CN118074992A - Method and device for identifying unauthorized loopholes - Google Patents

Method and device for identifying unauthorized loopholes Download PDF

Info

Publication number
CN118074992A
CN118074992A CN202410250396.9A CN202410250396A CN118074992A CN 118074992 A CN118074992 A CN 118074992A CN 202410250396 A CN202410250396 A CN 202410250396A CN 118074992 A CN118074992 A CN 118074992A
Authority
CN
China
Prior art keywords
user account
access request
current user
vulnerability
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410250396.9A
Other languages
Chinese (zh)
Inventor
顿壮壮
孟庆飞
姜强
汤志刚
李晨曦
李岳桥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Guoshun Technology Co ltd
Original Assignee
Beijing Guoshun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Guoshun Technology Co ltd filed Critical Beijing Guoshun Technology Co ltd
Priority to CN202410250396.9A priority Critical patent/CN118074992A/en
Publication of CN118074992A publication Critical patent/CN118074992A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a method and a device for identifying an override vulnerability, which relate to the technical field of information security and are applied to a security monitoring platform, wherein the method comprises the following steps: acquiring user information of a client user in the login process of the client user; the user information comprises authority information of a current user account of the client; setting a first user account based on the user information; the first user account has the same authority as the current user account; in the process that a client sends an access request to a server through the current user account, generating a first access request corresponding to the first user account based on the access request; and sending the first access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed. According to the method provided by the invention, the preset account with the same authority is used for replacing the current user account to send the request for testing, and the detection accuracy is high.

Description

Method and device for identifying unauthorized loopholes
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and an apparatus for identifying an unauthorized vulnerability.
Background
In the prior art, the identification and protection method aiming at the unauthorized holes mainly comprises two kinds of static analysis and dynamic analysis. The static analysis mainly comprises the steps of analyzing codes to find out possible unauthorized holes; however, static analysis has the problems of incomplete leak detection, high false alarm rate and the like. The dynamic analysis is mainly to find out possible unauthorized holes by monitoring the behavior of the system during operation; however, the dynamic analysis has the problems of high monitoring cost, large influence on system performance and the like.
How to improve the detection capability of the system to the unauthorized loopholes is a technical problem to be solved at present.
Disclosure of Invention
The invention provides an identification method and device of an override vulnerability, which are used for solving the defects existing in the prior art.
The invention provides an identification method of an override vulnerability, which is applied to a security monitoring platform, and comprises the following steps:
acquiring user information of a client user in the login process of the client user; the user information comprises authority information of a current user account of the client;
Setting a first user account based on the user information; the first user account has the same authority as the current user account;
In the process that a client sends an access request to a server through the current user account, generating a first access request corresponding to the first user account based on the access request;
and sending the first access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
According to the method for identifying the unauthorized vulnerability, the access request comprises a plurality of parameters;
after the client sends the access request to the server through the current user account, the method further comprises:
Determining a target parameter from a plurality of parameters of the access request, and performing replacement operation on the target parameter to generate a replaced second access request;
and sending the second access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
According to the method for identifying the unauthorized holes, provided by the invention, after confirming that the unauthorized holes exist under the condition that verification is passed, the method further comprises the following steps:
and executing corresponding protective measures according to the override vulnerability.
According to the method for identifying the unauthorized holes, which is provided by the invention, corresponding protective measures are executed according to the unauthorized holes, and the method specifically comprises the following steps:
recording log information and sending out an alarm prompt; the log information is used for recording and monitoring current user behaviors.
According to the method for identifying the override vulnerability, the user account with the access right is stored through the access control list;
and executing corresponding protective measures according to the override vulnerability, wherein the protective measures specifically comprise:
And storing the current user account number into the access control list to limit the authority of the current user.
According to the method for identifying the override vulnerability, the user information further comprises the type of the current user account of the client;
the setting the first user account based on the user information includes:
Setting the type of the first user account based on the type of the current user account;
and setting the same authority as that of the current user account for the first user account based on the authority information of the current user account.
The invention also provides an identification device of the override vulnerability, which is applied to the server and comprises:
the acquisition module is used for acquiring user information of the client user in the login process of the client user; the user information comprises authority information of a current user account of the client;
The setting module is used for setting a first user account based on the user information; the first user account has the same authority as the current user account;
the generation module is used for generating a first access request corresponding to the first user account based on the access request in the process that the client sends the access request to the server through the current user account;
And the confirmation module is used for sending the first access request to the server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
According to the device for identifying the unauthorized holes, the access request comprises a plurality of parameters;
the device also comprises a replacement module, which is specifically used for:
after the client sends an access request to the server through the current user account, determining a target parameter in a plurality of parameters of the access request, and performing replacement operation on the target parameter to generate a replaced second access request;
and sending the second access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the method for identifying the unauthorized vulnerability when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of identifying an override vulnerability as described in any of the above.
The invention also provides a computer program product comprising a computer program which when executed by a processor implements a method of identifying an override vulnerability as described in any one of the above.
The method and the device for identifying the override vulnerability are applied to a security monitoring platform, and in the process of logging in by a client user, user information of the client user is obtained, wherein the user information comprises authority information of a current user account of the client, a first user account is set based on the user information, and the first user account and the current user account have the same authority; in the process that the client sends an access request to the server through the current user account, a first access request corresponding to the first user account is generated based on the access request, the first access request is sent to the server for permission verification, and under the condition that verification is passed, the existence of the unauthorized vulnerability is confirmed. Therefore, in the login process of the client user, an account with the same authority is preset based on the current user account of the client, when the client sends a request to the server through the current user account, the preset account with the same authority is used for replacing the current user account to send the request for testing, and under the condition that the authority verification of the server is passed, the existence of the override vulnerability is confirmed, and the detection accuracy is high.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of an unauthorized vulnerability identification method provided by the invention;
FIG. 2 is a second flow chart of the method for identifying an unauthorized vulnerability according to the present invention;
FIG. 3 is a third flow chart of the method for identifying an unauthorized vulnerability according to the present invention;
FIG. 4 is a complete flowchart of the method for identifying an override vulnerability provided by the invention;
FIG. 5 is a schematic structural diagram of an apparatus for identifying an unauthorized vulnerability according to the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that an unauthorized user may access and operate sensitive data and system resources of other users due to an unauthorized vulnerability.
Static analysis is a common vulnerability detection technology and can be used for finding potential unauthorized vulnerabilities in codes, and the static analysis of unauthorized vulnerabilities needs to be combined with various technologies and methods, including code examination, sensitive data identification, authority check, data flow analysis, input verification and the like. Meanwhile, the best security practices, such as a minimum authority principle, a data isolation principle and the like, need to be followed, so that the unauthorized loopholes are avoided.
Dynamic analysis is a method of identifying and detecting unauthorized vulnerabilities by observing the behavior of a program at runtime. Unlike static analysis, which is performed at program runtime, some unauthorized holes that cannot be detected by static analysis can be detected. When the dynamic analysis of the override vulnerability is carried out, the analysis is required to be carried out in combination with the specific situation of the application program. For example, extensive analysis and research of logs of applications, access control mechanisms, input verification mechanisms, and the like is required. Meanwhile, specialized vulnerability scanning tools and testing tools are required for testing and verification to discover potential unauthorized vulnerabilities.
However, the static analysis has the problems of incomplete leak detection, high false alarm rate and the like; the dynamic analysis has the problems of high monitoring cost, large influence on system performance and the like. Based on the above, the present invention provides a method and apparatus for identifying an unauthorized vulnerability, which are used for solving at least one of the above problems.
Before describing the method of the present invention in detail, the terminology involved in the present invention will be explained schematically.
IAST (INTERACTIVE APPLICATION SECURITY TESTING, interactive application security test) stake-inserting technique: IAST instrumentation is a technique for testing program performance, detecting errors, and obtaining program execution information. On the basis of ensuring the original logic integrity of the tested program, a plurality of probes (probes) are inserted into the program, namely, a plurality of codes are added, and the control flow and data flow information of the program are obtained. The code of the read timer is inserted before and after the execution of the function, for example, by an automatic tool or manually, to obtain the function execution time.
The following describes a method and a device for identifying an unauthorized vulnerability in accordance with the present invention with reference to fig. 1 to 6.
Fig. 1 is one of flow diagrams of an unauthorized vulnerability identification method provided in this embodiment, and as shown in fig. 1, the unauthorized vulnerability identification method provided in this embodiment is applied to a security monitoring platform, and the method includes:
step 100, obtaining user information of a client user in a client user login process; the user information comprises authority information of a current user account of the client.
It should be noted that, the method for identifying the unauthorized holes based on IAST stake-inserting technology provided by the embodiment can be applied to a financial system in the financial industry.
Specifically, a security monitoring platform is set between a network device such as a client and a server, and the implementation subject of the embodiment is the security monitoring platform.
Specifically, in the client user login process, the relevant information of the current login user is obtained through a hook login interface, and may include, for example, a user identity, authority information of the current user account, a type of the current user account, and the like.
Step 200, setting a first user account based on the user information; the first user account and the current user account have the same authority.
Specifically, after the security monitoring platform obtains the user information, because the user information includes the authority information and the type of the current user account, the security monitoring platform can preset an account with the same type and the same authority based on the authority information and the type of the current user account, and the account is used for subsequent testing.
Step 300, in the process that the client sends an access request to the server through the current user account, generating a first access request corresponding to the first user account based on the access request.
Specifically, when the client requests a service method from the server through the current user account, testing is performed based on a preset first user account. And replacing the current user account of the client with the first user account, and sending a first access request to the server by the first user account.
Optionally, key parameters such as cookies and the like can be replaced in the access request sent to the server by the user through the current user account, and the access request is initiated again.
And 400, sending the first access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
Specifically, the replaced access request is resent to the server for permission verification, and if the verification is passed, the request is successful, and the existence of an unauthorized vulnerability in the current system is indicated; if the verification is not passed, namely the request is unsuccessful, the existence of the unauthorized vulnerability in the current system is indicated. After the potential override vulnerability is identified, further safeguards can be taken.
The above is a description of the steps of the method for identifying an unauthorized vulnerability provided by the present invention. As can be seen from the description of the above steps, the method for identifying the override vulnerability provided by the invention is applied to a security monitoring platform, and in the process of logging in a client user, user information of the client user is obtained, wherein the user information comprises authority information of a current user account of the client, and a first user account is set based on the user information, wherein the first user account has the same authority as the current user account; in the process that the client sends an access request to the server through the current user account, a first access request corresponding to the first user account is generated based on the access request, the first access request is sent to the server for permission verification, and under the condition that verification is passed, the existence of the unauthorized vulnerability is confirmed. Therefore, in the login process of the client user, an account with the same authority is preset based on the current user account of the client, when the client sends a request to the server through the current user account, the preset account with the same authority is used for replacing the current user account to send the request for testing, and under the condition that the authority verification of the server is passed, the existence of the override vulnerability is confirmed, and the detection accuracy is high.
Based on the above embodiments, in the present embodiment, fig. 2 is a second flow chart of the method for identifying an override vulnerability provided in the present embodiment, as shown in fig. 2, the access request includes a plurality of parameters;
After the client sends an access request to the server through the current user account in step 300, the method further includes:
Step 210, determining a target parameter from a plurality of parameters of the access request, and performing a replacement operation on the target parameter to generate a replaced second access request.
And 220, sending the second access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
It should be noted that the access request includes a plurality of parameters, and common parameters in the access request include id, uid, sid, userid, a mobile phone number, a mailbox, and the like. During the test, the parameters including the id should be more sensitive. For example, it may be detected whether there is an override vulnerability by traversing these parameters.
Specifically, the above embodiment has mentioned that, for testing, after the client sends the access request to the server through the current user account, the target parameter in the access request, for example, the key parameter such as the cookie, may be replaced, and the replaced second access request may be generated. Sending a second access request to a server for permission verification, and if the verification is passed, the request is successful, which indicates that an unauthorized vulnerability exists in the current system; if the verification is not passed, namely the request is unsuccessful, the existence of the unauthorized vulnerability in the current system is indicated. After the potential override vulnerability is identified, further safeguards can be taken.
According to the method for identifying the override vulnerability, when the client sends the request to the server through the current user account, the target parameters in the access request are replaced, and a replaced second access request is generated. And sending the second access request to the server for permission verification, and if the verification is passed, namely the request is successful, indicating that the current system has an unauthorized vulnerability, and having high detection accuracy.
Based on the above embodiment, in this embodiment, after confirming that an override vulnerability exists in the case that the verification passes, the method further includes:
and executing corresponding protective measures according to the override vulnerability.
In one embodiment, the safeguard may be to record log information and issue an alert prompt; the log information is used for recording and monitoring current user behaviors.
In another embodiment, a user account with access rights is stored through an access control list;
The safeguard may also be to store the current user account to the access control list to limit the rights of the current user.
In yet another embodiment, the safeguards may also be to block user access and trigger security alert mechanisms and to automatically apply security policies to fix vulnerabilities.
It should be noted that any one or more of the above-described safeguards may be taken after confirming that an override vulnerability exists.
According to the method for identifying the unauthorized holes, after the unauthorized holes are confirmed, corresponding protection measures are executed according to the unauthorized holes, so that the safety of the system is improved.
Based on the above embodiments, in this embodiment, fig. 3 is a third flowchart of the method for identifying an override vulnerability provided in this embodiment, as shown in fig. 3, where the user information further includes a type of a current user account of the client;
Step 200 sets a first user account based on the user information, including:
step 310, setting the type of the first user account based on the type of the current user account.
Step 320, setting the same authority as the current user account for the first user account based on the authority information of the current user account.
Specifically, the user information of the current login user of the client may include a user identity, authority information of the current user account, a type of the current user account, and the like.
Accordingly, the first user account is set based on the user information, namely, the type of the first user account is set based on the type of the current user account, and the same authority as that of the current user account is set for the first user account based on the authority information of the current user account. After the setting is finished, the subsequent test is convenient.
According to the method for identifying the override vulnerability, in the process of logging in the client user, an account with the same authority is preset based on the current user account of the client, when the client sends a request to the server through the current user account, the preset account with the same authority is used for replacing the current user account to send the request for testing, and under the condition that the authority verification of the server is passed, the existence of the override vulnerability is confirmed, and the detection accuracy is high.
The following describes a complete process of unauthorized vulnerability identification provided in the embodiment of the present invention.
Specifically, fig. 4 is a complete flowchart of an override vulnerability identification method provided by the embodiment of the present invention, as shown in fig. 4, in the process of logging in a client user, an account with the same authority is preset based on a current user account of the client, when the client sends a request to a server through the current user account, the preset account with the same authority is used to replace the current user account to send the request for testing, and when the authority verification of the server passes, the existence of the override vulnerability is confirmed, the detection accuracy is high, and the specific steps are as follows:
1. a user logs in at a client;
2. the safety monitoring platform acquires user information through a hook login interface;
3. the client sends an access request to the server through the current user account;
4. The security monitoring platform generates a first access request corresponding to the first user account or generates a second access request after replacing the target parameter;
5. Verifying whether the server authority passes or not;
6. if yes, an override vulnerability exists; if not, no override vulnerability exists;
7. if the override vulnerability exists, the log information is recorded, and an alarm prompt is sent out or the current user account is stored in the access control list.
8. Ending the test flow.
The device for identifying the unauthorized holes provided by the invention is described below, and the device for identifying the unauthorized holes described below and the method for identifying the unauthorized holes described above can be correspondingly referred to each other.
Fig. 5 is a schematic structural diagram of an apparatus for identifying an unauthorized hole according to the present embodiment, as shown in fig. 5, where the apparatus for identifying an unauthorized hole is applied to a server, and the apparatus includes:
An obtaining module 501, configured to obtain user information of a client user during a login process of the client user; the user information comprises authority information of a current user account of the client;
A setting module 502, configured to set a first user account based on the user information; the first user account has the same authority as the current user account;
A generating module 503, configured to generate, in a process that a client sends an access request to a server through the current user account, a first access request corresponding to the first user account based on the access request;
And the confirmation module 504 is configured to send the first access request to a server for permission verification, and confirm that an unauthorized vulnerability exists when verification passes.
The device for identifying the override vulnerability is applied to a security monitoring platform, and in the process of logging in a client user, user information of the client user is obtained, wherein the user information comprises authority information of a current user account of the client, a first user account is set based on the user information, and the first user account and the current user account have the same authority; in the process that the client sends an access request to the server through the current user account, a first access request corresponding to the first user account is generated based on the access request, the first access request is sent to the server for permission verification, and under the condition that verification is passed, the existence of the unauthorized vulnerability is confirmed. Therefore, in the login process of the client user, an account with the same authority is preset based on the current user account of the client, when the client sends a request to the server through the current user account, the preset account with the same authority is used for replacing the current user account to send the request for testing, and under the condition that the authority verification of the server is passed, the existence of the override vulnerability is confirmed, and the detection accuracy is high.
Based on the above embodiment, in this embodiment, the access request includes a plurality of parameters;
the device also comprises a replacement module, which is specifically used for:
after the client sends an access request to the server through the current user account, determining a target parameter in a plurality of parameters of the access request, and performing replacement operation on the target parameter to generate a replaced second access request;
and sending the second access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
Based on the foregoing embodiment, in this embodiment, the apparatus further includes a protection module, specifically configured to:
And under the condition that verification is passed, after confirming that the unauthorized hole exists, executing corresponding protective measures according to the unauthorized hole.
Based on the foregoing embodiments, in this embodiment, the protection module is specifically configured to:
recording log information and sending out an alarm prompt; the log information is used for recording and monitoring current user behaviors.
Based on the above embodiment, in the present embodiment, the user account having the access right is stored through the access control list;
The protection module is specifically used for:
And storing the current user account number into the access control list to limit the authority of the current user.
Based on the above embodiment, in this embodiment, the user information further includes a type of a current user account of the client;
The setting module 502 is specifically configured to:
Setting the type of the first user account based on the type of the current user account;
and setting the same authority as that of the current user account for the first user account based on the authority information of the current user account.
Fig. 6 illustrates a physical schematic diagram of an electronic device, as shown in fig. 6, which may include: processor 610, communication interface (Communications Interface) 620, memory 630, and communication bus 640, wherein processor 610, communication interface 620, memory 630 communicate with each other via communication bus 640. The processor 610 may call logic instructions in the memory 630 to perform an identification method of an override vulnerability, applied to a security monitoring platform, the method comprising:
acquiring user information of a client user in the login process of the client user; the user information comprises authority information of a current user account of the client;
Setting a first user account based on the user information; the first user account has the same authority as the current user account;
In the process that a client sends an access request to a server through the current user account, generating a first access request corresponding to the first user account based on the access request;
and sending the first access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
Further, the logic instructions in the memory 630 may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention further provides a computer program product, where the computer program product includes a computer program, where the computer program can be stored on a non-transitory computer readable storage medium, and when the computer program is executed by a processor, the computer can execute the method for identifying an override vulnerability provided by the above methods, and the method is applied to a security monitoring platform, and the method includes:
acquiring user information of a client user in the login process of the client user; the user information comprises authority information of a current user account of the client;
Setting a first user account based on the user information; the first user account has the same authority as the current user account;
In the process that a client sends an access request to a server through the current user account, generating a first access request corresponding to the first user account based on the access request;
and sending the first access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
In yet another aspect, the present invention further provides a non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, is implemented to perform a method for identifying an override vulnerability provided by the above methods, applied to a security monitoring platform, the method comprising:
acquiring user information of a client user in the login process of the client user; the user information comprises authority information of a current user account of the client;
Setting a first user account based on the user information; the first user account has the same authority as the current user account;
In the process that a client sends an access request to a server through the current user account, generating a first access request corresponding to the first user account based on the access request;
and sending the first access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. The method for identifying the unauthorized vulnerability is applied to a security monitoring platform and is characterized by comprising the following steps:
acquiring user information of a client user in the login process of the client user; the user information comprises authority information of a current user account of the client;
Setting a first user account based on the user information; the first user account has the same authority as the current user account;
In the process that a client sends an access request to a server through the current user account, generating a first access request corresponding to the first user account based on the access request;
and sending the first access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
2. The method for identifying an override vulnerability as recited in claim 1, wherein the access request comprises a plurality of parameters;
after the client sends the access request to the server through the current user account, the method further comprises:
Determining a target parameter from a plurality of parameters of the access request, and performing replacement operation on the target parameter to generate a replaced second access request;
and sending the second access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
3. The method for identifying an override vulnerability according to claim 1 or 2, wherein after confirming that an override vulnerability exists in the case of verification, the method further comprises:
and executing corresponding protective measures according to the override vulnerability.
4. The method for identifying an override vulnerability according to claim 3, wherein the executing corresponding protection measures according to the override vulnerability specifically includes:
recording log information and sending out an alarm prompt; the log information is used for recording and monitoring current user behaviors.
5. The method for identifying an override vulnerability as recited in claim 3, wherein the user account having access rights is stored via an access control list;
and executing corresponding protective measures according to the override vulnerability, wherein the protective measures specifically comprise:
And storing the current user account number into the access control list to limit the authority of the current user.
6. The method for identifying an override vulnerability according to claim 1, wherein the user information further comprises a type of a current user account of the client;
the setting the first user account based on the user information includes:
Setting the type of the first user account based on the type of the current user account;
and setting the same authority as that of the current user account for the first user account based on the authority information of the current user account.
7. An apparatus for identifying an unauthorized vulnerability, applied to a server, characterized in that the apparatus comprises:
the acquisition module is used for acquiring user information of the client user in the login process of the client user; the user information comprises authority information of a current user account of the client;
The setting module is used for setting a first user account based on the user information; the first user account has the same authority as the current user account;
the generation module is used for generating a first access request corresponding to the first user account based on the access request in the process that the client sends the access request to the server through the current user account;
And the confirmation module is used for sending the first access request to the server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
8. The apparatus for identifying an override vulnerability as recited in claim 7, wherein the access request comprises a plurality of parameters;
the device also comprises a replacement module, which is specifically used for:
after the client sends an access request to the server through the current user account, determining a target parameter in a plurality of parameters of the access request, and performing replacement operation on the target parameter to generate a replaced second access request;
and sending the second access request to a server for permission verification, and confirming that the unauthorized vulnerability exists under the condition that verification is passed.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of identifying an override vulnerability as claimed in any one of claims 1 to 6 when the program is executed by the processor.
10. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the method of identifying an override vulnerability of any one of claims 1 to 6.
CN202410250396.9A 2024-03-05 2024-03-05 Method and device for identifying unauthorized loopholes Pending CN118074992A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410250396.9A CN118074992A (en) 2024-03-05 2024-03-05 Method and device for identifying unauthorized loopholes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410250396.9A CN118074992A (en) 2024-03-05 2024-03-05 Method and device for identifying unauthorized loopholes

Publications (1)

Publication Number Publication Date
CN118074992A true CN118074992A (en) 2024-05-24

Family

ID=91107414

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410250396.9A Pending CN118074992A (en) 2024-03-05 2024-03-05 Method and device for identifying unauthorized loopholes

Country Status (1)

Country Link
CN (1) CN118074992A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110084044A (en) * 2019-03-14 2019-08-02 深圳壹账通智能科技有限公司 For the horizontal method and relevant device that loophole is tested automatically of going beyond one's commission
CN110968872A (en) * 2019-11-20 2020-04-07 北京国舜科技股份有限公司 File vulnerability detection processing method and device, electronic equipment and storage medium
CN113961940A (en) * 2021-12-21 2022-01-21 杭州海康威视数字技术股份有限公司 Override detection method and device based on authority dynamic update mechanism
WO2022143145A1 (en) * 2021-01-04 2022-07-07 北京沃东天骏信息技术有限公司 Over-permission loophole detection method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110084044A (en) * 2019-03-14 2019-08-02 深圳壹账通智能科技有限公司 For the horizontal method and relevant device that loophole is tested automatically of going beyond one's commission
CN110968872A (en) * 2019-11-20 2020-04-07 北京国舜科技股份有限公司 File vulnerability detection processing method and device, electronic equipment and storage medium
WO2022143145A1 (en) * 2021-01-04 2022-07-07 北京沃东天骏信息技术有限公司 Over-permission loophole detection method and apparatus
CN113961940A (en) * 2021-12-21 2022-01-21 杭州海康威视数字技术股份有限公司 Override detection method and device based on authority dynamic update mechanism

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
姜海涛;郭雅娟;陈昊;郭静;周超;徐建;: "基于状态机的移动应用越权访问漏洞检测方法", 南京理工大学学报, no. 04, 30 August 2017 (2017-08-30) *

Similar Documents

Publication Publication Date Title
CN108989355B (en) Vulnerability detection method and device
CN110719300B (en) Method and system for automatic vulnerability verification
CN111416811A (en) Unauthorized vulnerability detection method, system, equipment and storage medium
CN113961940B (en) Override detection method and device based on authority dynamic update mechanism
CN110049028B (en) Method and device for monitoring domain control administrator, computer equipment and storage medium
CN116842531B (en) Code vaccine-based vulnerability real-time verification method, device, equipment and medium
CN110798428A (en) Detection method, system and related device for violent cracking behavior of account
CN113868659A (en) Vulnerability detection method and system
CN115774864B (en) Code leakage protection method and device based on git hook script
KR102338998B1 (en) System and method for checking log integrity and proving forgery and alteration activity of log through the same
CN112699369A (en) Method and device for detecting abnormal login through stack backtracking
CN111241547B (en) Method, device and system for detecting override vulnerability
CN113922975A (en) Security control method, server, terminal, system and storage medium
CN118074992A (en) Method and device for identifying unauthorized loopholes
CN115935356A (en) Software security testing method, system and application
US11921862B2 (en) Systems and methods for rules-based automated penetration testing to certify release candidates
CN111427767B (en) Attack test method and device for application system, computer equipment and storage medium
CN115189938A (en) Service safety protection method and device
Kahtan et al. Evaluation dependability attributes of web application using vulnerability assessments tools
CN111934949A (en) Safety test system based on database injection test
CN112380540B (en) Android application security detection method and device
CN117421253B (en) Interface security test method, device, equipment and storage medium
CN118785199A (en) Authentication test method and device, nonvolatile storage medium and electronic equipment
CN117951036B (en) User identification card security detection method, device and computer readable storage medium
CN111131248B (en) Website application security defect detection model modeling method and defect detection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination