CN113507439A - JSP file security monitoring method and system - Google Patents

JSP file security monitoring method and system Download PDF

Info

Publication number
CN113507439A
CN113507439A CN202110630400.0A CN202110630400A CN113507439A CN 113507439 A CN113507439 A CN 113507439A CN 202110630400 A CN202110630400 A CN 202110630400A CN 113507439 A CN113507439 A CN 113507439A
Authority
CN
China
Prior art keywords
jsp
file
time
scanned
files
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110630400.0A
Other languages
Chinese (zh)
Inventor
徐洪宇
丘彬
李佩
黎杰松
姚坚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Guangfa Bank Co Ltd
Original Assignee
China Guangfa Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Guangfa Bank Co Ltd filed Critical China Guangfa Bank Co Ltd
Priority to CN202110630400.0A priority Critical patent/CN113507439A/en
Publication of CN113507439A publication Critical patent/CN113507439A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a JSP file security monitoring method and a JSP file security monitoring system, wherein the method comprises the following steps: scanning all jsp files at fixed time, caching and recording the jsp files scanned for the first time, and uploading the jsp files which are not scanned for the first time to a server; scanning whether a webshell backdoor file exists in a jsp file uploaded to a server side through a webscan program; and if so, triggering a monitoring alarm event, and removing the jsp file with the webshell backdoor file. The invention realizes the real-time monitoring of the JSP files newly added in the whole amount on the server, including all the files uploaded through normal interfaces and maliciously uploaded; realizing quasi-real-time (minute-level) alarm, and detecting newly added jsp files of the server in real time through a monitoring agent program to discover security threats in time; the method has the advantages that quasi-real-time (minute-level) threat disposal is realized, JSP file contents acquired by servers can be checked through the monitoring platform, risks of the files are screened in time, and after the threats are confirmed, one-key removal can be carried out on the threat files in real time.

Description

JSP file security monitoring method and system
Technical Field
The invention relates to the technical field of information security, in particular to a JSP file security monitoring method and a JSP file security monitoring system.
Background
In the prior art, a data center cannot find a production server in time after being attacked, certain risk potential hazards are brought to safety production, vulnerabilities existing in open source software are likely to be utilized, and a jsp file with a Trojan program is uploaded to the server, so that information related to production data stealing is obtained.
Disclosure of Invention
The invention provides a method and a system for monitoring security of a JSP file, which are used for enhancing the monitoring of the JSP file newly added on a server, wherein the newly added JSP file can be safely scanned through wsscan to check whether a backdoor program exists or not, if the JSP file with the risk is found, an alarm event is triggered to push information to an on-duty person, and the on-duty person reports an on-duty manager to clear and remove the risk file after confirming the risk, so that the problem of a defense line is solved and the safe production and the stable operation of the production server are ensured.
The invention provides a JSP file security monitoring method in a first aspect, which comprises the following steps:
scanning all jsp files at fixed time, caching and recording the jsp files scanned for the first time, and uploading the jsp files which are not scanned for the first time to a server;
scanning whether a webshell backdoor file exists in a jsp file uploaded to a server side through a webscan program; and if so, triggering a monitoring alarm event, and removing the jsp file with the webshell backdoor file.
Further, the scanning all jsp files at regular time, caching and recording the jsp files scanned for the first time, and uploading the jsp files which are not scanned for the first time to the server, includes:
scanning all jsp files at fixed time, and judging whether the jsp files are scanned for the first time according to the cached execution task identifier; if so, caching and recording the jsp file scanned for the first time;
and if not, filtering the jsp file scanned for the first time, uploading the newly added jsp file to a server for storage, and recording the execution state.
Further, the removing operation of the jsp file with the webshell backdoor file includes:
issuing a removal instruction of a jsp file with a webshell backdoor file to a proxy end;
and the agent terminal executes the removal command according to the removal instruction, checks the removal condition after the removal is successful, and sends the vehicle detection result to the server terminal.
Further, the scanning, by the webscan program, whether the jsp file uploaded to the server has a webshell backdoor file includes:
acquiring a jsp file to be scanned, and generating a jsp temporary file from the jsp file to be scanned;
scanning the jsp temporary file to generate a result file;
analyzing the result file and judging whether a security threat exists or not; and if so, generating an alarm event.
Further, the jsp file scanned for the first time is a program which is put into production for the first time and is subjected to security scanning by the application, and does not contain a webshell attack code.
The second aspect of the present invention provides a JSP file security monitoring system, including:
the scanning module is used for scanning all jsp files at regular time, caching and recording the jsp files scanned for the first time, and uploading the jsp files which are not scanned for the first time to the server;
the judging module is used for scanning whether a webshell backdoor file exists in the jsp file uploaded to the server side through a webscan program; and if so, triggering a monitoring alarm event, and removing the jsp file with the webshell backdoor file.
Further, the scanning module is further configured to:
scanning all jsp files at fixed time, and judging whether the jsp files are scanned for the first time according to the cached execution task identifier; if so, caching and recording the jsp file scanned for the first time;
and if not, filtering the jsp file scanned for the first time, uploading the newly added jsp file to a server for storage, and recording the execution state.
Further, the determining module is further configured to:
issuing a removal instruction of a jsp file with a webshell backdoor file to a proxy end;
and the agent terminal executes the removal command according to the removal instruction, checks the removal condition after the removal is successful, and sends the vehicle detection result to the server terminal.
Further, the determining module is further configured to:
acquiring a jsp file to be scanned, and generating a jsp temporary file from the jsp file to be scanned;
scanning the jsp temporary file to generate a result file;
analyzing the result file and judging whether a security threat exists or not; and if so, generating an alarm event.
Further, the jsp file scanned for the first time is a program which is put into production for the first time and is subjected to security scanning by the application, and does not contain a webshell attack code.
Compared with the prior art, the embodiment of the invention has the beneficial effects that:
the invention provides a JSP file security monitoring method and a JSP file security monitoring system, wherein the method comprises the following steps: scanning all jsp files at fixed time, caching and recording the jsp files scanned for the first time, and uploading the jsp files which are not scanned for the first time to a server; scanning whether a webshell backdoor file exists in a jsp file uploaded to a server side through a webscan program; and if so, triggering a monitoring alarm event, and removing the jsp file with the webshell backdoor file. The invention realizes the real-time monitoring of the JSP files newly added in the whole amount on the server, including all the files uploaded through normal interfaces and maliciously uploaded; realizing quasi-real-time (minute-level) alarm, and detecting newly added jsp files of the server in real time through a monitoring agent program to discover security threats in time; the method has the advantages that quasi-real-time (minute-level) threat disposal is realized, JSP file contents acquired by servers can be checked through the monitoring platform, risks of the files are screened in time, and after the threats are confirmed, one-key removal can be carried out on the threat files in real time.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a JSP file security monitoring method according to an embodiment of the present invention;
fig. 2 is a flowchart of a JSP file security monitoring method according to another embodiment of the present invention;
FIG. 3 is a flow chart of acquisition provided by one embodiment of the present invention;
FIG. 4 is a flow chart of a service provided by an embodiment of the present invention;
FIG. 5 is a block diagram of a system according to an embodiment of the present invention
Fig. 6 is a device diagram of a JSP file security monitoring system according to an embodiment of the present invention;
fig. 7 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be understood that the step numbers used herein are for convenience of description only and are not intended as limitations on the order in which the steps are performed.
It is to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
The terms "comprises" and "comprising" indicate the presence of the described features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
The term "and/or" refers to and includes any and all possible combinations of one or more of the associated listed items.
A first aspect.
Referring to fig. 1, an embodiment of the present invention provides a method for monitoring security of a JSP file, including:
and S10, scanning all jsp files at fixed time, caching and recording the jsp files scanned for the first time, and uploading the jsp files which are not scanned for the first time to a server.
In a specific embodiment, the step S10 includes:
scanning all jsp files at fixed time, and judging whether the jsp files are scanned for the first time according to the cached execution task identifier; and if so, caching and recording the jsp file scanned for the first time. And if not, filtering the jsp file scanned for the first time, uploading the newly added jsp file to a server for storage, and recording the execution state.
It should be noted that the jsp file scanned for the first time is a program which is launched by the application for the first time and is subjected to security scanning, and does not contain a webshell attack code.
S20, scanning jsp files uploaded to a server through a webscan program to determine whether webshell backdoor files exist; and if so, triggering a monitoring alarm event, and removing the jsp file with the webshell backdoor file.
In a specific embodiment, the removing operation of the jsp file where the webshell backdoor file exists includes:
issuing a removal instruction of a jsp file with a webshell backdoor file to a proxy end;
and the agent terminal executes the removal command according to the removal instruction, checks the removal condition after the removal is successful, and sends the vehicle detection result to the server terminal.
In a specific embodiment, the scanning, by the webscan program, whether a webshell backdoor file exists in a jsp file uploaded to a server includes:
acquiring a jsp file to be scanned, and generating a jsp temporary file from the jsp file to be scanned;
scanning the jsp temporary file to generate a result file;
analyzing the result file and judging whether a security threat exists or not; and if so, generating an alarm event.
In a specific embodiment, in order to prevent webshell network attack, respond to the network protection action of the public security department, and ensure safe production and stable operation of the production server, security detection needs to be performed on a jsp file newly added to the server to reduce the risk of the production server being attacked.
The invention is oriented to the operation personnel of the protection network and the duty of the protection network, can check the JSP files newly added on each server in real time, find the risk JSP files to trigger the alarm in time, and simultaneously push the alarm information to the personnel related to the protection network. After receiving the alarm notification, the personnel related to the network protection can check the content of the JSP file with the risk through the monitoring system, and can remove the JSP file with the risk by one key.
Referring to fig. 2, the present invention provides a method for monitoring security of a JSP file, including:
1) the monitoring agent (deployed at the server) scans all newly-added jsp files of the server at regular time and uploads the newly-added jsp files to the server, so that the administrator can conveniently check the newly-added jsp files;
2) in order to prevent the data uploaded by each scanning from being repeated and the number of jsp files from being too large, only newly added jsp files are scanned;
3) the proxy only records jsp files collected by executing the first scanning task and does not upload the jsp files to the server;
4) the server periodically scans the uploaded jsp file, and scans whether the jsp file exists in the webshell backdoor through a webscan program;
5) if a jsp backdoor program exists, triggering a monitoring alarm event;
6) the server can remove jsp.
Wherein, the agent end executes:
1) agent collection:
and S1, scanning all jsp files of the service and uploading the jsp files to the server.
Please refer to fig. 3, which includes:
(1) when executing the collection task, the agent end judges whether to execute the jsp collection task for the first time and records the execution task identification state (judging according to the cached execution task identification);
(2) the jsp file which executes scanning for the first time is marked, stored in a cache and not uploaded to a server, so that the problem that pressure is too high when a large number of jsps are uploaded to the server is avoided, and the first program which is put into production is generally subjected to security scanning and generally considered to have no webshell attack code;
(3) the agent will filter the marked files and the files of the specific directories (cp and mv directory) without uploading to the server;
collecting commands:
Linux:cd/home;updatedb;locate*.jsp*.jspx
Windows:c:\\cama4\\agent\\release\\workspace\\agent-file\\es.exe*.jsp^|*.jspx
remarking: aix system does not support acquiring jsp files temporarily
S2, removing the file after finding the file with the webshell tool code, and avoiding malicious attack.
Please refer to fig. 4, which includes:
(1) the server side issues the removal instruction to the agent;
(2) the agent executes the removal command after receiving the request of the server;
(3) and after the removal is successful, the removal condition of the file is physically checked, and the result is returned to the server.
Wherein, the server executes:
1) jsp back-door file scanning function
2) Collected jsp files are often scanned by wsscan (webshell file scanning tool, official website www.shellpub.com), and if a backdoor jsp file is detected, a monitoring alarm event is generated.
Please refer to fig. 5, which includes:
s1: scan aim _ hw _ jsp _ datas table (isScan ═ 0) identifies the jsp range that needs to be scanned
S2: a jsp temporary file is generated according to S1.
S3: scanning the temporary file generated in S2 to generate a result file (cleaning after scanning)
S4: and analyzing the result file after the scanning of the S3 to determine whether a security threat exists.
S5: s4 results in the generation of an alarm event if there is a security threat.
JSP File query functionality
1) The server side provides a list query of newly added jps files, can view the detailed content of the jsp file, and can remove the jsp file.
2) And scanning the jsp file through a wsscan program at regular time, and generating an alarm event for the jsp file with a backdoor.
3) According to the design method, the monitoring of the JSP file newly added on the server is enhanced, the risk that the server is attacked is found and processed in time, and the safe and stable production of the server is ensured.
Techniques used
Js + jquery + html5+ css3+ Spring + Struts2+ Hibernet, etc.;
Figure BDA0003103468900000081
Figure BDA0003103468900000091
the invention has the beneficial effects that:
1. the method and the system realize real-time monitoring of the JSP files newly added in the whole amount on the server, including all files uploaded through normal interfaces and maliciously uploaded.
2. And realizing quasi-real-time (minute-level) alarm, and detecting newly added jsp files of the server in real time through a monitoring agent program to discover security threats in time.
3. The method has the advantages that quasi-real-time (minute-level) threat disposal is realized, JSP file contents acquired by servers can be checked through the monitoring platform, risks of the files are screened in time, and after the threats are confirmed, one-key removal can be carried out on the threat files in real time.
A second aspect.
Referring to fig. 6, an embodiment of the present invention provides a JSP file security monitoring system, including:
and the scanning module 10 is configured to scan all jsp files at regular time, perform cache recording on the jsp files scanned for the first time, and upload jsp files which are not scanned for the first time to the server.
In a specific embodiment, the scanning module 10 is further configured to:
scanning all jsp files at fixed time, and judging whether the jsp files are scanned for the first time according to the cached execution task identifier; if so, caching and recording the jsp file scanned for the first time; and if not, filtering the jsp file scanned for the first time, uploading the newly added jsp file to a server for storage, and recording the execution state.
It should be noted that the jsp file scanned for the first time is a program which is launched by the application for the first time and is subjected to security scanning, and does not contain a webshell attack code.
The judging module 20 is configured to scan whether a jsp file uploaded to the server has a webshell backdoor file through a webscan program; and if so, triggering a monitoring alarm event, and removing the jsp file with the webshell backdoor file.
In a specific embodiment, the determining module 20 is further configured to:
issuing a removal instruction of a jsp file with a webshell backdoor file to a proxy end;
and the agent terminal executes the removal command according to the removal instruction, checks the removal condition after the removal is successful, and sends the vehicle detection result to the server terminal.
In a specific embodiment, the determining module 20 is further configured to:
acquiring a jsp file to be scanned, and generating a jsp temporary file from the jsp file to be scanned;
scanning the jsp temporary file to generate a result file;
analyzing the result file and judging whether a security threat exists or not; and if so, generating an alarm event.
In a third aspect.
The present invention provides an electronic device, including:
a processor, a memory, and a bus;
the bus is used for connecting the processor and the memory;
the memory is used for storing operation instructions;
the processor is configured to call the operation instruction, and the executable instruction enables the processor to execute an operation corresponding to the JSP file security monitoring method shown in the first aspect of the present application.
In an alternative embodiment, an electronic device is provided, as shown in fig. 7, the electronic device 5000 shown in fig. 7 includes: a processor 5001 and a memory 5003. The processor 5001 and the memory 5003 are coupled, such as via a bus 5002. Optionally, the electronic device 5000 may also include a transceiver 5004. It should be noted that the transceiver 5004 is not limited to one in practical application, and the structure of the electronic device 5000 is not limited to the embodiment of the present application.
The processor 5001 may be a CPU, general purpose processor, DSP, ASIC, FPGA or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 5001 may also be a combination of processors implementing computing functionality, e.g., a combination comprising one or more microprocessors, a combination of DSPs and microprocessors, or the like.
Bus 5002 can include a path that conveys information between the aforementioned components. The bus 5002 may be a PCI bus or EISA bus, etc. The bus 5002 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
The memory 5003 may be, but is not limited to, a ROM or other type of static storage device that can store static information and instructions, a RAM or other type of dynamic storage device that can store information and instructions, an EEPROM, a CD-ROM or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 5003 is used for storing application program codes for executing the present solution, and the execution is controlled by the processor 5001. The processor 5001 is configured to execute application program code stored in the memory 5003 to implement the teachings of any of the foregoing method embodiments.
Among them, electronic devices include but are not limited to: mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like.
A fourth aspect.
The invention provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements a JSP file security monitoring method as shown in the first aspect of the present application.
Yet another embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, which, when run on a computer, enables the computer to perform the corresponding content in the aforementioned method embodiments.

Claims (10)

1. A JSP file security monitoring method is characterized by comprising the following steps:
scanning all jsp files at fixed time, caching and recording the jsp files scanned for the first time, and uploading the jsp files which are not scanned for the first time to a server;
scanning whether a webshell backdoor file exists in a jsp file uploaded to a server side through a webscan program; and if so, triggering a monitoring alarm event, and removing the jsp file with the webshell backdoor file.
2. The JSP file security monitoring method of claim 1, wherein the scanning all JSP files regularly, performing cache recording on the JSP file scanned for the first time, and uploading a JSP file not scanned for the first time to the server, comprises:
scanning all jsp files at fixed time, and judging whether the jsp files are scanned for the first time according to the cached execution task identifier; if so, caching and recording the jsp file scanned for the first time;
and if not, filtering the jsp file scanned for the first time, uploading the newly added jsp file to a server for storage, and recording the execution state.
3. The JSP file security monitoring method of claim 1, wherein the removing operation of the JSP file with the webshell backdoor file comprises:
issuing a removal instruction of a jsp file with a webshell backdoor file to a proxy end;
and the agent terminal executes the removal command according to the removal instruction, checks the removal condition after the removal is successful, and sends the vehicle detection result to the server terminal.
4. The JSP file security monitoring method of claim 1, wherein the scanning, by the webscan program, whether the JSP file uploaded to the server has a webshell backdoor file comprises:
acquiring a jsp file to be scanned, and generating a jsp temporary file from the jsp file to be scanned;
scanning the jsp temporary file to generate a result file;
analyzing the result file and judging whether a security threat exists or not; and if so, generating an alarm event.
5. The JSP file security monitoring method of claim 1, wherein the first scanned jsP file is a program which is first launched by an application and is subjected to security scanning, and does not contain webshell attack codes.
6. A JSP file security monitoring system, comprising:
the scanning module is used for scanning all jsp files at regular time, caching and recording the jsp files scanned for the first time, and uploading the jsp files which are not scanned for the first time to the server;
the judging module is used for scanning whether a webshell backdoor file exists in the jsp file uploaded to the server side through a webscan program; and if so, triggering a monitoring alarm event, and removing the jsp file with the webshell backdoor file.
7. The JSP file security monitoring system of claim 6, wherein the scanning module is further configured to:
scanning all jsp files at fixed time, and judging whether the jsp files are scanned for the first time according to the cached execution task identifier; if so, caching and recording the jsp file scanned for the first time;
and if not, filtering the jsp file scanned for the first time, uploading the newly added jsp file to a server for storage, and recording the execution state.
8. The JSP file security monitoring system of claim 6, wherein the determination module is further configured to:
issuing a removal instruction of a jsp file with a webshell backdoor file to a proxy end;
and the agent terminal executes the removal command according to the removal instruction, checks the removal condition after the removal is successful, and sends the vehicle detection result to the server terminal.
9. The JSP file security monitoring system of claim 6, wherein the determination module is further configured to:
acquiring a jsp file to be scanned, and generating a jsp temporary file from the jsp file to be scanned;
scanning the jsp temporary file to generate a result file;
analyzing the result file and judging whether a security threat exists or not; and if so, generating an alarm event.
10. The JSP file security monitoring system of claim 6, wherein the first scanned jsP file is a program that is first launched by an application and is securely scanned, and does not contain webshell attack codes.
CN202110630400.0A 2021-06-07 2021-06-07 JSP file security monitoring method and system Pending CN113507439A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110630400.0A CN113507439A (en) 2021-06-07 2021-06-07 JSP file security monitoring method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110630400.0A CN113507439A (en) 2021-06-07 2021-06-07 JSP file security monitoring method and system

Publications (1)

Publication Number Publication Date
CN113507439A true CN113507439A (en) 2021-10-15

Family

ID=78008994

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110630400.0A Pending CN113507439A (en) 2021-06-07 2021-06-07 JSP file security monitoring method and system

Country Status (1)

Country Link
CN (1) CN113507439A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104765883A (en) * 2015-04-30 2015-07-08 中电运行(北京)信息技术有限公司 Detection method used for Webshell
CN105491053A (en) * 2015-12-21 2016-04-13 用友网络科技股份有限公司 Web malicious code detection method and system
GB201710378D0 (en) * 2017-06-29 2017-08-16 F Secure Corp Protection from malicious and/or harmful content in cloud-based service scenarios
CN107770133A (en) * 2016-08-19 2018-03-06 北京升鑫网络科技有限公司 A kind of adaptability webshell detection methods and system
CN107844702A (en) * 2017-11-24 2018-03-27 杭州安恒信息技术有限公司 Based on website wooden horse back door detection method and device under cloud protective environment
CN111163094A (en) * 2019-12-31 2020-05-15 奇安信科技集团股份有限公司 Network attack detection method, network attack detection device, electronic device, and medium
CN111931169A (en) * 2020-07-03 2020-11-13 中国建设银行股份有限公司 Trojan horse detection method and device and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104765883A (en) * 2015-04-30 2015-07-08 中电运行(北京)信息技术有限公司 Detection method used for Webshell
CN105491053A (en) * 2015-12-21 2016-04-13 用友网络科技股份有限公司 Web malicious code detection method and system
CN107770133A (en) * 2016-08-19 2018-03-06 北京升鑫网络科技有限公司 A kind of adaptability webshell detection methods and system
GB201710378D0 (en) * 2017-06-29 2017-08-16 F Secure Corp Protection from malicious and/or harmful content in cloud-based service scenarios
CN107844702A (en) * 2017-11-24 2018-03-27 杭州安恒信息技术有限公司 Based on website wooden horse back door detection method and device under cloud protective environment
CN111163094A (en) * 2019-12-31 2020-05-15 奇安信科技集团股份有限公司 Network attack detection method, network attack detection device, electronic device, and medium
CN111931169A (en) * 2020-07-03 2020-11-13 中国建设银行股份有限公司 Trojan horse detection method and device and storage medium

Similar Documents

Publication Publication Date Title
US9003532B2 (en) Providing a network-accessible malware analysis
RU2551820C2 (en) Method and apparatus for detecting viruses in file system
CN105553917B (en) Method and system for detecting webpage bugs
AU2011317734B2 (en) Computer system analysis method and apparatus
EP2701092A1 (en) Method for identifying malicious executables
US20080141376A1 (en) Determining maliciousness of software
US20130247190A1 (en) System, method, and computer program product for utilizing a data structure including event relationships to detect unwanted activity
US20070240215A1 (en) Method and system for tracking access to application data and preventing data exploitation by malicious programs
US9819695B2 (en) Scanning method and device, and client apparatus
CN1648812A (en) Detection of code-free files
CN111460445A (en) Method and device for automatically identifying malicious degree of sample program
CN103473501A (en) Malware tracking method based on cloud safety
CN104268475A (en) Application running system
US7975298B1 (en) System, method and computer program product for remote rootkit detection
US10250626B2 (en) Attacking node detection apparatus, method, and non-transitory computer readable storage medium thereof
US9787699B2 (en) Malware detection
US20170171224A1 (en) Method and System for Determining Initial Execution of an Attack
CN113507439A (en) JSP file security monitoring method and system
CN111131271A (en) Security defense method and device, electronic equipment and computer readable storage medium
CN113569240B (en) Method, device and equipment for detecting malicious software
CN109784037B (en) Security protection method and device for document file, storage medium and computer equipment
CN112799740A (en) Control method and device and electronic equipment
CN112953958A (en) Crawler detection method and device and electronic equipment
CN109800568B (en) Security protection method, client, system and storage medium for document file
CN112948830B (en) File risk identification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211015

RJ01 Rejection of invention patent application after publication