CN112966274B - Web security hole detection method, scanner, storage medium and electronic device - Google Patents
Web security hole detection method, scanner, storage medium and electronic device Download PDFInfo
- Publication number
- CN112966274B CN112966274B CN202110271081.9A CN202110271081A CN112966274B CN 112966274 B CN112966274 B CN 112966274B CN 202110271081 A CN202110271081 A CN 202110271081A CN 112966274 B CN112966274 B CN 112966274B
- Authority
- CN
- China
- Prior art keywords
- attacker
- data
- source program
- controllable
- web security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 26
- 238000013515 script Methods 0.000 claims abstract description 61
- 238000000034 method Methods 0.000 claims abstract description 27
- 238000004806 packaging method and process Methods 0.000 claims abstract description 7
- 230000006870 function Effects 0.000 claims description 57
- 230000015654 memory Effects 0.000 claims description 17
- 230000004044 response Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 abstract description 2
- 230000007480 spreading Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a Web security vulnerability detection method, a vulnerability scanner, a storage medium and electronic equipment, wherein the method comprises the following steps: adding a taint mark to the data of the attacker controllable data source, defining a character string class so as to describe the data added with the taint mark, and packaging the data of all the attacker controllable data sources to form an instance of the character string class; reconstructing a character string operation function and an attacker controllable function of a script source program operation environment, and adding an auxiliary function so as to add data of a stain mark and execute logic flow according to the script source program; and executing the reconstructed attacker controllable function so as to detect whether the parameters of the transmitted attacker controllable function carry the taint mark or not, and further judging whether Web security holes exist or not. According to the method and the device, the stain mark is added to the data from the attacker controllable data source, and the spreading process of the stain mark is analyzed, so that various common DOM XSS vulnerabilities can be accurately detected, and the false alarm rate are reduced.
Description
Technical Field
The embodiment of the application relates to the field of Web application firewalls, in particular to a Web security vulnerability detection method, a vulnerability scanner, a storage medium and electronic equipment.
Background
At present, a great part of Web security vulnerabilities are XSS vulnerabilities (Cross-site descriptions), when an XSS vulnerability exists in a site A, an attacker can inject malicious scripts by means of the XSS vulnerabilities, the malicious scripts can be executed when users access the site A, and the attacker can steal sensitive information of the users through the malicious scripts or impersonate users to execute various operations and the like, so that the damage is great.
Among them, XSS can be generally classified into three categories: reflective XSS, storage XSS, and DOM XSS. The common DOM XSS detection method comprises the following steps: (1) black box Fuzz; (2) JavaScript static analysis; (3) JavaScript dynamic analysis.
The black box Fuzz integrates a large number of DOM XSS Payload in the tool, scans one by one during scanning, and finally judges whether DOM XSS exists according to whether specific codes are triggered or not.
Since JavaScript is a very flexible language, it contains many dynamic properties, such as: weak types, closures, modification of prototype objects in running, dynamic loading of JS codes, events and asynchronous callbacks, and the like, which bring great challenges to static analysis of JavaScript, and meanwhile, false alarm and false alarm are easy to cause, so that the false alarm rate and the false alarm rate are high.
One method of JavaScript dynamic analysis is: modifying the browser kernel code and performing stain analysis on the basis, but the method requires a developer to be familiar with the browser kernel, so that the implementation is difficult, and in addition, the follow-up maintenance workload is large because the browser code is updated very frequently.
Therefore, a leak detection method which is simple and convenient to operate and has low false alarm rate and low missing report rate is needed.
Disclosure of Invention
The present application aims to overcome or at least partially solve or alleviate the above-mentioned problems. According to the method and the device, the stain mark is added to the data from the attacker controllable data source, and the spreading process of the stain mark is analyzed, so that various common DOM XSS vulnerabilities can be accurately detected, and the false alarm rate are greatly reduced.
In a first aspect, the present application provides a method for detecting a Web security hole, where the method performs Web security hole detection by using script source program code after a browser executes instrumentation, and the method includes:
the method comprises the steps of performing Web security vulnerability detection by script source program codes after the browser executes instrumentation, the method comprises,
adding a taint mark to the data of the attacker controllable data source, defining a character string class so as to describe the data added with the taint mark, and packaging all the data of the attacker controllable data source to form an instance of the character string class;
reconstructing a character string operation function and an attacker controllable function of a script source program operation environment, and adding an auxiliary function so as to add data of a stain mark and execute logic flow according to the script source program;
and executing the reconstructed attacker controllable function so as to detect whether the parameters transmitted into the attacker controllable function have the stain marks or not, and further judging whether Web security holes exist or not.
According to the method and the device, the stain mark is added to the data from the attacker controllable data source, and the attacker controllable function is executed, so that whether the parameters transmitted into the attacker controllable function are provided with the stain mark or not is detected, and whether the Web security hole exists or not is judged.
In a second aspect, the present application provides a scanner for Web security breach detection, comprising:
the intercepting unit is used for intercepting response data of the server;
the instrumentation unit is used for extracting script source program codes in the response data; inserting the script source program code; replacing the original script source program code with the script source program code after the instrumentation, and returning the script source program code after the instrumentation to the browser;
the script source program code after instrumentation can execute the following operations:
adding a taint mark to the data of the attacker controllable data source, defining a character string class so as to describe the data added with the taint mark, and packaging all the data of the attacker controllable data source to form an instance of the character string class;
reconstructing a character string operation function and an attacker controllable function of a script source program operation environment, and adding an auxiliary function so as to add data of a stain mark and execute logic flow according to the script source program;
and executing the reconstructed attacker controllable function so as to detect whether the parameters transmitted into the attacker controllable function have the stain marks or not, and further judging whether Web security holes exist or not.
In a third aspect, the present application further provides a computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements the Web security breach detection method of any of the above.
In a fourth aspect, the present application also provides an electronic device, comprising,
a plurality of memories for storing computer programs, respectively;
and the processors respectively execute the computer programs to realize the Web security vulnerability detection method.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. Some specific embodiments of the present application will be described in detail hereinafter by way of example and not by way of limitation with reference to the accompanying drawings. The same reference numbers in the drawings denote the same or similar parts or portions, and it will be understood by those skilled in the art that the drawings are not necessarily drawn to scale, in which:
FIG. 1 is a scenario diagram of a Web security vulnerability detection method according to an embodiment of the present application;
FIG. 2 is a flowchart of a method for detecting Web security vulnerabilities according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a scanner for Web security breach detection according to an embodiment of the present application.
Reference numerals:
browser 100, server 200, and browser agent 300
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
Fig. 1 is a scene diagram of a Web security breach detection method according to an embodiment of the present application.
Referring to fig. 1, a user clicks a link of the browser 100 or the scanner directly controls the browser 100 to transmit a request to the server 200, and the server 200 feeds back its response data according to the request, which is intercepted by the browser agent 300 in transmitting the response data to the browser 100. After the browser agent 300 acquires the response data, the following operations are performed:
first: extracting script source program code (e.g., javaScript code) in the intercepted response data, such as:
<script>
vartmp=location.hash;
tmp=tmp.substring(1);
eval(tmp);
</script>
second,: the script source program codes are instrumented, and the instrumented codes are as follows:
third,: the original script source code is replaced with the instrumented script source code and returned to the browser 100.
After receiving the post-instrumentation script source program code, the browser 100 executes the post-instrumentation script source program code as follows:
1. the location, hash, is a DOM XSS Source, which is processed by __ jda, get_prop () and then converted into an object of the first String class tstring=string+point (stain mark).
2. __ jda. Delete_var () propagates the dirty flag to the tmp variable.
3. __ jda. Proxy_call () calls substring () while continuing to propagate the dirty flag backward and assign it to tmp again.
4. __ jda. Proxy_call () calls eval (), and eval passing Hook detects the parameter, determines whether the parameter has a taint mark, and if so, reports that a Web security hole (for example: DOM XSS) exists, as follows:
fig. 2 is a flowchart of a Web security breach detection method according to an embodiment of the present application.
In a first aspect, referring to fig. 2, the present application provides a method for detecting Web security vulnerabilities by using script source program code after a browser executes instrumentation, where the method includes:
s100, adding a taint mark to the data of an attacker controllable data source, defining a character string class so as to describe the data added with the taint mark, and packaging all the data of the attacker controllable data source to form an instance of the character string class;
that is, a string class is defined such as: tstring=string+point (taint mark), a String class is used to describe data with taint marks, where the data comes from an attacker-controllable data source;
specifically, the character string class inherits all the attributes and methods of the JavaScript native character string class and adds a stain mark point, and the data of all the attacker controllable data sources are packaged to form an instance of the character string class.
For example: attacker-controllable data sources include: location, hash, window, name, document, reference, etc., encapsulate the values of these data sources as tString class objects.
S200, reconstructing a character string operation function and an attacker controllable function of a script source program running environment, and adding auxiliary functions so as to enable the data added with the taint mark to execute logic flow according to the script source program.
Specifically, the added auxiliary functions are for example: __ jda.delete_var (), __ jda.get_prop (), __ jda.assignment (), __ jda.proxy_call (), and so on.
In addition, the reconstruction attacker-controllable functions are, for example: eval (), setTimeout (), window. Open (), element. Prototype. Inlerhtml (), etc., so that the reconstructed attacker-controllable function can detect whether the parameter carries a stain mark or not.
For example: the Hook functions (e.g., string operations related functions) allow them to propagate taint marks.
S300, executing the attacker controllable function so as to detect whether parameters of the attacker controllable function are provided with the taint marks or not, and further judging whether Web security holes exist or not.
In the application, the original script source program code is instrumented, so that when the instrumented script source program code is executed by the browser 100, a stain mark can be added to data from an attacker controllable data source, a character string operation function and an attacker controllable function of a script source program running environment are reconstructed, a new auxiliary function is added to the JavaScript execution environment, so that the data added with the stain mark execute logic flow according to the script source program, the reconstructed attacker controllable function can detect whether parameters have the stain mark or not to judge whether Web security holes exist, if so, the existence of the stain mark indicates that the Web security holes exist, and if not, the existence of the Web security holes indicates that the Web security holes do not exist.
Fig. 3 is a schematic structural diagram of a scanner for Web security breach detection according to an embodiment of the present application.
In a second aspect, referring to fig. 3, the present application further provides a vulnerability scanner 400, including:
and the intercepting unit 310 is configured to intercept response data of the server.
The instrumentation unit 320 is configured to extract script source program codes in the response data, and instrumentation the script source program codes; replacing the original script source program code with the script source program code after the instrumentation, and returning the script source program code after the instrumentation to the browser;
the script source program code after instrumentation can execute the following operations:
adding a taint mark to the data of the attacker controllable data source, defining a character string class so as to describe the data added with the taint mark, and packaging all the data of the attacker controllable data source to form an instance of the character string class;
reconstructing a character string operation function and an attacker controllable function of a script source program operation environment, and adding an auxiliary function so as to add data of a stain mark and execute logic flow according to the script source program;
and executing the attacker controllable function so as to detect whether parameters transmitted into the attacker controllable function have the taint marks or not, and further judging whether Web security holes exist or not.
Specifically, the auxiliary function is, for example: __ jda.delete_var (), __ jda.get_prop (), __ jda.assignment (), __ jda.proxy_call (), and so on.
In addition, reconstructing the sensitivity function, for example: eval (), setTimeout (), window (), element. Prototype. Inlerhtml (), etc., so that the reconstructed sensitive function can detect whether the parameter carries a stain mark or not.
In the application, the original script source program code is instrumented, so that when the instrumented script source program code is executed by the browser 100, a stain mark can be added to data from an attacker controllable data source, built-in functions and sensitive functions of a DOM environment and a JavaScript standard are reconstructed, and new auxiliary functions are added to the JavaScript execution environment, so that the reconstructed built-in functions and the added auxiliary functions can enable the stain mark of the data to continuously propagate along a program execution flow, and the reconstructed sensitive functions can detect whether parameters exist or not to judge whether Web security holes exist or not, if the stain mark exists, the existence of the Web security holes is indicated, and if the stain mark does not exist, the existence of the Web security holes is indicated.
In a third aspect, the present application also provides an electronic device, comprising,
a plurality of memories for storing computer programs, respectively;
and the processors execute the computer programs respectively to realize the Web security vulnerability detection method according to any one of the technical schemes.
Compared with the prior art, the beneficial effects of the electronic equipment provided by the application are the same as those of the Web security vulnerability detection method provided by any one of the technical schemes, and the description is omitted here.
In an embodiment of the present application, each module or system may be a processor formed by computer program instructions, which may be an integrated circuit chip having signal processing capabilities. The processor may be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP for short), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC for short), a field programmable gate array (FieldProgrammable Gate Array, FPGA for short), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The processor reads the information in the storage medium and, in combination with its hardware, performs the steps of the above method.
In a fourth aspect, there is also provided a computer storage medium storing computer program instructions for performing the Web security breach detection method as described above.
The storage medium may be memory, for example, may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory.
The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable ROM (Electrically EPROM, EEPROM), or a flash Memory.
The volatile memory may be a random access memory (Random Access Memory, RAM for short) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (Double Data RateSDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and direct memory bus RAM (directracram, DRRAM).
The storage media described in embodiments of the present application are intended to comprise, without being limited to, these and any other suitable types of memory.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described herein may be implemented in a combination of hardware and software. When the software is applied, the corresponding functions may be stored in a computer-readable medium or transmitted as one or more instructions or code on the computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. A Web security hole detection method is characterized in that the method comprises the following steps of,
intercepting response data of a server;
extracting script source program codes in the response data; inserting the script source program code; replacing the original script source program code with the script source program code after the instrumentation, and returning the script source program code after the instrumentation to the browser;
the method for detecting Web security vulnerabilities by the script source program codes after instrumentation comprises the following steps:
adding a taint mark to the data of the attacker controllable data source, defining a character string class so as to describe the data added with the taint mark, and packaging all the data of the attacker controllable data source to form an instance of the character string class;
reconstructing a character string operation function and an attacker controllable function of a script source program operation environment, and adding an auxiliary function so as to add data of a stain mark and execute logic flow according to the script source program;
and executing the reconstructed attacker controllable function so as to detect whether the parameters transmitted into the attacker controllable function have the stain marks or not, and further judging whether Web security holes exist or not.
2. The Web security hole detection method of claim 1, wherein adding a taint mark to the attacker-controllable data source defines a string class to describe the taint mark-added data, comprising,
inheriting all the attributes and methods of the original character string class of the script source program execution environment;
attributes for representing the taint marks are added to define the string class.
3. The Web security breach detection method of claim 1, wherein said encapsulating all of said aggressor controllable data sources comprises forming an instance of said string class, comprising,
all attributes and methods of the string class are assigned to the data of the attacker-controllable data source.
4. The Web security breach detection method of claim 1, wherein said executing said attacker-controllable function to detect if parameters of an incoming attacker-controllable function carry said taint mark, thereby determining if a Web security breach exists, comprises,
and calling an attacker-controllable function to detect parameters of the attacker-controllable function, and reporting that a Web security hole exists when the parameters of the attacker-controllable function are detected to be the examples of the character string class.
5. The method for detecting Web security vulnerabilities according to any one of claims 1 to 4, wherein the script source program is JavaScript.
6. The method for detecting Web security vulnerabilities according to any one of claims 1 to 4, wherein the script source program operating environment is a document object model environment.
7. The method for detecting Web security vulnerabilities according to any one of claims 1 to 4, wherein the Web security vulnerabilities are DOM XSS.
8. A scanner for Web security breach detection, comprising:
the intercepting unit is used for intercepting response data of the server;
the instrumentation unit is used for extracting script source program codes in the response data; inserting the script source program code; replacing the original script source program code with the script source program code after the instrumentation, and returning the script source program code after the instrumentation to the browser;
the script source program code after instrumentation can execute the following operations:
adding a taint mark to the data of the attacker controllable data source, defining a character string class so as to describe the data added with the taint mark, and packaging all the data of the attacker controllable data source to form an instance of the character string class;
reconstructing a character string operation function and an attacker controllable function of a script source program operation environment, and adding an auxiliary function so as to add data of a stain mark and execute logic flow according to the script source program;
and executing the reconstructed attacker controllable function so as to detect whether the parameters transmitted into the attacker controllable function have the stain marks or not, and further judging whether Web security holes exist or not.
9. A computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements the Web security breach detection method of any of claims 1-7.
10. An electronic device, comprising,
a plurality of memories for storing computer programs, respectively;
a plurality of processors each executing a computer program to implement the Web security breach detection method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110271081.9A CN112966274B (en) | 2021-03-11 | 2021-03-11 | Web security hole detection method, scanner, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110271081.9A CN112966274B (en) | 2021-03-11 | 2021-03-11 | Web security hole detection method, scanner, storage medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112966274A CN112966274A (en) | 2021-06-15 |
| CN112966274B true CN112966274B (en) | 2024-03-19 |
Family
ID=76277695
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110271081.9A Active CN112966274B (en) | 2021-03-11 | 2021-03-11 | Web security hole detection method, scanner, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112966274B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115514511A (en) * | 2021-06-23 | 2022-12-23 | 奇安信科技集团股份有限公司 | Equipment safety detection method and device, computer equipment and readable storage medium |
| CN114386045B (en) * | 2021-12-24 | 2023-07-07 | 深圳开源互联网安全技术有限公司 | Web application program vulnerability detection method, device and storage medium |
| CN115277062B (en) * | 2022-06-13 | 2024-06-14 | 深圳开源互联网安全技术有限公司 | Malicious attack interception method, device, equipment and readable storage medium |
| CN116049823B (en) * | 2023-03-31 | 2023-07-25 | 北京微步在线科技有限公司 | Memory horse detection method and device, computer equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105791261A (en) * | 2015-12-28 | 2016-07-20 | 华为技术有限公司 | Detection method and detection device for cross-site scripting attack |
| US10032031B1 (en) * | 2015-08-27 | 2018-07-24 | Amazon Technologies, Inc. | Detecting unknown software vulnerabilities and system compromises |
| CN109002721A (en) * | 2018-07-12 | 2018-12-14 | 南方电网科学研究院有限责任公司 | Mining analysis method for information security vulnerability |
| CN110308954A (en) * | 2019-05-24 | 2019-10-08 | 天津五八到家科技有限公司 | Click event interception method, device and mobile terminal |
| CN111753302A (en) * | 2020-07-15 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Method and device for detecting code bugs, computer readable medium and electronic equipment |
| CN112016096A (en) * | 2020-08-28 | 2020-12-01 | 苏州浪潮智能科技有限公司 | XSS vulnerability auditing method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10805316B2 (en) * | 2016-05-31 | 2020-10-13 | University Of South Florida | Systems and methods for detecting attacks in big data systems |
-
2021
- 2021-03-11 CN CN202110271081.9A patent/CN112966274B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10032031B1 (en) * | 2015-08-27 | 2018-07-24 | Amazon Technologies, Inc. | Detecting unknown software vulnerabilities and system compromises |
| CN105791261A (en) * | 2015-12-28 | 2016-07-20 | 华为技术有限公司 | Detection method and detection device for cross-site scripting attack |
| CN109002721A (en) * | 2018-07-12 | 2018-12-14 | 南方电网科学研究院有限责任公司 | Mining analysis method for information security vulnerability |
| CN110308954A (en) * | 2019-05-24 | 2019-10-08 | 天津五八到家科技有限公司 | Click event interception method, device and mobile terminal |
| CN111753302A (en) * | 2020-07-15 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Method and device for detecting code bugs, computer readable medium and electronic equipment |
| CN112016096A (en) * | 2020-08-28 | 2020-12-01 | 苏州浪潮智能科技有限公司 | XSS vulnerability auditing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112966274A (en) | 2021-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112966274B (en) | Web security hole detection method, scanner, storage medium and electronic device | |
| US7757289B2 (en) | System and method for inspecting dynamically generated executable code | |
| US20170316202A1 (en) | Rasp for scripting languages | |
| US9536091B2 (en) | System and method for detecting time-bomb malware | |
| US8201245B2 (en) | System, method and program product for detecting computer attacks | |
| US20190303584A1 (en) | Method and apparatus to detect security vulnerabilities in a web application | |
| JP2009501392A (en) | Immunization from known vulnerabilities in HTML browsers and extensions | |
| US11586726B2 (en) | Secure web framework | |
| US20130081135A1 (en) | Injection attack mitigation using context sensitive encoding of injected input | |
| US10846410B2 (en) | Automated fuzzing based on analysis of application execution flow | |
| US20120144485A9 (en) | Computer security method and system with input parameter validation | |
| CN112016096B (en) | Audit method and device for XSS loopholes | |
| US10789360B2 (en) | Protection against third party JavaScript vulnerabilities | |
| CN114091031A (en) | Class loading protection method and device based on white rule | |
| US9098704B2 (en) | Method for function capture and maintaining parameter stack | |
| Barth et al. | Attacks on javascript mashup communication | |
| CN116668202A (en) | Method and system for detecting memory horses in container environment | |
| CN115065534B (en) | Dynamic script attack interception method and device, electronic equipment and readable storage medium | |
| CN109902489B (en) | Method and device for detecting vulnerability script | |
| EP4421667A1 (en) | Injection attack sensor with syntax attack detection template | |
| CN116167048B (en) | Webshell detection method and device for EL expression | |
| CN116861376A (en) | Cross-platform Java application runtime security protection method and system | |
| CN113961928A (en) | Storage type cross-site scripting attack vulnerability detection method, device, equipment and storage medium | |
| CN118590305A (en) | Override detection method and device, electronic equipment and storage medium | |
| CN116932127A (en) | Memory type webshell detection method, device, equipment and product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |