CN112668007A - Software system security reinforcing method - Google Patents
Software system security reinforcing method Download PDFInfo
- Publication number
- CN112668007A CN112668007A CN202110006105.8A CN202110006105A CN112668007A CN 112668007 A CN112668007 A CN 112668007A CN 202110006105 A CN202110006105 A CN 202110006105A CN 112668007 A CN112668007 A CN 112668007A
- Authority
- CN
- China
- Prior art keywords
- security
- software system
- safety
- website
- filtering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000003014 reinforcing effect Effects 0.000 title abstract description 6
- 238000001914 filtration Methods 0.000 claims abstract description 55
- 230000006399 behavior Effects 0.000 claims abstract description 36
- 230000002787 reinforcement Effects 0.000 claims abstract description 8
- 238000011161 development Methods 0.000 claims abstract description 6
- 230000009191 jumping Effects 0.000 claims description 10
- 238000002347 injection Methods 0.000 claims description 6
- 239000007924 injection Substances 0.000 claims description 6
- 230000000903 blocking effect Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 4
- 238000012550 audit Methods 0.000 claims description 3
- 235000014510 cooky Nutrition 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000005728 strengthening Methods 0.000 abstract description 4
- 239000000243 solution Substances 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Abstract
The invention particularly relates to a software system security reinforcement method. The method for reinforcing the security of the software system customizes and develops a plurality of security funnels aiming at different network attack behaviors, starts security filtering in a configuration mode, performs multiple filtering on data and websites transmitted into the software system from the outside, finds and clears dangerous data in time, and blocks network malicious attacks, thereby ensuring the safe and reliable operation of the software system. The method for strengthening the safety of the software system not only can find and clear dangerous data in time, block malicious attacks on the network and guarantee the safe and reliable operation of the software system, but also does not need to modify the existing service codes, has short development period and convenient use, and can quickly meet the safety strengthening requirement of the software system.
Description
Technical Field
The invention relates to the technical field of computer software security, in particular to a security reinforcing method for a software system.
Background
In order to ensure information security, enterprises attach increasing importance to the information security of the software system, and the software security assessment also becomes a necessary condition for the online of the software system. At present, aiming at the software safety problems discovered by safety evaluation, a mode of modifying related source codes of a service system is generally adopted, the development period is long, the workload is large, the testing task is heavy, and the normal operation of software service functions is often influenced.
In order to effectively solve the problems existing at present, the invention provides a software system security reinforcing method, which is used for carrying out abstract modeling, unified processing logic, unified coding and unified configuration on the characteristics of network attack.
Disclosure of Invention
In order to make up for the defects of the prior art, the invention provides a simple and efficient software system security reinforcement method.
The invention is realized by the following technical scheme:
a software system security reinforcement method is characterized in that: the method comprises the steps of customizing and developing a plurality of safety funnels aiming at different network attack behaviors, starting safety filtration in a configuration mode, carrying out multiple filtration on data and websites transmitted into a software system from the outside, finding and clearing dangerous data in time, and blocking network malicious attacks, so that the safe and reliable operation of the software system is guaranteed;
the method comprises the following concrete steps:
s1, analyzing common network attack behaviors, customizing a security filtering keyword blacklist, performing security filtering on input data, query conditions and a jump website transmitted from the outside through an external input security funnel, finding and removing dangerous data, interrupting malicious attack behaviors, and recording a security log;
s2, customizing a white list of compliant websites, interrupting illegal website jumping by using a jumping website safety funnel, and recording a safety log;
and S3, aiming at the network attack behaviors discovered by security filtering, providing software system security behavior audit, analyzing common network attack behaviors, and improving the pertinence of security reinforcement of the software system.
In step S1, customizing a security filtering keyword blacklist by using a regular expression, and configuring keywords used by cross-site scripting attack, SQL injection attack, and/or XML injection attack; and the security rule of the security filtering keyword blacklist can be adjusted according to the attack type and the requirement of the service function, and a basis is provided for configuring the security filtering rule by an external input security funnel.
In step S1, the external input security funnel loads a security filtering keyword blacklist in an init () method through a javax.
In a doFilter (ServerRequest request, ServerResponse response, FilterChain chain) method, performing blacklist regular matching filtering on an externally transmitted request according to a filtering rule;
if dangerous input data are matched, intercepting and clearing relevant data, interrupting a network request, blocking external attack behaviors, and recording a network attack interception log;
and after the external data is safely filtered, calling a chain. doFilter () method, transmitting the filtered data into a jump website safety funnel, and continuing to perform safety filtering.
In the step S2, a plainText mode is used for defining a compliance website white list, the compliance website white list is customized according to a domain name and an IP mode, and the domain names are separated by ":"; the IP address list sets a fixed IP or an IP interval, the IP interval is divided, a plurality of IPs are divided, and 0 is used as a network segment wildcard;
the compliance website white list can be adjusted according to the actual deployment condition of the software system, and a basis is provided for configuring a website skipping rule for a skipping website safety funnel.
In the step S2, the jump website security funnel loads a jump website white list in an init () method through a javax.servlet.filter interface, and generates a website jump rule; performing line-by-line matching on the skipped website by using a skipped website white list in a doFilter (ServerRequest request, ServerResponse, FilterChain) method;
if the network address is matched with the compliant network address, the network address is skipped normally, otherwise, the network address is judged as an illegal skipped network address, the network address skipping request is interrupted, an attack warning is carried out on a front-end page, and a network attack interception log is recorded;
and after filtering is finished, calling a chain.
Aiming at dangerous data or illegal websites discovered by an externally input safety funnel and a jumping website safety funnel, the filtered content including the current user, the affiliated application, the request time, the request URL, the safety level, the safety type, the original data, the dangerous data, the filtered data and the processing mode are recorded into a safety log in a text mode, and simultaneously, a safety log database table is recorded.
In the step S3, a security behavior auditing function is provided for security data recorded in the security log, analysis according to security type, security level and/or access user dimension is supported, and through security dimension analysis, including attack behavior with the top three occurrence times, high-risk users with the top three occurrence times and high-risk applications with the top three occurrence times, the security level of the software system is counted and determined.
The safety funnel supports flexible extensions. According to different types of network attacks, customized safety funnels can be developed for different network attack behavior characteristics to carry out safety filtering. Aiming at the skin style cookie tampering attack behaviors of the strict limitation type, developing a safety funnel by using a mode of customizing a jump website white list; and for the computing type attack behaviors which cannot be exhausted, the security funnel development is carried out by using a mode of customizing the security filtering keyword blacklist.
The safety funnel is programmed facing to a tangent plane, the existing business function code is not required to be modified in an invasive mode, and the safety filtering function can be started only through a flexible software configuration mode. In order to deal with the network security threat which is gradually upgraded, the customized filtering rule is supported so as to meet the security requirement of the software system.
The invention has the beneficial effects that: the method for strengthening the safety of the software system not only can find and clear dangerous data in time, block malicious attacks on the network and guarantee the safe and reliable operation of the software system, but also does not need to modify the existing service codes, has short development period and convenient use, and can quickly meet the safety strengthening requirement of the software system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of the security reinforcement method of the software system of the present invention.
FIG. 2 is a schematic diagram of the external input data security filtering process according to the present invention.
FIG. 3 is a schematic view of the safe filtering process of the jumping website of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the embodiment of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The method for reinforcing the security of the software system customizes and develops a plurality of security funnels aiming at different network attack behaviors, starts security filtering in a configuration mode, performs multiple filtering on data and websites transmitted into the software system from the outside, finds and clears dangerous data in time, and blocks network malicious attacks, thereby ensuring the safe and reliable operation of the software system;
the method comprises the following concrete steps:
s1, analyzing common network attack behaviors, customizing a security filtering keyword blacklist, performing security filtering on input data, query conditions and a jump website transmitted from the outside through an external input security funnel, finding and removing dangerous data, interrupting malicious attack behaviors, and recording a security log;
s2, customizing a white list of compliant websites, interrupting illegal website jumping by using a jumping website safety funnel, and recording a safety log;
and S3, aiming at the network attack behaviors discovered by security filtering, providing software system security behavior audit, analyzing common network attack behaviors, and improving the pertinence of security reinforcement of the software system.
In step S1, customizing a security filtering keyword blacklist by using a regular expression, and configuring keywords used by cross-site scripting attack, SQL injection attack, and/or XML injection attack; and the security rule of the security filtering keyword blacklist can be adjusted according to the attack type and the requirement of the service function, and a basis is provided for configuring the security filtering rule by an external input security funnel.
The safe filtering keyword blacklist configuration method comprises the following steps:
(?:")|(?:')|(?:--)|(?:<)|(?:>)|(\\b(script|javascript|alert|source|window|onmouseover|onclick|prompt|confirm|style|onfocus|onconfig|prompt|update|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)。
in step S1, the external input security funnel loads a security filtering keyword blacklist in an init () method through a javax.
In a doFilter (ServerRequest request, ServerResponse response, FilterChain chain) method, performing blacklist regular matching filtering on an externally transmitted request according to a filtering rule;
if dangerous input data are matched, intercepting and clearing relevant data, interrupting a network request, blocking external attack behaviors, and recording a network attack interception log;
and after the external data is safely filtered, calling a chain. doFilter () method, transmitting the filtered data into a jump website safety funnel, and continuing to perform safety filtering.
In the step S2, a plainText mode is used for defining a compliance website white list, the compliance website white list is customized according to a domain name and an IP mode, and the domain names are separated by ":"; the IP address list sets a fixed IP or an IP interval, the IP interval is divided, a plurality of IPs are divided, and 0 is used as a network segment wildcard;
the compliance website white list can be adjusted according to the actual deployment condition of the software system, and a basis is provided for configuring a website skipping rule for a skipping website safety funnel.
The white list configuration method of the compliant website comprises the following steps:
v6:xinshangmeng:192.168.1.1:192.168.3.0。
in the step S2, the jump website security funnel loads a jump website white list in an init () method through a javax.servlet.filter interface, and generates a website jump rule; performing line-by-line matching on the skipped website by using a skipped website white list in a doFilter (ServerRequest request, ServerResponse, FilterChain) method;
if the network address is matched with the compliant network address, the network address is skipped normally, otherwise, the network address is judged as an illegal skipped network address, the network address skipping request is interrupted, an attack warning is carried out on a front-end page, and a network attack interception log is recorded;
and after filtering is finished, calling a chain.
Aiming at dangerous data or illegal websites discovered by an externally input safety funnel and a jumping website safety funnel, the filtered content including the current user, the affiliated application, the request time, the request URL, the safety level, the safety type, the original data, the dangerous data, the filtered data and the processing mode are recorded into a safety log in a text mode, and simultaneously, a safety log database table is recorded.
Table 1 security funnel log database table (example)
In the step S3, a security behavior auditing function is provided for security data recorded in the security log, analysis according to security type, security level and/or access user dimension is supported, and through security dimension analysis, including attack behavior with the top three occurrence times, high-risk users with the top three occurrence times and high-risk applications with the top three occurrence times, the security level of the software system is counted and determined.
The safety funnel supports flexible extensions. According to different types of network attacks, customized safety funnels can be developed for different network attack behavior characteristics to carry out safety filtering. Aiming at the skin style cookie tampering attack behaviors of the strict limitation type, developing a safety funnel by using a mode of customizing a jump website white list; and for the computing type attack behaviors which cannot be exhausted, the security funnel development is carried out by using a mode of customizing the security filtering keyword blacklist.
The safety funnel is programmed facing to a tangent plane, the existing business function code is not required to be modified in an invasive mode, and the safety filtering function can be started only through a flexible software configuration mode. In order to deal with the network security threat which is gradually upgraded, the customized filtering rule is supported so as to meet the security requirement of the software system.
Whether the safety hopper is enabled or not is determined by the configuration. Xml file of software system, add the following configuration to enable the security filtering functions of external input security funnel and jump website security funnel. The configuration method comprises the following steps:
the above-described embodiment is only one specific embodiment of the present invention, and general changes and substitutions by those skilled in the art within the technical scope of the present invention are included in the protection scope of the present invention.
Claims (8)
1. A software system security reinforcement method is characterized in that: the method comprises the steps of customizing and developing a plurality of safety funnels aiming at different network attack behaviors, starting safety filtration in a configuration mode, carrying out multiple filtration on data and websites transmitted into a software system from the outside, finding and clearing dangerous data in time, and blocking network malicious attacks, so that the safe and reliable operation of the software system is guaranteed;
the method comprises the following concrete steps:
s1, analyzing common network attack behaviors, customizing a security filtering keyword blacklist, performing security filtering on input data, query conditions and a jump website transmitted from the outside through an external input security funnel, finding and removing dangerous data, interrupting malicious attack behaviors, and recording a security log;
s2, customizing a white list of compliant websites, interrupting illegal website jumping by using a jumping website safety funnel, and recording a safety log;
and S3, aiming at the network attack behaviors discovered by security filtering, providing software system security behavior audit, analyzing common network attack behaviors, and improving the pertinence of security reinforcement of the software system.
2. The software system security hardening method of claim 1, wherein: in step S1, customizing a security filtering keyword blacklist by using a regular expression, and configuring keywords used by cross-site scripting attack, SQL injection attack, and/or XML injection attack; and the security rule of the security filtering keyword blacklist can be adjusted according to the attack type and the requirement of the service function, and a basis is provided for configuring the security filtering rule by an external input security funnel.
3. The software system security hardening method of claim 2, wherein: in step S1, the external input security funnel loads a security filtering keyword blacklist in an init () method through a javax.
In a doFilter (ServerRequest request, ServerResponse response, FilterChain chain) method, performing blacklist regular matching filtering on an externally transmitted request according to a filtering rule;
if dangerous input data are matched, intercepting and clearing relevant data, interrupting a network request, blocking external attack behaviors, and recording a network attack interception log;
and after the external data is safely filtered, calling a chain. doFilter () method, transmitting the filtered data into a jump website safety funnel, and continuing to perform safety filtering.
4. The software system security hardening method of claim 1, wherein: in the step S2, a plainText mode is used for defining a compliance website white list, the compliance website white list is customized according to a domain name and an IP mode, and the domain names are separated by ":"; the IP address list sets a fixed IP or an IP interval, the IP interval is divided, a plurality of IPs are divided, and 0 is used as a network segment wildcard;
the compliance website white list can be adjusted according to the actual deployment condition of the software system, and a basis is provided for configuring a website skipping rule for a skipping website safety funnel.
5. The software system security hardening method of claim 3, wherein: in the step S2, the jump website security funnel loads a jump website white list in an init () method through a javax.servlet.filter interface, and generates a website jump rule; performing line-by-line matching on the skipped website by using a skipped website white list in a doFilter (ServerRequest request, ServerResponse, FilterChain) method;
if the network address is matched with the compliant network address, the network address is skipped normally, otherwise, the network address is judged as an illegal skipped network address, the network address skipping request is interrupted, an attack warning is carried out on a front-end page, and a network attack interception log is recorded;
and after filtering is finished, calling a chain.
6. The software system security hardening method of claim 1, wherein: aiming at dangerous data or illegal websites discovered by an externally input safety funnel and a jumping website safety funnel, the filtered content including the current user, the affiliated application, the request time, the request URL, the safety level, the safety type, the original data, the dangerous data, the filtered data and the processing mode are recorded into a safety log in a text mode, and simultaneously, a safety log database table is recorded.
7. The software system security hardening method of claim 1, wherein: in the step S3, a security behavior auditing function is provided for security data recorded in the security log, analysis according to security type, security level and/or access user dimension is supported, and through security dimension analysis, including attack behavior with the top three occurrence times, high-risk users with the top three occurrence times and high-risk applications with the top three occurrence times, the security level of the software system is counted and determined.
8. The software system security hardening method of claim 1, wherein: aiming at the skin style cookie tampering attack behaviors of the strict limitation type, developing a safety funnel by using a mode of customizing a jump website white list; for the computing type attack behaviors which cannot be exhausted, the security funnel is developed by using a mode of customizing a security filtering keyword blacklist;
the safety funnel development is oriented to section programming, the existing business function code is not required to be modified in an invasive mode, and the safety filtering function can be started only through a flexible software configuration mode.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110006105.8A CN112668007A (en) | 2021-01-05 | 2021-01-05 | Software system security reinforcing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110006105.8A CN112668007A (en) | 2021-01-05 | 2021-01-05 | Software system security reinforcing method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112668007A true CN112668007A (en) | 2021-04-16 |
Family
ID=75412805
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110006105.8A Pending CN112668007A (en) | 2021-01-05 | 2021-01-05 | Software system security reinforcing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112668007A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2757339A1 (en) * | 2009-03-30 | 2010-10-07 | Huawei Technologies Co., Ltd. | Filtering method, system, and network equipment |
CN105763554A (en) * | 2016-03-28 | 2016-07-13 | 努比亚技术有限公司 | Network detection method, client, and network detection system |
CN106888196A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | A kind of coordinated defense system of unknown threat detection |
CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
CN109936560A (en) * | 2018-12-27 | 2019-06-25 | 上海银行股份有限公司 | Malware means of defence and device |
CN109951500A (en) * | 2019-04-29 | 2019-06-28 | 宜人恒业科技发展(北京)有限公司 | Network attack detecting method and device |
-
2021
- 2021-01-05 CN CN202110006105.8A patent/CN112668007A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2757339A1 (en) * | 2009-03-30 | 2010-10-07 | Huawei Technologies Co., Ltd. | Filtering method, system, and network equipment |
CN106888196A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | A kind of coordinated defense system of unknown threat detection |
CN105763554A (en) * | 2016-03-28 | 2016-07-13 | 努比亚技术有限公司 | Network detection method, client, and network detection system |
CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
CN109936560A (en) * | 2018-12-27 | 2019-06-25 | 上海银行股份有限公司 | Malware means of defence and device |
CN109951500A (en) * | 2019-04-29 | 2019-06-28 | 宜人恒业科技发展(北京)有限公司 | Network attack detecting method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10333948B2 (en) | Alerting and tagging using a malware analysis platform for threat intelligence made actionable | |
US10200389B2 (en) | Malware analysis platform for threat intelligence made actionable | |
Crussell et al. | Andarwin: Scalable detection of android application clones based on semantics | |
US9300682B2 (en) | Composite analysis of executable content across enterprise network | |
CN103473346A (en) | Android re-packed application detection method based on application programming interface | |
US20200012793A1 (en) | System and Method for An Automated Analysis of Operating System Samples | |
EP3896934A1 (en) | Distributed digital security system | |
CN110113315B (en) | Service data processing method and device | |
Luo et al. | Time does not heal all wounds: A longitudinal analysis of security-mechanism support in mobile browsers | |
EP3896936B1 (en) | Distributed digital security system | |
US11711379B2 (en) | Distributed digital security system | |
CN110059007B (en) | System vulnerability scanning method and device, computer equipment and storage medium | |
US11503066B2 (en) | Holistic computer system cybersecurity evaluation and scoring | |
Chinprutthiwong et al. | Security Study of Service Worker Cross-Site Scripting. | |
Bagheri et al. | Efficient, evolutionary security analysis of interacting android apps | |
CN103235918A (en) | Method and system for collecting trusted file | |
Buyukkayhan et al. | What's in an Exploit? An Empirical Analysis of Reflected Server {XSS} Exploitation Techniques | |
Zakeya et al. | Probing androvul dataset for studies on android malware classification | |
CN112668007A (en) | Software system security reinforcing method | |
CN110443043B (en) | Vulnerability detection method and device for android application program | |
Jerkovic et al. | Vulnerability Analysis of most Popular Open Source Content Management Systems with Focus on WordPress and Proposed Integration of Artificial Intelligence Cyber Security Features. | |
CN114157504A (en) | Safety protection method based on Servlet interceptor | |
Rodriguez et al. | Ntapps: A network traffic analyzer of android applications | |
Miele et al. | Comparative Assessment of Static Analysis Tools for Software Vulnerability. | |
Abawajy et al. | Policy-based SQLIA detection and prevention approach for RFID systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 271000 Langchao science and Technology Park, 527 Dongyue street, Tai'an City, Shandong Province Applicant after: INSPUR SOFTWARE Co.,Ltd. Address before: No. 1036, Shandong high tech Zone wave road, Ji'nan, Shandong Applicant before: INSPUR SOFTWARE Co.,Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210416 |