CN112738127B - Web-based website and host vulnerability detection system and method thereof - Google Patents
Web-based website and host vulnerability detection system and method thereof Download PDFInfo
- Publication number
- CN112738127B CN112738127B CN202110021227.4A CN202110021227A CN112738127B CN 112738127 B CN112738127 B CN 112738127B CN 202110021227 A CN202110021227 A CN 202110021227A CN 112738127 B CN112738127 B CN 112738127B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- detection
- target
- ftp
- detecting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The Web-based website and host vulnerability detection system comprises a target receiving module, a vulnerability detection module and a structure output module; the Web-based website and host vulnerability detection method comprises the following steps: step 1, selecting a vulnerability type to be detected; step 2, detecting the Sql injection vulnerability; step 3, XSS cross-site script attack detection; step 4, detecting a tomcat sample; step 5, shodan searching; 6, detecting unauthorized vulnerabilities of Redis; 7, detecting the Ftp unauthorized vulnerability; step 8, detecting an Ftp directory; step 9, detecting the unauthorized access vulnerability of the Docker; step 10, weblogic weak password scanning, and detection of the loophole can quickly find out threats existing in the system, prevent and repair the threats in time, so that the safety of the whole network is improved.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a Web-based website and host vulnerability detection system and a method thereof.
Background
Increasingly developed computer science and technology bring great changes to people's life, however, while developing, the safety problem is concise and continuous. The security vulnerability problem is serious, and vulnerability detection is the current focus. In the process of computer development, the security breach problem is a large road barrage, which may cause irreparable loss once the security breach occurs. In recent years, various social hazards are caused by the utilization of the vulnerability by an attacker, and a great adverse effect is generated. The security problem is particularly prominent, and therefore, the solution of vulnerability detection is the current focus. In recent years, various large internet vulnerabilities are frequent, which brings great loss to society and companies. In 2018, the system of the cloud security of the Rexingx can intercept 2,587 virus samples in the last half of the year, the virus infection times are 7.82 hundred million, the system of the cloud security of the Rexingx can intercept 182 more than ten thousand fraud website attacks, and the system of the cloud security of the Rexingx can intercept 38 more than ten thousand horse hanging website attacks. Various bugs and malicious code attacks beset the vast users.
The main threats faced by websites and hosts include the following: malicious attack by hackers; the defects of self configuration of the website and the host; spoofing of malicious websites; bad behavior of the network staff of the user.
At present, the mainstream protection measures are mainly focused on hardware security protection equipment, and attack is prevented by setting a security policy in the equipment and configuring a security rule. However, due to the limitation of the policy, the security policy is easy to bypass, and the like, vulnerability detection becomes indispensable, and the current mainstream vulnerability detection tool has the defects of difficult expansion, high resource consumption and the like.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention aims to provide a Web-based website and host vulnerability detection system and a method thereof, which can quickly find the threats existing in the system through vulnerability detection, and can prevent and repair the threats in time, thereby improving the security of the whole network.
In order to achieve the purpose, the invention adopts the technical scheme that: the Web-based website and host vulnerability detection system comprises a target receiving module, a vulnerability detection module and a structure output module;
the target receiving module inputs a target to be detected through a front-end page, selects a type of the vulnerability to be detected, enters a vulnerability detection page, clicks vulnerability detection, and transmits the detection target to a corresponding function code to enter the vulnerability detection module;
the vulnerability detection module starts vulnerability detection after receiving the vulnerability detection target transmitted from the front end, firstly judges whether the detection target is a legal target, then detects the vulnerability, and transmits corresponding data to the result output module according to the detection result;
and the result output module outputs the vulnerability condition on the page and modifies the suggestion according to the received vulnerability detection result after the vulnerability detection is finished.
The method for detecting the vulnerability of the website and the host based on the Web comprises the following steps:
step 1, selecting a vulnerability type to be detected, and entering vulnerability detection page for detection;
step 2, sql is injected into vulnerability detection, a URL link needing to be detected is input, the detection is started, and the detected payload is given according to the detection result;
step 3, XSS cross-site script attack detection, entering a detection page, inputting a detection target URL, and outputting a result after detection is finished;
step 4, tomcat Example detection, inputting a detection target URL, and outputting a result after the detection is finished;
step 5, shodan searching, inputting information such as service names and equipment names needing to be searched, and starting to search corresponding information through Shodan;
step 6, detecting the unauthorized vulnerability of Redis, inputting the IP address of the Redis equipment according to the Shodan searching result, and starting to detect the unauthorized vulnerability of Redis access;
step 7, detecting the unauthorized Ftp loophole, namely searching the IP address of the network host with the Ftp service through Shodan, detecting whether the network host has the unauthorized access loophole or not according to the searched Ftp service host, and outputting a detection result;
step 8, detecting the Ftp directory, scanning the Ftp directory according to the detection result of unauthorized access of the Ftp, and acquiring a sensitive file;
9, detecting the Docker unauthorized access vulnerability, inputting a detection target, clicking Docker unauthorized access, and starting to perform the skewness detection;
and step 10, weblogic weak password scanning, inputting a detection target, and detecting whether a weak password threat exists or not through scanning.
The Sql injection vulnerability detection is carried out, and when the sentence is spliced to be a true sentence after the target is tested, the page returns to be normal and is equal to the original page; and when the true statement page test1 is spliced to the original page test and is not equal to the true statement page test2, judging that the URL has SQL injection vulnerability.
The Sql injection vulnerability detection method comprises the following steps:
first, inputting a detection target
Secondly, detecting whether the target URL can be accessed, if not, ending, and if so, performing a third step;
thirdly, splicing Payload on the detected target URL;
and fourthly, judging whether the original webpage is equal to True, the webpage is not equal to Fail, and whether the webpage test2 is True, if not, the SQL vulnerability does not exist, and if so, the SQL vulnerability exists.
The XSS cross-site scripting attack detection method comprises the following steps:
inputting a detection target;
step two, detecting whether the target URL can be accessed, if not, ending; if yes, the next step is carried out;
step three, searching parameters to replace Payload;
and step four, crawling the source codes of the test pages, searching Payload, if not found, determining that XSS vulnerabilities do not exist, and if found, determining that XSS vulnerabilities exist.
The Weblogic weak password scanning is characterized in that when the Weblogic weak password is detected, account password information is submitted in a POST mode by trying to access a Weblogic background address, and the default port number is as follows: 7001, the default backstage supporter login address is: http:// target IP address 7001/console/j _ security _ check/, account information is a parameter: j _ username, the password information is a parameter: j _ password, traversing the user name and password by constructing the request, accessing page code information by crawling, if the code is found in the code:
'Oracle WebLogic Server Administration Structure' and 'Home Page-base _ domain-WLS Structure'
The login page is proved to be found, if the login is successful, the weak password exists, otherwise, the weak password information is not found.
And (3) detecting the Ftp unauthorized vulnerability, establishing an Ftp object FTP by using an Ftp module of Python, and using an account number by using a logic method of the FTP: anonymous, the password is null, anonymous login is detected, if login is successful, unauthorized access vulnerability exists; otherwise, proving that the host has no FTP unauthorized access vulnerability.
And detecting the Docker unauthorized access vulnerability by using a Docker module of Python, and if the attempted access is successful, indicating that the Docker unauthorized access vulnerability exists, otherwise, indicating that the vulnerability does not exist in the test target by establishing an object client as the Docker.
The invention has the beneficial effects that:
the invention establishes a safety test method from multiple angles for testing, thereby rapidly positioning the bug. Since vulnerabilities are the biggest threat in internet development, vulnerability detection becomes quite important. The vulnerability detection is mainly divided into vulnerability detection on a website and vulnerability detection on a host. The system of the invention is designed by adopting a B/S (browser/server) framework, an attacker is simulated to test according to a vulnerability testing method, and if the vulnerability characteristic code is met, the vulnerability is identified to exist. The method for testing the black box is adopted to quickly find the security loophole problem existing in the website and the host. By detecting the loopholes, the threats existing in the system can be quickly found, and the threats can be prevented and repaired in time, so that the safety of the whole network is improved.
The system of the invention selects the MVC model design, develops and implements on the basis of the B/S (browser/server) architecture. The vulnerability detection module is adopted, so that the vulnerability detection module has the characteristic of easy expansion, the script unit can be tested firstly, and the system call can be added after the vulnerability detection function is successful. The system is developed by using Python language, can rapidly develop the vulnerability detection script, and is easy to expand the vulnerability detection function of the system; through actual test, the detection function has been realized, and the performance is good, from whole angle, has satisfied the demand of design completely. Due to the separation of the front end and the back end, the expandability is very high.
The method detects the bugs of the website and the host, and excavates the common bugs existing in the website and the host. And relevant safety repair opinions are provided according to the detection result, so that the safety of the website and the host is improved, and the website and the host are prevented from being attacked. By detecting the loopholes of the website and the host, the security awareness of related workers is improved, and the possibility that the website and the host are attacked and trapped due to defects in the website construction and host configuration process is avoided. Detecting common website vulnerabilities includes: SQL injection attacks, XSS cross site scripting attacks, CMS scanning, weblogic weak password scanning, tomcat Example scanning, etc. Detecting common host vulnerabilities includes: FTP unauthorized access, docker unauthorized access, SSH weak password blasting, etc. By detecting the vulnerabilities of the website and the host, the system is protected from suffering in the bud, and the security level of the system is improved on the whole.
The system mainly detects common website and host computer bugs, and ensures diversity of the bugs and safety of the website and the host computer in an all-round way; the system adopts a B/S framework, is based on a graphical interface of a Web interface, has simple operation, directly displays the result on a page, is visual and clear and is convenient to use; the method of the invention has the characteristics of high efficiency and simplicity. The security problem of the website and the host can be effectively repaired by vulnerability detection.
The invention solves the problem of vulnerability detection of the website and the host, finds the vulnerability of the website and the host in advance, and makes a relevant repairing scheme to repair the vulnerability, thereby ensuring the safe operation of the website and the host.
Drawings
FIG. 1 is a schematic block diagram of the system of the present invention.
FIG. 2 is a flow chart of the method of the present invention.
FIG. 3 is a flow chart of SQL injection vulnerability detection according to the present invention.
FIG. 4 is a flow chart of XSS vulnerability detection according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Referring to fig. 1, the Web-based website and host vulnerability detection system includes a target receiving module, a vulnerability detection module, and a structure output module;
the target receiving module inputs a target to be detected through a front-end page, selects a type of the vulnerability to be detected, enters a vulnerability detection page, clicks vulnerability detection, and transmits the detection target to a corresponding function code to enter the vulnerability detection module;
the vulnerability detection module starts vulnerability detection after receiving a vulnerability detection target transmitted from the front end, firstly judges whether the detection target is a legal target, then detects the vulnerability, and transmits corresponding data to the result output module according to a detection result;
and the result output module outputs the vulnerability condition on the page and modifies the suggestion according to the received vulnerability detection result after the vulnerability detection is finished.
Referring to fig. 2, the Web-based website and host vulnerability detection method includes the following steps:
step 1, selecting a vulnerability type to be detected, and entering vulnerability detection page detection;
step 2, sql is injected into vulnerability detection, a URL link needing to be detected is input, the detection is started, and the detected payload is given according to the detection result;
step 3, XSS cross-site script attack detection, entering a detection page, inputting a detection target URL, and outputting a result after the detection is finished;
step 4, tomcat Example detection, inputting a detection target URL, and outputting a result after the detection is finished;
step 5, shodan searching, inputting information such as service name and equipment name to be searched, and starting to search corresponding information through Shodan;
step 6, detecting the unauthorized vulnerability of Redis, inputting the IP address of the Redis equipment according to the Shodan searching result, and starting to detect the unauthorized vulnerability of Redis access;
step 7, detecting the Ftp unauthorized vulnerability,similar to redis unauthorized detectionSearching an IP address of a network host with the Ftp service through Shodan, detecting whether the searched Ftp service host has an unauthorized access vulnerability or not according to the searched Ftp service host, and outputting a detection result;
step 8, detecting the Ftp directory, scanning the Ftp directory according to the detection result of unauthorized access of the Ftp, and acquiring a sensitive file;
9, detecting the Docker unauthorized access vulnerability, inputting a detection target, clicking Docker unauthorized access, and starting to perform the skewness detection;
and step 10, weblogic weak password scanning, inputting a detection target, and detecting whether a weak password threat exists or not through scanning.
The Sql injection vulnerability detection is carried out, and when the sentence is spliced to be a true sentence after the target is tested, the page returns to be normal and is equal to the original page; when the true statement page test1 is equal to the original page test and is not equal to the true statement page test2, the URL can be judged to have SQL injection vulnerability.
Referring to fig. 3, the Sql injection vulnerability detection method includes the following steps:
first, inputting a detection target
Secondly, detecting whether the target URL can be accessed, if not, ending, and if so, performing a third step;
thirdly, splicing Payload on the detected target URL;
and fourthly, judging whether the original webpage is equal to True, the webpage is not equal to Fail, and whether the webpage test2 is True, if not, the SQL vulnerability does not exist, and if so, the SQL vulnerability exists.
Referring to fig. 4, the XSS cross site scripting attack detection includes the following steps:
inputting a detection target;
step two, detecting whether the target URL can be accessed, if not, ending; if yes, the next step is carried out;
step three, searching parameters to replace Payload;
and step four, crawling the source code of the test page, searching Payload, if not found, not finding the XSS vulnerability, and if found, finding the XSS vulnerability.
The Weblogic weak password scanning is characterized in that when the Weblogic weak password is detected, account password information is submitted in a POST mode by trying to access a Weblogic background address, and the default port number is as follows: 7001, the default backstage supporter login address is: the http:// target IP address is 7001/console/j _ security _ check/, and the account information is a parameter: j _ username, the password information is a parameter: j _ password, traversing the user name and password by constructing the request, accessing page code information by crawling, if the code is found in the code: the 'Oracle WebLogic Server Administration System' and the 'Home Page-base _ domain-WLS System' prove that the login Page is found, if the login is successful, the weak password exists, and otherwise, the weak password information is not found.
And the Ftp unauthorized vulnerability detection is implemented by utilizing an Ftp object FTP created by an Ftp module of Python, and utilizing a login method of the FTP to use an account number: anonymous, the password is null, anonymous login is detected, if login succeeds, unauthorized access loopholes exist; otherwise, proving that the host does not have FTP unauthorized access vulnerability.
And detecting the Docker unauthorized access vulnerability by using a Docker module of Python, and if the attempted access is successful, indicating that the Docker unauthorized access vulnerability exists, otherwise, indicating that the vulnerability does not exist in the test target by establishing an object client as the Docker.
Claims (2)
1. The method for detecting the vulnerability of the website and the host based on the Web is characterized by comprising the following steps:
step 1, selecting a vulnerability type to be detected, and entering vulnerability detection page detection;
step 2, sql is injected into vulnerability detection, a URL link needing to be detected is input, the detection is started, and the detected payload is given according to the detection result;
the Sql injection vulnerability detection method comprises the following steps:
firstly, inputting a detection target;
secondly, detecting whether the target URL can be accessed, if not, ending, and if so, performing a third step;
thirdly, splicing Payload at the detection target URL;
fourthly, judging whether the original webpage is equal to True, the webpage is not equal to Fail, whether the webpage test2 is True, if not, no SQL loophole exists, and if yes, the SQL loophole exists;
the Sql injection vulnerability detection is carried out, when true sentences are spliced after the target is tested, the page returns to be normal and is equal to the original page; when the true statement page test1 is equal to the original page test and is not equal to the true statement page test2, judging that the URL has SQL injection vulnerability;
step 3, XSS cross-site script attack detection, entering a detection page, inputting a detection target URL, and outputting a result after the detection is finished;
the XSS cross-site scripting attack detection comprises the following steps:
inputting a detection target;
step two, detecting whether the target URL can be accessed, if not, ending; if yes, carrying out the next step;
step three, searching parameters to replace Payload;
crawling a test page source code, searching Payload, if not found, not having an XSS vulnerability, and if found, having an XSS vulnerability;
step 4, tomcat Example detection, inputting a detection target URL, and outputting a result after the detection is finished;
step 5, shodan searching, inputting the service name and equipment name information to be searched, and starting to search corresponding information through Shodan;
step 6, detecting the unauthorized vulnerability of Redis, inputting the IP address of the Redis equipment according to the Shodan searching result, and starting to detect the unauthorized vulnerability of Redis access;
7, detecting the Ftp unauthorized vulnerability, namely searching the IP address of the network host with the Ftp service through Shodan, detecting whether the searched Ftp service host has the unauthorized access vulnerability or not according to the searched Ftp service host, and outputting a detection result;
and (3) detecting the Ftp unauthorized vulnerability, establishing an Ftp object FTP by using an Ftp module of Python, and using an account number by using a logic method of the FTP: anonymous, the password is null, anonymous login is detected, if successful login, unauthorized access vulnerability exists; otherwise, proving that the host does not have FTP unauthorized access vulnerability;
step 8, detecting the Ftp directory, scanning the Ftp directory according to the detection result of unauthorized access of the Ftp, and acquiring a sensitive file;
9, detecting the Docker unauthorized access vulnerability, inputting a detection target, clicking Docker unauthorized access, and starting to detect the chuck degree;
detecting the Docker unauthorized access vulnerability, testing by using a Docker module of Python, and if the attempted access is successful, indicating that the Docker unauthorized access vulnerability exists, otherwise, indicating that the vulnerability does not exist in the test target;
step 10, weblogic weak password scanning, inputting a detection target, and detecting whether weak password threat exists or not through scanning;
the Weblogic weak password scanning is that when the Weblogic weak password is detected, account password information is submitted in a POST mode by trying to access a Weblogic background address, and the default port number is as follows: 7001, the default backstage supporter login address is: http:// target IP address 7001/console/j _ security _ check/, account information is parameter: j _ username, the password information is a parameter: j _ password, traversing user name and password by constructing request, accessing page code information by crawling, if the code is found in the code: the 'Oracle WebLogic Server Administration System' and the 'Home Page-base _ domain-WLS System' prove that a login Page is found, if the login is successful, the weak password exists, and otherwise, the weak password information is not found.
2. The special detection system for the Web-based website and host vulnerability detection method according to claim 1, comprising a target receiving module, a vulnerability detection module, a structure output module;
the target receiving module inputs a target to be detected through a front-end page, selects a vulnerability type to be detected, enters a vulnerability detection page, clicks vulnerability detection, and transmits the detection target to a corresponding function code to enter a vulnerability detection module;
the vulnerability detection module starts vulnerability detection after receiving a vulnerability detection target transmitted from the front end, firstly judges whether the detection target is a legal target, then detects the vulnerability, and transmits corresponding data to the result output module according to a detection result;
and the result output module outputs the vulnerability condition on the page and modifies the opinion according to the received vulnerability detection result after vulnerability detection is completed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110021227.4A CN112738127B (en) | 2021-01-08 | 2021-01-08 | Web-based website and host vulnerability detection system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110021227.4A CN112738127B (en) | 2021-01-08 | 2021-01-08 | Web-based website and host vulnerability detection system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112738127A CN112738127A (en) | 2021-04-30 |
| CN112738127B true CN112738127B (en) | 2023-04-07 |
Family
ID=75589708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110021227.4A Active CN112738127B (en) | 2021-01-08 | 2021-01-08 | Web-based website and host vulnerability detection system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112738127B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114679321B (en) * | 2022-03-29 | 2024-04-12 | 杭州安恒信息技术股份有限公司 | SSTI vulnerability detection method, device and medium |
| CN115242462A (en) * | 2022-06-30 | 2022-10-25 | 北京华顺信安科技有限公司 | Data leakage detection method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101312393A (en) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | Detection method and system for SQL injection loophole |
| CN104657659A (en) * | 2013-11-20 | 2015-05-27 | 腾讯科技(深圳)有限公司 | Storage cross-site attack script vulnerability detection method, device and system |
| CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN106845248A (en) * | 2017-01-18 | 2017-06-13 | 北京工业大学 | A kind of XSS leak detection methods based on state transition graph |
| CN110113311A (en) * | 2019-03-05 | 2019-08-09 | 北京丁牛科技有限公司 | Cross-site scripting attack XSS leak detection method and device |
| CN111770104A (en) * | 2020-07-02 | 2020-10-13 | 浪潮云信息技术股份公司 | Web vulnerability detection method, system, terminal and computer readable storage medium |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8949990B1 (en) * | 2007-12-21 | 2015-02-03 | Trend Micro Inc. | Script-based XSS vulnerability detection |
| US8365290B2 (en) * | 2009-05-15 | 2013-01-29 | Frederick Young | Web application vulnerability scanner |
| CN101808093B (en) * | 2010-03-15 | 2013-08-07 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| CN104200166B (en) * | 2014-08-05 | 2017-05-03 | 杭州安恒信息技术有限公司 | Script-based website vulnerability scanning method and system |
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN108769063A (en) * | 2018-06-26 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of method and device of automatic detection WebLogic known bugs |
| CN109325351B (en) * | 2018-08-23 | 2021-04-09 | 中通服咨询设计研究院有限公司 | Security hole automatic verification system based on public testing platform |
| CN109981653B (en) * | 2019-03-28 | 2021-07-23 | 上海中通吉网络技术有限公司 | Web vulnerability scanning method |
| CN111523123A (en) * | 2020-04-26 | 2020-08-11 | 北京信息科技大学 | Intelligent website vulnerability detection method |
-
2021
- 2021-01-08 CN CN202110021227.4A patent/CN112738127B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101312393A (en) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | Detection method and system for SQL injection loophole |
| CN104657659A (en) * | 2013-11-20 | 2015-05-27 | 腾讯科技(深圳)有限公司 | Storage cross-site attack script vulnerability detection method, device and system |
| CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN106845248A (en) * | 2017-01-18 | 2017-06-13 | 北京工业大学 | A kind of XSS leak detection methods based on state transition graph |
| CN110113311A (en) * | 2019-03-05 | 2019-08-09 | 北京丁牛科技有限公司 | Cross-site scripting attack XSS leak detection method and device |
| CN111770104A (en) * | 2020-07-02 | 2020-10-13 | 浪潮云信息技术股份公司 | Web vulnerability detection method, system, terminal and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 左丹丹 ; 王丹 ; 付利华 ; .一种XSS漏洞检测方法的设计与实现.计算机应用与软件.2016,(07),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112738127A (en) | 2021-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106357696B (en) | SQL injection attack detection method and system | |
| KR101001132B1 (en) | Method and System for Determining Vulnerability of Web Application | |
| US20110307956A1 (en) | System and method for analyzing malicious code using a static analyzer | |
| CN109768992B (en) | Webpage malicious scanning processing method and device, terminal device and readable storage medium | |
| RU2726032C2 (en) | Systems and methods for detecting malicious programs with a domain generation algorithm (dga) | |
| Deepa et al. | DetLogic: A black-box approach for detecting logic vulnerabilities in web applications | |
| CN112738127B (en) | Web-based website and host vulnerability detection system and method thereof | |
| Li et al. | The application of fuzzing in web software security vulnerabilities test | |
| CN110851838A (en) | Cloud testing system and security testing method based on Internet | |
| CN111625821A (en) | Application attack detection system based on cloud platform | |
| CN113726790A (en) | Network attack source identification and blocking method, system, device and medium | |
| Kapodistria et al. | An advanced web attack detection and prevention tool | |
| Wang et al. | A cost-effective ocr implementation to prevent phishing on mobile platforms | |
| Eassa et al. | Nosql racket: A testing tool for detecting nosql injection attacks in web applications | |
| Deeptha et al. | Website Vulnerability Scanner | |
| Altaf et al. | Vulnerability assessment and patching management | |
| Lin et al. | The automatic defense mechanism for malicious injection attack | |
| Zhang et al. | An automated composite scanning tool with multiple vulnerabilities | |
| Hadpawat et al. | Analysis of prevention of XSS attacks at client side | |
| Mehta et al. | Model to prevent websites from xss vulnerabilities | |
| Gaolong et al. | Design and implementation of a web application vulnerability detection system | |
| Jithin et al. | SECURE-D: Framework For Detecting and Preventing Attacks in SQL and NoSQL Databases | |
| Almi | Web Server Security and Survey on Web Application Security | |
| Periasamy et al. | AssessJet-Penetration testing and Vulnerability Assessment for Websites | |
| Nguyen et al. | An Improving Way For Website Security Assessment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |