CN113810418A - Method for defending cross-site scripting attack and related equipment thereof - Google Patents
Method for defending cross-site scripting attack and related equipment thereof Download PDFInfo
- Publication number
- CN113810418A CN113810418A CN202111097418.5A CN202111097418A CN113810418A CN 113810418 A CN113810418 A CN 113810418A CN 202111097418 A CN202111097418 A CN 202111097418A CN 113810418 A CN113810418 A CN 113810418A
- Authority
- CN
- China
- Prior art keywords
- cross
- site scripting
- scripting attack
- setting
- target field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 77
- 230000007123 defense Effects 0.000 claims abstract description 136
- 230000014509 gene expression Effects 0.000 claims description 25
- 238000004590 computer program Methods 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 3
- 230000002085 persistent effect Effects 0.000 claims description 3
- 239000007858 starting material Substances 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 2
- 230000001052 transient effect Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 description 28
- 238000013515 script Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000000638 solvent extraction Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Abstract
The embodiment of the application discloses a method for defending cross-site scripting attack, which comprises the following steps: acquiring an access request sent to a target website; extracting a program statement included in the access request; determining cross-site scripting attack defense setting in an activated state; and processing program statements according to the cross-site scripting attack defense setting in the activated state. According to the technical scheme, the access request sent to the target website is received; extracting a program statement included in the access request; determining cross-site scripting attack defense setting in an activated state; and processing program statements according to the cross-site scripting attack defense setting in the activated state. By the method, the defense setting in the activated state can be set according to the self requirement for the access request of the target website, and then the access request can be processed by adopting different defense settings according to the setting of the user, so that the safety and the flexibility of the website system are improved.
Description
Technical Field
The application belongs to the technical field of computers, and particularly relates to a method for defending cross-site scripting attack and related equipment thereof.
Background
Cross Site Scripting (XSS) is a network attack that exploits vulnerabilities of Web pages. The attack terminal sends an access request containing malicious codes to an application program in an application server in a mode of inputting information containing the malicious codes in the Web page, so that the application program generates the Web page containing the malicious codes after receiving the access request, and the malicious codes are inserted into the Web page. When the user terminal opens the Web page, malicious codes in the Web page are executed, and the malicious codes are often used for realizing network attack behaviors such as malicious information stealing from the user terminal, so that the attack terminal completes network attack on the user terminal.
The XSS attack scripts published by the illegal user exist in the content published by the user through the website, and the system needs to filter the scripts in time, so that the loss of a company caused by malicious utilization of a hacker is avoided, and the experience of the user in checking the content is also prevented from being influenced.
However, different service conditions exist for different website service services, and a unified cross-site scripting attack defense strategy cannot well meet the requirements of each website service.
Disclosure of Invention
The present invention is directed to solving the existing problems, and the present application provides a method including:
a first aspect of an embodiment of the present application provides a method for defending against cross-site scripting attack, including:
acquiring an access request sent to a target website;
extracting a program statement included in the access request;
determining cross-site scripting attack defense setting in an activated state;
and processing program statements according to the cross-site scripting attack defense setting in the activated state.
Based on the method for defending against cross-site scripting attack provided in the first aspect of the embodiment of the present application, optionally, the determining the cross-site scripting attack defense setting in the activated state includes:
and determining one cross-site scripting attack defense setting from the regular cross-site scripting attack defense setting and the keyword-based cross-site scripting attack defense setting in the activated state.
Based on the method for defending against cross-site scripting attack provided in the first aspect of the embodiment of the present application, optionally, the processing a program statement according to the cross-site scripting attack defense setting in an activated state includes:
if the cross-site scripting attack defense setting in the activated state is the regular cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out replacement processing on the first target field, or carrying out escape processing on the first target field;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field meeting the keyword setting exists in the program statement;
and if the second target field exists, carrying out replacement processing on the second target field, or carrying out escape processing on the second target field.
Based on the method for defending against cross-site scripting attack provided by the first aspect of the embodiment of the present application, optionally, the method for defending against cross-site scripting attack is completed by a plug-in, and the plug-in is associated with the target website based on a Spring Boot starter mechanism.
Based on the defense method for cross-site scripting attack provided by the first aspect of the embodiment of the present application, optionally, the regular expression included in the regular-based cross-site scripting attack defense setting is set for a user based on a message agent tool; the keyword based defense setting includes a keyword set for a user based on a message agent tool.
Based on the defense method for cross-site scripting attack provided in the first aspect of the embodiment of the present application, optionally, the performing replacement processing on the first target field or performing escape processing on the first target field includes:
performing replacement processing on the first target field based on the setting of a user through a message agent tool, or performing escape processing on the first target field;
the replacing the second target field or the escaping the second target field includes:
and performing replacement processing on the second target field or performing escape processing on the second target field based on the setting of a user through a message agent tool.
A second aspect of the present application provides a defense device for cross-site scripting attack, including:
the acquisition unit is used for acquiring an access request sent to a target website;
an extraction unit, configured to extract a program statement included in the access request;
a determination unit for determining a defense setting in an activated state;
and the processing unit is used for processing the program statement according to the defense setting in the activated state.
Based on the defense device for cross-site scripting attack provided by the second aspect of the embodiment of the present application, optionally,
the determining unit is specifically configured to: and determining one cross-site scripting attack defense setting from the regular cross-site scripting attack defense setting and the keyword-based cross-site scripting attack defense setting in the activated state.
Based on the defense device for cross-site scripting attack provided by the second aspect of the embodiment of the present application, optionally,
the processing unit is specifically configured to: if the cross-site scripting attack defense setting in the activated state is the regular cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out replacement processing on the first target field, or carrying out escape processing on the first target field;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field meeting the keyword setting exists in the program statement;
and if the second target field exists, carrying out replacement processing on the second target field, or carrying out escape processing on the second target field.
Based on the defense device against cross-site scripting attack provided by the second aspect of the embodiment of the present application, optionally, the regular expression included in the regular-based cross-site scripting attack defense setting is set by a user based on a message agent tool; the keyword based defense setting includes a keyword set for a user based on a message agent tool.
Based on the defense device against cross-site scripting attack provided in the second aspect of the embodiment of the present application, optionally, the processing unit is specifically configured to:
performing replacement processing on the first target field based on the setting of a user through a message agent tool, or performing escape processing on the first target field based on the setting of the user through the message agent tool;
and performing replacement processing on the second target field based on the setting of the user through the message agent tool, or performing escape processing on the second target field based on the setting of the user through the message agent tool.
A third aspect of the embodiments of the present application provides a defense device for cross-site scripting attack, including:
the system comprises a central processing unit, a memory, an input/output interface, a wired or wireless network interface and a power supply;
the memory is a transient memory or a persistent memory;
the central processing unit is configured to communicate with the memory, and to execute the instructions in the memory on the device to perform the method according to any one of the first aspect of the embodiments of the present application.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium, including instructions, which, when executed on a computer, cause the computer to perform the method according to any one of the first aspects of embodiments of the present application.
A fifth aspect of embodiments of the present application provides a computer program product containing instructions, which when executed on a computer, cause the computer to perform the method according to any one of the first aspect of embodiments of the present application.
According to the technical scheme, the embodiment of the application has the following advantages: the scheme receives an access request sent to a target website; extracting a program statement included in the access request; determining cross-site scripting attack defense setting in an activated state; and processing program statements according to the cross-site scripting attack defense setting in the activated state. By the method, the defense setting in the activated state can be set according to the self requirement for the access request of the target website, and then the access request can be processed by adopting different defense settings according to the setting of the user, so that the safety and the flexibility of the website system are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of an embodiment of a method for defending against cross-site scripting attack according to the present application;
FIG. 2 is a schematic flowchart illustrating an embodiment of a method for defending against cross-site scripting attack according to the present disclosure;
FIG. 3 is a schematic flowchart illustrating an embodiment of a method for defending against cross-site scripting attack according to the present disclosure;
FIG. 4 is a flowchart illustrating an embodiment of a method for defending against cross-site scripting attack according to the present disclosure;
Detailed Description
In order to make the technical solutions in the embodiments of the present application better understood, the technical solutions in the embodiments of the present application are clearly and completely described below, and it is obvious that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Cross Site Scripting (XSS) is a network attack that exploits vulnerabilities of Web pages. The XSS attack scripts published by the illegal user exist in the content published by the user through the website, and the system needs to filter the scripts in time, so that the loss of a company caused by malicious utilization of a hacker is avoided, and the experience of the user in checking the content is also prevented from being influenced. However, different service conditions exist for different website service services, and a uniform cross-site scripting attack defense strategy often cannot well meet the requirements of each website service, so that certain problems are caused.
To solve the above problem, the present application provides a method for defending against cross-site scripting attack, and referring to fig. 1, an embodiment of the method for defending against cross-site scripting attack provided by the present application includes: step 101-step 104.
101. And acquiring an access request sent to the target website.
Specifically, in the application process of the scheme, one possible application architecture comprises a browser, a network and a server. The network is used to provide a medium for a communication link between a browser and a server, where the browser may be one or more of a smart phone, a tablet computer, and a portable computer, and certainly may also be a desktop computer, and the like. The network may include various connection types, such as wired communication links, wireless communication links, and so forth.
A user accesses a target website erected on a server through a browser, some malicious users may exist in the process, cross site scripting attacks (XSS) may exist in an access request issued by the malicious users, detection needs to be carried out before corresponding resources of the website are called based on the access request, cross site scripting attacks in the access request are filtered, and therefore the access request sent to the target website needs to be obtained.
102. And extracting a program statement included in the access request.
Specifically, the program statement included in the access request is extracted for subsequent processing.
103. And determining the cross-site scripting attack defense setting in the activated state.
Determining cross-site scripting attack defense settings in an activated state, wherein the cross-site scripting attack defense settings may include: specifically, the defense strategy set in the regular-based cross-site scripting attack defense setting comprises a plurality of regular expressions for detecting cross-site scripting attack, and when in actual use, if the extracted program statement conforms to any one of the plurality of regular expressions, the access request can be determined to include the cross-site scripting attack, and subsequent processing is required. A plurality of keywords for detecting cross-site scripting attack are arranged in the cross-site scripting attack defense setting based on the keywords, and if corresponding keywords are included in the program statements, the access requests can also be determined to include the cross-site scripting attack, and follow-up processing is required to be carried out correspondingly.
In the actual implementation process, a user can optionally select one cross-site scripting attack defense setting as the activated defense setting or select the cross-site scripting attack defense setting based on the current actual situation, generally speaking, the cross-site scripting attack defense setting based on keywords is considered to be narrow in defense range, and the cross-site scripting attack defense setting based on regular is considered to be wide in defense range. It can be understood that the user may also set specific parameters such as specific regular expressions, keywords, and the like in the cross-site scripting attack defense setting, or set a mode of a subsequent processing process, which may be specific according to an actual situation, and is not limited herein.
104. And processing program statements according to the cross-site scripting attack defense setting in the activated state.
Specifically, the program statements are processed according to the cross-site scripting attack defense setting in the activated state. If the regular cross-site scripting attack defense is set, the program statement is matched with the set regular expression, if the matching is successful, the access request includes cross-site scripting attack, further processing is needed, if the matching is failed, the cross-site scripting attack does not exist in the access request, the access request can be processed normally, namely corresponding resources are called to respond to the access request and return to the user, so that the user can normally use the service provided by the website, the specific situation can be determined according to the actual situation, and the method is not limited herein.
For an access request with cross-site scripting attack, a replacement or escape mode can be selected to process the access request, wherein the replacement mode is to replace partial fields in program statements which accord with regular expressions or keywords, and further to destroy the program statements with the cross-site scripting attack, so that the program statements cannot play an attacking role, and therefore the problem of the cross-site scripting attack is solved, wherein replacement rules can be set according to actual conditions, and specific limitations are not provided herein. The escape mode is similar to the replacement mode, and the difference is that part of fields in the program statement that meet the regular expression or the keyword are escaped, html escape is generally adopted, and the html escape mode can refer to the html escape comparison table, and is not described herein in detail. The method for escaping partial fields in the program statement can also make the cross-site scripting attack unable to play an attacking role, and the specific means adopted can be determined according to user settings and actual conditions, and is not limited here.
According to the technical scheme, the embodiment of the application has the following advantages: the scheme receives an access request sent to a target website; extracting a program statement included in the access request; determining cross-site scripting attack defense setting in an activated state; and processing program statements according to the cross-site scripting attack defense setting in the activated state. By the method, the defense setting in the activated state can be set according to the self requirement for the access request of the target website, and then the access request can be processed by adopting different defense settings according to the setting of the user, so that the safety and the flexibility of the system are improved.
Based on the embodiment provided in fig. 1, optionally, the present application further provides an embodiment that can be selectively executed in an actual situation, and specifically referring to fig. 2, the method for defending against cross-site scripting attack provided in the present application includes: step 201 to step 209.
Before the embodiment is described in detail, it is necessary to introduce an implementation framework of the scheme, specifically, the implementation mode of the scheme can be completed through a plug-in, that is, all program statements used for executing the scheme are integrated into a plug-in form, the plug-in can be referred to as a cross-site script attack defense plug-in for short, the cross-site script attack defense plug-in can be introduced into different website service items based on a starter mechanism under a Spring Boot framework, for different business services, different settings can be adopted under the plug-in, specifically, for example, whether the plug-in operates, the defense setting adopted by the plug-in, and specific expression setting and keyword setting under different defense settings, such settings can be respectively set for different business services, and further, the applicability of the scheme is improved. The defense setting adopted by the plug-in, the specific regular expression setting and the keyword setting under different defense settings can be set through the message agent tool, the specific type of the message agent tool can be Apollo, and a user configures the switch and the rule of the plug-in through the Apollo, so that the influence of the plug-in on website projects is avoided, the real-time modification is effective in real time, the projects do not need to be restarted, and the flexibility and the usability of the cross-site script attack defense process are improved.
It should be noted that, when the present solution is integrated in a plug-in form, a switch for whether the plug-in is enabled or not may be correspondingly set, if the plug-in is enabled, the process described in this embodiment is executed, and if the plug-in is not enabled, the process is not executed, which may be determined according to actual situations, and is not limited herein.
201. And acquiring an access request sent to the target website.
202. And extracting a program statement included in the access request.
Step 201 to step 202 in this embodiment are similar to step 101 to step 102 in the embodiment corresponding to fig. 1, and detailed description thereof is omitted here.
203. Determining one defense setting from among a regular-based defense setting and a keyword-based defense setting as the defense setting in the active state.
Specifically, one defense setting may be determined to be the defense setting in the activated state, from among the regular-based cross-site scripting attack defense setting and the keyword-based cross-site scripting attack defense setting, based on a switch activated by a user on the plug-in, if the regular-based defense setting switch is turned on, it is considered that the regular-based cross-site scripting attack defense setting is the defense setting in the activated state, and if the keyword-based defense setting switch is turned on, it is considered that the regular-based cross-site scripting attack defense setting is the defense setting in the activated state. Generally, there will only be one defense setting in an active state. It can be understood that only two cross-site scripting attack defense settings are provided, and in the actual implementation process, other various cross-site scripting attack defense settings may exist, which may be determined according to the actual situation, and are not limited herein.
204. And detecting whether a first target field conforming to the regular expression exists in the program statement.
Specifically, if the cross-site scripting attack defense setting in the activated state is the regular cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement, and if the first target field exists, executing step 206 to replace the first target field, or executing step 207 to perform escape processing on the first target field. The specific execution step 206 or the execution step 207 may be determined according to user settings, and is not limited herein, the regular expression used in the process of detecting whether the first target field conforming to the regular expression exists in the program statement may be preset for the user, and the regular expression included in the regular cross-site scripting attack defense setting is set for the user based on a message agent tool; different regular expressions can be configured according to the use requirements of users, and the configuration can be specifically determined according to the actual situation, which is not limited herein.
205. And detecting whether a second target field conforming to the keyword exists in the program statement.
Specifically, if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keyword, whether a second target field meeting the keyword exists in the program statement is detected, and if the second target field exists, step 208 is executed to replace the second target field, or step 209 is executed to perform escape processing on the second target field. The specific execution step 208 or the execution step 209 may be determined according to user settings, and is not limited herein, the keyword used in detecting whether the second target field conforming to the regular expression exists in the program statement may be preset for the user, and the keyword included in the keyword-based defense setting is set for the user based on the message agent tool, where different keywords may be configured according to user requirements, and may be determined according to actual situations, and is not limited herein.
206. And performing replacement processing on the first target field.
207. And performing escape processing on the first target field.
Step 206 and step 207 are subsequent processes for determining that the cross-site scripting attack exists based on the regular defense strategy, and in the actual implementation process, one of the steps 206 and step 207 may be selected to be executed, specifically, a user may set, through the message agent tool, to perform a replacement process or an escape process through a switch selection, and for the case where the user selects to perform the replacement process, step 206 is executed to perform the replacement process on the first target field. The replacement mode is to replace part of fields in the program statements which accord with the regular expression, and further destroy the program statements attacked by the cross-site scripting, so that the program statements can not play an attacking role, and the problem of the cross-site scripting attack is solved. For the case that the user selects to perform the escaping process, step 207 is executed to perform the escaping process on the first target field. The escape processing mode is similar to the replacement mode, except that part of the fields in the program statement that conform to the regular expression are escaped, the adopted mode is html escape, the html escape mode can refer to the html escape comparison table, and details are not described here. The method for escaping partial fields in the program statement can also make the cross-site scripting attack unable to play an attacking role, and the specific means adopted can be determined according to user settings and actual conditions, and is not limited here.
208. And performing replacement processing on the second target field.
209. And performing escape processing on the second target field.
Step 208 and step 209 are subsequent processes of judging that the cross-site scripting attack exists based on the defense setting of the keywords, and in the actual implementation process, one of the steps 208 and step 209 can be selected to be executed, specifically, a user can set and select to perform a replacement process or an escape process through a message agent tool, and for the case that the user selects to perform the replacement process, step 208 is executed, and the second target field is replaced. The replacement mode is to replace partial fields in the program statements conforming to the keywords, so as to destroy the program statements attacked by the cross-site scripting and make the program statements unable to play an attacking role, thereby solving the problem of the cross-site scripting attack, wherein the replacement rules can be set according to actual conditions, and are not limited in the specific situation. For the case that the user selects to perform the escaping process, step 209 is executed to perform the escaping process on the second target field. The escape processing mode is similar to the replacement mode, except that the escape is performed on a part of fields in the program statement that meet the keyword, the mode generally used is html escape, the html escape mode can refer to the html escape comparison table, and details are not described here. The method for escaping partial fields in the program statement can also make the cross-site scripting attack unable to play an attacking role, and the specific means adopted can be determined according to user settings and actual conditions, and is not limited here.
According to the technical scheme, the embodiment of the application has the following advantages: the scheme receives an access request sent to a target website; extracting a program statement included in the access request; determining cross-site scripting attack defense setting in an activated state; and processing program statements according to the cross-site scripting attack defense setting in the activated state. By the method, the defense setting in the activated state can be set according to the self requirement for the access request of the target website, and then the access request can be processed by adopting different defense settings according to the setting of the user, so that the safety and the flexibility of the system are improved.
The foregoing describes a method for defending against cross-site scripting attack provided by the present application, and the following introduces a device for defending against cross-site scripting attack provided by the present application, with reference to fig. 3, the device for defending against cross-site scripting attack includes:
an obtaining unit 301, configured to obtain an access request sent to a target website;
an extracting unit 302, configured to extract a program statement included in the access request;
a determining unit 303 for determining a defense setting in an active state;
a processing unit 304, configured to process the program statement according to the defense setting in the activated state.
Optionally, the determining unit 303 is specifically configured to: and determining one cross-site scripting attack defense setting from the regular cross-site scripting attack defense setting and the keyword-based cross-site scripting attack defense setting in the activated state.
Optionally, the processing unit 304 is specifically configured to: if the cross-site scripting attack defense setting in the activated state is the regular cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out replacement processing on the first target field, or carrying out escape processing on the first target field;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field meeting the keyword setting exists in the program statement;
and if the second target field exists, carrying out replacement processing on the second target field, or carrying out escape processing on the second target field.
Based on the defense device against cross-site scripting attack provided by the second aspect of the embodiment of the present application, optionally, the regular expression included in the regular-based cross-site scripting attack defense setting is set by a user based on a message agent tool; the keyword based defense setting includes a keyword set for a user based on a message agent tool.
Optionally, the processing unit 304 is specifically configured to:
performing replacement processing on the first target field based on the setting of a user through a message agent tool, or performing escape processing on the first target field based on the setting of the user through the message agent tool;
and performing replacement processing on the second target field based on the setting of the user through the message agent tool, or performing escape processing on the second target field based on the setting of the user through the message agent tool.
In this embodiment, the flow executed by each unit in the defense device against cross-site scripting attack is similar to the method flow described in the embodiment corresponding to fig. 1 and fig. 2, and is not described here again.
Fig. 4 is a schematic structural diagram of a defense apparatus against cross-site scripting attack according to an embodiment of the present application, where the defense apparatus 400 against cross-site scripting attack may include one or more Central Processing Units (CPUs) 401 and a memory 405, where the memory 405 stores one or more applications or data.
In this embodiment, the specific functional module division in the central processing unit 401 may be similar to the functional module division manner of each unit described in the foregoing fig. 4, and is not described here again.
The defense apparatus 400 against cross-site scripting attacks may also include one or more power supplies 402, one or more wired or wireless network interfaces 403, one or more input-output interfaces 404, and/or one or more operating systems, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
The central processing unit 401 may perform the operations performed by the method for defending against cross-site scripting attack in the embodiment shown in fig. 1, and details are not described here again.
The embodiment of the application also provides a computer storage medium, which is used for storing computer software instructions for the defense method of the cross-site scripting attack, and the computer storage medium comprises a program designed for execution.
The method for defending against cross site scripting attack can be as described in the aforementioned fig. 1 or fig. 2.
An embodiment of the present application further provides a computer program product, where the computer program product includes computer software instructions, and the computer software instructions may be loaded by a processor to implement a flow of the method for defending against a cross-site scripting attack, described above in fig. 1 and fig. 2.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, equivalent circuit transformations, partitions of units, and logic functions may be merely one type of partitioning, and in actual implementation, there may be other partitioning manners, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents or improvements made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A method for defending cross-site scripting attack is characterized by comprising the following steps:
acquiring an access request sent to a target website;
extracting a program statement included in the access request;
determining cross-site scripting attack defense setting in an activated state;
and processing program statements according to the cross-site scripting attack defense setting in the activated state.
2. The method for defending against cross-site scripting attack according to claim 1, wherein the determining of the cross-site scripting attack defense setting in the activated state comprises:
and determining one cross-site scripting attack defense setting from the regular cross-site scripting attack defense setting and the keyword-based cross-site scripting attack defense setting in the activated state.
3. The method for defending against cross-site scripting attack according to claim 2, wherein the processing of program statements according to the cross-site scripting attack defense setting in the activated state comprises:
if the cross-site scripting attack defense setting in the activated state is the regular cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out replacement processing on the first target field, or carrying out escape processing on the first target field;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field meeting the keyword setting exists in the program statement;
and if the second target field exists, carrying out replacement processing on the second target field, or carrying out escape processing on the second target field.
4. The method for defending against cross-site scripting attack as claimed in claim 1, wherein the method for defending against cross-site scripting attack is completed by a plug-in, and the plug-in is associated with the target website based on a Spring Boot starter mechanism.
5. The method for defending against cross-site scripting attack according to claim 2, wherein the regular expression included in the regular-based cross-site scripting attack defense setting is set for a user based on a message agent tool; the keyword based defense setting includes a keyword set for a user based on a message agent tool.
6. The method for defending against cross-site scripting attack according to claim 3, wherein the replacing the first target field or the escaping the first target field comprises:
performing replacement processing on the first target field based on the setting of a user through a message agent tool, or performing escape processing on the first target field based on the setting of the user through the message agent tool;
the replacing the second target field or the escaping the second target field includes:
and performing replacement processing on the second target field based on the setting of the user through the message agent tool, or performing escape processing on the second target field based on the setting of the user through the message agent tool.
7. A defense apparatus against cross-site scripting attack, comprising:
the acquisition unit is used for acquiring an access request sent to a target website;
an extraction unit, configured to extract a program statement included in the access request;
a determination unit for determining a defense setting in an activated state;
and the processing unit is used for processing the program statement according to the defense setting in the activated state.
8. A defense apparatus against cross-site scripting attack, comprising:
the system comprises a central processing unit, a memory, an input/output interface, a wired or wireless network interface and a power supply;
the memory is a transient memory or a persistent memory;
the central processor is configured to communicate with the memory, and execute the instruction operations in the memory on the defense device against cross-site scripting attacks to perform the method of any one of claims 1 to 6.
9. A computer-readable storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 6.
10. A computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111097418.5A CN113810418B (en) | 2021-09-18 | 2021-09-18 | Method for defending cross-site scripting attack and related equipment thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111097418.5A CN113810418B (en) | 2021-09-18 | 2021-09-18 | Method for defending cross-site scripting attack and related equipment thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113810418A true CN113810418A (en) | 2021-12-17 |
| CN113810418B CN113810418B (en) | 2023-12-26 |
Family
ID=78939990
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111097418.5A Active CN113810418B (en) | 2021-09-18 | 2021-09-18 | Method for defending cross-site scripting attack and related equipment thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113810418B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553550A (en) * | 2022-02-24 | 2022-05-27 | 京东科技信息技术有限公司 | Request detection method and device, storage medium and electronic equipment |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291394A (en) * | 2011-07-22 | 2011-12-21 | 网宿科技股份有限公司 | Security defense system based on network accelerating equipment |
| CN102999723A (en) * | 2012-11-20 | 2013-03-27 | 焦点科技股份有限公司 | Method and device for generating data defense assembly for actively defending XSS (Cross Site Script) attack |
| CN104601558A (en) * | 2014-12-31 | 2015-05-06 | 微梦创科网络科技(中国)有限公司 | Method and device for defending cross-site request forgery attacks |
| CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
| CN109302380A (en) * | 2018-08-15 | 2019-02-01 | 全球能源互联网研究院有限公司 | A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system |
| CN110417746A (en) * | 2019-07-05 | 2019-11-05 | 平安国际智慧城市科技股份有限公司 | Cross-site scripting attack defence method, device, equipment and storage medium |
| CN110650117A (en) * | 2019-08-01 | 2020-01-03 | 平安科技(深圳)有限公司 | Cross-site attack protection method, device, equipment and storage medium |
| CN111063351A (en) * | 2019-12-20 | 2020-04-24 | 北京声智科技有限公司 | Alarm clock control method and device |
| CN111953668A (en) * | 2020-07-30 | 2020-11-17 | 中国工商银行股份有限公司 | Network security information processing method and device |
| CN113194059A (en) * | 2021-02-24 | 2021-07-30 | 天津大学 | Method for selecting defense strategy of moving target |
| CN113364815A (en) * | 2021-08-11 | 2021-09-07 | 飞狐信息技术(天津)有限公司 | Cross-site scripting vulnerability attack defense method and device |
-
2021
- 2021-09-18 CN CN202111097418.5A patent/CN113810418B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291394A (en) * | 2011-07-22 | 2011-12-21 | 网宿科技股份有限公司 | Security defense system based on network accelerating equipment |
| CN102999723A (en) * | 2012-11-20 | 2013-03-27 | 焦点科技股份有限公司 | Method and device for generating data defense assembly for actively defending XSS (Cross Site Script) attack |
| CN104601558A (en) * | 2014-12-31 | 2015-05-06 | 微梦创科网络科技(中国)有限公司 | Method and device for defending cross-site request forgery attacks |
| CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
| CN109302380A (en) * | 2018-08-15 | 2019-02-01 | 全球能源互联网研究院有限公司 | A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system |
| CN110417746A (en) * | 2019-07-05 | 2019-11-05 | 平安国际智慧城市科技股份有限公司 | Cross-site scripting attack defence method, device, equipment and storage medium |
| CN110650117A (en) * | 2019-08-01 | 2020-01-03 | 平安科技(深圳)有限公司 | Cross-site attack protection method, device, equipment and storage medium |
| CN111063351A (en) * | 2019-12-20 | 2020-04-24 | 北京声智科技有限公司 | Alarm clock control method and device |
| CN111953668A (en) * | 2020-07-30 | 2020-11-17 | 中国工商银行股份有限公司 | Network security information processing method and device |
| CN113194059A (en) * | 2021-02-24 | 2021-07-30 | 天津大学 | Method for selecting defense strategy of moving target |
| CN113364815A (en) * | 2021-08-11 | 2021-09-07 | 飞狐信息技术(天津)有限公司 | Cross-site scripting vulnerability attack defense method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553550A (en) * | 2022-02-24 | 2022-05-27 | 京东科技信息技术有限公司 | Request detection method and device, storage medium and electronic equipment |
| CN114553550B (en) * | 2022-02-24 | 2024-02-02 | 京东科技信息技术有限公司 | Request detection method and device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113810418B (en) | 2023-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9407658B1 (en) | System and method for determining modified web pages | |
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| US10237158B2 (en) | Broadcast interception method and apparatus of intelligent device | |
| US20200143051A1 (en) | Security scanning method and apparatus for mini program, and electronic device | |
| EP3396905B1 (en) | Method and device for securely sending a message | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| EP3324325B1 (en) | Method, client, and system for testing application | |
| CN106998335B (en) | Vulnerability detection method, gateway equipment, browser and system | |
| WO2014153970A1 (en) | Method and apparatus for text input protection | |
| CN110278192B (en) | Method and device for accessing intranet by extranet, computer equipment and readable storage medium | |
| CN106203092B (en) | Method and device for intercepting shutdown of malicious program and electronic equipment | |
| CN112738094B (en) | Expandable network security vulnerability monitoring method, system, terminal and storage medium | |
| CN111752770A (en) | Service request processing method, system, computer device and storage medium | |
| CN105844146A (en) | Method and device for protecting driver and electronic equipment | |
| WO2012015363A1 (en) | Acquiring information from volatile memory of a mobile device | |
| CN113810418A (en) | Method for defending cross-site scripting attack and related equipment thereof | |
| CN109785537B (en) | Safety protection method and device for ATM | |
| CN110784475A (en) | Security defense method and device | |
| CN112395603A (en) | Vulnerability attack identification method and device based on instruction execution sequence characteristics and computer equipment | |
| CN111147480B (en) | File access control method, device, equipment and medium | |
| CA2774802A1 (en) | Windows kernel alteration searching method | |
| CN105653948B (en) | Method and device for preventing malicious operation | |
| CN106803830B (en) | Method, device and system for identifying internet access terminal and User Identity Module (UIM) card | |
| US9582368B2 (en) | Method and apparatus for text input protection | |
| CN107908961B (en) | Malicious webpage detection method, equipment and storage medium based on virtualization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |