of the root of the Web applications security breaches
The recovery scenario of loophole, generation are safe for the Web applications for the detection scheme of the Web applications security breaches, generation
The defense schemes of loophole.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810340130.8A CN108512859A (en) | 2018-04-16 | 2018-04-16 | A kind of Web applications safety loophole mining method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810340130.8A CN108512859A (en) | 2018-04-16 | 2018-04-16 | A kind of Web applications safety loophole mining method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108512859A true CN108512859A (en) | 2018-09-07 |
Family
ID=63381994
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810340130.8A Pending CN108512859A (en) | 2018-04-16 | 2018-04-16 | A kind of Web applications safety loophole mining method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108512859A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981563A (en) * | 2019-01-23 | 2019-07-05 | 国家新闻出版广电总局广播电视规划院 | A kind of automatic intelligent method for digging of radio and television key message infrastructure network security breaches |
CN110059007A (en) * | 2019-04-03 | 2019-07-26 | 北京奇安信科技有限公司 | System vulnerability scan method, device, computer equipment and storage medium |
CN110460571A (en) * | 2019-07-05 | 2019-11-15 | 深圳壹账通智能科技有限公司 | Operation system loophole processing method, device, computer equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101098226A (en) * | 2006-06-27 | 2008-01-02 | 飞塔信息科技(北京)有限公司 | Online real-time virus processing system and method |
CN101242279A (en) * | 2008-03-07 | 2008-08-13 | 北京邮电大学 | Automatic penetration testing system and method for WEB system |
CN101388899A (en) * | 2007-09-12 | 2009-03-18 | 北京启明星辰信息技术有限公司 | Front-background related auditing method and system for Web server |
CN104065645A (en) * | 2014-05-28 | 2014-09-24 | 北京知道创宇信息技术有限公司 | Web vulnerability protection method and apparatus |
CN107368417A (en) * | 2017-07-25 | 2017-11-21 | 中国人民解放军63928部队 | A kind of bug excavation technical testing model and method of testing |
-
2018
- 2018-04-16 CN CN201810340130.8A patent/CN108512859A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101098226A (en) * | 2006-06-27 | 2008-01-02 | 飞塔信息科技(北京)有限公司 | Online real-time virus processing system and method |
CN101388899A (en) * | 2007-09-12 | 2009-03-18 | 北京启明星辰信息技术有限公司 | Front-background related auditing method and system for Web server |
CN101242279A (en) * | 2008-03-07 | 2008-08-13 | 北京邮电大学 | Automatic penetration testing system and method for WEB system |
CN104065645A (en) * | 2014-05-28 | 2014-09-24 | 北京知道创宇信息技术有限公司 | Web vulnerability protection method and apparatus |
CN107368417A (en) * | 2017-07-25 | 2017-11-21 | 中国人民解放军63928部队 | A kind of bug excavation technical testing model and method of testing |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981563A (en) * | 2019-01-23 | 2019-07-05 | 国家新闻出版广电总局广播电视规划院 | A kind of automatic intelligent method for digging of radio and television key message infrastructure network security breaches |
CN110059007A (en) * | 2019-04-03 | 2019-07-26 | 北京奇安信科技有限公司 | System vulnerability scan method, device, computer equipment and storage medium |
CN110460571A (en) * | 2019-07-05 | 2019-11-15 | 深圳壹账通智能科技有限公司 | Operation system loophole processing method, device, computer equipment and storage medium |
CN110460571B (en) * | 2019-07-05 | 2022-11-04 | 深圳壹账通智能科技有限公司 | Business system vulnerability processing method and device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104065645A (en) | Web vulnerability protection method and apparatus | |
Huang et al. | Web application security assessment by fault injection and behavior monitoring | |
Kals et al. | Secubat: a web vulnerability scanner | |
CN101808093B (en) | System and method for automatically detecting WEB security | |
Scholte et al. | Preventing input validation vulnerabilities in web applications through automated type analysis | |
CN103780614B (en) | A kind of SQL injection loophole method for digging based on simulated strike extension | |
Deepa et al. | DetLogic: A black-box approach for detecting logic vulnerabilities in web applications | |
Shar et al. | Auditing the XSS defence features implemented in web application programs | |
CN103279710A (en) | Method and system for detecting malicious codes of Internet information system | |
CN108512859A (en) | A kind of Web applications safety loophole mining method and device | |
Marback et al. | Security test generation using threat trees | |
Mathas et al. | On the design of IoT security: Analysis of software vulnerabilities for smart grids | |
Sahu et al. | Analysis of web application code vulnerabilities using secure coding standards | |
Subedi et al. | Secure paradigm for web application development | |
Shi et al. | Backporting security patches of web applications: A prototype design and implementation on injection vulnerability patches | |
Vijayalakshmi et al. | Case Study: extenuation of XSS attacks through various detecting and defending techniques | |
Hsu | Practical security automation and testing: tools and techniques for automated security scanning and testing in devsecops | |
Liban et al. | Enhancing Mysql Injector vulnerability checker tool (Mysql Injector) using inference binary search algorithm for blind timing-based attack | |
Thai et al. | A framework for website security assessment | |
McBride et al. | Security analysis of Contiki IoT operating system | |
KR100614931B1 (en) | Vulnerability analysis apparatus and method of web application | |
Hidhaya et al. | Detection of vulnerabilities caused by webview exploitation in smartphone | |
KR101012335B1 (en) | Secure information flow analysis using abstract domain based on regular expressions | |
Sivakumar et al. | Constructing a “common cross site scripting vulnerabilities enumeration (cxe)” using cwe and cve | |
Kalaani | OWASP ZAP vs Snort for SQLi Vulnerability Scanning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180907 |
|
WD01 | Invention patent application deemed withdrawn after publication |