CN113297147A - Risk detection method of application program interface, related device and storage medium - Google Patents
Risk detection method of application program interface, related device and storage medium Download PDFInfo
- Publication number
- CN113297147A CN113297147A CN202110679093.5A CN202110679093A CN113297147A CN 113297147 A CN113297147 A CN 113297147A CN 202110679093 A CN202110679093 A CN 202110679093A CN 113297147 A CN113297147 A CN 113297147A
- Authority
- CN
- China
- Prior art keywords
- data
- target
- log
- flow
- target data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/283—Multi-dimensional databases or data warehouses, e.g. MOLAP or ROLAP
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application provides a risk detection method of an application program interface, a related device and a storage medium, wherein the risk detection method of the application program interface comprises the following steps: firstly, acquiring a flow data log generated in each data stream transfer process by a target application program interface; wherein the traffic data log comprises a target data tag; the target data label is preset by a user; then, authenticating data in the flow data log to obtain first target data; marking the first target data according to a preset mode to obtain second target data; finally, the second target data is stored to a data warehouse. Therefore, data extraction can be performed on the data warehouse according to the event type characteristics, basic service is generated, and data statistical analysis support is provided for the service line. And finally, setting a situation perception interface to be presented through a visualization component, and providing data support for a user to make a data security protection decision.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a risk detection method for an application program interface, a related apparatus, and a storage medium.
Background
With the development of the internet, the security monitoring of internet data becomes more important.
Currently, a variety of data security monitoring and protection products, such as Application Programming Interface (API) gateways, have emerged, which analyze data based on request content contained in traffic, and serve as reverse proxies for receiving all API calls, integrating various services required for processing the calls, and returning corresponding results.
However, the above method cannot identify the specific data security access behavior of the client.
Disclosure of Invention
In view of this, the present application provides a risk detection method for an application program interface, a related apparatus, and a storage medium, which are used to implement detection of a behavior risk of an illegal user acquiring a large amount of sensitive data and private data from an API.
A first aspect of the present application provides a risk detection method for an application program interface, including:
acquiring a flow data log generated in each data stream transfer process by a target application program interface; wherein the traffic data log comprises a target data tag; the target data label is preset by a user;
authenticating data in the flow data log to obtain first target data;
marking the first target data according to a preset mode to obtain second target data;
storing the second target data to a data warehouse.
Optionally, after the acquiring the flow data log generated in each data streaming process, the acquiring the target application program interface further includes:
and for each flow data log, preprocessing the flow data log and then generating a theme library corresponding to the flow data log.
Optionally, before authenticating the data in the flow data log to obtain the first target data, the method further includes:
formatting a flow data log generated in each data circulation process in real time to obtain a first flow data log;
the authenticating the data in the flow data log to obtain the first target data includes:
and authenticating the data in the first flow data log to obtain first target data.
Optionally, before authenticating the data in the flow data log to obtain the first target data, the method further includes:
pulling a second flow data log at preset time intervals; the second flow data log is a flow data log generated in the data stream conversion process acquired by the target application program interface within the preset time;
the authenticating the data in the flow data log to obtain the first target data includes:
and authenticating the data in the second flow data log to obtain first target data.
Optionally, the storing the second target data to a data warehouse includes:
judging whether the second target data is read-only data;
if the second target data is judged to be non-read-only data, converting the second target data into read-only data;
storing the read-only data to a data repository.
A second aspect of the present application provides an apparatus for risk detection of an application program interface, including:
the acquisition unit is used for acquiring a flow data log generated in each data stream transfer process acquired by a target application program interface; wherein the traffic data log comprises a target data tag; the target data label is preset by a user;
the authentication unit is used for authenticating the data in the flow data log to obtain first target data;
the marking unit is used for marking the first target data according to a preset mode to obtain second target data;
a storage unit for storing the second target data to a data warehouse.
Optionally, the risk detecting apparatus for an application program interface further includes:
and the preprocessing unit is used for preprocessing each flow data log and then generating a theme library corresponding to the flow data log.
Optionally, the risk detecting apparatus for an application program interface further includes:
the pushing unit is used for formatting the flow data logs generated in each data circulation process in real time to obtain a first flow data log;
wherein the authentication unit is configured to:
and authenticating the data in the first flow data log to obtain first target data.
Optionally, the risk detecting apparatus for an application program interface further includes:
the pushing unit is used for formatting the flow data logs generated in each data circulation process in real time to obtain a first flow data log;
wherein the authentication unit is configured to:
and authenticating the data in the first flow data log to obtain first target data.
Optionally, the storage unit includes:
a judging unit configured to judge whether the second target data is read-only data;
the conversion unit is used for converting the second target data into read-only data if the judgment unit judges that the second target data is non-read-only data;
and the storage subunit is used for storing the read-only data to a data warehouse.
A third aspect of the present application provides an electronic device comprising:
one or more processors;
a storage device having one or more programs stored thereon;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement a method of risk detection for an application program interface as recited in any of the first aspects.
A fourth aspect of the present application provides a computer storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the risk detection method of an application program interface according to any one of the first aspects.
As can be seen from the above solutions, the application program interface risk detection method, the related apparatus, and the storage medium provided in the present application include: firstly, acquiring a flow data log generated in each data stream transfer process by a target application program interface; wherein the traffic data log comprises a target data tag; the target data label is preset by a user; then, authenticating data in the flow data log to obtain first target data; marking the first target data according to a preset mode to obtain second target data; finally, the second target data is stored to a data warehouse. Therefore, data extraction can be performed on the data warehouse according to the event type characteristics, basic service is generated, and data statistical analysis support is provided for the service line. And finally, setting a situation perception interface to be presented through a visualization component, and providing data support for a user to make a data security protection decision.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a specific flowchart of a risk detection method for an application program interface according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a method for generating a theme base corresponding to a flow data log according to another embodiment of the present application;
fig. 3 is a flowchart of a fragmented traffic data log consolidation and aggregation method according to another embodiment of the present application;
fig. 4 is a schematic diagram of a risk detection method for an application program interface according to another embodiment of the present application;
FIG. 5 is a schematic diagram of a risk detection device for API according to another embodiment of the present application;
FIG. 6 is a schematic diagram illustrating an installation location of a risk detection device of an API according to another embodiment of the present application;
fig. 7 is a schematic view of an electronic device implementing a risk detection method for an application program interface according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first", "second", and the like, referred to in this application, are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence of functions performed by these devices, modules or units, but the terms "include", or any other variation thereof are intended to cover a non-exclusive inclusion, so that a process, method, article, or apparatus that includes a series of elements includes not only those elements but also other elements that are not explicitly listed, or includes elements inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the prior art, if an Application Programming Interface (API) has a Programming problem, the Programming problem of the API can be discovered through an existing World Wide Web vulnerability detection product or capability. But can not detect the behavior risk of illegal users obtaining a large amount of sensitive data and personal privacy data from the API. Great potential safety hazard is brought to users.
Therefore, an embodiment of the present application provides a risk detection method for an application program interface, as shown in fig. 1, specifically including the following steps:
s101, acquiring a flow data log generated in each data stream transfer process by a target application program interface.
Wherein the traffic data log comprises a target data tag; the target data tag is preset by the user. The target data tag may be, but is not limited to, sensitive data, personal private data, and the like.
It should be noted that data collection is passive and is based on flow generation, for example: when a certain IP generates the traffic when initiating the request A to the server, the traffic data log of the request A is collected. Detailed information in the request process may be recorded in the flow data log, and may include, but is not limited to, quintuple information, whether the request is successful, what data tag is returned after the request is successful, whether the target data tag is included, and the like, which is not limited herein.
It should be noted that, since the target data tag is preset by the user, in the process of acquiring the traffic data log generated in each data streaming process by the target application program interface, the traffic data log may not include the target data tag, but the following step S102 is also executed.
It can be understood that when the target application program interface acquires that the flow data log generated in each data streaming process includes the target data tag, it indicates that the target application program interface currently has a behavior risk, that is, an illegal user acquires target data, such as sensitive data and personal privacy data, in the API.
Optionally, in another embodiment of the present application, after acquiring and obtaining a flow data log generated by a target application program interface in each data streaming process, an implementation manner of the risk detection method for the application program interface further includes:
and for each flow data log, preprocessing the flow data log and then generating a theme library corresponding to the flow data log.
The preprocessing on the traffic data log may be, but is not limited to, ETL, that is, extracting extract, cleansing transform, and loading load, and format check, field check, unstructured data extraction, normalization processing, and the like may be performed on the traffic data log through a normalization engine, which is not limited herein.
Specifically, as shown in fig. 2, each traffic data log obtained by data collection may be transmitted to the distributed publish-subscribe system, for example: kafka et al, pass the traffic data log through an open source stream processing framework, such as: and after the Flink is subjected to preprocessing and real-time analysis, storing the topic library corresponding to the generated flow data log into the distributed publishing and subscribing system. Thus, data support can be provided for the basic service through EFL data subscription. The basic service stores some built-in rules, policies and other contents, and can be called by other programs only by passing through the kafka subject database, such as a business service central station.
It should be noted that, data playback may also be performed through the raw data stored in the data warehouse, so as to extract the unresolved data or correct the data with the parsing error.
S102, authenticating data in the flow data log to obtain first target data.
Optionally, in another embodiment of the present application, before authenticating data in the flow data log and obtaining the first target data, the method further includes:
and formatting the flow data logs generated in each data circulation process in real time to obtain a first flow data log.
The format may be a format of a system log syslog, or may be obtained by transmitting files in other formats through a hypertext Transfer Protocol over secure session Layer (HTTPS).
Optionally, in another embodiment of the present application, before authenticating data in the flow data log and obtaining the first target data, the method further includes:
and pulling the second flow data log at preset time intervals.
The preset time is a time set by a technician, a user, and the like, and can be changed and set according to an actual application situation and the like, and is not limited herein. And the second flow data log is a flow data log generated in the process of data stream conversion acquired by the target application program interface within the preset time.
For example: and when the preset time is 10 minutes, acquiring second flow data logs of 10:00-10:10 and 10:10-10:20 … respectively.
S103, marking the first target data according to a preset mode to obtain second target data.
The preset mode is preset by technicians, users and the like, and can be changed and set according to actual application conditions and the like, and the preset mode is not limited here. For example: marking by collecting time, marking by collecting equipment, marking by collecting source, marking by belonging system, and the like.
And S104, storing the second target data to a data warehouse.
The data warehouse may be, but is not limited to, an Object Storage Service (OSS), and is not limited herein.
It should be noted that the raw data stored in the data warehouse can be used for data playback, and used for extracting unresolved data or correcting data with an analysis error.
It should be further noted that, while the second target data is stored in the data warehouse, the second target data may also be transmitted to the distributed publish-subscribe system for use, for example: kafka et al, without limitation.
Optionally, in another embodiment of the present application, an implementation manner of step S104 includes:
and judging whether the second target data is read-only data or not.
It should be noted that the non-read-only data includes some unstructured offline data, for example, log files of other products uploaded by a user are used as evidences of the whole monitoring task, and at this time, the format of the log file is not the data format defined by the product, and the log file cannot be stored in a database, and needs to be processed into read-only data to be stored in the database after being analyzed in real time or manually; for non-read-only data that does not require further parsing, it can also be entered directly into the data warehouse as an attachment. The read-only data may be stored directly to the data repository.
Specifically, if the second target data is judged to be non-read-only data, the second target data is converted into read-only data, and then the read-only data is stored in the data warehouse; and if the second target data is judged to be read-only data, directly storing the read-only data to the data warehouse.
As shown in fig. 3, an embodiment of aggregating fragmented traffic data logs is shown, where real-time data may be obtained through external information, a hard probe, a soft probe, application audit, and the like in a data acquisition layer, and data may be transmitted to a data processing layer in a manner of pushing data and pulling data, where the data processing layer includes authentication and marking, where the authentication may be through a preset data tag, that is, the target data tag, and may also be through a setup authentication white list, and the data tag in the white list may be exempt from authentication. Marking the authenticated data, wherein the marking mode is a preset mode, and may be, but not limited to, a collection time marking, a collection device marking, a data source marking, a source IP marking, an affiliated system marking, and the like, after marking the data, storing the data in a file Storage, such as an Object Storage Service (OSS), and the like, and transmitting the data to a distributed publishing and subscribing system, for example: kafka, and the like.
As shown in fig. 4, a schematic diagram of a risk detection method for an application program interface provided by the present application is shown, where a business center station is built based on a data center station, creates a corresponding business library according to business needs, and provides basic services. And the upper-layer service line forms a data flow situation perception large screen (a data safety control cockpit) and other modules for a user to make a decision through the service center station to count the data flow risk dimension. For example: the service center station needs to count Internet Protocol (IP) access portrait information in a period of time, and the data center station collects access objects related to the IP, accesses and calls which API interfaces, and the related APIs include sensitive data tags and other contents, and provides data support for service line statistics of IP access conditions in a period of time after associating and integrating the access conditions.
It should be noted that the offline analysis may be manual analysis, and since a small part of data in the log or result generated by the machine cannot be directly stored as valid data in the large database, it is necessary to integrate the data format defined by the product into the data warehouse by means of manual expert analysis.
According to the scheme, the risk detection method of the application program interface comprises the following steps: firstly, acquiring a flow data log generated in each data stream transfer process by a target application program interface; wherein the traffic data log comprises a target data tag; the target data label is preset by a user; then, authenticating data in the flow data log to obtain first target data; marking the first target data according to a preset mode to obtain second target data; finally, the second target data is stored to the data warehouse. Therefore, data extraction can be performed on the data warehouse according to the event type characteristics, basic service is generated, and data statistical analysis support is provided for the service line. And finally, setting a situation perception interface to be presented through a visualization component, and providing data support for a user to make a data security protection decision.
Another embodiment of the present application provides a risk detection apparatus for an application program interface, as shown in fig. 5, specifically including:
the collecting unit 501 is configured to collect a flow data log generated by the target application program interface in each data streaming process.
Wherein the traffic data log comprises a target data tag; the target data tag is preset by the user.
The authentication unit 502 is configured to authenticate data in the flow data log to obtain first target data.
The marking unit 503 is configured to mark the first target data in a preset manner to obtain second target data.
A storage unit 504 for storing the second target data to the data warehouse.
For a specific working process of the unit disclosed in the above embodiment of the present application, reference may be made to the content of the corresponding method embodiment, as shown in fig. 1, which is not described herein again.
Optionally, in another embodiment of the present application, an implementation manner of the risk detection apparatus for an application program interface further includes:
and the preprocessing unit is used for preprocessing each flow data log and then generating a theme library corresponding to the flow data log.
For specific working processes of the units disclosed in the above embodiments of the present application, reference may be made to the contents of the corresponding method embodiments, which are not described herein again.
Optionally, in another embodiment of the present application, an implementation manner of the risk detection apparatus for an application program interface further includes:
and the pushing unit is used for formatting the flow data logs generated in each data circulation process in real time to obtain a first flow data log.
Wherein, the authentication unit 502 is configured to:
and authenticating the data in the first flow data log to obtain first target data.
For specific working processes of the units disclosed in the above embodiments of the present application, reference may be made to the contents of the corresponding method embodiments, which are not described herein again.
Optionally, in another embodiment of the present application, an implementation manner of the risk detection apparatus for an application program interface further includes:
and the pushing unit is used for formatting the flow data logs generated in each data circulation process in real time to obtain a first flow data log.
Wherein, the authentication unit 502 is configured to:
and authenticating the data in the first flow data log to obtain first target data.
For specific working processes of the units disclosed in the above embodiments of the present application, reference may be made to the contents of the corresponding method embodiments, which are not described herein again.
Optionally, in another embodiment of the present application, an implementation manner of the storage unit 504 includes:
and the judging unit is used for judging whether the second target data is read-only data.
And the conversion unit is used for converting the second target data into read-only data if the judgment unit judges that the second target data is non-read-only data.
And the storage subunit is used for storing the read-only data to the data warehouse.
For specific working processes of the units disclosed in the above embodiments of the present application, reference may be made to the contents of the corresponding method embodiments, which are not described herein again.
It should be noted that, in the implementation of the present application, the specific installation location of the risk detection device of the application program interface may be as shown in fig. 6, but is not limited to the location shown in fig. 6. The checking means in the figure are the risk detection means of the application program interface in the present application.
According to the above scheme, the application provides a risk detection device for an application program interface: firstly, an acquisition unit 501 acquires a flow data log generated in each data stream transfer process by a target application program interface; wherein the traffic data log comprises a target data tag; the target data label is preset by a user; then, the authentication unit 502 authenticates data in the stream data log to obtain first target data; then, the marking unit 503 marks the first target data in a preset manner to obtain second target data; finally, the storage unit 504 stores the second target data to the data warehouse. Therefore, data extraction can be performed on the data warehouse according to the event type characteristics, basic service is generated, and data statistical analysis support is provided for the service line. And finally, setting a situation perception interface to be presented through a visualization component, and providing data support for a user to make a data security protection decision.
Another embodiment of the present application provides an electronic device, as shown in fig. 7, including:
one or more processors 701.
A storage 702 having one or more programs stored thereon.
The one or more programs, when executed by the one or more processors 701, cause the one or more processors 701 to implement a method of risk detection for an application program interface as described in any of the above embodiments.
Another embodiment of the present application provides a computer storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the risk detection method for an application program interface as described in any one of the above embodiments.
In the above embodiments disclosed in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present disclosure may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part. The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a live broadcast device, or a network device) to execute all or part of the steps of the method according to the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Those skilled in the art can make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A risk detection method for an Application Program Interface (API), comprising:
acquiring a flow data log generated in each data stream transfer process by a target application program interface; wherein the traffic data log comprises a target data tag; the target data label is preset by a user;
authenticating data in the flow data log to obtain first target data;
marking the first target data according to a preset mode to obtain second target data;
storing the second target data to a data warehouse.
2. The risk detection method according to claim 1, wherein after the acquiring the flow data log generated in each data streaming process, the acquiring the target application program interface further comprises:
and for each flow data log, preprocessing the flow data log and then generating a theme library corresponding to the flow data log.
3. The risk detection method according to claim 1, wherein before authenticating the data in the traffic data log to obtain the first target data, the method further comprises:
formatting a flow data log generated in each data circulation process in real time to obtain a first flow data log;
the authenticating the data in the flow data log to obtain the first target data includes:
and authenticating the data in the first flow data log to obtain first target data.
4. The risk detection method according to claim 1, wherein before authenticating the data in the traffic data log to obtain the first target data, the method further comprises:
pulling a second flow data log at preset time intervals; the second flow data log is a flow data log generated in the data stream conversion process acquired by the target application program interface within the preset time;
the authenticating the data in the flow data log to obtain the first target data includes:
and authenticating the data in the second flow data log to obtain first target data.
5. The risk detection method of claim 1, wherein the storing the second target data to a data repository comprises:
judging whether the second target data is read-only data;
if the second target data is judged to be non-read-only data, converting the second target data into read-only data;
storing the read-only data to a data repository.
6. A risk detection apparatus for an application program interface, comprising:
the acquisition unit is used for acquiring a flow data log generated in each data stream transfer process acquired by a target application program interface; wherein the traffic data log comprises a target data tag; the target data label is preset by a user;
the authentication unit is used for authenticating the data in the flow data log to obtain first target data;
the marking unit is used for marking the first target data according to a preset mode to obtain second target data;
a storage unit for storing the second target data to a data warehouse.
7. The risk detection device of claim 6, further comprising:
and the preprocessing unit is used for preprocessing each flow data log and then generating a theme library corresponding to the flow data log.
8. The risk detection device of claim 6, further comprising:
the pushing unit is used for formatting the flow data logs generated in each data circulation process in real time to obtain a first flow data log;
wherein the authentication unit is configured to:
and authenticating the data in the first flow data log to obtain first target data.
9. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method for risk detection of an application program interface as recited in any of claims 1 to 5.
10. A computer storage medium, having a computer program stored thereon, wherein the computer program, when executed by a processor, implements a risk detection method for an application program interface as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110679093.5A CN113297147A (en) | 2021-06-18 | 2021-06-18 | Risk detection method of application program interface, related device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110679093.5A CN113297147A (en) | 2021-06-18 | 2021-06-18 | Risk detection method of application program interface, related device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113297147A true CN113297147A (en) | 2021-08-24 |
Family
ID=77328753
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110679093.5A Pending CN113297147A (en) | 2021-06-18 | 2021-06-18 | Risk detection method of application program interface, related device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113297147A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302337A (en) * | 2015-05-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | leak detection method and device |
| CN108512666A (en) * | 2018-04-08 | 2018-09-07 | 苏州犀牛网络科技有限公司 | Encryption method, data interactive method and the system of API request |
| CN110661776A (en) * | 2019-07-29 | 2020-01-07 | 奇安信科技集团股份有限公司 | Sensitive data tracing method, device, security gateway and system |
| US20210174664A1 (en) * | 2019-12-04 | 2021-06-10 | Electronics And Telecommunications Research Institute | System and method for detecting risk using pattern analysis of layered tags in user log data |
-
2021
- 2021-06-18 CN CN202110679093.5A patent/CN113297147A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302337A (en) * | 2015-05-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | leak detection method and device |
| CN108512666A (en) * | 2018-04-08 | 2018-09-07 | 苏州犀牛网络科技有限公司 | Encryption method, data interactive method and the system of API request |
| CN110661776A (en) * | 2019-07-29 | 2020-01-07 | 奇安信科技集团股份有限公司 | Sensitive data tracing method, device, security gateway and system |
| US20210174664A1 (en) * | 2019-12-04 | 2021-06-10 | Electronics And Telecommunications Research Institute | System and method for detecting risk using pattern analysis of layered tags in user log data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101327317B1 (en) | Apparatus and method for sap application traffic analysis and monitoring, and the information protection system thereof | |
| CN103888490B (en) | A kind of man-machine knowledge method for distinguishing of full automatic WEB client side | |
| CN112468520B (en) | Data detection method, device and equipment and readable storage medium | |
| CN109688105B (en) | Threat alarm information generation method and system | |
| US10721245B2 (en) | Method and device for automatically verifying security event | |
| CN109167754A (en) | A kind of network application layer security protection system | |
| CN113645065B (en) | Industrial control security audit system and method based on industrial Internet | |
| CN106961419A (en) | WebShell detection methods, apparatus and system | |
| CN102065147A (en) | Method and device for obtaining user login information based on enterprise application system | |
| US10972496B2 (en) | Upload interface identification method, identification server and system, and storage medium | |
| CN110855676A (en) | Network attack processing method and device and storage medium | |
| CN111404937B (en) | Method and device for detecting server vulnerability | |
| CN111641658A (en) | Request intercepting method, device, equipment and readable storage medium | |
| EP3272097B1 (en) | Forensic analysis | |
| CN107547490B (en) | Scanner identification method, device and system | |
| CN115134099B (en) | Network attack behavior analysis method and device based on full flow | |
| CN111866016A (en) | Log analysis method and system | |
| CN113269531A (en) | Cloud-end architecture-based multi-tenant internet access behavior audit control method and related equipment | |
| CN111625837B (en) | Method, device and server for identifying system loopholes | |
| CN106790073B (en) | Blocking method and device for malicious attack of Web server and firewall | |
| CN113779571A (en) | WebShell detection device, WebShell detection method and computer-readable storage medium | |
| CN111625700B (en) | Anti-grabbing method, device, equipment and computer storage medium | |
| CN110636076A (en) | Host attack detection method and system | |
| CN113364784B (en) | Detection parameter generation method and device, electronic equipment and storage medium | |
| CN112528325B (en) | Data information security processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |