CN113810418B - Method for defending cross-site scripting attack and related equipment thereof - Google Patents
Method for defending cross-site scripting attack and related equipment thereof Download PDFInfo
- Publication number
- CN113810418B CN113810418B CN202111097418.5A CN202111097418A CN113810418B CN 113810418 B CN113810418 B CN 113810418B CN 202111097418 A CN202111097418 A CN 202111097418A CN 113810418 B CN113810418 B CN 113810418B
- Authority
- CN
- China
- Prior art keywords
- cross
- site scripting
- setting
- scripting attack
- attack defense
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 230000007123 defense Effects 0.000 claims abstract description 114
- 238000012545 processing Methods 0.000 claims abstract description 76
- 238000013515 script Methods 0.000 claims abstract description 30
- 230000014509 gene expression Effects 0.000 claims description 27
- 230000015654 memory Effects 0.000 claims description 16
- 230000007246 mechanism Effects 0.000 claims description 4
- 239000007858 starting material Substances 0.000 claims description 4
- 230000002085 persistent effect Effects 0.000 claims description 3
- 230000006403 short-term memory Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 description 22
- 238000004891 communication Methods 0.000 description 5
- 238000006467 substitution reaction Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000000638 solvent extraction Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the application discloses a defending method for cross-site script attack, which comprises the following steps: acquiring an access request sent to a target website; extracting a program statement included in the access request; determining cross-site script attack defense setting in an activated state; and processing the program statement according to the cross-site script attack defense setting in the activated state. According to the technical scheme, the access request sent to the target website is received; extracting a program statement included in the access request; determining cross-site script attack defense setting in an activated state; and processing the program statement according to the cross-site script attack defense setting in the activated state. By the method, the access request of the target website can be set to be in the defense setting of the activated state according to the self demand, so that the access request can be processed by adopting different defense settings according to the setting of the user, and the safety and the flexibility of the website system are improved.
Description
Technical Field
The application belongs to the technical field of computers, and particularly relates to a defending method for cross-site scripting attack and related equipment thereof.
Background
Cross-site scripting attack (XSS, cross Site Scripting) is a network attack approach that exploits Web page vulnerabilities. The attack terminal adopts a mode of inputting information containing malicious codes into the Web page, and sends an access request containing the malicious codes to an application program in the application server, so that the application program generates a Web page containing the malicious codes after receiving the access request, and the malicious codes are inserted into the Web page. When the user terminal opens the Web page, malicious codes in the Web page are executed, and the malicious codes are often used for realizing network attack behaviors such as malicious information theft from the user terminal, so that the attack terminal completes network attack on the user terminal.
In the content published by the user through the website, XSS attack scripts published by illegal users exist, the system needs to timely filter the scripts, company loss caused by malicious utilization of hackers is avoided, and meanwhile experience of users in viewing the content is also avoided being influenced.
However, different service conditions exist for different website service services respectively, and the unified cross-site script attack defense strategy cannot meet the requirements of each website service well.
Disclosure of Invention
The invention aims to solve the existing problems, and the application provides the method comprising the following steps:
the first aspect of the embodiment of the application provides a defending method for cross-site scripting attack, which comprises the following steps:
acquiring an access request sent to a target website;
extracting a program statement included in the access request;
determining cross-site script attack defense setting in an activated state;
and processing the program statement according to the cross-site script attack defense setting in the activated state.
Based on the method for defending against cross-site scripting attack provided in the first aspect of the embodiment of the present application, optionally, the determining the cross-site scripting attack defending setting in the active state includes:
and determining a cross-site scripting attack defense setting as the cross-site scripting attack defense setting in an activated state from the regular cross-site scripting attack defense setting and the keyword cross-site scripting attack defense setting.
Based on the method for defending against cross-site scripting attack provided in the first aspect of the embodiment of the present application, optionally, the processing the program statement according to the cross-site scripting attack defending setting in the active state includes:
if the cross-site scripting attack defense setting in the activated state is the regular-based cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out replacement processing on the first target field, or carrying out escape processing on the first target field;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field conforming to the keyword setting exists in the program statement;
and if the second target field exists, carrying out replacement processing on the second target field or carrying out escape processing on the second target field.
Based on the method for defending cross-site scripting attack provided in the first aspect of the embodiment of the present application, optionally, the method for defending cross-site scripting attack is completed through a plugin, and the plugin is associated with the target website based on a Spring Boot starter mechanism.
Based on the method for defending cross-site scripting attack provided in the first aspect of the embodiment of the present application, optionally, the regular expression included in the regular-based cross-site scripting attack defending setting is set for the user based on the message broker; the keywords included in the keyword-based defense setting are user message-agent-based settings.
Based on the method for defending cross-site scripting attack provided in the first aspect of the embodiment of the present application, optionally, the replacing processing is performed on the first target field, or the escaping processing is performed on the first target field, including:
performing replacement processing on the first target field based on the setting of a user through a message agency tool, or performing escape processing on the first target field;
the replacing the second target field or the escaping the second target field includes:
and carrying out replacement processing on the second target field based on the setting of a user through a message agency tool, or carrying out escape processing on the second target field.
A second aspect of the embodiments of the present application provides a defending device for cross-site scripting attack, including:
the acquisition unit is used for acquiring the access request sent to the target website;
an extracting unit, configured to extract a program statement included in the access request;
a determining unit configured to determine a defensive setting in an activated state;
and the processing unit is used for processing the program statement according to the defense setting in the activated state.
Based on the defending device for cross-site scripting attack provided in the second aspect of the embodiments of the present application, optionally,
the determining unit is specifically configured to: and determining a cross-site scripting attack defense setting as the cross-site scripting attack defense setting in an activated state from the regular cross-site scripting attack defense setting and the keyword cross-site scripting attack defense setting.
Based on the defending device for cross-site scripting attack provided in the second aspect of the embodiments of the present application, optionally,
the processing unit is specifically configured to: if the cross-site scripting attack defense setting in the activated state is the regular-based cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out replacement processing on the first target field, or carrying out escape processing on the first target field;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field conforming to the keyword setting exists in the program statement;
and if the second target field exists, carrying out replacement processing on the second target field or carrying out escape processing on the second target field.
Based on the defending equipment for cross-site scripting attack provided in the second aspect of the embodiment of the present application, optionally, the regular expression included in the regular-based cross-site scripting attack defending setting is set for the user based on the message broker; the keywords included in the keyword-based defense setting are user message-agent-based settings.
Based on the defending device for cross-site scripting attack provided in the second aspect of the embodiment of the present application, optionally, the processing unit is specifically configured to:
performing replacement processing on the first target field based on the setting of the user through the message agency tool, or performing escape processing on the first target field based on the setting of the user through the message agency tool;
and carrying out replacement processing on the second target field based on the setting of the user through the message agent tool, or carrying out escape processing on the second target field based on the setting of the user through the message agent tool.
A third aspect of the embodiments of the present application provides a defending device for cross-site scripting attack, including:
the device comprises a central processing unit, a memory, an input/output interface, a wired or wireless network interface and a power supply;
the memory is a short-term memory or a persistent memory;
the central processor is configured to communicate with the memory and to execute instruction operations in the memory on the device to perform the method of any of the first aspects of the embodiments of the present application.
A fourth aspect of the embodiments provides a computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform a method according to any of the first aspects of the embodiments of the application.
A fifth aspect of the embodiments of the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method according to any one of the first aspects of the embodiments of the present application.
From the above technical solutions, the embodiments of the present application have the following advantages: the scheme is that an access request sent to a target website is received; extracting a program statement included in the access request; determining cross-site script attack defense setting in an activated state; and processing the program statement according to the cross-site script attack defense setting in the activated state. By the method, the access request of the target website can be set to be in the defense setting of the activated state according to the self demand, so that the access request can be processed by adopting different defense settings according to the setting of the user, and the safety and the flexibility of the website system are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
Fig. 1 is a schematic flow chart of an embodiment of a method for defending against cross-site scripting attack provided in the present application;
fig. 2 is a schematic flow chart of an embodiment of a method for defending against cross-site scripting attack provided in the present application;
fig. 3 is a schematic flow chart of an embodiment of a method for defending against cross-site scripting attack provided in the present application;
fig. 4 is a schematic flow chart of an embodiment of a method for defending against cross-site scripting attack provided in the present application;
Detailed Description
In order to better understand the embodiments of the present application, the following description will clearly and completely describe the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims of this application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Cross-site scripting attack (XSS, cross Site Scripting) is a network attack approach that exploits Web page vulnerabilities. In the content published by the user through the website, XSS attack scripts published by illegal users exist, the system needs to timely filter the scripts, company loss caused by malicious utilization of hackers is avoided, and meanwhile experience of users in viewing the content is also avoided being influenced. However, different service conditions exist for different website service services respectively, and the unified cross-site script attack defense strategy cannot meet the requirements of each website service well, so that a certain problem is caused.
In order to solve the above problem, the present application provides a method for defending against cross-site scripting attack, referring to fig. 1, one embodiment of the method for defending against cross-site scripting attack provided in the present application includes: step 101-step 104.
101. And obtaining an access request sent to the target website.
Specifically, in the application process of the scheme, one possible application architecture includes a browser, a network and a server. The network is used as a medium for providing a communication link between the browser and the server, and the browser may be one or more of a smart phone, a tablet computer, and a portable computer, but may also be a desktop computer, etc. The network may include various connection types, such as wired communication links, wireless communication links, and the like.
The user accesses the target website erected on the server through the browser, in the process, some malicious users may exist, and cross site scripting attack (XSS) may exist in the access request issued by the malicious users, so that detection is required before corresponding resources of the website are called based on the access request, cross site scripting attack in the access request is filtered, and therefore the access request sent to the target website needs to be acquired.
102. And extracting a program statement included in the access request.
Specifically, the program statement included in the access request is extracted for subsequent processing.
103. And determining cross-site scripting attack defense settings in an activated state.
Determining cross-site scripting attack defense settings in an active state, wherein the cross-site scripting attack defense settings may include: the method comprises the steps that a cross-site scripting attack defense setting based on regularities and a cross-site scripting attack defense setting based on keywords are adopted, specifically, the defense strategy set in the cross-site scripting attack defense setting based on regularities comprises a plurality of regular expressions used for detecting cross-site scripting attack, and when the cross-site scripting attack defense strategy is actually used, if an extracted program statement accords with any one of the regular expressions, the cross-site scripting attack is considered to be included in the access request, and subsequent processing is needed. The cross-site scripting attack defense setting based on the keywords is provided with a plurality of keywords for detecting the cross-site scripting attack, and if the program statement comprises corresponding keywords, the access request can be considered to comprise the cross-site scripting attack, and the subsequent processing is required correspondingly.
In the actual implementation process, a user can arbitrarily select a cross-site scripting attack defense setting as an activated defense setting or select the cross-site scripting attack defense setting based on the current actual situation, and generally speaking, the cross-site scripting attack defense setting based on the keywords can be considered to have a narrower defense range, and the cross-site scripting attack defense setting based on the regular is wider. It can be understood that the user can also set specific parameters such as specific regular expressions, keywords and the like in the cross-site scripting attack defense setting, or set a mode of a subsequent processing process, and the specific parameters can be determined according to actual conditions, and the method is not limited herein.
104. And processing the program statement according to the cross-site script attack defense setting in the activated state.
Specifically, the program statement is processed according to the cross-site scripting attack defense setting in the activated state. If the regular-based cross-site scripting attack defense setting is performed, the program statement is matched with the set regular expression, if the matching is successful, the access request comprises the cross-site scripting attack and needs to be further processed, if the matching is failed, the cross-site scripting attack does not exist in the access request, the access request can be normally processed, namely, corresponding resources are called to respond to the access request and returned to the user, so that the user can normally use services provided by the website, and the access request is not limited herein according to actual conditions.
For the access request with cross-site scripting attack, a substitution or escape mode can be selected to process the access request, wherein the substitution mode is to replace partial fields which accord with regular expressions or keywords in program sentences, so that the program sentences with the cross-site scripting attack are destroyed, the program sentences with the cross-site scripting attack cannot play an attack role, and the problem of the cross-site scripting attack is solved, wherein the substitution rule can be set according to actual conditions, and the substitution rule is not limited in specific places. The escape mode is similar to the replacement mode, except that the escape is performed on partial fields conforming to regular expressions or keywords in program sentences, and the html escape mode is generally adopted, and can refer to an html escape comparison table, which is not described in detail herein. The escape of some fields in the program statement can also make the cross-site scripting attack unable to play an attack role, and the specific means adopted can be determined according to the user setting and actual conditions, and are not limited herein.
From the above technical solutions, the embodiments of the present application have the following advantages: the scheme is that an access request sent to a target website is received; extracting a program statement included in the access request; determining cross-site script attack defense setting in an activated state; and processing the program statement according to the cross-site script attack defense setting in the activated state. By the method, the access request of the target website can be set to be in the defense setting of the activated state according to the self demand, so that the access request can be processed by adopting different defense settings according to the setting of the user, and the safety and the flexibility of the system are improved.
Based on the embodiment provided in fig. 1, optionally, the present application further provides an embodiment that may be selectively executed in actual situations, with reference to fig. 2, and the method for defending cross-site scripting attack provided in the present application includes: steps 201 to 209.
Before describing the embodiment in detail, it is necessary to introduce an implementation framework of the present solution, specifically, a manner adopted to implement the present solution may be completed by a plugin, that is, all program statements adopted to implement the present solution are integrated into a plugin form, the plugin may be simply referred to as a cross-site script attack defending plugin, the cross-site script attack defending plugin may be introduced into different website service projects based on a starter mechanism under a Spring Boot framework, and for different service, different settings may be adopted under the plugin, specifically, for example, whether the plugin operates, a defending setting adopted by the plugin, and specific regular expression settings and keyword settings under different defending settings, where such settings may be respectively set for different service services, so as to further improve applicability of the present solution. The specific regular expression setting and keyword setting under different defense settings can be set through the message agency tool, the specific message agency tool can be of an Apollo type, and a user configures a switch and a rule of the plugin through the Apollo type, so that the influence of the plugin on a website project is avoided, real-time modification and real-time effectiveness are realized, the project is not required to be restarted, and the flexibility and the usability of the cross-site script attack defense process are improved.
It should be noted that, when the solution is integrated in the form of a plug-in, a switch for enabling the plug-in may be set correspondingly, if the plug-in is enabled, the process described in this embodiment is executed, and if the plug-in is not enabled, the process is not executed, which may be specific to the actual situation, and is not limited herein.
201. And obtaining an access request sent to the target website.
202. And extracting a program statement included in the access request.
Steps 201 to 202 in this embodiment are similar to steps 101 to 102 in the corresponding embodiment of fig. 1, and detailed descriptions thereof are omitted herein.
203. One of the regular-based and keyword-based defense settings is determined as the active-state defense setting.
Specifically, a defense setting can be determined to be the active defense setting based on a switch activated by a user on a plug-in a regular cross-site script attack defense setting and a keyword-based cross-site script attack defense setting, if the regular-based defense setting switch is opened, the regular-based cross-site script attack defense is considered to be the active defense setting, and if the keyword-based defense setting switch is opened, the regular-based cross-site script attack defense is considered to be the active defense setting. Generally, there will be only one defensive setting in the active state. It can be understood that only two cross-site scripting attack defense settings are provided herein, and in the actual implementation process, other various cross-site scripting attack defense settings may also exist, which may be specific to the actual situation and are not limited herein.
204. And detecting whether a first target field conforming to the regular expression exists in the program statement.
Specifically, if the active cross-site scripting attack defense setting is the regular-based cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement, and if the first target field exists, executing step 206 to replace the first target field or executing step 207 to escape the first target field. The specific implementation step 206 or implementation step 207 may depend on the user setting, which is not limited herein, and the regular expression adopted in the process of detecting whether the first target field conforming to the regular expression exists in the program statement may be preset for the user, and the regular expression included in the regular cross-site script attack defense setting is set for the user based on the message broker tool; different regular expressions can be configured according to the use requirement of the user, and the regular expressions can be specific according to the actual situation and are not limited herein.
205. And detecting whether a second target field conforming to the key word exists in the program statement.
Specifically, if the active cross-site scripting attack defense setting is the cross-site scripting attack defense setting based on the keyword, detecting whether a second target field conforming to the keyword exists in the program statement, and if the second target field exists, executing step 208 to replace the second target field or executing step 209 to escape the second target field. The specific execution step 208 or the execution step 209 may be determined according to a user setting, and is not limited herein, and the keywords adopted in the process of detecting whether the second target field conforming to the regular expression exists in the program sentence may be preset by the user, and the keywords included in the defending setting based on the keywords are set by the user based on the message broker, where different keywords may be configured according to the user requirement, and may be determined according to the actual situation, and is not limited herein.
206. And carrying out replacement processing on the first target field.
207. And carrying out escape processing on the first target field.
Steps 206 and 207 are subsequent processes of determining that cross-site scripting attack exists for the regular-based defense strategy, and in an actual implementation process, one of steps 206 and 207 may be selected to be executed, specifically, a user may set through a message broker to perform a replacement process or escape process through switch selection, and in the case that the user selects to perform the replacement process, that is, execute step 206 to perform the replacement process on the first target field. The replacing method is to replace partial fields which conform to the regular expression in the program statement, and further destroy the program statement of the cross-site scripting attack, so that the cross-site scripting attack cannot be performed, and the problem of the cross-site scripting attack is solved, wherein the replacing rule can be set according to actual conditions, and is not limited in specific places. In the case that the user selects to perform the escape processing, step 207 is performed to perform the escape processing on the first target field. The escape processing method is similar to the replacement method, except that the escape is performed on a part of fields conforming to the regular expression in the program statement, the general adopted method is html escape, and the html escape method can refer to an html escape comparison table, which is not described in detail herein. The escape of some fields in the program statement can also make the cross-site scripting attack unable to play an attack role, and the specific means adopted can be determined according to the user setting and actual conditions, and are not limited herein.
208. And carrying out replacement processing on the second target field.
209. And carrying out escape processing on the second target field.
Step 208 and step 209 are subsequent processes of judging that cross-site scripting attack exists based on the defending setting of the keywords, in the actual implementation process, one of the steps 208 and 209 can be selected to be executed, specifically, the user can select to perform replacement processing or escape processing through the message broker setting, and in the case that the user selects to perform replacement processing, step 208 is executed, and the second target field is subjected to replacement processing. The replacing method is to replace partial fields conforming to the keywords in the program statement, so that the program statement of the cross-site scripting attack is damaged, the cross-site scripting attack cannot be performed, and therefore the problem of the cross-site scripting attack is solved, wherein the replacing rule can be set according to actual conditions, and the method is not limited in detail. In the case that the user selects to perform the escape processing, step 209 is executed to perform the escape processing on the second target field. The escape processing is similar to the replacement processing except that the part of the fields conforming to the keywords in the program statement is escape, the generally adopted way is html escape, and the html escape way can refer to an html escape comparison table, which is not described in detail herein. The escape of some fields in the program statement can also make the cross-site scripting attack unable to play an attack role, and the specific means adopted can be determined according to the user setting and actual conditions, and are not limited herein.
From the above technical solutions, the embodiments of the present application have the following advantages: the scheme is that an access request sent to a target website is received; extracting a program statement included in the access request; determining cross-site script attack defense setting in an activated state; and processing the program statement according to the cross-site script attack defense setting in the activated state. By the method, the access request of the target website can be set to be in the defense setting of the activated state according to the self demand, so that the access request can be processed by adopting different defense settings according to the setting of the user, and the safety and the flexibility of the system are improved.
The foregoing describes a method for defending against cross-site scripting attack provided by the present application, and the following describes a device for defending against cross-site scripting attack provided by the present application, please refer to fig. 3, where the device for defending against cross-site scripting attack provided by the present application includes:
an obtaining unit 301, configured to obtain an access request sent to a target website;
an extracting unit 302, configured to extract a program statement included in the access request;
a determining unit 303 for determining a defensive setting in an activated state;
and the processing unit 304 is configured to process the program statement according to the defense setting in the active state.
Optionally, the determining unit 303 is specifically configured to: and determining a cross-site scripting attack defense setting as the cross-site scripting attack defense setting in an activated state from the regular cross-site scripting attack defense setting and the keyword cross-site scripting attack defense setting.
Optionally, the processing unit 304 is specifically configured to: if the cross-site scripting attack defense setting in the activated state is the regular-based cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out replacement processing on the first target field, or carrying out escape processing on the first target field;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field conforming to the keyword setting exists in the program statement;
and if the second target field exists, carrying out replacement processing on the second target field or carrying out escape processing on the second target field.
Based on the defending equipment for cross-site scripting attack provided in the second aspect of the embodiment of the present application, optionally, the regular expression included in the regular-based cross-site scripting attack defending setting is set for the user based on the message broker; the keywords included in the keyword-based defense setting are user message-agent-based settings.
Optionally, the processing unit 304 is specifically configured to:
performing replacement processing on the first target field based on the setting of the user through the message agency tool, or performing escape processing on the first target field based on the setting of the user through the message agency tool;
and carrying out replacement processing on the second target field based on the setting of the user through the message agent tool, or carrying out escape processing on the second target field based on the setting of the user through the message agent tool.
In this embodiment, the flow executed by each unit in the defending device for cross-site scripting attack is similar to the flow of the method described in the embodiment corresponding to fig. 1 and fig. 2, and will not be repeated here.
Fig. 4 is a schematic structural diagram of a cross-site scripting attack protection device provided in an embodiment of the present application, where the cross-site scripting attack protection device 400 may include one or more central processing units (central processing units, CPU) 401 and a memory 405, where one or more application programs or data are stored in the memory 405.
In this embodiment, the specific function module division in the cpu 401 may be similar to the function module division of each unit described in fig. 4, and will not be repeated here.
Wherein the memory 405 may be volatile storage or persistent storage. The program stored in memory 405 may include one or more modules, each of which may include a series of instruction operations on a server. Still further, the central processor 401 may be arranged to communicate with the memory 405, and execute a series of instruction operations in the memory 405 on the server 400.
The defending device 400 against cross-site scripting attack may also include one or more power supplies 402, one or more wired or wireless network interfaces 403, one or more input/output interfaces 404, and/or one or more operating systems, such as Windows ServerTM, mac OS XTM, unixTM, linuxTM, freeBSDTM, etc.
The cpu 401 may execute the operations executed by the method for defending against cross-site scripting attack in the embodiment shown in fig. 1, and will not be described herein in detail.
The embodiment of the application also provides a computer storage medium for storing computer software instructions for the method for defending the cross-site scripting attack, which comprises a program designed for execution.
The method for defending against cross-site scripting attack can be as described in the foregoing fig. 1 or fig. 2.
Embodiments of the present application also provide a computer program product, where the computer program product includes computer software instructions that can be loaded by a processor to implement the flow of the method for defending against cross-site scripting attack in any one of fig. 1 and 2.
In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., equivalent transformations of circuitry, partitioning of elements is merely one logical functional partitioning, and there may be additional partitioning aspects in actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not implemented. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, or alternatives falling within the spirit and principles of the invention.
Claims (5)
1. The defending method for the cross-site scripting attack is characterized by comprising the following steps:
acquiring an access request sent to a target website;
extracting a program statement included in the access request;
determining cross-site script attack defense setting in an activated state;
processing program sentences according to the cross-site script attack defense setting in the activated state;
the determining the cross-site scripting attack defense setting in the activated state comprises the following steps:
determining a cross-site scripting attack defense setting as the cross-site scripting attack defense setting in an activated state in the cross-site scripting attack defense setting based on the regularization and the cross-site scripting attack defense setting based on the keywords;
the defending method of the cross-site scripting attack is completed through a plug-in, the plug-in is associated with the target website based on a Spring Boot starter mechanism, and a message agent tool adopted by the plug-in is Apollo;
the processing the program statement according to the cross-site scripting attack defense setting in the activated state comprises the following steps:
if the cross-site scripting attack defense setting in the activated state is the regular-based cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out escape processing on the first target field based on the setting of a user through a message agency tool, wherein the escape processing is completed based on an html escape comparison table;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field conforming to the keyword setting exists in the program statement;
and if the second target field exists, carrying out escape processing on the second target field based on the setting of a user through a message agency tool, wherein the escape processing is completed based on an html escape comparison table.
2. The method for defending against cross-site scripting attack according to claim 1, wherein the regular expression included in the regular-based cross-site scripting attack defending set is set for a user based on a message broker; the keywords included in the keyword-based defense setting are user message-agent-based settings.
3. A defending device for cross-site scripting attack, comprising:
the acquisition unit is used for acquiring the access request sent to the target website;
an extracting unit, configured to extract a program statement included in the access request;
a determining unit configured to determine a defensive setting in an activated state;
the processing unit is used for processing the program statement according to the defense setting in the activated state;
the determining unit is specifically configured to:
determining a cross-site scripting attack defense setting as the cross-site scripting attack defense setting in an activated state in the cross-site scripting attack defense setting based on the regularization and the cross-site scripting attack defense setting based on the keywords;
the defending method of the cross-site scripting attack is completed through a plug-in, the plug-in is associated with the target website based on a Spring Boot starter mechanism, and a message agent tool adopted by the plug-in is Apollo;
the processing unit is specifically configured to:
if the cross-site scripting attack defense setting in the activated state is the regular-based cross-site scripting attack defense setting, detecting whether a first target field conforming to a regular expression exists in the program statement;
if the first target field exists, carrying out escape processing on the first target field based on the setting of a user through a message agency tool, wherein the escape processing is completed based on an html escape comparison table;
if the cross-site scripting attack defense setting in the activated state is the cross-site scripting attack defense setting based on the keywords, detecting whether a second target field conforming to the keyword setting exists in the program statement;
and if the second target field exists, carrying out escape processing on the second target field based on the setting of a user through a message agency tool, wherein the escape processing is completed based on an html escape comparison table.
4. A defending device for cross-site scripting attack, comprising:
the device comprises a central processing unit, a memory, an input/output interface, a wired or wireless network interface and a power supply;
the memory is a short-term memory or a persistent memory;
the central processor is configured to communicate with the memory, to execute instruction operations in the memory on a defending device against the cross-site scripting attack to perform the method of any one of claims 1 to 2.
5. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111097418.5A CN113810418B (en) | 2021-09-18 | 2021-09-18 | Method for defending cross-site scripting attack and related equipment thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111097418.5A CN113810418B (en) | 2021-09-18 | 2021-09-18 | Method for defending cross-site scripting attack and related equipment thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113810418A CN113810418A (en) | 2021-12-17 |
| CN113810418B true CN113810418B (en) | 2023-12-26 |
Family
ID=78939990
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111097418.5A Active CN113810418B (en) | 2021-09-18 | 2021-09-18 | Method for defending cross-site scripting attack and related equipment thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113810418B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553550B (en) * | 2022-02-24 | 2024-02-02 | 京东科技信息技术有限公司 | Request detection method and device, storage medium and electronic equipment |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291394A (en) * | 2011-07-22 | 2011-12-21 | 网宿科技股份有限公司 | Security defense system based on network accelerating equipment |
| CN102999723A (en) * | 2012-11-20 | 2013-03-27 | 焦点科技股份有限公司 | Method and device for generating data defense assembly for actively defending XSS (Cross Site Script) attack |
| CN104601558A (en) * | 2014-12-31 | 2015-05-06 | 微梦创科网络科技(中国)有限公司 | Method and device for defending cross-site request forgery attacks |
| CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
| CN109302380A (en) * | 2018-08-15 | 2019-02-01 | 全球能源互联网研究院有限公司 | A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system |
| CN110417746A (en) * | 2019-07-05 | 2019-11-05 | 平安国际智慧城市科技股份有限公司 | Cross-site scripting attack defence method, device, equipment and storage medium |
| CN110650117A (en) * | 2019-08-01 | 2020-01-03 | 平安科技(深圳)有限公司 | Cross-site attack protection method, device, equipment and storage medium |
| CN111063351A (en) * | 2019-12-20 | 2020-04-24 | 北京声智科技有限公司 | Alarm clock control method and device |
| CN111953668A (en) * | 2020-07-30 | 2020-11-17 | 中国工商银行股份有限公司 | Network security information processing method and device |
| CN113194059A (en) * | 2021-02-24 | 2021-07-30 | 天津大学 | Method for selecting defense strategy of moving target |
| CN113364815A (en) * | 2021-08-11 | 2021-09-07 | 飞狐信息技术(天津)有限公司 | Cross-site scripting vulnerability attack defense method and device |
-
2021
- 2021-09-18 CN CN202111097418.5A patent/CN113810418B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291394A (en) * | 2011-07-22 | 2011-12-21 | 网宿科技股份有限公司 | Security defense system based on network accelerating equipment |
| CN102999723A (en) * | 2012-11-20 | 2013-03-27 | 焦点科技股份有限公司 | Method and device for generating data defense assembly for actively defending XSS (Cross Site Script) attack |
| CN104601558A (en) * | 2014-12-31 | 2015-05-06 | 微梦创科网络科技(中国)有限公司 | Method and device for defending cross-site request forgery attacks |
| CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
| CN109302380A (en) * | 2018-08-15 | 2019-02-01 | 全球能源互联网研究院有限公司 | A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system |
| CN110417746A (en) * | 2019-07-05 | 2019-11-05 | 平安国际智慧城市科技股份有限公司 | Cross-site scripting attack defence method, device, equipment and storage medium |
| CN110650117A (en) * | 2019-08-01 | 2020-01-03 | 平安科技(深圳)有限公司 | Cross-site attack protection method, device, equipment and storage medium |
| CN111063351A (en) * | 2019-12-20 | 2020-04-24 | 北京声智科技有限公司 | Alarm clock control method and device |
| CN111953668A (en) * | 2020-07-30 | 2020-11-17 | 中国工商银行股份有限公司 | Network security information processing method and device |
| CN113194059A (en) * | 2021-02-24 | 2021-07-30 | 天津大学 | Method for selecting defense strategy of moving target |
| CN113364815A (en) * | 2021-08-11 | 2021-09-07 | 飞狐信息技术(天津)有限公司 | Cross-site scripting vulnerability attack defense method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113810418A (en) | 2021-12-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9860270B2 (en) | System and method for determining web pages modified with malicious code | |
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| US10237158B2 (en) | Broadcast interception method and apparatus of intelligent device | |
| AU2018229557A1 (en) | Methods and apparatus for identifying and removing malicious applications | |
| US9229844B2 (en) | System and method for monitoring web service | |
| KR101899589B1 (en) | System and method for authentication about safety software | |
| EP3281143A1 (en) | Modifying web page code to include code to protect output | |
| JP2014510353A (en) | Risk detection processing method and apparatus for website address | |
| US20190222587A1 (en) | System and method for detection of attacks in a computer network using deception elements | |
| WO2014153970A1 (en) | Method and apparatus for text input protection | |
| CN106203092B (en) | Method and device for intercepting shutdown of malicious program and electronic equipment | |
| Wang et al. | A new cross-site scripting detection mechanism integrated with HTML5 and CORS properties by using browser extensions | |
| CN113810418B (en) | Method for defending cross-site scripting attack and related equipment thereof | |
| CN110336812A (en) | Resource intercepting processing method, device, computer equipment and storage medium | |
| CN106161373B (en) | Safety protection information prompting method, safety monitoring device and system | |
| CN112650674A (en) | Method for remotely acquiring and debugging webpage log, computer equipment and storage medium | |
| CN108734007A (en) | A kind of processing method and processing device of monitoring application program | |
| CN113923190B (en) | Equipment identification jump identification method and device, server and storage medium | |
| CN114491229A (en) | Identity tracing method, device, equipment, storage medium and program for attacker | |
| US9582368B2 (en) | Method and apparatus for text input protection | |
| CN110875919B (en) | Network threat detection method and device, electronic equipment and storage medium | |
| KR20210076455A (en) | Method and apparatus for automated verifying of xss attack | |
| US20110125994A1 (en) | Methods and systems for secure online browsing | |
| CN115065540B (en) | Method and device for detecting web vulnerability attack and electronic equipment | |
| CN117331754B (en) | Abnormality problem reduction method, abnormality problem reduction system, electronic device, and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |