CN108810032A - It is a kind of based on the Web of agency across station security processing - Google Patents
It is a kind of based on the Web of agency across station security processing Download PDFInfo
- Publication number
- CN108810032A CN108810032A CN201810815958.4A CN201810815958A CN108810032A CN 108810032 A CN108810032 A CN 108810032A CN 201810815958 A CN201810815958 A CN 201810815958A CN 108810032 A CN108810032 A CN 108810032A
- Authority
- CN
- China
- Prior art keywords
- node
- loophole
- web
- module
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
It is a kind of based on the Web of agency across station safety processing method, be based on following system architecture, system architecture, comprising vertex ticks module, output flow proxy module, log analysis reporting modules;The vertex ticks module refers to parsing the template file in application during the compiling before program publication, by the leaky node addition label of institute;The mode of label is that Custom Attributes is added on node, and the value of Custom Attributes is the required parameter title that system generates;Proxy module is flowed in the output, it is divided into two parts, first, it is by the required parameter title in node module, replace with the random number of current request system automatically generated, second part refers to simultaneously proxy response data being intercepted, by the way that response data is parsed into html document before response data is sent to browser, find out that all there may be the nodes of loophole, once there is unlabelled loophole node, then this node of escape, is back to client in the form of text.
Description
Technical field
The invention belongs to internet security field, it is a kind of based on the Web of agency across station safety processing method.
Background technology
With the universal and development of domestic internet, anyone can simply log in internet and obtain information, delivers
Comment, purchase thing etc., it may be said that internet changes people's lives, and as Internet user is more and more, data are more next
Huger, enterprise and privacy of user data are increasingly taken seriously, since the interests got by these private datas are more next
It is more, just there are some offenders, by digging system loophole, reveals enterprise and user data, society is caused to seriously endanger
And influence.Even so, still there are some enterprise securities consciousness and precautionary measures insufficient, the cost for handling these loopholes compares
Height is main cause.
CN201510202647.7 provides a kind of WEB safety detection methods and device, method therein include:By WEB
The Detection task information storage that safety detection front end is submitted is in Web safety detection data acquisition systems;From WEB safety detection data sets
At least one pending Detection task information is read in conjunction, and data cached set is written into the Detection task information of reading
In;Multiple detection sub tasks are generated for each Detection task information of reading, each detection sub task is respectively allocated to WEB
The group system of safety detection rear end;Group system is executed into the information submitted during detection sub task, data cached collection is written
In conjunction;After the completion of the corresponding each detection sub task of a Detection task information executes, this Detection task information is being cached
Testing result in data acquisition system is stored in Web safety detection data acquisition systems.Technical solution provided by the invention improves Web
The safety of safety detection, and improve the efficiency of WEB safety detections.During a kind of Web applications attack defense method is careful-substantive examination
CN201710710670.6 proposes a kind of Web applications attack defense method.Method of the present invention, which is selection, to be needed
The access interface typing Web attack defending systems of the application to be defendd, and select the Web attack types for needing to defend;To own
Access be directed toward Web attack defending systems;Web attack defending systems intercept all access, and anti-according to the defence type of selection
It is imperial.The present invention can solve the problems, such as the attack defending of Web applications.
CN201710696264.9 discloses a kind of method and device of the security protection based on Nginx.This method includes:
Obtain the daily record data of Nginx servers;Obtain the request relevant information of the client in the daily record data;If the visitor
The request relevant information at family end, which meets, predefines block rule, then is sent out to the Nginx servers and forbid instructing, to indicate
State the request permissions that Nginx servers forbid the client.Due to not invading Nginx servers, avoids and Nginx is serviced
Device impacts, and reduces development and maintenance cost.
Due to the particularity of cross-site attack, degree is solved dependent on the coding custom of developer, awareness of safety, enterprise
Safety training etc..Even large-scale website remains on the generation of such loophole;Once including business data or privacy of user
Data can cause far-reaching influence to society and individual.
It is a kind of to be come into being across the processing method of station safety based on the Web of agency, mainly solve two large problems:
1. handling cross-site attack, need to continue the larger manpower of input.The present invention need to only be done disposably according to specification and requirement
Configuration, it is disposable to put into manpower.
2. leakage is killed, problem is manslaughtered.All possibility modes for generating cross-site attacks of induction-arrangement of the present invention, using white list
Pattern, manslaughtered to have the function that anti-leak-stopping kills.
Traditional interception cross-site attack scheme:
1. by blocker interception request parameter, if required parameter is matched to customized rule, code includes to dislike
Meaning code, just takes interception to operate.
2. adding some rules by configuring Content Security Policy (content safety strategy), browser is allowed
It identifies that certain requests are illegal, alleviates the relevant attack that the SRC attribute of node causes.
3. by way of rendering escape parameter, when rendering the page, matching custom rule is carried out to rendering parameter, such as
HTML encoding operations are then taken in matching, intercept malicious code.
4. rendering the page again after using HTML escapes in serve end program.For the attack for list, using one
The label Token of secondary property is verified, but all must do the coding of repeatability in many places by developer.
The present invention looks for another way, since all webpages are both needed to be transmitted to browser from server end by the form of stream
End, therefore output stream is intercepted first, then flowed by analyzing this output, it is parsed into html document, illegal section is parsed for cross site scripting
Point is forged the request across station, is marked using fully automatic add, does specially treated and then output to browser.Include simultaneously
Following characteristic:
1:Developer is absorbed in business, without extra process across station loophole, reduces cost.
2:Small on system performance influence, for the webpage of 5000 rows, delay is less than 50ms.Average 10ms or so.
3:The method that the invention provides, can use on a large scale.
First way has on the market based on Nginx modules ngx_lua_waf, based on required parameter at present across station foot
This blocker.The advantage of such mode is to dispose and to intercept principle simple, but due to needing to configure some rules, and across station
The mutation of script loophole can not be handled by rule, and easy leakage is killed, manslaughtered.
The second way configures Content Security Policy, and the company used both at home and abroad at present is few, mainly asks
Topic is that access is complicated, is required for configuring some rules for all pages, for some legacy systems, adds and advise in all pages
Then cost is huge, while such method, official also it is stated that, can only alleviate, cannot effect a radical cure.
The third mode, for individually application have good effect, but if being distributed multisystem, then occur leakage kill,
The probability manslaughtered can increase with the increase of system.
4th kind of mode is the best way of current effect, but one loophole elapsed time of solution is long, needs to continue input
Manpower.
Invention content
In order to solve the problems existing in the prior art, the object of the present invention is to propose a kind of safe across station based on the Web of agency
Processing method, the output stream of client is transmitted to by intercept server, using HTML analytic techniques, detection cross site scripting is attacked
Hitting code and increasing to intercept asks forgery attack verification mark Token, the present invention that can significantly reduce security of system exploitation across station
Testing time contributes to the raising of Product Safety.
Technical solution of the present invention is specific as follows:It is a kind of based on the Web of agency across station safety processing method, based on following system
System framework, system architecture, including vertex ticks module, output stream proxy module, log analysis reporting modules;The vertex ticks
Module refers to parsing the template file in application during the compiling before program publication, by the leaky node addition mark of institute
Note;The mode of label is that Custom Attributes is added on node, and the value of Custom Attributes is the required parameter title that system generates;
Proxy module is flowed in the output, is divided into two parts, and first, it is to replace the required parameter title in node module
For the random number of current request system automatically generated, second part refers to being intercepted simultaneously before response data is sent to browser
Proxy response data, by the way that response data is parsed into html document, find out it is all there may be the nodes of loophole, once occur
Unlabelled loophole node, then this node of escape, is back to client in the form of text;
The log analysis reporting modules refer to succedaneum when intercepting attack code, send attack code to daily record
Server, the module summarize by analytical attack code and send early warning mail notification party processing;
It is as follows:
Step 1:Before server compiles Page Template, the loophole node of Page Template is first checked, if there is leakage in template
Hole node, then when compiling, loophole node adds Custom Attributes thus;The value of attribute is the title of customized required parameter;
Step 2:After user initiates request to server, server generates encryption string, will when parameter is rendered to the page
The value that step 1 adds Custom Attributes renders encryption string thus;
Step 3:When server returns data to user, intercepts output and flow to local memory, and be parsed into html document;
If loophole node in this html document of step 3.1 is marked not comprising current crypto string, by this node escape at
Html format is returned again to client;
If in step 3.2 html document including list node, additionally field mark Token is hidden in addition to node thus;
Step 3.3 re-assemblies html document, is sent to browser;
Step 4:Record log clears up the Custom Attributes of loophole node.
Heretofore described illegal node, refer to all nodes for being possible to generate cross-site scripting attack loophole or
Grammer, in general, SCRIPT labels are most common label;Heretofore described encryption string is effectively added in current thread
Close string, thread terminate, then encrypt string failure, prevent user's analog encryption string to realize attack.
Heretofore described label Token refers to a random code for judging request uniqueness, once request passes through,
Then this label failure.
Advantageous effect, compared with prior art, the effect of remarkable advantage and formation have:
(1) present invention is by acting on behalf of output stream, for the cross-system storage-type cross-site scripting attack injected by parameter, together
Sample can play the role of prevention;
(2) present invention judges whether it is cross site scripting type node from node first, keeps away by using the pattern of white list
Exempt to match etc. using canonical and has manslaughtered leakage caused by the interception of similar virus base mode and kill problem.
(3) present invention is by the Form lists in search and output stream, automatic addition label Token, while being submitted in list
The mode of Shi Zidong certification labels Token does not have to increase the label Token unrelated with business in service code again, while
Without whether certification label Token is normal in each service code for submitting request again.Human cost is reduced to reach
Purpose.
Description of the drawings
Fig. 1 is a kind of system structure realized across the processing method of station safety based on the Web of agency in the embodiment of the present invention
Schematic diagram;
Fig. 2 be the embodiment of the present invention in it is a kind of based on the Web of agency across station safety processing method implementation flow chart.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with specific embodiment, and reference
Attached drawing, the present invention is described in more detail.
Fig. 1 is a kind of system structure realized across the processing method of station safety based on the Web of agency in the embodiment of the present invention
Schematic diagram, the system architecture specifically comprising include vertex ticks module, output stream proxy module, log analysis reporting modules.
The vertex ticks module refers to parsing the template file in application during the compiling before program publication,
By the leaky node addition label of institute;The mode of label is that Custom Attributes is added on node, and the value of Custom Attributes is to be
The required parameter title that system generates;
Proxy module is flowed in the output, is divided into two parts, and first, it is to replace the required parameter title in node module
For the random number of current request system automatically generated, second part refers to being intercepted simultaneously before response data is sent to browser
Proxy response data, by the way that response data is parsed into html document, find out it is all there may be the nodes of loophole, once occur
Unlabelled loophole node, then this node of escape, is back to client in the form of text;
The log analysis reporting modules refer to succedaneum when intercepting attack code, send attack code to daily record
Server, the module summarize by analytical attack code and send early warning mail notification party processing;
Fig. 2 be the embodiment of the present invention in it is a kind of based on the Web of agency across station safety processing method implementation flow chart, specifically
Step has:
The System build phase:By configuration file, appointing system view layer template position, when compiling, system circulation traverses this
The All Files of position parse the node similar with attack code, thus the specified attribute of node addition.
Request enters the phase:Interception request object generates random code, this random code is stored in current thread, while being stored in this
It asks in object, when system analysis view, the label that compiling duration generates is replaced with this random code.
Response intercepts and acts on behalf of the phase:Response output stream is intercepted, this output is flowed, is parsed into html document format, agency's output
To client.
The Malicious Code Detection phase:The label in above-mentioned html document is inquired, to can generating XSS attack but unmarked
Node, take the mode of coding to export, while recording this nodal information.
The post analysis phase:By the information induction and conclusion of above-mentioned record, periodically sends statistical report and analyze use for party.
The foregoing is merely a kind of embodiments of the present invention, are not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement etc. made by within refreshing and principle, to be included within protection scope of the present invention.
Claims (5)
1. it is a kind of based on the Web of agency across station safety processing method, characterized in that be based on following system architecture, system architecture,
Including vertex ticks module, output stream proxy module, log analysis reporting modules;The vertex ticks module, refers in program
During compiling before publication, the template file in application is parsed, by the leaky node addition label of institute;The mode of label is
Custom Attributes is added on node, the value of Custom Attributes is the required parameter title that system generates;
Proxy module is flowed in the output, is divided into two parts, and first, it is that the required parameter title in node module is replaced with and worked as
The random number that preceding Request System automatically generates, second part refer to intercepting and acting on behalf of before response data is sent to browser
Response data, by the way that response data is parsed into html document, find out it is all there may be the nodes of loophole, once occur not marking
The loophole node of note, then this node of escape, is back to client in the form of text;
The log analysis reporting modules refer to succedaneum when intercepting attack code, send attack code to log services
Device, the module summarize by analytical attack code and send early warning mail notification party processing;
It is as follows:
Step 1:Before server compiles Page Template, the loophole node of Page Template is first checked, if there are loophole sections in template
Point, then when compiling, node adds Custom Attributes thus;The value of attribute is the title of customized required parameter;
Step 2:After user initiates request to server, server generates encryption string, when parameter is rendered to the page, by first
The value of step addition Custom Attributes renders encryption string thus;
Step 3:When server returns data to user, intercepts output and flow to local memory, and be parsed into html document;
If the loophole node in this html document of step 3.1 is marked not comprising current crypto string, by this node escape;
If in step 3.2 html document including list node, additionally field mark Token is hidden in addition to node thus;
Step 3.3 re-assemblies html document, is sent to browser;
Step 4:Record log clears up the Custom Attributes of loophole node.
2. it is according to claim 1 based on the Web of agency across station safety processing method, characterized in that the loophole
Node refers to all nodes or grammer for being possible to generate cross-site scripting attack loophole.
3. it is according to claim 1 based on the Web of agency across station safety processing method, characterized in that SCRIPT labels
For most common label;The encryption string is that effectively encryption string, thread terminate in current thread, then encrypts string failure, prevent
Only user's analog encryption string is attacked to realize.
4. it is according to claim 1 based on the Web of agency across station safety processing method, characterized in that the label
Token refers to the random code for judging request uniqueness, once request passes through, then this label failure.
5. it is according to claim 1 based on the Web of agency across station safety processing method, characterized in that specific steps have:
The System build phase:By configuration file, appointing system view layer template position, when compiling, system circulation traverses this position
All Files, parsing springs a leak node, and node adds customized attribute thus, and attribute value is self-defined required parameter
Title;
Request enters the phase:Interception request object generates random code, this random code is stored in current thread, while being stored in this request
In object, when system analysis view, the label that compiling duration generates is replaced with this random code;
Response intercepts and acts on behalf of the phase:Response output stream is intercepted, this output stream is parsed into html document format, output stream agency's output
To client;
The Malicious Code Detection phase:The label in above-mentioned html document is inquired, to unlabelled loophole node, takes the mode of escape
Output, while recording this nodal information;
The post analysis phase:By the information induction and conclusion of above-mentioned record, periodically sends statistical report and analyze use for party.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810815958.4A CN108810032B (en) | 2018-07-24 | 2018-07-24 | Web cross-site security processing method based on proxy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810815958.4A CN108810032B (en) | 2018-07-24 | 2018-07-24 | Web cross-site security processing method based on proxy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108810032A true CN108810032A (en) | 2018-11-13 |
| CN108810032B CN108810032B (en) | 2020-05-01 |
Family
ID=64077898
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810815958.4A Active CN108810032B (en) | 2018-07-24 | 2018-07-24 | Web cross-site security processing method based on proxy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108810032B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109740355A (en) * | 2019-01-03 | 2019-05-10 | 深圳前海微众银行股份有限公司 | Vulnerability scanning method, server, system and proxy server |
| CN110808977A (en) * | 2019-10-31 | 2020-02-18 | 重庆佳锐颖科技发展有限公司 | Development system and method for avoiding XSS vulnerability of Web program |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110214157A1 (en) * | 2000-09-25 | 2011-09-01 | Yevgeny Korsunsky | Securing a network with data flow processing |
| CN102307197A (en) * | 2011-08-29 | 2012-01-04 | 浙江中烟工业有限责任公司 | Trusted enhancement subsystem of multilevel security intercommunication platform |
| CN102831345A (en) * | 2012-07-30 | 2012-12-19 | 西北工业大学 | Injection point extracting method in SQL (Structured Query Language) injection vulnerability detection |
| CN102917360A (en) * | 2012-10-24 | 2013-02-06 | 北京邮电大学 | Device and method for detecting Zigbee protocol vulnerabilities |
| CN104618404A (en) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | Processing method, device and system for preventing network attack to Web server |
| US9124623B1 (en) * | 2013-06-20 | 2015-09-01 | Symantec Corporation | Systems and methods for detecting scam campaigns |
| CN106302445A (en) * | 2016-08-15 | 2017-01-04 | 北京百度网讯科技有限公司 | For the method and apparatus processing request |
| CN108306867A (en) * | 2018-01-17 | 2018-07-20 | 郑州云海信息技术有限公司 | A kind of XSS detection methods collecting randomization based on instruction |
-
2018
- 2018-07-24 CN CN201810815958.4A patent/CN108810032B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110214157A1 (en) * | 2000-09-25 | 2011-09-01 | Yevgeny Korsunsky | Securing a network with data flow processing |
| CN102307197A (en) * | 2011-08-29 | 2012-01-04 | 浙江中烟工业有限责任公司 | Trusted enhancement subsystem of multilevel security intercommunication platform |
| CN102831345A (en) * | 2012-07-30 | 2012-12-19 | 西北工业大学 | Injection point extracting method in SQL (Structured Query Language) injection vulnerability detection |
| CN102917360A (en) * | 2012-10-24 | 2013-02-06 | 北京邮电大学 | Device and method for detecting Zigbee protocol vulnerabilities |
| US9124623B1 (en) * | 2013-06-20 | 2015-09-01 | Symantec Corporation | Systems and methods for detecting scam campaigns |
| CN104618404A (en) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | Processing method, device and system for preventing network attack to Web server |
| CN106302445A (en) * | 2016-08-15 | 2017-01-04 | 北京百度网讯科技有限公司 | For the method and apparatus processing request |
| CN108306867A (en) * | 2018-01-17 | 2018-07-20 | 郑州云海信息技术有限公司 | A kind of XSS detection methods collecting randomization based on instruction |
Non-Patent Citations (2)
| Title |
|---|
| 张凡: "Web应用程序漏洞检测与防护技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 高岩,胡勇: "Web前端XSS过滤技术研究", 《通信技术》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109740355A (en) * | 2019-01-03 | 2019-05-10 | 深圳前海微众银行股份有限公司 | Vulnerability scanning method, server, system and proxy server |
| CN110808977A (en) * | 2019-10-31 | 2020-02-18 | 重庆佳锐颖科技发展有限公司 | Development system and method for avoiding XSS vulnerability of Web program |
| CN110808977B (en) * | 2019-10-31 | 2021-09-14 | 重庆佳锐颖科技发展有限公司 | Development system and method for avoiding XSS vulnerability of Web program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108810032B (en) | 2020-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110881044B (en) | Computer firewall dynamic defense security platform | |
| Gupta et al. | Hunting for DOM-Based XSS vulnerabilities in mobile cloud-based online social network | |
| Kirda et al. | Client-side cross-site scripting protection | |
| Nithya et al. | A survey on detection and prevention of cross-site scripting attack | |
| Muthuprasanna et al. | Eliminating SQL injection attacks-A transparent defense mechanism | |
| Muzaki et al. | Improving security of web-based application using ModSecurity and reverse proxy in web application firewall | |
| Cui et al. | A survey on xss attack detection and prevention in web applications | |
| Lamba | Analysing sanitization technique of reverse proxy framework for enhancing database-security | |
| Mishra et al. | Intelligent phishing detection system using similarity matching algorithms | |
| Gupta et al. | A survey and classification of XML based attacks on web applications | |
| CN111931170A (en) | Website application isolation protection system | |
| CN108810032A (en) | It is a kind of based on the Web of agency across station security processing | |
| Wedman et al. | An analytical study of web application session management mechanisms and HTTP session hijacking attacks | |
| Falana et al. | Detection of cross-site scripting attacks using dynamic analysis and fuzzy inference system | |
| McKenna | Detection and classification of Web robots with honeypots | |
| Barhoom et al. | A new server-side solution for detecting cross site scripting attack | |
| Lin et al. | The automatic defense mechanism for malicious injection attack | |
| Priyadarshini et al. | A cross platform intrusion detection system using inter server communication technique | |
| Duraisamy et al. | A server side solution for protection of web applications from cross-site scripting attacks | |
| Lai et al. | Designing a taxonomy of web attacks | |
| Athanasopoulos et al. | Hunting cross-site scripting attacks in the network | |
| Srivastava et al. | Security and Scalability of E-Commerce Website by OWASP threats. | |
| Pevnev et al. | Web application protection technologies | |
| George et al. | A proposed architecture for query anomaly detection and prevention against SQL injection attacks | |
| Cheah et al. | A review of common web application breaching techniques (SQLi, XSS, CSRF) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |