CN111191244A - Vulnerability repairing method - Google Patents
Vulnerability repairing method Download PDFInfo
- Publication number
- CN111191244A CN111191244A CN201911265989.8A CN201911265989A CN111191244A CN 111191244 A CN111191244 A CN 111191244A CN 201911265989 A CN201911265989 A CN 201911265989A CN 111191244 A CN111191244 A CN 111191244A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- bug
- payload
- filtering
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000001914 filtration Methods 0.000 claims abstract description 31
- 238000005516 engineering process Methods 0.000 claims abstract description 12
- 238000001514 detection method Methods 0.000 claims abstract description 5
- 238000012795 verification Methods 0.000 claims description 14
- 230000000644 propagated effect Effects 0.000 claims description 6
- 230000001902 propagating effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a vulnerability repairing method, which comprises the following steps: s1, finding the vulnerability according to a taint tracking technology, and obtaining a propagation path and a checking and filtering method of the vulnerability; s2, marking the parameter checksum filtering method of the bug in the step S1, replaying the parameter checksum filtering method by using corresponding payload, if the replay fails, judging that the bug in the step S1 does not exist, and if the replay succeeds, performing the step S3; and S3, adding a payload detection interception function at the trigger point of the vulnerability, and intercepting the vulnerability in the step S1. The technical scheme can accurately judge whether the leak exists effectively, reduces the working pressure of leak repair, and reduces meaningless leak repair.
Description
Technical Field
The invention relates to the technical field of security protection of web servers, in particular to a vulnerability repairing method.
Background
Nowadays, computers have entered into thousands of households, become an indispensable part of people's lives, and meanwhile, the security of software systems also becomes a technology problem of great concern. Software bugs refer to security flaws in an operating system or software, which enable an attacker to access or destroy the system without authorization, so that the whole security system is easily broken and the control right of the whole system is completely lost.
In order to solve the above problems, the conventional solutions generally adopt the rasp technology, which has the following disadvantages: the ras technology intercepts all vulnerabilities, comprises a plurality of vulnerability execution methods with external uncontrollable input, and the interception is meaningless, increases performance consumption and influences certain internal normal calls.
Disclosure of Invention
The invention aims to solve the defects of the prior art and provides a vulnerability repairing method.
The technical scheme adopted by the invention for solving the technical problems is as follows: a vulnerability fixing method comprises the following steps:
s1, finding the vulnerability according to a taint tracking technology, and obtaining a propagation path and a checking and filtering method of the vulnerability;
s2, marking the parameter checksum filtering method of the bug in the step S1, replaying the parameter checksum filtering method by using corresponding payload, if the replay fails, judging that the bug in the step S1 does not exist, and if the replay succeeds, performing the step S3;
and S3, adding a payload detection interception function at the trigger point of the vulnerability, and intercepting the vulnerability in the step S1.
In the technical scheme, the corresponding payload is used for replaying the attack parameters of the vulnerability, so that the validity of the vulnerability can be further judged, if the payload is replayed successfully, the vulnerability effectively exists and is subjected to vulnerability repair, and if the payload is replayed unsuccessfully, the vulnerability is considered invalid and does not exist, so that the effective existence of the vulnerability is further judged, the working pressure of vulnerability repair is relieved, and meaningless vulnerability repair is reduced. The parameter checking and filtering method of the vulnerability is an important attack parameter of the vulnerability, and whether the vulnerability exists effectively can be accurately judged by using the parameter checking and filtering method of the payload replay vulnerability. Further, step S1 further includes finding a bug according to the taint tracking technique and obtaining an http message of the bug, and step S2 further includes replaying the http request with a corresponding payload according to the http message of the bug, further confirming that the bug exists if the replay is successful, and indicating that the bug does not exist if the replay is failed, thereby further determining the effective existence of the bug.
Preferably, in step S2, the parameter verification pinning point and the filtering characteristic of the vulnerability are analyzed according to the data propagation path of the vulnerability in step S1, and the parameter verification characteristic and the filtering method are obtained, so as to mark the parameter verification and filtering method of the vulnerability in step S1.
Preferably, in step S2, according to the parameter verification feature and the filtering method of the vulnerability, a payload corresponding to the vulnerability is searched in the payload library. In the above technical solution, each payload exists in the payload library, and the corresponding payload can be found out in the library according to the parameter inspection feature and the filtering method of the vulnerability.
Preferably, in step S1, the taint tracking technique comprises the steps of:
s11, utilizing a JavaAgent pile inserting technology to insert piles for key methods of key classes, and dividing pile inserting points into pollution sources, propagators and vulnerability trigger points;
s12, adding the parameters of the pollution source point into a stain pool in the section of the pile inserting section, enabling a propagator to find whether the object propagated by the propagator is in the stain pool, if so, adding the propagated object into the stain pool and performing the step S13, and if not, stopping the step;
and S13, if the last bug trigger point finds that the object operated by the trigger point is also in the stain pool, triggering the bug.
In the technical scheme, the vulnerability can be preliminarily found out by using a stain tracking technology, then a parameter verification and filtering method of the vulnerability is marked, and then a corresponding parameter verification and filtering method of the vulnerability is replayed by using a payload, so that whether the vulnerability effectively exists can be accurately judged, and a payload detection interception function is added to a trigger point of the vulnerability to intercept the vulnerability.
Preferably, the pollution source comprises a stake point of the client input data. In the above technical solution, the client input data is used as external input and is a main source of the vulnerability attack system.
Preferably, the propagator includes a peg point having a function of propagating data to another object.
Preferably, the vulnerability trigger point includes a peg point with which to perform a security vulnerability attack.
Preferably, the stain pool includes a collection of stain data. In the above technical solution, the stain pool is a self-defined global data set, and any data added to the set is specified as the dirty data.
The invention has the beneficial effects that:
the vulnerability repairing method can further judge the effectiveness of the vulnerability by using the corresponding payload to replay the attack parameters of the vulnerability, if the payload is successfully replayed, the vulnerability effectively exists and the vulnerability is intercepted, namely, the vulnerability repairing is carried out, and if the payload is unsuccessfully replayed, the vulnerability is considered invalid and does not exist, so that the effective existence of the vulnerability is further judged, the working pressure of the vulnerability repairing is relieved, and the meaningless vulnerability repairing is reduced.
Drawings
FIG. 1 is a schematic block diagram of a first flowchart of a vulnerability fixing method according to an embodiment of the present invention;
fig. 2 is a schematic block diagram of a second flowchart of the vulnerability fixing method according to the second embodiment of the present invention.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and embodiments.
The first embodiment is as follows:
as shown in fig. 1, a vulnerability repairing method of this embodiment includes the following steps:
s1, finding the vulnerability according to a taint tracking technology, and obtaining a propagation path and a checking and filtering method of the vulnerability;
s2, marking the parameter checksum filtering method of the bug in the step S1, replaying the parameter checksum filtering method by using corresponding payload, if the replay fails, judging that the bug in the step S1 does not exist, and if the replay succeeds, performing the step S3;
and S3, adding a payload detection interception function at the trigger point of the vulnerability, and repairing the vulnerability in the step S1.
In this embodiment, in step S2, according to the data propagation path of the vulnerability in step S1, the parameter verification stub point and the filtering characteristic of the vulnerability are analyzed, and the parameter verification characteristic and the filtering method are obtained, so as to mark the parameter verification and filtering method of the vulnerability in step S1.
In this embodiment, in step S2, according to the parameter verification feature and the filtering method of the vulnerability, a payload corresponding to the vulnerability is searched in the payload library.
In this embodiment, in step S1, the taint tracking technique includes the following steps:
s11, utilizing a JavaAgent pile inserting technology to insert piles for key methods of key classes, and dividing pile inserting points into pollution sources, propagators and vulnerability trigger points;
s12, adding the parameters of the pollution source point into a stain pool in the section of the pile inserting section, enabling a propagator to find whether the object propagated by the propagator is in the stain pool, if so, adding the propagated object into the stain pool and performing the step S13, and if not, stopping the step;
and S13, if the last bug trigger point finds that the object operated by the trigger point is also in the stain pool, triggering the bug.
In this embodiment, the pollution source includes a peg site at which the client inputs data.
In this embodiment, the propagator includes a peg point having a function of propagating data to another object.
In this embodiment, the vulnerability trigger point includes a stub point for executing a security vulnerability attack.
In this embodiment, the stain pool includes a collection of stain data.
Example two:
as shown in fig. 2, a difference between the bug fixing method of this embodiment and the first embodiment is that: the step S1 further comprises the steps of finding a bug according to the taint tracking technology and obtaining an http message of the bug, and the step S2 further comprises the step of replaying the http request by using corresponding payload according to the http message of the bug. Marking the parameter checking and filtering method of the loophole in the step S1, and using the corresponding payload to replay the parameter checking and filtering method, if the replay fails, judging that the loophole in the step S1 does not exist, if the replay succeeds, using the corresponding payload to replay the http request according to the http message of the loophole, if the replay succeeds, further confirming that the loophole exists, and performing the step S3, if the replay fails, indicating that the loophole does not exist, and further judging the effective existence of the loophole.
In the description of the present invention, it should be noted that, as the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. appear, their indicated orientations or positional relationships are based on those shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" as appearing herein are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly stated or limited, the terms "mounted," "connected," and "connected" should be interpreted broadly, e.g., as being fixed or detachable or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Simple substitutions without changing the inventive content of the present invention are considered to be the same. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A vulnerability fixing method is characterized by comprising the following steps:
s1, finding the vulnerability according to a taint tracking technology, and obtaining a propagation path and a checking and filtering method of the vulnerability;
s2, marking the parameter checksum filtering method of the bug in the step S1, replaying the parameter checksum filtering method by using corresponding payload, if the replay fails, judging that the bug in the step S1 does not exist, and if the replay succeeds, performing the step S3;
and S3, adding a payload detection interception function at the trigger point of the vulnerability, and intercepting the vulnerability in the S1.
2. The method for bug repair according to claim 1, wherein in step S2, the parameter verification peg points and the filtering features of the bug are analyzed according to the data propagation path of the bug in S1, and the parameter verification features and the filtering methods are obtained, so as to mark the parameter verification and filtering methods of the bug in step S1.
3. The method according to claim 1 or 2, wherein in step S2, according to the parameter verification feature and the filtering method of the vulnerability, the payload corresponding to the vulnerability is searched in a payload library.
4. The bug fixing method according to claim 3, wherein the taint tracking technique in step S1 comprises the following steps:
s11, utilizing a JavaAgent pile inserting technology to insert piles for key methods of key classes, and dividing pile inserting points into pollution sources, propagators and vulnerability trigger points;
s12, adding the parameters of the pollution source point into a stain pool in the section of the pile inserting section, enabling a propagator to find whether the object propagated by the propagator is in the stain pool, if so, adding the propagated object into the stain pool and performing the step S13, and if not, stopping the step;
and S13, if the last bug trigger point finds that the object operated by the trigger point is also in the stain pool, triggering the bug.
5. The vulnerability fix method of claim 4, wherein the pollution source comprises a peg point of client input data.
6. The bug fix method of claim 5, wherein the propagator comprises a stub having a function of propagating data to another object.
7. The vulnerability fix method of claim 1, 2, 4, 5 or 6, wherein the vulnerability trigger points include peg-points with execution security vulnerability attacks.
8. The bug fix method of claim 2, 4, 5 or 6, wherein the pool of stains comprises a collection of contaminated data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911265989.8A CN111191244A (en) | 2019-12-11 | 2019-12-11 | Vulnerability repairing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911265989.8A CN111191244A (en) | 2019-12-11 | 2019-12-11 | Vulnerability repairing method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111191244A true CN111191244A (en) | 2020-05-22 |
Family
ID=70707780
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911265989.8A Pending CN111191244A (en) | 2019-12-11 | 2019-12-11 | Vulnerability repairing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111191244A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116451228A (en) * | 2023-04-23 | 2023-07-18 | 北京安普诺信息技术有限公司 | Dynamic taint tracking method, device and related online taint propagation analysis system |
CN116467712A (en) * | 2023-04-23 | 2023-07-21 | 北京安普诺信息技术有限公司 | Dynamic taint tracking method, device and related taint propagation analysis system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103699480A (en) * | 2013-11-29 | 2014-04-02 | 杭州安恒信息技术有限公司 | WEB dynamic security flaw detection method based on JAVA |
CN104765687A (en) * | 2015-04-10 | 2015-07-08 | 江西师范大学 | J2EE (Java 2 Enterprise Edition) program bug detection method based on object tracking and taint analysis |
CN105631340A (en) * | 2015-12-17 | 2016-06-01 | 珠海市君天电子科技有限公司 | XSS vulnerability detection method and device |
CN109194670A (en) * | 2018-09-19 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of any file download leak detection method in website |
CN109462583A (en) * | 2018-10-31 | 2019-03-12 | 南京邮电大学 | A kind of reflection-type leak detection method combined based on static and dynamic |
CN109857669A (en) * | 2019-02-13 | 2019-06-07 | 杭州孝道科技有限公司 | A kind of JavaWEB vulnerability of application program detection method based on JavaAgent |
-
2019
- 2019-12-11 CN CN201911265989.8A patent/CN111191244A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103699480A (en) * | 2013-11-29 | 2014-04-02 | 杭州安恒信息技术有限公司 | WEB dynamic security flaw detection method based on JAVA |
CN104765687A (en) * | 2015-04-10 | 2015-07-08 | 江西师范大学 | J2EE (Java 2 Enterprise Edition) program bug detection method based on object tracking and taint analysis |
CN105631340A (en) * | 2015-12-17 | 2016-06-01 | 珠海市君天电子科技有限公司 | XSS vulnerability detection method and device |
CN109194670A (en) * | 2018-09-19 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of any file download leak detection method in website |
CN109462583A (en) * | 2018-10-31 | 2019-03-12 | 南京邮电大学 | A kind of reflection-type leak detection method combined based on static and dynamic |
CN109857669A (en) * | 2019-02-13 | 2019-06-07 | 杭州孝道科技有限公司 | A kind of JavaWEB vulnerability of application program detection method based on JavaAgent |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116451228A (en) * | 2023-04-23 | 2023-07-18 | 北京安普诺信息技术有限公司 | Dynamic taint tracking method, device and related online taint propagation analysis system |
CN116467712A (en) * | 2023-04-23 | 2023-07-21 | 北京安普诺信息技术有限公司 | Dynamic taint tracking method, device and related taint propagation analysis system |
CN116451228B (en) * | 2023-04-23 | 2023-10-17 | 北京安普诺信息技术有限公司 | Dynamic taint tracking method, device and related online taint propagation analysis system |
CN116467712B (en) * | 2023-04-23 | 2023-12-01 | 北京安普诺信息技术有限公司 | Dynamic taint tracking method, device and related taint propagation analysis system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8745740B2 (en) | Apparatus and method for detecting malicious sites | |
CN104077531B (en) | System vulnerability appraisal procedure, device and system based on open vulnerability assessment language | |
JP4405248B2 (en) | Communication relay device, communication relay method, and program | |
WO2018052979A1 (en) | Systems and methods for agent-based detection of hacking attempts | |
CN104468632A (en) | Loophole attack prevention method, device and system | |
CN107483510B (en) | Method and device for improving attack detection accuracy of Web application layer | |
CN107330328B (en) | Method and device for defending against virus attack and server | |
KR101663013B1 (en) | Apparatus and method for detecting code injection attack | |
CN102664876A (en) | Method and system for detecting network security | |
CN113158197B (en) | SQL injection vulnerability detection method and system based on active IAST | |
CN111191244A (en) | Vulnerability repairing method | |
Schagen et al. | Towards automated vulnerability scanning of network servers | |
KR20060092832A (en) | Containment of worms | |
CN113761519A (en) | Detection method and device for Web application program and storage medium | |
CN113468075A (en) | Security testing method and system for server-side software | |
CN113746781A (en) | Network security detection method, device, equipment and readable storage medium | |
Chaboya et al. | Network intrusion detection: automated and manual methods prone to attack and evasion | |
CN113872965A (en) | SQL injection detection method based on Snort engine | |
CN105791250B (en) | Application program detection method and device | |
CN111611590A (en) | Method and device for data security related to application program | |
US8549631B2 (en) | Internet site security system and method thereto | |
KR101725670B1 (en) | System and method for malware detection and prevention by checking a web server | |
KR101725399B1 (en) | Apparatus and method for detection and execution prevention for malicious script based on host level | |
KR101572239B1 (en) | Apparatus and system for detection and execution prevention for malicious script in user browser level | |
US11108800B1 (en) | Penetration test monitoring server and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200522 |
|
RJ01 | Rejection of invention patent application after publication |