CN113779443A - Vulnerability front-end function point positioning method and system - Google Patents
Vulnerability front-end function point positioning method and system Download PDFInfo
- Publication number
- CN113779443A CN113779443A CN202111129990.5A CN202111129990A CN113779443A CN 113779443 A CN113779443 A CN 113779443A CN 202111129990 A CN202111129990 A CN 202111129990A CN 113779443 A CN113779443 A CN 113779443A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- user operation
- key
- positioning
- function point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The invention discloses a vulnerability front-end function point positioning method and a vulnerability front-end function point positioning system, wherein the method comprises the following steps: installing a vulnerability positioning plug-in on a web front-end browser page, wherein the vulnerability positioning plug-in monitors a user browser click event, a URL (uniform resource locator) skip event and a form input event; recording a value corresponding to the event and a coordinate triggered by the event; acquiring a user operation record and generating or acquiring a screenshot related to the user operation record, and acquiring a URL (uniform resource locator) in a user request; using the URL in the user request as a key name key, and using the user operation record and the screenshot related to the user operation record as a key value to generate a key value pair for vulnerability location; and sending the key value pairs to a server for classified storage, executing DAST or IAST vulnerability detection, and positioning user operation corresponding to the vulnerability and a screenshot related to the user operation record from the server.
Description
Technical Field
The invention relates to the technical field of network vulnerability detection, in particular to a vulnerability front-end function point positioning method and system.
Background
In the prior art, the detection of a vulnerability includes an IAST (interactive application security test) and a DAST (dynamic application security test, black box), the vulnerability detection method can automatically detect the vulnerability in an application, but the DAST and the IAST generally only report a URL (uniform resource locator) and a data stream of the vulnerability, for an application with a front end and a back end separated, a front-end function point position corresponding to the vulnerability is difficult to find according to the URL and the data stream, so that vulnerability reproduction is difficult, and the current industry has no solution to the problem.
Disclosure of Invention
One of the purposes of the invention is to provide a vulnerability front-end function point positioning method and system, which realize vulnerability positioning of front-end function points based on a browser vulnerability positioning plug-in, and the vulnerability positioning plug-in can realize rapid positioning and repairing of front-end vulnerabilities.
The invention also aims to provide a vulnerability front-end function point positioning method and system, wherein the method and system adopt a key-value pair mode to generate key-value pair data by taking a URL (uniform resource locator) corresponding to a user request as a key name and taking a screenshot corresponding to a user operation record as a key value, and the key-value pair data are transmitted to a server for query, so that rapid positioning query can be realized.
The invention also aims to provide a vulnerability front-end function point positioning method and system, wherein the method and the system adopt a classified storage mode, store user operation data, screenshots, URLs and other data which do not need to be stored persistently in a Redis database, and write corresponding vulnerability data into a mysql database to realize classified persistent storage, so that the storage pressure of the data can be reduced on one hand, and the continuous monitoring of the vulnerability can be guaranteed on the other hand.
In order to achieve at least one of the above objects, the present invention further provides a vulnerability front-end function point positioning method, including the following steps:
installing a vulnerability positioning plug-in on a web front-end browser page, wherein the vulnerability positioning plug-in monitors a user browser click event, a URL (uniform resource locator) skip event and a form input event;
recording a value corresponding to the event and a coordinate triggered by the event;
acquiring a user operation record and generating or acquiring a screenshot related to the user operation record, and acquiring a URL (uniform resource locator) in a user request;
using the URL in the user request as a key name key, and using the user operation record and the screenshot related to the user operation record as a key value to generate a key value pair for vulnerability location;
and sending the key value pairs to a server for classified storage, executing DAST or IAST vulnerability detection, and positioning user operation corresponding to the vulnerability and a screenshot related to the user operation record from the server.
According to a preferred embodiment of the present invention, after the key-value pair key-value is constructed, a map of the key-value pair key-value is generated, and the map is serialized into a json-format character string and sent to a server.
According to another preferred embodiment of the present invention, after acquiring the json-formatted character string, the server performs deserialization analysis on the json-formatted character string, acquires a map of the key-value pair key-value after analysis and reduction, and stores the map of the key-value pair key-value in a Redis database.
According to another preferred embodiment of the present invention, after the DAST or IAST vulnerability detection is performed, a URL corresponding to the vulnerability is obtained, and the saved user operation record and the screenshot related to the user operation record are queried and positioned according to the key corresponding to the URL.
According to another preferred embodiment of the invention, after the front-end function point is located by detecting the vulnerability, the user operation corresponding to the detected vulnerability and the screenshot related to the user operation record are written into the mysql database for persistent storage.
According to another preferred embodiment of the invention, after the front-end function point is located by vulnerability detection, the screenshot related to the user operation and the user operation record is transmitted to the web front-end page for visual display.
According to another preferred embodiment of the present invention, the method for obtaining the URL in the user request includes: when html is loaded, ajax replaces XMLHttpRequest.prototype.open function in js through hook, fetch replaces window.fetch function through hook, and URL in the user request data acquired after user request is captured and analyzed.
According to another preferred embodiment of the present invention, the method for generating the user operation record related section includes:
when a user executes operation, the vulnerability locating plug-in obtains a user operation event;
generating canvas elements for the whole body by adopting an html2canvas framework;
acquiring a click coordinate of a user, and marking a click position corresponding to the canvas element according to the click coordinate;
and generating a corresponding screenshot according to the marking result.
In order to achieve at least one of the above objects, the present invention further provides a vulnerability front-end function point positioning system, which executes the vulnerability front-end function point positioning method.
The present invention further provides a computer-readable storage medium storing a computer program, which can be executed by a processor to perform the vulnerability front-end function point localization method.
Drawings
Fig. 1 is a schematic flow chart showing a vulnerability front-end function point positioning method according to the present invention.
Detailed Description
The following description is presented to disclose the invention so as to enable any person skilled in the art to practice the invention. The preferred embodiments in the following description are given by way of example only, and other obvious variations will occur to those skilled in the art. The basic principles of the invention, as defined in the following description, may be applied to other embodiments, variations, modifications, equivalents, and other technical solutions without departing from the spirit and scope of the invention.
It is understood that the terms "a" and "an" should be interpreted as meaning that a number of one element or element is one in one embodiment, while a number of other elements is one in another embodiment, and the terms "a" and "an" should not be interpreted as limiting the number.
Referring to fig. 1, a schematic flow chart of a vulnerability front-end function point positioning method according to the present invention is shown, where the method includes the following steps: first, user operation behaviors including, but not limited to, a browser click event, a URL jump event, and a form input event need to be monitored. The vulnerability location plug-in is adopted in the invention to limit the monitoring of the events, and it should be noted that the vulnerability location plug-in is installed in a browser at the front end of the web and supports plug-ins of mainstream browsers including Chrome, Firefox, Edge and the like. The vulnerability positioning plug-in acquires a URL in a request corresponding to a user operation behavior after monitoring the user operation behavior, acquires the user operation behavior and generates and acquires a screenshot related to the user operation behavior, further takes the URL in the request as a key name key, and takes the screenshot related to the user operation behavior and the user operation behavior as a key value vaule, generates key value pair key-vaule data, the key value pair key-vaule data is stored in a server, the key value pair key can be positioned to the corresponding screenshot related to the user operation behavior and the user operation behavior through inquiry, and when a vulnerability is detected, a function point corresponding to the front-end browser corresponding to the vulnerability can be realized.
Specifically, the vulnerability location plug-in monitors user operation behaviors of a browser click event, a URL (uniform resource locator) jump event and a form input event of a front-end user browser in real time through a jquery plug-in, and records a value of the event corresponding to the user operation behavior and a coordinate position of a trigger event. And generating user operation request data according to user operation in the front-end user browser, and capturing the user operation request data by the vulnerability positioning plug-in and analyzing the URL in the user operation request data. The method for capturing the user operation request data comprises the following steps:
in the html loading process, replacing ajax and fetch execution functions in js through a hook function to achieve, wherein the ajax execution functions replace XMLHttpRequest.
After the vulnerability location plug-in captures the user operation request data, analyzing the URL in the request and the operation behavior, and generating a screenshot related to the user operation behavior, wherein the generation method of the screenshot comprises the following steps:
generating a canvas element for the whole body through an html2canvas frame, marking a corresponding click position in the canvas element according to coordinate data obtained by user operation behaviors, generating a screenshot of the click position, and executing a canvas.toDataURL ('image/' + 'jpg') method to obtain base64 coded data of the screenshot for storage and transmission.
After acquiring a user operation as a related screenshot with the user operation, the vulnerability positioning plug-in takes the user operation as the related screenshot with the user operation as a key value vaule, takes a corresponding URL in a user operation request as a key value to establish the key value pair key-vaule, further generates a map of the key value pair key-vaule, serializes the map into a json character string, sends the json character string to a server, deserializes the received json character string by the server, resolves the json character string into the map of the key value pair key-vaule, and saves the resolved map into a Redis database.
Furthermore, a DAST or IAST vulnerability detection method in the prior art is adopted to detect the vulnerability of the user operation behavior, a URL with the vulnerability is obtained, a corresponding key name key is obtained at the server end through the URL, and the user operation behavior corresponding to the key value vaule and the screenshot related to the user operation behavior are further searched according to the key name key, so that the vulnerability is positioned at the front-end function point of the browser. And after acquiring a related screenshot of the user operation behavior of the corresponding vulnerability in the front-end browser, transmitting the screenshot to the front-end browser, and visually displaying the related screenshot. It should be noted that the DAST or iatt vulnerability detection method is the prior art, and the detailed vulnerability detection method is not described in detail in the present invention.
Because leak detection may have a large amount of data, in order to relieve the storage pressure, the storage pressure of a front-end browser is reduced by adopting a classified storage mode, wherein when a server acquires a map of key-vault, the map is cached to a Redis database, the Redis database stores map data of all key values of key-vault with large data quantity, low data storage format and low persistent storage requirement, and after the leak detection of DAST or IAST, corresponding URLs, user operation behaviors and corresponding screenshots with existing leaks are stored in a persistent mysql database, so that the technical effect of storing, recording and relieving the storage pressure by classification is realized.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section, and/or installed from a removable medium. The computer program, when executed by a Central Processing Unit (CPU), performs the above-described functions defined in the method of the present application. It should be noted that the computer readable medium mentioned above in the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wire segments, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless section, wire section, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be understood by those skilled in the art that the embodiments of the present invention described above and illustrated in the drawings are given by way of example only and not by way of limitation, the objects of the invention having been fully and effectively achieved, the functional and structural principles of the present invention having been shown and described in the embodiments, and that various changes or modifications may be made in the embodiments of the present invention without departing from such principles.
Claims (10)
1. A vulnerability front-end function point positioning method is characterized by comprising the following steps:
installing a vulnerability positioning plug-in on a web front-end browser page, wherein the vulnerability positioning plug-in monitors a user browser click event, a URL (uniform resource locator) skip event and a form input event;
recording a value corresponding to the event and a coordinate triggered by the event;
acquiring a user operation record and generating or acquiring a screenshot related to the user operation record, and acquiring a URL (uniform resource locator) in a user request;
using the URL in the user request as a key name key, and using the user operation record and the screenshot related to the user operation record as a key value to generate a key value pair for vulnerability location;
and sending the key value pairs to a server for classified storage, executing DAST or IAST vulnerability detection, and positioning user operation corresponding to the vulnerability and a screenshot related to the user operation record from the server.
2. The method for positioning the vulnerability front-end function point according to claim 1, wherein after the key-value pair key-value is constructed, a map of the key-value pair key-value is generated and the map is serialized into a character string in json format and sent to a server.
3. The method for positioning the vulnerability front-end function point according to claim 2, wherein the server performs deserialization analysis on the json format character string after acquiring the json format character string, acquires a map of the key-value pair key-value after analysis and reduction, and stores the map of the key-value pair key-value in a Redis database.
4. The method according to claim 1, wherein after the DAST or IAST vulnerability detection is performed, a URL corresponding to the vulnerability is obtained, and a user operation record and a screenshot related to the user operation record stored in a location are queried according to a key corresponding to the URL.
5. The method for positioning the front-end function point of the vulnerability according to claim 1, wherein after completing vulnerability detection and positioning of the front-end function point, the screenshot related to the user operation and the user operation record corresponding to the detected vulnerability is written into a mysql database for persistent storage.
6. The vulnerability front-end function point positioning method according to claim 1, characterized in that after completing vulnerability detection and positioning of the front-end function point, the screenshot related to the user operation and the user operation record is transmitted to a web front-end page for visual display.
7. The method for positioning vulnerability front-end function points according to claim 1, wherein the method for obtaining the URL in the user request comprises: when html is loaded, ajax replaces XMLHttpRequest.prototype.open function in js through hook, fetch replaces window.fetch function through hook, and URL in the user request data acquired after user request is captured and analyzed.
8. The vulnerability front-end function point positioning method according to claim 1, wherein the generation method of the user operation record related section comprises:
when a user executes operation, the vulnerability locating plug-in obtains a user operation event;
generating canvas elements for the whole body by adopting an html2canvas framework;
acquiring a click coordinate of a user, and marking a click position corresponding to the canvas element according to the click coordinate;
and generating a corresponding screenshot according to the marking result.
9. A vulnerability front end function point localization system, wherein the system performs a vulnerability front end function point localization method according to any one of the preceding claims 1-8.
10. A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and the computer program is capable of being executed by a processor to perform the vulnerability front-end function point localization method according to any of the above claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111129990.5A CN113779443A (en) | 2021-09-26 | 2021-09-26 | Vulnerability front-end function point positioning method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111129990.5A CN113779443A (en) | 2021-09-26 | 2021-09-26 | Vulnerability front-end function point positioning method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113779443A true CN113779443A (en) | 2021-12-10 |
Family
ID=78853561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111129990.5A Pending CN113779443A (en) | 2021-09-26 | 2021-09-26 | Vulnerability front-end function point positioning method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113779443A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532912A (en) * | 2012-07-04 | 2014-01-22 | 中国电信股份有限公司 | Browser service data processing method and apparatus |
| CN113162937A (en) * | 2021-04-25 | 2021-07-23 | 中国工商银行股份有限公司 | Application safety automatic detection method, system, electronic equipment and storage medium |
-
2021
- 2021-09-26 CN CN202111129990.5A patent/CN113779443A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532912A (en) * | 2012-07-04 | 2014-01-22 | 中国电信股份有限公司 | Browser service data processing method and apparatus |
| CN113162937A (en) * | 2021-04-25 | 2021-07-23 | 中国工商银行股份有限公司 | Application safety automatic detection method, system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7962547B2 (en) | Method for server-side logging of client browser state through markup language | |
| US8510842B2 (en) | Pinpointing security vulnerabilities in computer software applications | |
| CN108667855B (en) | Network flow abnormity monitoring method and device, electronic equipment and storage medium | |
| US9003235B2 (en) | Indicating coverage of web application testing | |
| US8621613B1 (en) | Detecting malware in content items | |
| CN107085549B (en) | Method and device for generating fault information | |
| US10528456B2 (en) | Determining idle testing periods | |
| CN103297394A (en) | Website security detection method and device | |
| CN111367814A (en) | Embedded point testing method and device, terminal equipment and storage medium | |
| CN113449310A (en) | Application program vulnerability detection method, device and equipment | |
| US20120054724A1 (en) | Incremental static analysis | |
| CN115203004A (en) | Code coverage rate testing method and device, storage medium and electronic equipment | |
| CN113535577B (en) | Application testing method and device based on knowledge graph, electronic equipment and medium | |
| CN111221721A (en) | Automatic recording and executing method and device for unit test cases | |
| CN103390129A (en) | Method and device for detecting security of uniform resource locator | |
| US8291389B2 (en) | Automatically detecting non-modifying transforms when profiling source code | |
| CN113779443A (en) | Vulnerability front-end function point positioning method and system | |
| US20150278202A1 (en) | Optimizing web crawling through web page pruning | |
| CN113095450A (en) | Two-dimensional code data acquisition method and system, electronic device and storage medium | |
| CN107451047B (en) | Browser function testing method and system and electronic equipment | |
| CN110691005A (en) | Website monitoring system and method | |
| CN114690988B (en) | Test method and device and electronic equipment | |
| CN113986603B (en) | Method and device for determining page loading abnormity reason and storage medium | |
| US20220217037A1 (en) | Detecting relationships between web services in a web-based computing system | |
| Shuang et al. | Dumviri: Detecting Trackers and Mixed Trackers with a Breakage Detector |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 1st Floor, Building 3, No. 2616, Yuhangtang Road, Cangqian Street, Yuhang District, Hangzhou City, Zhejiang Province, 311100 Applicant after: HANGZHOU MOAN TECHNOLOGY CO.,LTD. Address before: 311100 10th floor, Block E, building 1, 1378 Wenyi West Road, Cangqian street, Yuhang District, Hangzhou City, Zhejiang Province Applicant before: HANGZHOU MOAN TECHNOLOGY CO.,LTD. |
|
| CB02 | Change of applicant information |