CN111901310A - Website security testing method and device, electronic equipment and storage medium - Google Patents
Website security testing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111901310A CN111901310A CN202010641747.0A CN202010641747A CN111901310A CN 111901310 A CN111901310 A CN 111901310A CN 202010641747 A CN202010641747 A CN 202010641747A CN 111901310 A CN111901310 A CN 111901310A
- Authority
- CN
- China
- Prior art keywords
- information
- parameter
- target
- website
- information pair
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 104
- 238000000034 method Methods 0.000 claims abstract description 38
- 230000004044 response Effects 0.000 claims abstract description 7
- 238000006243 chemical reaction Methods 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 13
- 238000011076 safety test Methods 0.000 claims description 12
- 238000001514 detection method Methods 0.000 abstract description 13
- 230000014509 gene expression Effects 0.000 description 63
- 239000000344 soap Substances 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000000750 progressive effect Effects 0.000 description 2
- 238000010998 test method Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The disclosure provides a website security testing method and device, electronic equipment and a storage medium, relates to the technical field of computers, and is used for optimizing a website security detection process. The method comprises the following steps: analyzing the website request information to obtain a corresponding basic information pair, wherein the basic information pair is an information pair comprising parameter information of a basic data type; under the condition that no target information pair exists in the website request information, converting the basic information pair obtained by analysis to obtain a request test message corresponding to the website request information, wherein the target information pair is an information pair comprising parameter information of a non-basic data type; and sending a request test message to a website corresponding to the website request message, and verifying the security of the website according to response information of the website to the request test message. The method can analyze the basic information pairs in the website request message, further generate the request test message for carrying out safety detection on each basic information pair, and improve the accuracy of website safety detection.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for testing website security, an electronic device, and a storage medium.
Background
In the related art, the security of a website is often tested by a web vulnerability scanner, which mainly analyzes an information pair (such as a key value pair including a parameter identifier and parameter information) from a request message of a target website, and then determines whether a security vulnerability exists in the target website through the analyzed information pair. The information pair in the request message can be a single-format or multi-format mixed information pair, but only a certain data format of the request message is analyzed in the website security detection process at present, the security of the target website is verified based on the information pair obtained by analysis, and the accuracy of website security test is low, so how to improve the accuracy of website security test is a considerable problem.
Disclosure of Invention
The embodiment of the disclosure provides a website security test method and device, electronic equipment and a storage medium, which are used for improving the accuracy of website security test.
In a first aspect of the present disclosure, a website security testing method is provided, including:
analyzing website request information to obtain a basic information pair corresponding to the website request information, wherein the basic information pair is an information pair comprising parameter information of a basic data type;
under the condition that no target information pair exists in the website request information, converting the analyzed basic information pair to obtain a request test message corresponding to the website request information, wherein the target information pair is an information pair comprising parameter information of a non-basic data type;
and sending the request test message to a website corresponding to the website request message, and verifying the security of the website according to the response information of the website to the request test message.
In a possible implementation manner, the step of performing parsing operation on the website request information includes:
identifying the parameter format of the parameter information of the target information pair in the website request information;
and analyzing the parameter information in the target information pair based on the analysis rule corresponding to the identified parameter format.
In a possible implementation manner, the step of identifying a parameter format of parameter information of an information pair in the website request information includes:
according to the priority of the preset parameter format, sequentially matching the preset parameter format with the format of the parameter information in the target information pair; and
and determining the preset parameter format successfully matched with the format of the parameter information in the target information pair as the parameter format of the parameter information in the target information pair.
In a possible implementation manner, the parsing rule corresponding to the identified parameter format includes at least two, and the step of performing parsing operation on the parameter information in the target information pair includes:
and determining a target analysis rule from the at least two analysis rules, and analyzing the parameter information in the target information pair according to the target analysis rule.
In a possible implementation manner, after the step of performing an analysis operation on the parameter information in the target information pair according to the target analysis rule, the method further includes:
and if the target information pair still exists in the information pair obtained by analysis, re-determining the target analysis rule from the unselected analysis rules in the at least two analysis rules, and analyzing the parameter information in the target information pair according to the re-determined target analysis rule until no target information pair exists in the information pair obtained by analysis.
In a possible implementation manner, the step of determining a target parsing rule from the at least two parsing rules includes:
determining the analysis rule of the Nth priority as a target analysis rule from the at least two analysis rules, and if the analysis rule of the Nth priority fails to be analyzed, determining the analysis rule of the (N-1) th priority as the target analysis rule, wherein N is a natural number greater than or equal to 1, and the Nth priority is higher than the (N-1) th priority; or
And randomly selecting one analysis rule from the at least two analysis rules to be determined as a target analysis rule.
In a possible implementation manner, the identified parameter format includes a json format, and the step of performing an analysis operation on the parameter information in the target information pair according to a target analysis rule includes:
extracting the parameter identification in the information pair corresponding to the target analysis rule by using the first analysis format in the target analysis rule, and
and extracting the parameter information in the information pair corresponding to the target analysis rule by using a second analysis format in the target analysis rule.
In a possible implementation manner, the step of performing conversion processing on the analyzed basic information pair to obtain a request test message corresponding to the website request message includes:
determining a basic information pair corresponding to a safety test target in the basic information pair obtained by analysis;
and converting the basic information pair corresponding to the safety test target to obtain a request test message corresponding to the website request message.
In a possible implementation manner, the step of performing conversion processing on the analyzed basic information pair to obtain a request test message corresponding to the website request message includes:
replacing the parameter information in the basic information pair obtained by analysis with first test information to obtain a request test message corresponding to the website request message; and/or
And adding second test information in the basic information pair obtained by analysis to obtain a request test message corresponding to the website request message.
In a second aspect of the present disclosure, a website security testing apparatus is provided, including:
the information analysis unit is configured to perform analysis operation on website request information to obtain a basic information pair corresponding to the website request information, wherein the basic information pair is an information pair comprising parameter information of a basic data type;
the information conversion unit is configured to perform conversion processing on the analyzed basic information pair under the condition that no target information pair exists in the website request information to obtain a request test message corresponding to the website request information, wherein the target information pair is an information pair comprising parameter information of a non-basic data type;
and the safety test unit is configured to execute sending the request test message to a website corresponding to the website request message, and verify the safety of the website according to the response information of the website to the request test message.
In one possible implementation, the information parsing unit is specifically configured to perform:
identifying the parameter format of the parameter information of the target information pair in the website request information;
and analyzing the parameter information in the target information pair based on the analysis rule corresponding to the identified parameter format.
In one possible implementation, the information parsing unit is specifically configured to perform:
according to the priority of the preset parameter format, sequentially matching the preset parameter format with the format of the parameter information in the target information pair; and
and determining the preset parameter format successfully matched with the format of the parameter information in the target information pair as the parameter format of the parameter information in the target information pair.
In one possible implementation, the information parsing unit is specifically configured to perform:
and determining a target analysis rule from the at least two analysis rules, and analyzing the parameter information in the target information pair according to the target analysis rule.
In one possible implementation, the information parsing unit is further configured to perform:
after analyzing the parameter information in the target information pair according to the target analysis rule, if the target information pair still exists in the information pair obtained by analyzing, re-determining the target analysis rule from the unselected analysis rules in the at least two analysis rules, and analyzing the parameter information in the target information pair according to the re-determined target analysis rule until no target information pair exists in the information pair obtained by analyzing.
In one possible implementation, the information parsing unit is specifically configured to perform:
determining the analysis rule of the Nth priority as a target analysis rule from the at least two analysis rules, and if the analysis rule of the Nth priority fails to be analyzed, determining the analysis rule of the (N-1) th priority as the target analysis rule, wherein N is a natural number greater than or equal to 1, and the Nth priority is higher than the (N-1) th priority; or
And randomly selecting one analysis rule from the at least two analysis rules to be determined as a target analysis rule.
In one possible implementation, the identified parameter format includes a json format, and the information parsing unit is specifically configured to perform:
extracting the parameter identification in the information pair corresponding to the target analysis rule by using the first analysis format in the target analysis rule, and
and extracting the parameter information in the information pair corresponding to the target analysis rule by using a second analysis format in the target analysis rule.
In one possible implementation, the information conversion unit is specifically configured to perform:
determining a basic information pair corresponding to a safety test target in the basic information pair obtained by analysis;
and converting the basic information pair corresponding to the safety test target to obtain a request test message corresponding to the website request message.
In one possible implementation, the information conversion unit is specifically configured to perform:
replacing the parameter information in the basic information pair obtained by analysis with first test information to obtain a request test message corresponding to the website request message; and/or
And adding second test information in the basic information pair obtained by analysis to obtain a request test message corresponding to the website request message.
In a third aspect of the present disclosure, a computer device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the program, the method of any one of the first aspect and one possible implementation manner is implemented.
In a fourth aspect of the present disclosure, a computer-readable storage medium is provided, which stores computer instructions that, when executed on a computer, cause the computer to perform the method according to any one of the first aspect and one of the possible embodiments.
The scheme of the present disclosure brings at least the following beneficial effects:
in the embodiment of the disclosure, the website request message is analyzed step by step until no target information pair exists in the analyzed information pair, all basic information pairs in the website request message can be analyzed, and then when the request test message is generated according to the analyzed basic information pair, a request test message for performing security detection on each basic information pair can be generated, and a request test message for performing security detection on a specified basic information pair can also be generated, so that when the security of the website is detected through the request test message, the accuracy of website security detection is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.
Fig. 1 is a process diagram of a website security testing method according to an exemplary embodiment of the present disclosure;
fig. 2 is a schematic flowchart illustrating a first-level parsing operation performed on a website request message according to an exemplary embodiment of the present disclosure;
fig. 3 is a schematic flowchart illustrating an i-th parsing operation performed on a website request message according to an exemplary embodiment of the present disclosure;
fig. 4 is a schematic flowchart of another i-th parsing operation performed on a website request message according to an exemplary embodiment of the present disclosure;
fig. 5 is a schematic flowchart illustrating another first-level parsing operation performed on a website request message according to an exemplary embodiment of the present disclosure;
fig. 6 is a schematic diagram illustrating a principle of performing a progressive parsing operation on a website request message according to an exemplary embodiment of the present disclosure;
fig. 7 is a schematic process diagram of performing a progressive parsing operation on a website request message according to an exemplary embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a website security testing apparatus according to an exemplary embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present disclosure.
Detailed Description
In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein.
In order to facilitate better understanding of the technical solutions of the present disclosure by those skilled in the art, the following technical terms related to the present disclosure are explained.
And (3) information pair: the information pair in the embodiment of the present disclosure refers to a data pair obtained by analyzing a website request message and a data pair obtained by analyzing a target information pair, where the information pair includes a parameter identifier and parameter information, for example, the information pair may be a parameter key value pair (key _ key, key _ value) including a parameter name and a parameter value, where the parameter name is the parameter identifier in the information pair, and the parameter value is the parameter information in the information pair.
The target information pair: the data type of the parameter information is not an information pair of the basic data type, wherein the basic data type includes one or more data types of a character string type, a numerical value type, and a boolean type.
The basic information pair: the data type of the parameter information is an information pair of the basic data type, that is, the basic information pair is an information pair other than the target information pair.
The following explains the design concept of the present disclosure.
With the continuous development of internet technology, the security construction of websites is more and more emphasized, wherein the security of websites is often tested by a web vulnerability scanner. The web vulnerability scanner is used as a network security assessment tool, and the working principle of the web vulnerability scanner is that information pairs (such as parameter key value pairs containing parameter names and parameter values) are analyzed from request messages of a target website, and whether security vulnerabilities exist in the target website is judged through the information pairs obtained through analysis. Therefore, the accuracy of the network security detection result depends greatly on whether the load can reach the back end of a large target website and trigger the attack behavior on the target website, and all the premises are that the information pair in the request message can be correctly extracted and analyzed, and the load conforming to the format of the request message of the target website is generated.
The data format of the parameter information in the information pair in the request message can be a post form format, a json format, a soap format, an xml format and the like, the parameter information in some request messages is a mixture of multiple formats at present, the request message can be analyzed only aiming at one data format in the website security detection process at present, after the request message is received, a corresponding analysis module is called to try to analyze the request message aiming at the data format one by one, namely after the request message is received, the request message can be analyzed according to the analysis rule corresponding to the json format, if the analysis is successful, the analysis process is stopped, otherwise, the request message can be analyzed according to the post form format, and if the analysis is successful, the analysis process is stopped; further, a load which is in accordance with the format of the request message of the target website is generated based on the information pair obtained through analysis, and another information pair may exist according to the parameter information in the information pair obtained through analysis, and only the load is generated based on the information pair obtained through analysis in the related technology, so that the accuracy of website safety test is obviously reduced; if the character string in a certain request message is id 3& person { "age": 26, "sex": when the analysis is performed, if the analysis is performed according to the json format, the analysis fails, and when the analysis is performed according to the post form format, the parameter information { "age" of person is: 26, "sex": the 'male' is processed as a character string, so that the parameter information of the two parameters, namely the age and the sex, cannot be analyzed, and further the load for performing the safety test on the positions of the two parameters, namely the age and the sex, cannot be generated; if the character string in a certain request message is { "age": 25, "api": "query", "info": "0", "name": "ab" }, { "ID": "1", "name": "cd" } ", after analyzing the extracted parameters, the extracted parameters are age, api and info, and the parameter information of the info parameter is [ {" id ": "0", "name": "ab" }, { "ID": "1", "name": "cd" } ], the parameter information of the info parameter is not a simple character string, but contains the number of characters with two attributes of id and name, if only the info parameter is extracted, the parameter information of the info is transformed as a whole when the load is generated, the generated load may not contain the id and name attributes, and the generated load cannot be used for verifying the security of the website for the id and name attributes.
In view of this, the present disclosure designs a website security test method, apparatus, electronic device and storage medium, which are used to improve the accuracy of website security test, and since the accuracy of website security test has a strong correlation with the parsing process of request message, in the embodiment of the present disclosure, when parsing the website request message, determining whether there is a target information pair in the parsed website request message after parsing the information pair, if there is a target information pair in the parsed information pair, continuing parsing the website request message until there is no target information pair in the parsed information pair, and further generating a request test message corresponding to the website request message according to each parsed basic information pair, performing security detection on the website through the request test message, where the basic information pair is an information pair including parameter information of a basic data type, the target information pair is an information pair including parameter information of a non-basic data type, and the basic data type may include one or more data types of a string type, a numeric type, and a boolean type.
Further, in the process of performing the analysis operation, if the parameter information in the target information pair obtained by the analysis is in a json format, the parameter identifier of the other information pair in the parameter information in the json format may be extracted by using a first analysis format in the analysis rule corresponding to the json format, and the parameter information of the other information pair in the parameter information in the json format may be extracted by using a second analysis format in the analysis rule corresponding to the json format.
The embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, an embodiment of the present disclosure provides a website security testing method, which specifically includes the following steps:
step S101, analyzing website request information to obtain a basic information pair corresponding to the website request information, wherein the basic information pair is an information pair including parameter information of a basic data type.
Specifically, the parameter format of the parameter information of the information pair in the website request information may be identified; and analyzing the parameter information in the target information pair based on the analysis rule corresponding to the identified parameter format.
Step S102, in a case that no target information pair exists in the website request information, performing conversion processing on the analyzed basic information pair to obtain a request test message corresponding to the website request information, where the target information pair is an information pair including parameter information of a non-basic data type.
Specifically, the basic information corresponding to the security test target in the analyzed basic information pair may be determined, and then the determined basic information pair may be subjected to conversion processing to obtain the request test message corresponding to the website request message, where the conversion processing may include, but is not limited to, replacing parameter information in the basic information pair with test information, splicing the test information after parameter information in the basic information pair, and the like.
Step S103, sending the request test message to the website corresponding to the website request message, and verifying the security of the website according to the response information of the website to the request test message.
The following description of the embodiments of the present disclosure describes the website request message in step S101 in detail.
As an embodiment, in step S101, if a target information pair exists in an obtained information pair after a primary parsing operation is performed on a website request message, a plurality of parsing operations may be performed on the website request message, where if a target information pair exists in an information pair obtained by a current-level parsing operation, a next-level parsing operation is performed until no target information pair exists in the parsed information pair, the current-level parsing operation in the embodiment of the present disclosure refers to a currently-performed parsing operation, which may refer to a first-level parsing operation through an ith-level parsing operation, and i is an integer greater than 1; the next-stage resolving operation refers to a resolving operation after the first-stage resolving operation, and i is an integer greater than 1. (ii) a
As an embodiment, when the parameter format of the parameter information of the information pair in the website request information is identified in step S101, the preset parameter format may be sequentially matched with the format of the parameter information in the target information pair according to the priority of the preset parameter format; and determining the preset parameter format successfully matched with the format of the parameter information in the target information pair as the parameter format of the parameter information in the target information pair, wherein the target information pair is the information pair in the website request message.
The following of the embodiments of the present disclosure is described in detail with respect to a first-level parsing operation of a website request message.
When the first-level analysis operation is performed on the website request message, the preset parameter format and the parameter format of the target information pair in the website request message can be sequentially matched according to the priority of the preset parameter format, and the parameter information in the target information pair is analyzed according to the analysis rule corresponding to the successfully matched parameter format; if, but not limited to, the preset priority of the parameter format is set to be a json format, a soap format, an xml format and a post form format from high to low, when the first-level analysis operation is performed on the website request message, the parameter format of the parameter information of the target information pair can be matched with the json format, if the matching is successful, the parameter information in the target information pair is analyzed according to the analysis rule of the json format, and the parameter format of the parameter information of the target information pair is not matched with other preset parameter formats; if the matching of the parameter format of the website request message and the json format fails, matching the parameter format of the parameter information of the target information pair with the soap format, if the matching is successful, analyzing the parameter information of the target information pair according to the analysis rule of the soap format, otherwise, matching the parameter format of the parameter information of the target information pair with the xml format, and if the matching of the parameter format of the parameter information of the target information pair with the json format, the soap format and the xml format fails, analyzing the parameter information of the target information pair according to the analysis rule of the post form format.
Referring to fig. 2, for convenience of understanding, a schematic flow diagram of a first-level parsing operation is provided, after parsing a website request message is started, the parsing operation is tried one by one according to parsing rules of different preset formats, if the parsing is successful, the first-level parsing operation on the website request message is completed, if the parsing is failed, the parsing operation is continuously tried according to parsing rules of another preset format, and if all preset formats are not matched with parameter formats of the website request message, the parsing operation can be performed according to parsing rules of a default format, where the default format may be, but is not limited to, a post format.
The following description of the embodiments of the present disclosure describes the above-described next-level parsing operation (i.e., the ith-level parsing operation after the first-level parsing operation).
As shown in fig. 3, the i-th parsing operation specifically includes the following steps:
step S301 identifies a parameter format of parameter information of the target information pair in the website request message.
Specifically, when the parameter format of the parameter information in the target information pair is identified in step S301, the preset parameter format may be sequentially matched with the format of the parameter information in the target information pair according to, but not limited to, the priority of the preset parameter format; determining a preset parameter format successfully matched with the format of the parameter information in the target information pair as the parameter format of the parameter information of the target information pair; if the preset parameter formats include a json format, a soap format and a post form format, the priority of the preset parameter formats can be set to the json format, the soap format and the post form format from high to low, then whether the parameter format of the parameter information of the target information pair is matched with the json format is judged, if so, the json format is determined as the parameter format of the parameter information of the target information pair, otherwise, whether the parameter format of the parameter information of the target information pair is matched with the soap format is continuously judged, if so, the soap format is determined as the parameter format of the parameter information of the target information pair, otherwise, the post form format can be directly determined as the parameter format of the parameter information of the target information pair, and whether the parameter format of the parameter information of the target information pair is matched with the post form format can also be continuously judged.
Step S302, analyzing the parameter information in the target information pair based on the analysis rule corresponding to the identified parameter format.
As an embodiment, in the embodiment of the present disclosure, multiple parsing rules may be set for a same parameter format, for example, parsing rules of the following first regular expression to third regular expression are set for a json format.
The first regular expression: ("(;
the second regular expression: ("(;
the third regular expression: ("(;
the representations in the first to third regular expressions ("(.
In the disclosed embodiment, an end character "\ b" may also be added at the end of each regular expression as described above, such as deforming the first regular expression into ("(? \ \ b")/b, deforming the second regular expression into ("(?p < name > [" >) - "\ \ s).
Further, if at least two parsing rules corresponding to the parameter format identified in step S301 are included, the step of performing parsing operation on the parameter information in the target information pair in step S302 includes:
and determining a target analysis rule from the at least two analysis rules, and analyzing the parameter information in the target information pair according to the target analysis rule.
As an example, if the identified parameter format includes a json format, the parameter information in the target information pair may be parsed according to the target parsing rule as follows:
and extracting the parameter identification in the information pair corresponding to the target analysis rule by using a first analysis format in the target analysis rule, and extracting the parameter information in the information pair corresponding to the target analysis rule by using a second analysis format in the target analysis rule.
If the target analysis rule is a first regular expression, the first analysis format is ("(.
If the target analysis rule is a second regular expression, the first analysis format is ("(.
If the target analysis rule is the third regular expression, the first analysis format is ("(.
Further, a target parsing rule may be determined from the at least two parsing rules based on priorities of the at least two parsing rules, and specifically, an nth priority parsing rule may be determined from the at least two parsing rules as the target parsing rule, and if parsing using the nth priority parsing rule fails, an (N-1) th priority parsing rule may be determined as the target parsing rule, where N is a natural number greater than or equal to 1, and the nth priority is higher than the (N-1) th priority; if the identified parameter format is a json format, a target parsing rule may be selected from the first regular expression to the third regular expression based on the priorities of the first regular expression to the third regular expression, where a setting manner of the priorities of the at least two parsing rules is not limited, and a person skilled in the art may set the target parsing rule according to actual requirements.
One analysis rule can be randomly selected from the at least two analysis rules and determined as a target analysis rule; if the identified parameter format is the json format, one regular expression can be randomly selected from the first regular expression to the third regular expression to be determined as the target analysis rule.
As an embodiment, after the step of performing an analysis operation on the parameter information in the target information pair according to the target analysis rule, if there is still a target information pair in the information pair obtained by the analysis, the target analysis rule may be re-determined from unselected analysis rules in the at least two analysis rules, and the analysis operation is performed on the parameter information in the target information pair according to the re-determined target analysis rule until there is no target information pair in the information pair obtained by the analysis; if the identified parameter format is a json format, the determined target analysis rule is the first regular expression, if the target information pair still exists after the parameter information in the target information pair obtained by the i-1 level analysis operation is analyzed according to the first regular expression, one or a combination of the second regular expression and the third regular expression can be continuously selected as the target analysis rule, and the analysis operation is carried out on the still existing target information pair until no target information pair exists in the information pair obtained by analysis.
As an embodiment, if the identified parameter format is a json format, and the analysis rule of the json format includes a first regular expression to a third regular expression, in step S302, the parameter information in the target information pair obtained by the i-1 th level analysis operation may be analyzed according to the first regular expression to the third regular expression at the same time, where reference may be made to fig. 4, and the method specifically includes the following steps:
step S401, according to a first regular expression, analyzing parameter information in a target information pair obtained by the i-1 level analyzing operation;
step S402, according to a second regular expression, analyzing the parameter information in the target information pair obtained by analyzing according to the first regular expression;
step S403, according to the third regular expression, performing an analysis operation on the parameter information in the target information pair obtained by analysis according to the second regular expression.
It should be noted that, the regular expressions specifically according to steps S401 to S403 are not limited, and those skilled in the art may set the regular expressions according to actual requirements, for example, the regular expressions according to which the parsing operations of steps S401 to S403 are performed are respectively set as the second regular expression, the third regular expression, the first regular expression, and the like.
As an embodiment, if the parameter format of the website request message is json format, in the first-stage parsing operation, one or more of the first regular expression to the third regular expression may also be used to perform the first-stage parsing operation on the website request message, as shown in fig. 5, and meanwhile, according to the first regular expression to the third regular expression, the process of performing the first-stage parsing operation on the website request message specifically includes the following steps:
step S501, according to the first regular expression, analyzing the website request message.
Step S502, according to the second regular expression, analyzing the parameter information in the target information pair obtained by analyzing according to the first regular expression.
If the information pair obtained by analyzing according to the first regular expression does not comprise the target information pair, the analysis process of the website request message is ended.
Step S503, according to the third regular expression, analyzing the parameter information in the target information pair obtained by analyzing according to the second regular expression.
If the information pair obtained by analyzing according to the second regular expression does not comprise the target information pair, the analysis process of the website request message is ended; if, after step S503, the target information pair is not included in the information pair obtained by parsing according to the third regular expression, the parsing process for the website request message is ended, otherwise, the ith-level parsing operation (i is a value greater than 1) is performed on the target information pair obtained by parsing according to the third regular expression.
It should be noted that, the regular expressions specifically according to steps S501 to S503 are not limited, and those skilled in the art may set the regular expressions according to actual requirements, for example, the regular expressions according to which the parsing operations of steps S501 to S503 are performed are respectively set as the second regular expression, the third regular expression, the first regular expression, and the like.
The process of obtaining the request test message in step S102 is explained in detail below.
Specifically, the basic information pair corresponding to the safety test target in the basic information pair obtained by analysis can be determined; and converting the basic information pair corresponding to the safety test target to obtain a request test message corresponding to the website request.
If the website request message is { "age": 26, "info": { "name": "ab", "sex": "mail" }, after the website request message is subjected to step-by-step analysis operation by the method, the obtained basic information pair is { "key _ age }"; if the security test target is the test name attribute, the basic information pair corresponding to the security test target may be ({ key _ name } ": { key _ name _ value }), and further may perform conversion processing on ({ key _ name }": { key _ name _ value }); when the security test target is the test sex attribute, the basic information pair corresponding to the security test target may be ({ key _ sex } ": { key _ sex _ value }), and may further perform conversion processing on ({ key _ sex }": { key _ sex _ value }).
Further, the basic information pair obtained by analyzing may be converted through at least one of the following conversion methods to obtain a request test message corresponding to the website request message:
the first conversion mode is as follows: parameter information is directly replaced.
And replacing the parameter information in the basic information pair obtained by analysis with first test information to obtain a request test message corresponding to the website request message.
If the website request message is id 1& info { "age": 26, "ids": [1, 2] }, if the first test information is a character string < evil >, the request test message generated according to the parsed basic information pair may be: id < evil > & info { "age": 26, "ids": [1, 2] }, id ═ 1& info { "age": < evil >, "ids": [1, 2] }, id ═ 1& info { "age": 26, "ids": < evil > }, id < evil > & info { "age": < evil >, "ids": [1, 2] }, id ═ 1& info { "age": 26, "ids": [ < evil >, 2] } etc.
The second conversion mode is as follows: and splicing the test information after the parameter information.
And adding second test information in the basic information pair obtained by analysis to obtain a request test message corresponding to the website request message.
If the website request message is id 1& info { "age": 26, "ids": [1, 2] }, if the second test information is a character string < evil >, the request test message generated according to the parsed basic information pair may be: id 1< evil > & info { "age": 26, "ids": [1, 2] }, id ═ 1& info { "age": 26< evil >, "ids": [1, 2] }, id ═ 1< evil > & info { "age": 26< evil >, "ids": [1, 2] } and the like.
When the request test message is generated by adopting the first conversion mode and the second conversion mode, if the website request message is id ═ 1& info { "age": 26, "ids": [1, 2] }, the first test information is the character string < evil1>, and the second test information is the character string < evil2>, then the generated request test message may be id 1< evil2> & info { "age": < evil1>, "ids": [1, 2] }, the generated request test message may also be id { < evil1> < evil2> & info { "age": 26, "ids": [1,2]}.
It should be noted that the first test information and the second test information may be the same or different, and those skilled in the art may set them according to actual requirements.
The following of the disclosed embodiments provides several specific examples of website security tests.
Example 1
The portion to be parsed in the website request message in this example is { "age": 26, "info": { "name": "ab", "sex": the information pair in this example is a parameter key value pair, the parameter identifier in the information pair is a parameter name in the parameter key value pair, and the parameter information in the information pair is a parameter value in the parameter key value pair.
As shown in fig. 6, a schematic diagram of a principle of performing an analysis operation on a website request message in this example is provided, in this example, a data flow direction in an analysis operation process is modified in a recursive call manner, and a parameter value in a parameter key value pair obtained by the analysis operation is returned to an analysis module again until the parameter value obtained by the analysis is a basic data type (that is, a parameter key value pair whose parameter value is a basic data type is the basic information pair), and the parameter value of the basic data type obtained by the analysis is stored in an analysis result set, where the analysis module is configured to perform an analysis operation on the website request message, and the basic data type includes a string type, a numerical type, and a boolean type.
Meanwhile, if the parameter format of the website request message is json format, at least one of the first regular expression to the third regular expression may be used as a target parsing rule, each parameter name and parameter value in the website request message is directly extracted according to the target parsing rule, and a parameter key value pair consisting of the extracted parameter name and parameter value is formatted, for example, each extracted parameter key value pair is formed as "key _ key 1" by replacement: a character string of "key _ key1_ value".
For example, the parameter value to be analyzed in the website request message is { "age": 26, "info": { "name": "ab", "sex": "male" }, in the related technology, after judging that the parameter format of the parameter value of the target information pair in the website request message is json format, calling an analysis library corresponding to the json format, and putting two parameter key value pairs related to the analyzed age and info into an analysis result set; in the disclosure, after the parameter format of the parameter value of the target information pair in the website request message is judged to be json format, an analysis library corresponding to the json format is called to perform a first-stage analysis operation, two parameter key value pairs related to age and info are obtained through analysis, whether the parameter values of the age and info are basic data types or not is judged respectively, if so, the parameter value of the age is judged to be a numerical value type, the age and the parameter value of the age are stored in an analysis result set, and meanwhile, the parameter value of the info is judged not to be the basic data type, so that a second-stage analysis operation is performed on the parameter value of the info, and when the second-stage analysis operation is performed, the parameter format of the parameter value of the info is judged to be json format, the analysis library corresponding to the json format is called to analyze the parameter value of the info, the two parameter key value pairs related to name and sex are analyzed, and the parameter value of the name and the sex are both character string types, and storing the two parameter key value pairs related to the name and the sex into an analysis result set, storing the two parameter keys of the key _ name and the key _ sex into the parameter key set, and ending the analysis process of the website request message.
In addition, in the embodiment of the present disclosure, after the parameter format of the parameter value to be analyzed in the website request message is judged to be the json format, at least one of the first regular expression to the third regular expression may be determined as a target analysis rule, and the website request message is analyzed according to the target analysis rule, where the specific process may refer to the above contents, and is not described repeatedly here.
In this example, for parameter values { "age": 26, "info": { "name": "ab", "sex": the "large" } performs an analysis operation, and the format of the result obtained by the analysis may be { "key _ age }": { key _ age _ value }, "info": { "{ key _ name }": { key _ namejvalue }, "{ key _ sex }": { key _ sex _ value } }.
And then the parameter keys key _ age, key _ name and key _ sex can be respectively transformed and/or replaced by using the test information to obtain a request test message corresponding to the website request message, and the security of the corresponding website is verified through the request test message.
Example 2
In the example, the part to be analyzed in the website request message is a mixture of a json format and a post form format; the information pair in this example is a parameter key value pair, the parameter identifier in the information pair is a parameter name in the parameter key value pair, and the parameter information in the information pair is a parameter value in the parameter key value pair.
Referring to fig. 7, assuming that the json format has higher priority than the post form format, the portion to be parsed in the website request message is id 1& info { "age": 26, the step-by-step parsing the website request message comprises the following steps:
in step S701, the parameter module sets the part id to be analyzed in the website request parameter to 1& info { "age": 26 to the parsing module.
Step S702, the parsing module determines whether the parameter format of the portion to be parsed in the website request message matches the json format, and at this time, the parsing module determines that id is 1& info { "age": 26} is not matched with the json format, the process proceeds to step S703.
In step S703, the parsing module performs a first-level parsing operation on the website request message according to the post form format, to obtain id 1, info { "age": 26}, and two parameter key value pairs.
In step S704, after determining that the parameter value in the parameter key value pair with id ═ 1 is a numerical type, the analysis result processing module adds id ═ 1 to the analysis result set, and adds the parameter name id to the parameter key set.
In step S705, the analysis result processing module determines that info { "age": 26, after the parameter value in the parameter key value pair is not the basic data type, further setting the parameter value { "age": 26 to the parsing module for a second level parsing operation.
Step S706, after the analysis module determines that the parameter value { "age": 26} is in the json format, the parameter value { "age": 26} is analyzed according to the analysis rule corresponding to the json format to obtain { "key _ age": { key _ age _ value } }, and transmits the parsing result to the parsing result processing module.
In this step, the { "age": 26} may be parsed in the manner of the first regular expression to the third regular expression, and the description is not repeated here.
In step S707, the analysis result processing module determines { "key _ age": after the parameter value in { key _ age _ value } } is of a numerical type, the value of { "key _ age": { key _ age _ value } } is added to the parsing result set, and key _ age is added to the parameter key set.
For the part id to be parsed in the website request message 1& info { "age" in this example: 26, performing step-by-step analysis operation, wherein the result obtained by analysis is id 1& info { "key _ age": { key _ age _ value }, parameter keys are id and key _ age.
And then, the parameter key id and the key _ age can be respectively transformed and/or replaced by utilizing the test information to obtain a request test message corresponding to the website request message, and the security of the corresponding website is verified through the request test message.
In the embodiment of the disclosure, the website request message is analyzed until no target information pair exists in the analyzed information pair, and then when the request test message is generated according to the analyzed basic information pair, a request test message for performing security detection on each analyzed basic information pair can be generated, and a request test message for performing security detection on a specified basic information pair can also be generated, so that when the security of the website is detected through the request test message, the accuracy of website security detection is improved.
As shown in fig. 8, based on the same inventive concept, the embodiment of the present disclosure further provides a website security testing apparatus 800, including:
an information analysis unit 801 configured to perform an analysis operation on website request information to obtain a basic information pair corresponding to the website request information, where the basic information pair is an information pair including parameter information of a basic data type;
an information conversion unit 802, configured to perform, in a case that no target information pair exists in the website request information, a conversion process on the analyzed basic information pair to obtain a request test message corresponding to the website request information, where the target information pair is an information pair including parameter information of a non-basic data type;
a security testing unit 803 configured to perform sending the request test message to a website corresponding to the website request message, and verifying security of the website according to response information of the website to the request test message.
As an embodiment, the information parsing unit 801 is specifically configured to perform:
identifying the parameter format of the parameter information of the target information pair in the website request information;
and analyzing the parameter information in the target information pair based on the analysis rule corresponding to the identified parameter format.
As an embodiment, the information parsing unit 801 is specifically configured to perform:
according to the priority of the preset parameter format, sequentially matching the preset parameter format with the format of the parameter information in the target information pair; and
and determining the preset parameter format successfully matched with the format of the parameter information in the target information pair as the parameter format of the parameter information in the target information pair.
As an embodiment, the information parsing unit 801 is specifically configured to perform:
and determining a target analysis rule from the at least two analysis rules, and analyzing the parameter information in the target information pair according to the target analysis rule.
As an embodiment, the information parsing unit 801 is further configured to perform:
after analyzing the parameter information in the target information pair according to the target analysis rule, if the target information pair still exists in the information pair obtained by analyzing, re-determining the target analysis rule from the unselected analysis rules in the at least two analysis rules, and analyzing the parameter information in the target information pair according to the re-determined target analysis rule until no target information pair exists in the information pair obtained by analyzing.
As an embodiment, the information parsing unit 801 is specifically configured to perform:
determining the analysis rule of the Nth priority as a target analysis rule from the at least two analysis rules, and if the analysis rule of the Nth priority fails to be analyzed, determining the analysis rule of the (N-1) th priority as the target analysis rule, wherein N is a natural number greater than or equal to 1, and the Nth priority is higher than the (N-1) th priority; or
And randomly selecting one analysis rule from the at least two analysis rules to be determined as a target analysis rule.
As an embodiment, the identified parameter format includes a json format, and the information parsing unit 801 is specifically configured to perform:
extracting the parameter identification in the information pair corresponding to the target analysis rule by using the first analysis format in the target analysis rule, and
and extracting the parameter information in the information pair corresponding to the target analysis rule by using a second analysis format in the target analysis rule.
As an embodiment, the information converting unit 802 is configured to perform:
determining a basic information pair corresponding to the safety test target in the basic information pair obtained by analysis;
and converting the basic information pair corresponding to the safety test target to obtain a request test message corresponding to the website request message.
As an embodiment, the information conversion unit 802 is specifically configured to perform:
replacing the parameter information in the basic information pair obtained by analysis with first test information to obtain a request test message corresponding to the website request message; and/or
And adding second test information in the basic information pair obtained by analysis to obtain a request test message corresponding to the website request message.
As shown in fig. 9, the present disclosure provides an electronic device 900 comprising a processor 901, a memory 902 for storing processor-executable instructions as described above;
the processor 901 is configured to execute the process of any one of the above website security testing methods.
In an exemplary embodiment, a storage medium comprising instructions, such as a memory comprising instructions, executable by a processor of the electronic device to perform the method is also provided. Alternatively, the storage medium may be a non-transitory computer readable storage medium, for example, which may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (10)
1. A website security testing method is characterized by comprising the following steps:
analyzing website request information to obtain a basic information pair corresponding to the website request information, wherein the basic information pair is an information pair comprising parameter information of a basic data type;
under the condition that no target information pair exists in the website request information, converting the analyzed basic information pair to obtain a request test message corresponding to the website request information, wherein the target information pair is an information pair comprising parameter information of a non-basic data type;
and sending the request test message to a website corresponding to the website request message, and verifying the security of the website according to the response information of the website to the request test message.
2. The method of claim 1, wherein the step of parsing the website request information comprises:
identifying the parameter format of the parameter information of the target information pair in the website request information;
and analyzing the parameter information in the target information pair based on the analysis rule corresponding to the identified parameter format.
3. The method of claim 2, wherein the step of identifying the parameter format of the parameter information of the information pair in the website request information comprises:
according to the priority of the preset parameter format, sequentially matching the preset parameter format with the format of the parameter information in the target information pair; and
and determining the preset parameter format successfully matched with the format of the parameter information in the target information pair as the parameter format of the parameter information in the target information pair.
4. The method of claim 2, wherein the identified parsing rules for the parameter format include at least two, and the step of parsing the parameter information in the target information pair includes:
and determining a target analysis rule from the at least two analysis rules, and analyzing the parameter information in the target information pair according to the target analysis rule.
5. The method of claim 4, wherein the step of parsing the parameter information in the target information pair according to the target parsing rule further comprises:
and if the target information pair still exists in the information pair obtained by analysis, re-determining the target analysis rule from the unselected analysis rules in the at least two analysis rules, and analyzing the parameter information in the target information pair according to the re-determined target analysis rule until no target information pair exists in the information pair obtained by analysis.
6. The method of claim 4, wherein the step of determining a target parsing rule from the at least two parsing rules comprises:
determining the analysis rule of the Nth priority as a target analysis rule from the at least two analysis rules, and if the analysis rule of the Nth priority fails to be analyzed, determining the analysis rule of the (N-1) th priority as the target analysis rule, wherein N is a natural number greater than or equal to 1, and the Nth priority is higher than the (N-1) th priority; or
And randomly selecting one analysis rule from the at least two analysis rules to be determined as a target analysis rule.
7. The method of any of claims 4-6, wherein the identified parameter format comprises a json format, and wherein the step of parsing the parameter information in the target information pair according to a target parsing rule comprises:
extracting the parameter identification in the information pair corresponding to the target analysis rule by using the first analysis format in the target analysis rule, and
and extracting the parameter information in the information pair corresponding to the target analysis rule by using a second analysis format in the target analysis rule.
8. A website security testing apparatus, comprising:
the information analysis unit is configured to perform analysis operation on website request information to obtain a basic information pair corresponding to the website request information, wherein the basic information pair is an information pair comprising parameter information of a basic data type;
the information conversion unit is configured to perform conversion processing on the analyzed basic information pair under the condition that no target information pair exists in the website request information to obtain a request test message corresponding to the website request information, wherein the target information pair is an information pair comprising parameter information of a non-basic data type;
and the safety test unit is configured to execute sending the request test message to a website corresponding to the website request message, and verify the safety of the website according to the response information of the website to the request test message.
9. An electronic device comprising a processor, a memory for storing instructions executable by the processor;
wherein the processor is configured to perform the method of any one of claims 1 to 7.
10. A computer-readable storage medium having stored thereon computer instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010641747.0A CN111901310A (en) | 2020-07-06 | 2020-07-06 | Website security testing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010641747.0A CN111901310A (en) | 2020-07-06 | 2020-07-06 | Website security testing method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111901310A true CN111901310A (en) | 2020-11-06 |
Family
ID=73192949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010641747.0A Pending CN111901310A (en) | 2020-07-06 | 2020-07-06 | Website security testing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111901310A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112560038A (en) * | 2020-12-24 | 2021-03-26 | 深信服科技股份有限公司 | Data analysis method, device and equipment and computer readable storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20080043204A (en) * | 2006-11-13 | 2008-05-16 | 한국전자통신연구원 | File format analysis system and method for unknown file format to use software security testing |
| CN104537305A (en) * | 2014-12-31 | 2015-04-22 | 北京奇虎科技有限公司 | Website vulnerability detection method and system |
| CN106484611A (en) * | 2015-09-02 | 2017-03-08 | 腾讯科技(深圳)有限公司 | Fuzz testing method and apparatus based on automation protocol adaptation |
| CN107908541A (en) * | 2017-07-26 | 2018-04-13 | 平安壹钱包电子商务有限公司 | Interface test method, device, computer equipment and storage medium |
| US20180137095A1 (en) * | 2016-04-26 | 2018-05-17 | Seculayer Co., Ltd. | Method for performing normalization of unstructured data and computing device using the same |
| CN108733689A (en) * | 2017-04-18 | 2018-11-02 | 北京京东尚科信息技术有限公司 | A kind of comparison method and device of JSON texts |
| CN109194543A (en) * | 2018-08-24 | 2019-01-11 | 北京天元创新科技有限公司 | Collecting method and device |
| CN109976997A (en) * | 2017-12-28 | 2019-07-05 | 北京京东尚科信息技术有限公司 | Test method and device |
| CN110196813A (en) * | 2019-06-06 | 2019-09-03 | 北京百度网讯科技有限公司 | Interface test method, device, equipment and medium |
| CN110460612A (en) * | 2019-08-15 | 2019-11-15 | 中国平安财产保险股份有限公司 | Safety detecting method, equipment, storage medium and device |
| CN110750442A (en) * | 2019-09-06 | 2020-02-04 | 平安医疗健康管理股份有限公司 | Test case generation method, device, equipment and storage medium |
-
2020
- 2020-07-06 CN CN202010641747.0A patent/CN111901310A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20080043204A (en) * | 2006-11-13 | 2008-05-16 | 한국전자통신연구원 | File format analysis system and method for unknown file format to use software security testing |
| CN104537305A (en) * | 2014-12-31 | 2015-04-22 | 北京奇虎科技有限公司 | Website vulnerability detection method and system |
| CN106484611A (en) * | 2015-09-02 | 2017-03-08 | 腾讯科技(深圳)有限公司 | Fuzz testing method and apparatus based on automation protocol adaptation |
| US20180137095A1 (en) * | 2016-04-26 | 2018-05-17 | Seculayer Co., Ltd. | Method for performing normalization of unstructured data and computing device using the same |
| CN108733689A (en) * | 2017-04-18 | 2018-11-02 | 北京京东尚科信息技术有限公司 | A kind of comparison method and device of JSON texts |
| CN107908541A (en) * | 2017-07-26 | 2018-04-13 | 平安壹钱包电子商务有限公司 | Interface test method, device, computer equipment and storage medium |
| CN109976997A (en) * | 2017-12-28 | 2019-07-05 | 北京京东尚科信息技术有限公司 | Test method and device |
| CN109194543A (en) * | 2018-08-24 | 2019-01-11 | 北京天元创新科技有限公司 | Collecting method and device |
| CN110196813A (en) * | 2019-06-06 | 2019-09-03 | 北京百度网讯科技有限公司 | Interface test method, device, equipment and medium |
| CN110460612A (en) * | 2019-08-15 | 2019-11-15 | 中国平安财产保险股份有限公司 | Safety detecting method, equipment, storage medium and device |
| CN110750442A (en) * | 2019-09-06 | 2020-02-04 | 平安医疗健康管理股份有限公司 | Test case generation method, device, equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| NUNO TEODORO: "Web application security: Improving critical web-based applications quality through in-depth security analysis", 《INTERNATIONAL CONFERENCE ON INFORMATION SOCIETY (I-SOCIETY 2011)》 * |
| 潘世成等: "非结构化机器数据范式化处理的研究", 《现代信息科技》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112560038A (en) * | 2020-12-24 | 2021-03-26 | 深信服科技股份有限公司 | Data analysis method, device and equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10243982B2 (en) | Log analyzing device, attack detecting device, attack detection method, and program | |
| US20040205411A1 (en) | Method of detecting malicious scripts using code insertion technique | |
| US11204862B2 (en) | Method for evaluating application program interface (AP) with API maturity matric and testing | |
| CN108718306B (en) | Abnormal flow behavior discrimination method and device | |
| WO2009087996A1 (en) | Information extraction device and information extraction system | |
| CN115580494B (en) | Method, device and equipment for detecting weak password | |
| US20180349250A1 (en) | Content-level anomaly detector for systems with limited memory | |
| CN114650163B (en) | Fuzzy test method and system for stateful network protocol | |
| CN110704816B (en) | Interface cracking recognition method, device, equipment and storage medium | |
| CN113704328B (en) | User behavior big data mining method and system based on artificial intelligence | |
| CN115065623B (en) | Active and passive combined reverse analysis method for private industrial control protocol | |
| US9600644B2 (en) | Method, a computer program and apparatus for analyzing symbols in a computer | |
| JP2008299540A (en) | Inspection device and inspection program for web service providing system | |
| CN110460606B (en) | Second-order SQL injection vulnerability detection method, device and equipment | |
| CN113704772B (en) | Safety protection processing method and system based on user behavior big data mining | |
| CN111901310A (en) | Website security testing method and device, electronic equipment and storage medium | |
| CN108804501B (en) | Method and device for detecting effective information | |
| CN111723182B (en) | Key information extraction method and device for vulnerability text | |
| CN116055067B (en) | Weak password detection method, device, electronic equipment and medium | |
| US20140337069A1 (en) | Deriving business transactions from web logs | |
| CN113094706A (en) | WebShell detection method, device, equipment and readable storage medium | |
| CN115859305A (en) | Knowledge graph-based industrial control security situation sensing method and system | |
| US20240045955A1 (en) | Identifying security events in programming code for logging | |
| CN109787995B (en) | Method and terminal for detecting XSS vulnerability | |
| JP4454080B2 (en) | Information filtering apparatus, information filtering method, and medium storing information filtering program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201106 |