CN110113366A - A kind of detection method and device of CSRF loophole - Google Patents

A kind of detection method and device of CSRF loophole Download PDF

Info

Publication number
CN110113366A
CN110113366A CN201910549709.XA CN201910549709A CN110113366A CN 110113366 A CN110113366 A CN 110113366A CN 201910549709 A CN201910549709 A CN 201910549709A CN 110113366 A CN110113366 A CN 110113366A
Authority
CN
China
Prior art keywords
access
detected
token
access request
access response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910549709.XA
Other languages
Chinese (zh)
Other versions
CN110113366B (en
Inventor
张何钫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201910549709.XA priority Critical patent/CN110113366B/en
Publication of CN110113366A publication Critical patent/CN110113366A/en
Priority to PCT/CN2020/096900 priority patent/WO2020259389A1/en
Application granted granted Critical
Publication of CN110113366B publication Critical patent/CN110113366B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of detection method and device of CSRF loophole, which comprises determines whether the 2nd Token carried in the second access response of the first access identities Token carried in the first access response of URL website return to be detected and the URL website return to be detected is consistent;First user is different from the second user;If inconsistent, when setting time reaches, the third access request for carrying first user and logging in state information is sent to the URL website to be detected;If the 3rd Token in the corresponding third access response of the third access request is consistent with the first Token, it is determined that there are CSRF loopholes for the URL website to be detected.Using method provided by the invention, it is intended to solve the problems, such as that there are detection means is single, accuracy in detection is not high to CSRF Hole Detection in the prior art.

Description

一种CSRF漏洞的检测方法及装置A CSRF vulnerability detection method and device

技术领域technical field

本发明涉及金融科技(Fintech)技术领域,尤其涉及一种CSRF漏洞的检测方法及装置。The invention relates to the technical field of financial technology (Fintech), in particular to a method and device for detecting CSRF vulnerabilities.

背景技术Background technique

随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技(Finteh)转变,由于金融行业的安全性、实时性要求,因而对漏洞检测技术也提出了更高的要求。With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually transforming into financial technology (Finteh). Due to the security and real-time requirements of the financial industry, the vulnerability detection technology is also proposed. higher requirement.

跨站请求伪造(cross-site request forgery,CSRF)是一种对网站的恶意利用。部分金融平台在业务功能上存在着漏洞,CSRF使黑客可以冒充合法用户的身份,使合法用户在不知情的情况下触发如金融支付、转帐等危险操作,直接影响用户的资金、账号的安全。Cross-site request forgery (CSRF) is a malicious use of a website. Some financial platforms have loopholes in business functions. CSRF allows hackers to pretend to be legitimate users, causing legitimate users to trigger dangerous operations such as financial payment and transfer without knowing it, directly affecting the security of users' funds and accounts.

目前已有针对CSRF的检测方法,但无论是手工检测还是自动化检测都存在检测手段单一、检测准确度不高的问题。At present, there are detection methods for CSRF, but both manual detection and automatic detection have the problems of single detection means and low detection accuracy.

发明内容Contents of the invention

本发明实施例提供一种CSRF漏洞的检测方法,旨在解决现有技术中对CSRF漏洞的检测手段单一、检测准确度不高的问题。An embodiment of the present invention provides a method for detecting a CSRF vulnerability, aiming at solving the problems in the prior art that the means for detecting the CSRF vulnerability are single and the detection accuracy is not high.

第一方面、本发明实施例提供一种跨站请求伪造CSRF漏洞的检测方法,包括:In the first aspect, the embodiment of the present invention provides a method for detecting CSRF vulnerabilities of cross-site request forgery, including:

确定待检测URL站点返回的第一访问响应中携带的第一访问标识Token与所述待检测URL站点返回的第二访问响应中携带的第二Token是否一致;所述第一访问响应针对携带第一用户登录态信息的第一访问请求发送的;所述第二访问响应是针对携带第二用户登录态信息的第二访问请求发送的;所述第一用户与所述第二用户不同;Determine whether the first access identifier Token carried in the first access response returned by the URL site to be detected is consistent with the second Token carried in the second access response returned by the URL site to be detected; The first access request for the login state information of a user is sent; the second access response is sent for the second access request carrying the login state information of the second user; the first user is different from the second user;

若不一致,则在设定时间到达时,向所述待检测URL站点发送携带所述第一用户登录态信息的第三访问请求;若所述第三访问请求对应的第三访问响应中的第三Token与所述第一Token一致,则确定所述待检测URL站点存在CSRF漏洞。If inconsistent, when the set time arrives, send the third access request carrying the first user login status information to the URL site to be detected; if the third access response corresponding to the third access request If the three Tokens are consistent with the first Token, it is determined that there is a CSRF vulnerability in the URL site to be detected.

上述技术方案中,在CSRF漏洞的检测方式上增加了针对不同用户信息的Token进行检测,若不同用户在访问响应中的Token相同,则存在CSRF漏洞的可能性较大;在通过了针对不同用户信息的Token检测后,进行不同时段的Token检测;若同一用户在不同的时段内的Token相同,则存在CSRF漏洞的可能性较大。可以看出,上述技术方案中通过引入不同用户信息的Token检测及同一用户不同时段的Token检测,丰富了Token检测的手段,从而提升了检测准确度。In the above technical solution, in the CSRF vulnerability detection method, Token detection for different user information is added. If different users have the same Token in the access response, there is a greater possibility of CSRF vulnerability; After the Token detection of the information, perform Token detection in different time periods; if the same user has the same Token in different time periods, there is a greater possibility of CSRF vulnerabilities. It can be seen that in the above technical solution, by introducing Token detection of different user information and Token detection of the same user at different time periods, the means of Token detection are enriched, thereby improving the detection accuracy.

在一种可能的实现方式里,若服务器所述第三访问请求对应的第三访问响应中的第三Token与所述第一Token不一致,还包括:In a possible implementation, if the third Token in the third access response corresponding to the third access request of the server is inconsistent with the first Token, further includes:

构造符合所述待检测URL站点的交互方式的第四访问请求;Constructing a fourth access request conforming to the interaction mode of the URL site to be detected;

向所述待检测URL站点发送所述第四访问请求;sending the fourth access request to the URL site to be detected;

若所述第四访问请求对应的第四访问响应与第五访问响应匹配,则确定所述待检测URL站点存在CSRF漏洞;所述第五访问响应是所述待检测URL站点的针对合法访问请求的响应。需要说明的是:第四访问请求也可以是第一访问请求,因而第五访问响应也可以是第一访问响应。If the fourth access response corresponding to the fourth access request matches the fifth access response, it is determined that the URL site to be detected has a CSRF vulnerability; the fifth access response is a legal access request of the URL site to be detected the response to. It should be noted that the fourth access request may also be the first access request, and thus the fifth access response may also be the first access response.

上述技术方案中,在不同用户信息的Token检测及同一用户不同时段的Token检测均通过后,进一步提供了构造的访问请求与合法的访问请求的检测方式;若构造的访问请求的响应与合法的访问请求的响应匹配(如相似度高),则确定存在CSRF漏洞。从上述技术方案可以看出,本发明实施例进一步新增了检测手段,从而提升了检测准确度。In the above technical solution, after the Token detection of different user information and the Token detection of the same user at different time periods are passed, the detection method of the structured access request and the legitimate access request is further provided; if the response of the constructed access request is consistent with the legal If the response of the access request matches (for example, the similarity is high), it is determined that there is a CSRF vulnerability. It can be seen from the above technical solutions that the embodiments of the present invention further add detection means, thereby improving detection accuracy.

在一种可能的实现方式里,所述URL站点的交互方式为Ajax格式;向所述待检测URL站点发送所述第四访问请求之前,还包括:In a possible implementation, the interaction mode of the URL site is Ajax format; before sending the fourth access request to the URL site to be detected, it also includes:

设置所述第四访问请求的发送端支持跨域访问时携带cookie信息。Setting the sender of the fourth access request to carry cookie information when supporting cross-domain access.

上述技术方案中,针对交互方式不同,构造出不同的访问请求从而使得CSRF漏洞的检测可实现,确保检测准确度。In the above technical solution, according to different interaction modes, different access requests are constructed so that the detection of CSRF vulnerabilities can be realized and the detection accuracy can be ensured.

在一种可能的实现方式里,确定待检测URL站点返回的第一访问响应中携带的第一访问标识Token与所述待检测URL页面返回的第二访问响应中携带的第二Token是否一致之前,还包括:In a possible implementation, before determining whether the first access identifier Token carried in the first access response returned by the URL site to be detected is consistent with the second Token carried in the second access response returned by the URL page to be detected ,Also includes:

爬取所述待检测URL站点的各数据包;从所述各数据包中获取所述第一访问响应和所述第二访问响应;或构造所述第一登录请求并发送至所述待检测URL站点;构造所述第二登录请求并发送至所述待检测URL站点。Crawling each data packet of the URL site to be detected; obtaining the first access response and the second access response from each data packet; or constructing the first login request and sending it to the to-be-detected URL site; constructing the second login request and sending it to the URL site to be detected.

上述技术方案中,提供了两种关于登录请求的实现方式,一种为通过爬取网络上的数据包,此方式可以使得构造的登录请求与实际情况相符合;另一种为直接构造登录请求,此方式可以使得构造更灵活。In the above technical solution, two ways of realizing the login request are provided. One is to crawl the data packets on the network, which can make the constructed login request conform to the actual situation; the other is to directly construct the login request , which can make the construction more flexible.

在另一种可能的实现方式里,确定待检测URL站点返回的第一访问响应中携带的第一访问标识Token与所述待检测URL页面返回的第二访问响应中携带的第二Token是否一致之前,还包括:In another possible implementation, it is determined whether the first access identifier Token carried in the first access response returned by the URL site to be detected is consistent with the second Token carried in the second access response returned by the URL page to be detected Previously, also included:

确定所述第一Token和所述第二Token不在黑名单中。It is determined that the first Token and the second Token are not in the blacklist.

上述技术方案,在进行不同用户信息的Token检测之前,还进行黑名单判断;若Token在黑名单中,则确定存在CSRF漏洞;否则才进行不同用户信息的Token检测。此技术方案可以进一步提升CSRF漏洞的检测效率。In the above technical solution, before the Token detection of different user information is performed, blacklist judgment is also performed; if the Token is in the blacklist, it is determined that there is a CSRF vulnerability; otherwise, the Token detection of different user information is performed. This technical solution can further improve the detection efficiency of CSRF vulnerabilities.

第二方面、本发明实施例还提供了一种跨站请求伪造CSRF漏洞的检测装置,所述装置包括:In the second aspect, the embodiment of the present invention also provides a cross-site request forgery CSRF vulnerability detection device, the device comprising:

确定单元:用于确定待检测URL站点返回的第一访问响应中携带的第一访问标识Token与所述待检测URL站点返回的第二访问响应中携带的第二Token是否一致;所述第一访问响应针对携带第一用户登录态信息的第一登录请求发送的;所述访问响应是针对携带第二用户登录态信息的第二登录请求发送的;所述第一用户与所述第二用户不同;Determining unit: used to determine whether the first access identifier Token carried in the first access response returned by the URL site to be detected is consistent with the second Token carried in the second access response returned by the URL site to be detected; The access response is sent for the first login request carrying the login status information of the first user; the access response is sent for the second login request carrying the login status information of the second user; the first user and the second user different;

检测单元:用于在所述第一Token和所述第二Token不一致时,在设定时间到达时,向所述待检测URL站点发送携带所述第一用户登录态信息的第三访问请求;若所述第三访问请求对应的第三访问响应中的第三Token与所述第一Token一致,则确定所述待检测URL站点存在CSRF漏洞。A detection unit: used to send a third access request carrying the login status information of the first user to the URL site to be detected when the first Token is inconsistent with the second Token and when a set time arrives; If the third Token in the third access response corresponding to the third access request is consistent with the first Token, it is determined that the URL site to be detected has a CSRF vulnerability.

在一种可能的实现方式里,所述检测单元还用于:In a possible implementation manner, the detection unit is also used for:

构造符合所述待检测URL站点的交互方式的第四访问请求;Constructing a fourth access request conforming to the interaction mode of the URL site to be detected;

向所述待检测URL站点发送所述第四访问请求;sending the fourth access request to the URL site to be detected;

若所述第四访问请求对应的第四访问响应与第五访问响应匹配,则确定所述待检测URL站点存在CSRF漏洞;所述第五访问响应是所述待检测URL站点的针对合法访问请求的响应。If the fourth access response corresponding to the fourth access request matches the fifth access response, it is determined that the URL site to be detected has a CSRF vulnerability; the fifth access response is a legal access request of the URL site to be detected the response to.

在一种可能的实现方式里,检测装置还包括:In a possible implementation, the detection device also includes:

获取单元,用于爬取所述待检测URL站点的各数据包;An acquisition unit, configured to crawl each data packet of the URL site to be detected;

所述确定单元:还用于确定所述第一Token和所述第二Token不在黑名单中。The determining unit: further configured to determine that the first Token and the second Token are not in the blacklist.

第三方面、本发明实施例还提供了一种计算设备,包括:In a third aspect, an embodiment of the present invention also provides a computing device, including:

存储器,用于存储程序指令;memory for storing program instructions;

处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行第一方面或第一方面中任一实施例的方法。The processor is configured to call the program instructions stored in the memory, and execute the method of the first aspect or any one of the embodiments of the first aspect according to the obtained program.

第四方面、本发明实施例还提供了一种计算机可读非易失性存储介质,包括计算机可读指令,当计算机读取并执行所述计算机可读指令时,使得计算机执行第一方面或第一方面中任一实施例的方法。In the fourth aspect, the embodiment of the present invention also provides a computer-readable non-volatile storage medium, including computer-readable instructions, and when the computer reads and executes the computer-readable instructions, the computer executes the first aspect or The method of any embodiment of the first aspect.

附图说明Description of drawings

此处所说明的附图用来提供对本发明的进一步理解,构成本发明的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings described here are used to provide a further understanding of the present invention, and constitute a part of the present invention. The schematic embodiments of the present invention and their descriptions are used to explain the present invention, and do not constitute improper limitations to the present invention. In the attached picture:

图1为本发明实施例一种可能的系统架构示意图;FIG. 1 is a schematic diagram of a possible system architecture of an embodiment of the present invention;

图2为本发明实施例一种CSRF漏洞的检测方法实施流程示意图;Fig. 2 is a schematic diagram of the implementation flow of a CSRF vulnerability detection method according to an embodiment of the present invention;

图3为本发明实施例一种CSRF漏洞的检测置示意图。FIG. 3 is a schematic diagram of a CSRF vulnerability detection device according to an embodiment of the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及有益效果更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and beneficial effects of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

图1为本申请提供的一种可能的系统架构示意图,如图1所示,包括:多个访问设备101、访问服务器102。其中访问设备101可以为个人电脑、手机终端等,访问服务器102为用户提供页面访问服务的站点。FIG. 1 is a schematic diagram of a possible system architecture provided by the present application. As shown in FIG. 1 , it includes: multiple access devices 101 and an access server 102 . The access device 101 may be a personal computer, a mobile terminal, etc., and the access server 102 provides users with a site with page access services.

针对每个访问设备101,在对访问服务器102进行访问时,一般需要先进行登录操作。具体为,访问设备101向访问服务器102发送登录请求,登录请求中包含了标识用户身份的信息,通常为用户名及密码。访问服务器102在验证通过登录请求后,会向访问设备101发送访问响应,该访问响应中一般会携带访问服务器102为用户分配的Cookie信息。Cookie信息会存储在访问设备101的浏览器中,用于用户在后续访问该访问服务器102时无需再次填写登录信息。但是,若访问设备101被植入了CSRF漏洞,则浏览器会在用户不知情的情况下,通过使用Cookie信息向访问服务器102发送各种访问请求。For each access device 101 , when accessing the access server 102 , it generally needs to perform a login operation first. Specifically, the access device 101 sends a login request to the access server 102, and the login request includes information identifying the identity of the user, usually a user name and a password. After the access server 102 passes the verification of the login request, it will send an access response to the access device 101, and the access response generally carries the cookie information assigned by the access server 102 to the user. The cookie information will be stored in the browser of the access device 101, so that the user does not need to fill in the login information again when the user visits the access server 102 subsequently. However, if the access device 101 is implanted with a CSRF vulnerability, the browser will send various access requests to the access server 102 by using Cookie information without the user's knowledge.

实施例一:Embodiment one:

为了检测上述CSRF漏洞,如图2所示,本发明实施例提供了一种的跨站请求伪造CSRF漏洞的检测方法,包括以下步骤:In order to detect the aforementioned CSRF vulnerability, as shown in FIG. 2 , an embodiment of the present invention provides a method for detecting a CSRF vulnerability, including the following steps:

S11、确定待检测URL站点返回的第一访问响应中携带的第一访问标识Token;所述第一访问响应针对携带第一用户登录态信息的第一访问请求发送的;S11. Determine the first access identifier Token carried in the first access response returned by the URL site to be detected; the first access response is sent for the first access request carrying the first user login status information;

S12、确定所述待检测URL站点返回的第二访问响应中携带的第二Token;所述第二访问响应是针对携带第二用户登录态信息的第二访问请求发送的;所述第一用户与所述第二用户不同。S12. Determine the second Token carried in the second access response returned by the URL site to be detected; the second access response is sent for the second access request carrying the login state information of the second user; the first user different from the second user.

上述步骤S11和步骤S12之前没有先后关系,只要能获取到两个不同用户针对同一URL站点返回的两个Token即可。There is no prior relationship between the above step S11 and step S12, as long as two tokens returned by two different users for the same URL site can be obtained.

S13、判断第一访问标识Token与第二Token是否一致;S13. Determine whether the first access identifier Token is consistent with the second Token;

S14、若不一致,则在设定时间到达时,向所述待检测URL站点发送携带所述第一用户登录态信息的第三访问请求;S14. If inconsistent, when the set time arrives, send a third access request carrying the login status information of the first user to the URL site to be detected;

步骤S14中的设定时间可以自行设定,以满足Cookie信息的有效使用时长为准。此步骤虽然以第一Token为例进行说明,实际上也可以是第二Token,或者第三Token,只要Token满足两次访问的时间达到了设定时间。The setting time in step S14 can be set by yourself, so as to satisfy the effective use time of the cookie information. Although this step is described with the first Token as an example, it can actually be the second Token or the third Token, as long as the Token satisfies the time of two visits reaching the set time.

具体来说,比如上午10:00一个银行用户查询了帐户余额,假设此时获取的为TokenA,如果设定时间为2分钟,上午10:03再次查询了帐户余额或转帐,假设此时获取的为TokenB,TokenA和TokenB应该不同。Specifically, for example, at 10:00 in the morning, a bank user inquired about the account balance. Assume that TokenA was obtained at this time. For TokenB, TokenA and TokenB should be different.

S15、若所述第三访问请求对应的第三访问响应中的第三Token与所述第一Token一致,则确定所述待检测URL站点存在CSRF漏洞。上述实施方案中,在步骤S13中进行了不同用户信息的Token检测,避免不同用户具有相同Token时导致的CSRF漏洞;在步骤S15中进行了同一用户不同时段的Token检测,从而避免Token有效时长过长导致的CSRF漏洞。S15. If the third Token in the third access response corresponding to the third access request is consistent with the first Token, determine that the URL site to be detected has a CSRF vulnerability. In the above embodiment, Token detection of different user information is carried out in step S13 to avoid the CSRF vulnerability caused when different users have the same Token; in step S15, Token detection of the same user at different time periods is carried out, thereby avoiding that the effective time of Token is too long Long lead to CSRF vulnerability.

在一种可能的实现方式中,以图2为例,在步骤S15之后,还包括若所述待检测URL站点所述第三访问请求对应的第三访问响应中的第三Token与所述第一Token不一致,所述方法还包括:In a possible implementation, taking FIG. 2 as an example, after step S15, if the third Token in the third access response corresponding to the third access request of the URL site to be detected is the same as the first If a Token is inconsistent, the method also includes:

S16、构造符合所述待检测URL站点的交互方式的第四访问请求;S16. Construct a fourth access request conforming to the interaction mode of the URL site to be detected;

S17、向所述待检测URL站点发送所述第四访问请求;S17. Send the fourth access request to the URL site to be detected;

S18、若所述第四访问请求对应的第四访问响应与第五访问响应匹配,则确定所述待检测URL站点存在CSRF漏洞;所述第五访问响应是所述待检测URL站点的针对合法访问请求的响应。S18. If the fourth access response corresponding to the fourth access request matches the fifth access response, it is determined that the URL site to be detected has a CSRF vulnerability; the fifth access response is a legal target of the URL site to be detected The response to the access request.

在上述实现方式中,针对合法访问请求的响应,构造一个与合法访问请求类似或一致的第四访问请求;若第四访问请求对应的第四访问响应与第五访问响应匹配,则确定所述待检测URL站点存在CSRF漏洞。In the above implementation manner, for the response to the legal access request, a fourth access request similar to or consistent with the legal access request is constructed; if the fourth access response corresponding to the fourth access request matches the fifth access response, it is determined that the The URL site to be detected has a CSRF vulnerability.

以合法访问请求为针对发表内容的修改请求为例,根据爬取到的合法访问请求,构造第四访问请求;第四访问请求的内容可以与合法访问请求一样。若接到第四访问响应,则确定第四访问响应和合法访问请求对应的第五访问响应是否匹配,如返回的页面是否一致或相似度是否大于相似阈值;若匹配则确定所述待检测URL站点存在CSRF漏洞。若待检测URL站点拒绝第四访问请求,则认为具有CSRF漏洞的防御能力。需要说明的是:第四访问请求可以是上述步骤S11中的第一访问请求,因而第五访问响应也可以是第一访问响应。Taking the legal access request as a modification request for published content as an example, a fourth access request is constructed according to the crawled legal access request; the content of the fourth access request may be the same as that of the legal access request. If the fourth access response is received, determine whether the fourth access response matches the fifth access response corresponding to the legal access request, such as whether the returned pages are consistent or whether the similarity is greater than a similar threshold; if they match, then determine the URL to be detected The site has a CSRF vulnerability. If the URL site to be detected rejects the fourth access request, it is considered to have the defense capability of the CSRF vulnerability. It should be noted that the fourth access request may be the first access request in step S11 above, and thus the fifth access response may also be the first access response.

在一种可能的实现方式中,以图2为例,在步骤S11之前,还包括:In a possible implementation, taking FIG. 2 as an example, before step S11, further include:

步骤S10、确定所述第一Token和所述第二Token不在黑名单中。在进行不同用户信息的Token检测之前,还进行黑名单判断;若爬取的Token在黑名单中,则确定存在CSRF漏洞;否则才进行不同用户信息的Token检测。此技术方案可以进一步提升CSRF漏洞的检测效率。Step S10, determining that the first Token and the second Token are not in the blacklist. Before the Token detection of different user information, blacklist judgment is also performed; if the crawled Token is in the blacklist, it is determined that there is a CSRF vulnerability; otherwise, the Token detection of different user information is performed. This technical solution can further improve the detection efficiency of CSRF vulnerabilities.

针对步骤S11中的第一访问响应和步骤S12中的第二访问响应,提供如下两种可能的实现方式。For the first access response in step S11 and the second access response in step S12, the following two possible implementations are provided.

方式一:爬取所述待检测URL站点的各数据包;从所述各数据包中获取所述第一访问响应和所述第二访问响应;Mode 1: crawling each data packet of the URL site to be detected; obtaining the first access response and the second access response from each data packet;

方式二:构造所述第一访问请求并发送至所述待检测URL站点;构造所述第二访问请求并发送至所述待检测URL站点。Way 2: constructing the first access request and sending it to the URL site to be detected; constructing the second access request and sending it to the URL site to be detected.

通常,通过网络爬取来获取用户的历史访问信息可以构造更有效更简洁的检测方式。如对步骤S11和步骤S12,只要比对爬取的不同用户的Token信息即可,同时,还可以对网络上诸多用户进行比较,进一步确保了检测手段的准确性。Usually, obtaining the user's historical access information through web crawling can construct a more effective and concise detection method. For example, for step S11 and step S12, it is only necessary to compare the Token information of different users crawled. At the same time, it is also possible to compare many users on the network, which further ensures the accuracy of the detection means.

目前,针对CSRF漏洞的检测方式中,基本是提交Form格式的访问请求;但待检测站点可能会存在JSON、XML格式的请求体,此时会出现无法用Form格式来提供可进行访问的访问请求。基于此,本发明实施例提供了一种基于待检测站点不同格式的访问请求进行CSRF漏洞检测。具体来说,针对步骤S16构造符合所述待检测URL站点的交互方式的第四访问请求,提供如下两种实现方式。At present, in the detection method for CSRF vulnerabilities, the access request in Form format is basically submitted; however, the site to be detected may have a request body in JSON or XML format, and at this time, an access request that cannot be provided in Form format may occur . Based on this, the embodiment of the present invention provides a CSRF vulnerability detection based on access requests in different formats of the site to be detected. Specifically, for step S16 of constructing the fourth access request conforming to the interaction manner of the URL site to be detected, the following two implementation manners are provided.

通常情况下,通过爬取到的页面代码中的Form标签,就能判断是否为Form格式的访问请求。如下代码1为一个合法访问请求,可以看出为具有Form标签的Form格式的访问请求。Usually, you can judge whether it is an access request in Form format by checking the Form tag in the crawled page code. The following code 1 is a legal access request, which can be seen as an access request in Form format with the Form tag.

<form action="action_page.php"><form action="action_page.php">

First name:<br>First name:<br>

<input type="text"name="firstname"value="Mickey"><input type="text" name="firstname" value="Mickey">

<br><br>

Last name:<br>Last name:<br>

<input type="text"name="lastname"value="Mouse"><input type="text" name="lastname" value="Mouse">

<br><br><br><br>

<input type="submit"value="Submit"><input type="submit" value="Submit">

</form></form>

如果为Form格式的访问请求,在本地HTML文件中增加代码,通过替换<input>的name和value来构造第四访问请求,如下代码2为一个示例:If it is an access request in Form format, add code to the local HTML file to construct the fourth access request by replacing the name and value of <input>. The following code 2 is an example:

<body onload="document.forms[0].submit()"><body onload="document.forms[0].submit()">

<form action="http://bank.com/transfer.do"method="POST"><form action="http://bank.com/transfer.do" method="POST">

<input type="hidden"name="acct"value="MARIT"/><input type="hidden" name="acct" value="MARIT"/>

<input type="hidden"name="amount"value="100000"/><input type="hidden" name="amount" value="100000"/>

<input type="submit"name="View my picture"/><input type="submit" name="View my picture"/>

<form><form>

通过比对代码1的合法访问请求对应的第五访问应答与第四访问请求对应的第四访问应答,来确定是否存在CSRF漏洞。Whether there is a CSRF vulnerability is determined by comparing the fifth access response corresponding to the legal access request of code 1 with the fourth access response corresponding to the fourth access request.

通过爬取到的页面代码中的Ajax标签,就能判断是否为Ajax交互方式的访问请求。如果判断该提交是ajax交互方式,则通过替换send的数据来构造Ajax交互方式发送的第四访问请求。Ajax交互方式的例子如下代码3:Through the Ajax tag in the crawled page code, it can be judged whether it is an Ajax interactive access request. If it is judged that the submission is in the Ajax interactive mode, the fourth access request sent in the Ajax interactive mode is constructed by replacing the sent data. An example of Ajax interaction is as follows: code 3:

在实施上述检测方式,如果构造Ajax交互方式发送的请求,浏览器会校验客户端和服务器端是不是在同一个域,如果不在同一个域。则需要设置发送端的withCredentials属性为True,即支持跨域访问时携带cookie信息。换言之,需要将访问设备101的浏览器设置为支持跨域访问时携带cookie信息,从而可以进行上述的检测过程。In the implementation of the above detection method, if the request sent by Ajax interactive mode is constructed, the browser will check whether the client and the server are in the same domain, if not. You need to set the withCredentials attribute of the sender to True, that is, it supports carrying cookie information during cross-domain access. In other words, the browser of the access device 101 needs to be set to carry cookie information when supporting cross-domain access, so that the above detection process can be performed.

跨域请求是指当前发起的请求的域与该请求指向的资源所在的域不同,这里协议、域名、端口号皆相同的就是同域。A cross-domain request means that the domain of the currently initiated request is different from the domain where the resource pointed to by the request is located. Here, the domain with the same protocol, domain name, and port number is the same domain.

如果是构造的Form表单格式提交的请求,访问设备101的浏览器不去校验其所在的域与待检测站点的域是否相同,直接发送出去,因此不需要设置访问设备101的浏览器支持跨域请求。If it is the request submitted in the Form form format of the construction, the browser of the access device 101 does not check whether its domain is the same as the domain of the site to be detected, and directly sends it out, so it is not necessary to set the browser of the access device 101 to support cross- domain request.

但当构造Ajax交互方式的发送请求时,访问设备101的浏览器就会去校验其所在的域与待检测站点所在的域是否相同,如果不同访问设备101的浏览器不会将请求发出去,这时需要设置访问设备101的浏览器支持跨域请求。But when constructing the sending request of Ajax interactive mode, the browser of access device 101 will check whether its domain is the same as the domain of the site to be detected. If the browser of different access device 101 will not send the request , at this time, it is necessary to configure the browser of the access device 101 to support cross-domain requests.

上述技术方案中,针对报文格式不同,构造出不同的访问请求从而使得CSRF漏洞的检测可实现,确保检测准确度。In the above technical solution, according to different message formats, different access requests are constructed so that the detection of CSRF vulnerabilities can be realized and the detection accuracy can be ensured.

基于同一发明构思,本发明实施例中还提供了一种跨站请求伪造CSRF漏洞的检测装置,由于上述装置解决问题的原理与跨站请求伪造CSRF漏洞的检测方法相似,因此上述装置的实施可以参见方法的实施,重复之处不再赘述。Based on the same inventive concept, an embodiment of the present invention also provides a detection device for a CSRF vulnerability. Since the principle of the above-mentioned device to solve the problem is similar to the detection method for a CSRF vulnerability, the implementation of the above-mentioned device can Refer to the implementation of the method, and the repetition will not be repeated.

如图3所示,为本发明实施例二提供的一种CSRF漏洞的检测装置的结构示意图,包括:确定单元32和检测单元33,其中:As shown in FIG. 3 , it is a schematic structural diagram of a CSRF vulnerability detection device provided by Embodiment 2 of the present invention, including: a determination unit 32 and a detection unit 33, wherein:

确定单元:用于确定待检测URL站点返回的第一访问响应中携带的第一访问标识Token与所述待检测URL站点返回的第二访问响应中携带的第二Token是否一致;所述第一访问响应针对携带第一用户登录态信息的第一登录请求发送的;所述第二访问响应是针对携带第二用户登录态信息的第二访问请求发送的;所述第一用户与所述第二用户不同;Determining unit: used to determine whether the first access identifier Token carried in the first access response returned by the URL site to be detected is consistent with the second Token carried in the second access response returned by the URL site to be detected; The access response is sent for the first login request carrying the login state information of the first user; the second access response is sent for the second access request carrying the login state information of the second user; the first user and the second user The two users are different;

检测单元:用于在所述第一Token和所述第二Token不一致时,在设定时间到达时,向所述待检测URL站点发送携带所述第一用户登录态信息的第三访问请求;若所述第三访问请求对应的第三访问响应中的第三Token与所述第一Token一致,则确定所述待检测URL站点存在CSRF漏洞。A detection unit: used to send a third access request carrying the login status information of the first user to the URL site to be detected when the first Token is inconsistent with the second Token and when a set time arrives; If the third Token in the third access response corresponding to the third access request is consistent with the first Token, it is determined that the URL site to be detected has a CSRF vulnerability.

进一步地,所述检测单元还用于:Further, the detection unit is also used for:

构造符合所述待检测URL站点的交互方式的第四访问请求;Constructing a fourth access request conforming to the interaction mode of the URL site to be detected;

向所述待检测URL站点发送所述第四访问请求;sending the fourth access request to the URL site to be detected;

若所述第四访问请求对应的第四访问响应与第五访问响应一致,则确定所述待检测URL站点存在CSRF漏洞;所述第五访问响应是所述待检测URL站点的针对合法访问请求的响应。If the fourth access response corresponding to the fourth access request is consistent with the fifth access response, it is determined that the URL site to be detected has a CSRF vulnerability; the fifth access response is a legal access request of the URL site to be detected the response to.

具体实施时,所述检测装置,还包括:During specific implementation, the detection device also includes:

获取单元31,用于爬取所述待检测URL站点的各数据包;An acquisition unit 31, configured to crawl each data packet of the URL site to be detected;

所述确定单元:还用于确定所述第一Token和所述第二Token不在黑名单中。The determining unit: further configured to determine that the first Token and the second Token are not in the blacklist.

本申请的上述实施例所提供的跨站请求伪造CSRF防御认证装置可通过计算机程序实现。本领域技术人员应该能够理解,上述的模块划分方式仅是众多模块划分方式中的一种,如果划分为其他模块或不划分模块,只要跨站请求伪造CSRF防御认证装置具有上述功能,都应该在本申请的保护范围之内。The cross-site request forgery CSRF defense authentication device provided by the above-mentioned embodiments of the present application can be realized by a computer program. Those skilled in the art should be able to understand that the above-mentioned module division method is only one of many module division methods. If it is divided into other modules or not divided into modules, as long as the cross-site request forgery CSRF defense authentication device has the above functions, it should be in Within the protection scope of this application.

基于同一发明构思,本发明实施例还提供了一种计算机设备,包括:Based on the same inventive concept, an embodiment of the present invention also provides a computer device, including:

存储器,用于存储程序指令;memory for storing program instructions;

处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行上述实施例中CSRF漏洞的检测方法。The processor is configured to call the program instructions stored in the memory, and execute the method for detecting CSRF vulnerabilities in the above-mentioned embodiments according to the obtained program.

基于同一发明构思,本发明实施例还提供了一种计算机可读非易失性存储介质,包括计算机可读指令,当计算机读取并执行所述计算机可读指令时,使得计算机执行上述实施例中的CSRF漏洞的检测方法。本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Based on the same inventive concept, an embodiment of the present invention also provides a computer-readable non-volatile storage medium, including computer-readable instructions, and when the computer reads and executes the computer-readable instructions, the computer executes the above-mentioned embodiments A detection method for CSRF vulnerabilities in . Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (10)

1. a kind of detection method for requesting to forge CSRF loophole across station, which is characterized in that the described method includes:
Determine the first access identities Token for being carried in the first access response that URL website to be detected returns with it is described to be detected Whether the 2nd Token carried in the second access response that URL website returns is consistent;First access response is for carrying the What the first access request that one user logs in state information was sent;Second access response is to log in state for carrying second user What the second access request of information was sent;First user is different from the second user;
If inconsistent, when setting time reaches, sent to the URL website to be detected and carry the first user login state The third access request of information;
If the 3rd Token in the corresponding third access response of the third access request is consistent with the first Token, really There are CSRF loopholes for the fixed URL website to be detected.
2. detection method as described in claim 1, which is characterized in that if the corresponding third access of the third access request is rung The 3rd Token and the first Token in answering is inconsistent, the method also includes:
Construction meets the 4th access request of the interactive mode of the URL website to be detected;
The 4th access request is sent to the URL website to be detected;
If corresponding 4th access response of the 4th access request is matched with the 5th access response, it is determined that described to be detected There are CSRF loopholes for URL website;5th access response is the sound for Lawful access request of the URL website to be detected It answers.
3. detection method as claimed in claim 2, which is characterized in that the interactive mode of the URL website is Ajax;
Before sending the 4th access request to the URL website to be detected, further includes:
The transmitting terminal that the 4th access request is arranged is supported to carry cookie information when cross-domain access.
4. detection method as described in claim 1, which is characterized in that the first access for determining that URL website to be detected returns is rung Answer second carried in the first access identities Token of carrying and the second access response of the URL page return to be detected Before whether Token is consistent, further includes:
Crawl each data packet of the URL website to be detected;First access response and institute are obtained from each data packet State the second access response;Or
It constructs first access request and is sent to the URL website to be detected;It constructs second access request and sends To the URL website to be detected.
5. detection method as described in claim 1, which is characterized in that the first access for determining that URL website to be detected returns is rung Answer second carried in the first access identities Token of carrying and the second access response of the URL page return to be detected Before whether Token is consistent, further includes:
Determine the first Token and the 2nd Token not in blacklist.
6. a kind of detection device for requesting to forge CSRF loophole across station, which is characterized in that described device includes:
Determination unit: the first access identities Token carried in the first access response for determining URL website return to be detected Whether the 2nd Token carried in the second access response returned with the URL website to be detected is consistent;First access is rung It should be sent for the first logging request for carrying the first user login state information;Second access response is for carrying the What the second access request that two users log in state information was sent;First user is different from the second user;
Detection unit: being used in the first Token and the 2nd Token inconsistent, when setting time reaches, to institute It states URL website to be detected and sends the third access request for carrying the first user login state information;If the third access is asked Ask the 3rd Token in corresponding third access response consistent with the first Token, it is determined that the URL website to be detected There are CSRF loopholes.
7. detection device as claimed in claim 6, which is characterized in that the detection unit is also used to:
Construction meets the 4th access request of the interactive mode of the URL website to be detected;
The 4th access request is sent to the URL website to be detected;
If corresponding 4th access response of the 4th access request is matched with the 5th access response, it is determined that described to be detected There are CSRF loopholes for URL website;5th access response is the sound for Lawful access request of the URL website to be detected It answers.
8. detection device as claimed in claim 6, which is characterized in that further include:
Acquiring unit, for crawling each data packet of the URL website to be detected;
The determination unit: it is also used to determine the first Token and the 2nd Token not in blacklist.
9. a kind of calculating equipment characterized by comprising
Memory, for storing program instruction;
Processor requires 1 to 5 according to the program execution benefit of acquisition for calling the program instruction stored in the memory Described in any item methods.
10. a kind of computer-readable non-volatile memory medium, which is characterized in that including computer-readable instruction, work as computer When reading and executing the computer-readable instruction, so that computer executes such as method described in any one of claim 1 to 5.
CN201910549709.XA 2019-06-24 2019-06-24 CSRF vulnerability detection method and device, computing device and storage medium Active CN110113366B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910549709.XA CN110113366B (en) 2019-06-24 2019-06-24 CSRF vulnerability detection method and device, computing device and storage medium
PCT/CN2020/096900 WO2020259389A1 (en) 2019-06-24 2020-06-18 Csrf vulnerability detection method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910549709.XA CN110113366B (en) 2019-06-24 2019-06-24 CSRF vulnerability detection method and device, computing device and storage medium

Publications (2)

Publication Number Publication Date
CN110113366A true CN110113366A (en) 2019-08-09
CN110113366B CN110113366B (en) 2022-12-27

Family

ID=67495661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910549709.XA Active CN110113366B (en) 2019-06-24 2019-06-24 CSRF vulnerability detection method and device, computing device and storage medium

Country Status (2)

Country Link
CN (1) CN110113366B (en)
WO (1) WO2020259389A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111104675A (en) * 2019-11-15 2020-05-05 泰康保险集团股份有限公司 Method and device for detecting system security vulnerability
CN111404937A (en) * 2020-03-16 2020-07-10 腾讯科技(深圳)有限公司 Method and device for detecting server vulnerability
CN111597424A (en) * 2020-07-21 2020-08-28 平安国际智慧城市科技股份有限公司 Crawler identification method and device, computer equipment and storage medium
CN111737695A (en) * 2020-06-24 2020-10-02 深圳前海微众银行股份有限公司 Whitelist optimization method, apparatus, device, and computer-readable storage medium
WO2020259389A1 (en) * 2019-06-24 2020-12-30 深圳前海微众银行股份有限公司 Csrf vulnerability detection method and apparatus
CN112419674A (en) * 2020-10-26 2021-02-26 四川大学 System and method for monitoring debris flow geological disasters
CN112866265A (en) * 2021-01-27 2021-05-28 湖南快乐阳光互动娱乐传媒有限公司 CSRF attack protection method and device
CN114567472A (en) * 2022-02-22 2022-05-31 深信服科技股份有限公司 Data processing method and device, electronic equipment and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499960B (en) * 2021-12-24 2024-03-22 深圳开源互联网安全技术有限公司 CSRF vulnerability identification method, device and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8601586B1 (en) * 2008-03-24 2013-12-03 Google Inc. Method and system for detecting web application vulnerabilities
CN104573486A (en) * 2013-10-16 2015-04-29 深圳市腾讯计算机系统有限公司 Vulnerability detection method and device
CN104660556A (en) * 2013-11-20 2015-05-27 深圳市腾讯计算机系统有限公司 Cross site request forgery vulnerability detection method and device
CN108197467A (en) * 2018-01-11 2018-06-22 郑州云海信息技术有限公司 A kind of automated detection method and system of CSRF loopholes
CN108769070A (en) * 2018-06-30 2018-11-06 平安科技(深圳)有限公司 One kind is gone beyond one's commission leak detection method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8332654B2 (en) * 2008-12-08 2012-12-11 Oracle International Corporation Secure framework for invoking server-side APIs using AJAX
CN108429746B (en) * 2018-03-06 2020-01-03 华中科技大学 Privacy data protection method and system for cloud tenants
CN110113366B (en) * 2019-06-24 2022-12-27 深圳前海微众银行股份有限公司 CSRF vulnerability detection method and device, computing device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8601586B1 (en) * 2008-03-24 2013-12-03 Google Inc. Method and system for detecting web application vulnerabilities
CN104573486A (en) * 2013-10-16 2015-04-29 深圳市腾讯计算机系统有限公司 Vulnerability detection method and device
CN104660556A (en) * 2013-11-20 2015-05-27 深圳市腾讯计算机系统有限公司 Cross site request forgery vulnerability detection method and device
CN108197467A (en) * 2018-01-11 2018-06-22 郑州云海信息技术有限公司 A kind of automated detection method and system of CSRF loopholes
CN108769070A (en) * 2018-06-30 2018-11-06 平安科技(深圳)有限公司 One kind is gone beyond one's commission leak detection method and device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020259389A1 (en) * 2019-06-24 2020-12-30 深圳前海微众银行股份有限公司 Csrf vulnerability detection method and apparatus
CN111104675A (en) * 2019-11-15 2020-05-05 泰康保险集团股份有限公司 Method and device for detecting system security vulnerability
CN111404937A (en) * 2020-03-16 2020-07-10 腾讯科技(深圳)有限公司 Method and device for detecting server vulnerability
CN111737695A (en) * 2020-06-24 2020-10-02 深圳前海微众银行股份有限公司 Whitelist optimization method, apparatus, device, and computer-readable storage medium
CN111597424A (en) * 2020-07-21 2020-08-28 平安国际智慧城市科技股份有限公司 Crawler identification method and device, computer equipment and storage medium
CN112419674A (en) * 2020-10-26 2021-02-26 四川大学 System and method for monitoring debris flow geological disasters
CN112866265A (en) * 2021-01-27 2021-05-28 湖南快乐阳光互动娱乐传媒有限公司 CSRF attack protection method and device
CN112866265B (en) * 2021-01-27 2023-03-24 湖南快乐阳光互动娱乐传媒有限公司 CSRF attack protection method and device
CN114567472A (en) * 2022-02-22 2022-05-31 深信服科技股份有限公司 Data processing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN110113366B (en) 2022-12-27
WO2020259389A1 (en) 2020-12-30

Similar Documents

Publication Publication Date Title
CN110113366B (en) CSRF vulnerability detection method and device, computing device and storage medium
US9578004B2 (en) Authentication of API-based endpoints
CN107135073B (en) Interface calling method and device
US12106300B2 (en) Secure in-line payments
EP3044987B1 (en) Method and system for verifying an account operation
JP5719871B2 (en) Method and apparatus for preventing phishing attacks
TWI633775B (en) Terminal identification method, machine identification code registration method, corresponding system and equipment
CN102571846B (en) Method and device for forwarding hyper text transport protocol (HTTP) request
CN106779716B (en) Authentication method, device and system based on block chain account address
CN103139138B (en) A kind of application layer denial of service means of defence based on client detection and system
USRE47533E1 (en) Method and system of securing accounts
US10015191B2 (en) Detection of man in the browser style malware using namespace inspection
CN104113549A (en) Platform authorization method, platform server side, application client side and system
US9906552B1 (en) Managing system load
US10630574B2 (en) Link processing method, apparatus, and system
TWI646479B (en) Business authentication method, system and server
US11770385B2 (en) Systems and methods for malicious client detection through property analysis
CN114616795B (en) Security mechanism for preventing retry or replay attacks
CN108900561A (en) The method, apparatus and system of single-sign-on
US10834074B2 (en) Phishing attack prevention for OAuth applications
JP2018533803A (en) IP address acquisition method and apparatus
CN114422139A (en) API gateway request security verification method and device, electronic equipment and computer readable medium
WO2018112878A1 (en) Token mechanism-based system and method for detecting and defending against cc attack
US20150128247A1 (en) Centralized device reputation center
CN111371811A (en) Resource calling method, resource calling device, client and service server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant