GB2575006A - Website vulnerability detection - Google Patents

Website vulnerability detection Download PDF

Info

Publication number
GB2575006A
GB2575006A GB201805498A GB201805498A GB2575006A GB 2575006 A GB2575006 A GB 2575006A GB 201805498 A GB201805498 A GB 201805498A GB 201805498 A GB201805498 A GB 201805498A GB 2575006 A GB2575006 A GB 2575006A
Authority
GB
United Kingdom
Prior art keywords
website
verification
checks
component
site
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB201805498A
Other versions
GB201805498D0 (en
Inventor
Moaiandin Reza
Krestov Igor
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cyberscanner Ltd
Original Assignee
Cyberscanner Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cyberscanner Ltd filed Critical Cyberscanner Ltd
Priority to GB201805498A priority Critical patent/GB2575006A/en
Publication of GB201805498D0 publication Critical patent/GB201805498D0/en
Publication of GB2575006A publication Critical patent/GB2575006A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Detecting vulnerabilities in a website by crawling the website to detect one or more site components 310 and scanning the components. The step of crawling determines the type of components 330, the step of scanning has one or more scans that are selected based on the type of each component 350, 360. It may also involve listing the site components 320, determining if all of he components are known 340, and if not scanning all of the known components with an associated scanner 360, and scanning the components of an unknown type with a general scanner 370 and then finally generating a report. There is also a second invention that determines ownership of a website by providing a verification token to the website, performing a plurality of verification checks on the website, comparing the results and verifying the owner when the number of positive verification checks exceeds a threshold.

Description

WEBSITE VULNERABILITY DETECTION
The present invention relates to a system and method for performing checks on website components, and is concerned particularly, although not exclusively, with verifying 10 ownership of a website, determining the type of each website component, and performing vulnerability checks on each component.
With the development of the internet, organisations are 15 undertaking more of their activities online. As a result of this increase in online activity, it is necessary to protect against cyber-related attacks and unauthorised use, for example the use of a server for distributed denial-of-service attacks and crypto-mining activities. Furthermore, with this 20 increase in online activity, websites often contain a large amount of personal and commercially sensitive information.
This information is protected using virtual barriers such as username and password combinations, web application firewalls, and 2-step verification. However, there are a 25 number of security threats which aim to defeat and overcome these barriers.
There are a number of products which aim to protect organisations from such threats. These products require a 30 large amount of expertise to set up, manage, and monitor.
The large set-up and maintenance costs associated with such systems can deter small and medium organisations from implementing comprehensive protections against such threats.
Furthermore, as an organisation grows and develops, its online presence can grow to include multiple websites and domains, each with a different purpose. For example, the organisation may have a different domain for an online store, a blog, and a general information website. Monitoring all of these domains, which may host websites based on different underlying frameworks/platfonus, further adds to the complexities associated with managing security threats. Each framework/platform requires its own diagnostic checks to be performed. This ensures all known threats are detected and notified to the site manager.
Embodiments of the present invention aim to provide a system and method that addresses, at least in part, the aforementioned problems.
The present invention is defined in the attached independent claims, to which reference should now be made. Further preferred features may be found in the sub-claims appended thereto.
According to a first aspect of the present invention, there is provided an apparatus for detecting vulnerabilities of a website; the apparatus comprising a crawler arranged to navigate the website and detect one or more site components; and at least one scanner arranged to scan the one or more site components to detect vulnerabilities; wherein the crawler is further arranged to determine a type of each site component, and wherein the scanner is selected based upon the type of each component.
Preferably, the crawler is arranged in use to produce a site map showing the interaction between each of the one or more site components.
The crawler may be arranged to determine the type of each component based upon one or more features of the component.
Preferably, the features include, but are not limited to server response headers, cookies, file paths and objects.
The apparatus may further comprise a database of component types with associated features.
Preferably, the apparatus comprises an overall scanner arranged to scan the website by performing one or more known actions to detect vulnerabilities.
The overall scanner may comprise a database of previously successful actions on other websites with a substantially similar structure.
A first of the one or more scanners may communicate with at least a second of the one or more scanners to determine a response time of the website.
One or more of the scanners may be prioritised if the response time falls below a predetermined threshold.
One or more of the scanners may comprise a database of tests. The tests may be run on one or more of the site components during scanning.
The apparatus may further comprise a report generation unit for generating a site vulnerability report comprising a list of detected vulnerabilities.
According to a second aspect of the present invention, there is provided a method for detecting vulnerabilities of a website, the method comprising the steps of crawling the website to detect one or more site components; and scanning the one or more site components; wherein the step of crawling comprises determining a type of each site component, and the step of scanning comprises one or more scans, and wherein the scans are selected based upon the type of each component.
The method may further comprise the step of generating a site map of the components showing the interaction between each of the one or more site components.
Preferably, the step of scanning each component comprises scanning features of the component.
Preferably, the features include, but are not limited to server response headers, cookies, file paths and objects.
The step of scanning each component may further comprise comparing features of the component with a database of component types with associated features.
Preferably, the method further comprises a step of scanning the website using an overall scanner and performing one or more known actions to detect vulnerabilities.
The known actions may comprise further scans from a database of previously successful actions on third-party websites having a substantially similar structure to the website.
Optionally, the method further comprises the step of generating a site vulnerability report comprising a list of detected vulnerabilities.
According to a third aspect of the present invention, there is provided an apparatus for determining the ownership of a website, the apparatus comprising a verification token; and a verification unit; wherein the verification token is provided to the website, and the verification unit checks a plurality of remote servers for the verification token, and wherein ownership is verified when the number of checks that return a positive verification result exceeds a predetermined threshold.
Preferably, the predetermined threshold is more than half of the number of checks undertaken.
The verification token may be a file and/or a unigue identifier .
The verification unit may check at least three remote servers.
The remote servers may be publicly cached DNS servers.
The verification unit may periodically check the plurality of remote servers for the verification token when the number checks that return a negative verification result exceeds the predetermined threshold.
According to a fourth aspect of the present invention, there is provided a method of determining ownership of a website;
the method comprising the steps of providing a verification token to the website; performing a plurality of verification checks on the website; and comparing results of the plurality of verification checks; wherein website ownership is verified when the number of verification checks that return a positive verification result exceeds a predetermined threshold.
Preferably, the predetermined threshold may be more than half of the number of verification checks undertaken.
The verification token may be a file and/or a unique identifier .
The method may comprise running at least three verification checks .
The verification checks may be run via a plurality of remote verification servers.
The verification servers may be publicly cached DNS servers.
The method may further comprise periodically repeating the steps of running the plurality of verification checks on the website and comparing the results of the plurality of verification checks, when the verification checks return a negative result.
According to another aspect of the present invention, there is provided apparatus comprising a processor and a memory having therein computer readable instructions, the processor being arranged in use to read the instructions to cause the performance of a method for detecting vulnerabilities of a website, the method comprising the steps of crawling the website to detect one or more site components; and scanning the one or more site components; wherein the step of crawling comprises determining a type of each site component, and the step of scanning comprises one or more scans, and wherein the scans are selected based upon the type of each component.
The invention also includes a computer implemented method comprising detecting vulnerabilities of a website, the method comprising the steps of crawling the website to detect one or more site components; and scanning the one or more site components; wherein the step of crawling comprises determining a type of each site component, and the step of scanning comprises one or more scans, and wherein the scans are selected based upon the type of each component.
In a further aspect, the invention provides a computer program product on a non-transitory computer readable storage medium, comprising computer readable instructions that, when executed by a computer, cause the computer to perform a method for detecting vulnerabilities of a website, the method comprising the steps of crawling the website to detect one or more site components; and scanning the one or more site components; wherein the step of crawling comprises determining a type of each site component, and the step of scanning comprises one or more scans, and wherein the scans are selected based upon the type of each component.
According to another aspect of the present invention, there is provided apparatus comprising a processor and a memory having therein computer readable instructions, the processor being arranged in use to read the instructions to cause the performance of a method of determining ownership of a website; the method comprising the steps of providing a verification token to the website; performing a plurality of verification checks on the website; and comparing results of the plurality of verification checks; wherein website ownership is verified when the number of verification checks that return a positive verification result exceeds a predetermined threshold.
The invention also includes a computer implemented method comprising determining ownership of a website; the method comprising the steps of providing a verification token to the website; performing a plurality of verification checks on the website; and comparing results of the plurality of verification checks; wherein website ownership is verified when the number of verification checks that return a positive verification result exceeds a predetermined threshold.
In a further aspect, the invention provides a computer program product on a non-transitory computer readable storage medium, comprising computer readable instructions that, when executed by a computer, cause the computer to perform a method of determining ownership of a website; the method comprising the steps of providing a verification token to the website; performing a plurality of verification checks on the website; and comparing results of the plurality of verification checks; wherein website ownership is verified when the number of verification checks that return a positive verification result exceeds a predetermined threshold.
The invention may include any limitations referred to herein, features as are mutually inconsistent.
Preferred embodiments described by way of accompanying drawings, combination of features or except such a combination of exclusive, or mutually of the present invention will now be example only with reference to the in which:
Figure 1 shows schematically an overview of a system for detecting vulnerabilities of a website according to an embodiment of the invention;
Figure 2 is a flowchart of a method for detecting vulnerabilities of a website according to an embodiment of the invention;
Figure 3 shows schematically an overview of a system for determining ownership of a website according to an embodiment of the invention; and
Figure 4 is a flowchart of a method for determining ownership of a website according to an embodiment of the invention.
The present invention concerns a system and method for detecting vulnerabilities and determining ownership of a website to simplify the process of monitoring and managing an organisation'’s online presence.
Figure 1 shows a system 100 for detecting vulnerabilities of a website 200. The system 100 comprises a crawler 110 and at least one scanner 120A,120B,120C,120D. The crawler 110 is a process which, for example, accesses the website and indexes/identifies different domains and their framework/platform. The scanners 120A, 120B,120C,120D are processes which, for example, perform checks on each of the domains to identify any cyber-security risks. Each scanner 120A,120B,120C,120D may be associated with a specific component type. For example, there may be specific scanners for one type of online store, one type of blog, and other components.
The crawler 110 is arranged to crawl the website 200 and produce a website map of site components 210A,210B,210C.
A website 200 often comprises a number of domains and subdomains therefore, in order to efficiently crawl the entire website 200, it is necessary to choose an optimal starting point. The crawler 100 may start at any one of a number of points. Websites commonly run on a hypertext transfer protocol (http), which may or may not be a secure protocol (https). Similarly, websites may use URL redirects; for example, some websites use a URL redirect which enable users to arrive at the correct content regardless of whether they enter the 'www' prior to the domain name. Therefore, the use of secure/unsecure protocols and URL redirects, results in four different starting points:
1. https://www.domain.com/
2. https://domain.com/
3. http://www.domain.com/
4. http://domain.com/
In order to accurately and efficiently crawl the website these four different starting points may be prioritised. This reduces any duplications in the crawling process and, as a result, increases efficiency.
In an embodiment of the system 100, if a website 200 only has a single possible starting point then that starting point is chosen. Alternatively, if there are two or more possible starting points, then the starting points may be prioritised depending on predetermined preferences. For example, it may be desirable to prioritise https over http.
Each site component 210A,210B,2IOC may be designed to operate a different aspect of the website 200. For example, component 210A may be an online store, component 210B may be a blog, and component 210C may be an online forum. It will be appreciated that the website 200 may have more than three components, which may be of various types. Each component 210A,210B,210C may have an identifier 215A,215B,215C which indicates the component type. The identifier 215A,215B,215C may include but is not limited to any of a server response header, a cookie, a file path and/or objects, such as HTML objects, JavaScript objects, and JavaScript file paths. It will be appreciated that the identifier 215A,215B, 215C may be any part of the component 210A, 210B, 210C capable of distinguishing one component type from another. The identifiers 215A,215B,215C are matched to known identifiers in a remote database and enables detection of the type of component. This removes the requirement for the site manager to manually input component types, thereby reducing user inputting errors when initialising the system 100. Furthermore, it increases the amount of information provided to the scanner, reducing the number of calls to the server and increasing efficiency.
The crawler 110 will start from the starting point and crawl through the website 200 to determine how many, and what type of components 210A,210B,210C are contained within the website 200 structure.
This website structure will be provided to the system 100, which will initiate the one or more scanners 120A,120B,120C, 120D depending on the type of components 210A,210B,210C detected by the crawler 110. For example, where component 210A is an online store, scanner 120A will be a scanner specifically designed to detect vulnerabilities in the framework/platform of that online store. Similarly, a specific scanner 120B may be initiated for a blog component 210B, and a scanner 120C for an online forum component 210C.
Each of the scanners 120A,120B,120C comprises a database of known vulnerabilities associated with the respective type, and will detect the vulnerabilities in each of the components 210A,210B,210C. The system 100 may also produce a report highlighting said vulnerabilities. The report may enable system administrators to more accurately track and remedy specific vulnerabilities, resulting in a more secure online platform.
When a website 2 00 has a large number of components, the scanners 120A,120B,120C may communicate with each other to determine the response time of the website 200. If the response time falls below a predetermined threshold, the scanners 120A,120B,120C may be prioritised so that users of the website are not affected by the scanning process.
In some embodiments, the website 200 may comprise components which do not have an associated scanner specifically targeted to that component's type. This may occur when a website 200 uses unique and/or unusual code, such as a custom component. In this embodiment, a general scanner 120D may be used which comprises information from scans of other third-party components, as well as checks for common vulnerabilities. This general scan aims to detect any potential vulnerabilities in the custom components. For example, an eCommerce company may run a number of online stores using the same custom component. In this example, the general scanner 120D may detect similarities in the different online stores as we 11 as a number of difference, for example the products sold on the store. The general scanner will focus on the underlying structure of the store, which will be common amongst each of the different stores. This reduces the amount of scanning required.
Figure 2 is a flowchart of a method 100 for detecting vulnerabilities of a website. At step 310 a crawler, such as the crawler 110 of Figure 1, crawls a website starting from a preferred start point (as discussed above). Once the crawler has completed the crawl, the method moves to step 320, where a list of components is produced. For each component in the list, the method at step 330, determines the type of component based on one or more identifiers.
Once the type of the components has been determined, the method progresses to step 340, where a check is undertaken to determine whether all detected components are of a known type. If so, the method progresses to step 350 where scanners designed to scan each of the known component types are initiated for each component.
If one or more of the components do not have a known type, the method progresses to step 360 where the components with a known type are scanned using the respective scanners, as in step 350. Once the components of a known type have been scanned, the method progresses to step 370 where a general scanner is used to detect any potential vulnerabilities in the components of an unknown type.
In some embodiments, the method may initiate a general scanner regardless of whether the components are all of a known type.
Once the scanners have scanned the components, the method progresses to step 380 where a report of the vulnerabilities is produced.
Figure 3 shows a system 400 for determining the ownership of a website 200. The system 400 comprises a verification unit 410 arranged to provide a verification token 415 to the website 200. The verification token 415 may be a file and/or unique identifier generated by the verification unit 410 and uploaded by a site administrator.
The verification token 415 may be a string and/or unique identifier generated by a third party and capable of identifying the website. For example, a unique string or a Google Analytics identifier. The verification token 415 is uploaded to the website 200, example when the verification it may be provided within the as in a HTML header.
or in some embodiments, for token 415 is a unique string, code of the website 200, such
Once the verification token 415 has been provided to the website 200, the verification unit 410 may instruct a plurality of remote servers 500A,500B,500C to determine whether the verification token 415 is present on the website 200.
Each of the remote servers 500A,500B,500C will access the website 200 and determine whether or not the verification token 415 is present. The remote servers 500A,500B,500C may be publicly cached DNS servers.
The remote servers 500A,500B,500C determine whether the verification token 415 is present and return the result of their check to the verification unit 410 of the system 400.
The verification unit 410 will collate the results from each of the remote servers 500A,500B,500C, and compare the results. In this embodiment, if more than half of the servers 500A,500B,500C return a positive result, that being one where the verification token 415 was present on the website 200, then the verification unit 410 will determine that the ownership of the website 200 has been verified. If at least half of the servers 500A,500B,500C return a negative result, that being one where the verification token 415 was not present or could not be located on the website 200, then the verification unit 410 will determine that the ownership of the website 200 has not been verified.
If at least half of the remote servers 500A, 500B, 500C return a negative result, the system 400 may, in some embodiments, continue requesting the remote servers 500A,500B,500C check the website 200 at predetermined intervals. This may continue until more than half of the servers 500A,500B,500C return a positive result. Alternatively, this may continue for a predetermined time period, after which it can be determined that the ownership of the website has not been verified.
It will be appreciated that the system 400 may use any number of remote servers to verify ownership of the website 200, as long as there are at least two remote servers to be able to independently verify the existence of the verification token 415 on the website 200. This ensures that any single response from a remote server is unable to, on its own determine verification of the ownership of the website 200.
The system 400 may be used in combination with the system 200 described in relation to Figure 1 to verify the ownership of the website 200 prior to detecting vulnerabilities. This prevents unauthorised users from crawling a website for potential vulnerabilities.
Figure 4 is a flowchart of a method 600 for determining ownership of a website. At step 610 a verification token is provided to the website. The verification token, as mentioned above, may be a file and/or unique identifier. The verification token may be uploaded to the website, and/or inserted into the code of the website, such as in a HTML header.
Once the verification token has been provided to the website, the method progresses to step 620. At step 620, a plurality of verification checkers are initiated to determine whether the website contains the verification token.
The plurality of verification checkers access the website and search for the verification token. It will be appreciated that any number of verification checkers may be used, provided there are at least two. Each verification checker returns a positive or negative result based upon whether the verification token was located. Once the results are received by the system, the method progresses to step 630.
At step 630, the results of the verification checkers are compared, and it is determined whether more than half of the verification checkers returned a positive result. For example, if three verification checkers are used at step 630, the method 600 will determine whether two or more of the verification checkers returned a positive result. If more than half of the verification checkers returned a positive result the method will proceed to step 660 where the website is verified, and the method stops. If less than half of the verification checkers returned a positive result, the method proceeds to step 640, where it is determined that the website is unverified.
After step 640, the method proceeds to step 650 where there is a predetermined delay. Once the delay period has elapsed the method returns to step 620 where the verification checkers are initiated again. The method then loops, repeating steps 620,630,640, and 650 until more than half of the verification checkers return a positive result, a predetermined time has elapsed, and/or a predetermined number of loops have been executed.
Whilst endeavouring in the foregoing specification to draw attention to those features of the invention believed to be 10 of particular importance, it should be understood that the applicant claims protection in respect of any patentable feature or combination of features referred to herein, and/or shown in the drawings, whether or not particular emphasis has been placed thereon.

Claims (39)

1. An apparatus for detecting vulnerabilities of a website; the apparatus comprising:
a crawler arranged to navigate the website and detect one or more site components; and at least one scanner arranged to scan the one or more site components to detect vulnerabilities;
wherein the crawler is further arranged to determine a type of each site component, and wherein the scanner is selected based upon the type of each component.
2. The apparatus of Claim 1, wherein the crawler is arranged in use to produce a site map showing the interaction between each of the one or more site components .
3. The apparatus of any of Claims 1 or 2, wherein the crawler is arranged to determine the type of each component based upon one or more features of the component.
4. The apparatus of Claim 3, wherein the features include, but are not limited to server response headers, cookies, file paths and objects.
5. The apparatus of any previous claim further comprising a database of component types with associated features.
6. The apparatus of any previous claim further comprising an overall scanner arranged to scan the website by performing one or more known actions to detect vulnerabilities .
7. The apparatus of Claim 6, wherein the overall scanner comprises a database of previously successful actions on other websites with a substantially similar structure .
8. The apparatus of any previous claim, wherein a first of the one or more scanners communicates with at least a second of the one or more scanners to determine a response time of the website.
9. The apparatus of any previous claim, wherein one or more of the scanners may be prioritised if the response time falls below a predetermined threshold.
10. The apparatus of any previous claim, wherein one or more of the scanners may comprise a database of tests.
11. The apparatus of claim 10, wherein the tests are run on one or more of the site components during scanning.
12. The apparatus of any previous claim, further comprising a report generation unit for generating a site vulnerability report comprising a list of detected vulnerabilities .
13. A method for detecting vulnerabilities of a website, the method comprising the steps of:
crawling the website to detect one or more site components; and scanning the one or more site components;
wherein the step of crawling comprises determining a type of each site component, and the step of scanning comprises one or more scans, and wherein the scans are selected based upon the type of each component.
14 .
15.
16.
17 .
18.
19.
20 .
The method of Claim 13 further comprising the step of generating a site map of the components showing the interaction between each of the one or more site components .
The method of any of Claims 13 or 14, wherein the step of scanning each component comprises scanning features of the component.
The method of Claim 15, wherein the features include, but are not limited to server response headers, cookies, file paths and objects.
The method of any of Claims 13 - 17, wherein the step of scanning each component further comprises comparing features of the component with a database of component types with associated features.
The method of ant if Claims 13 - 18, further comprising a step of scanning the website using an overall scanner and performing one or more known actions to detect vulnerabilities .
The method of Claim 18, wherein the known actions comprise further scans from a database of previously successful actions on third-party websites having a substantially similar structure to the website.
The method of any of Claims 13 - 19, further comprising the step of generating a site vulnerability report comprising a list of detected vulnerabilities.
21.
An apparatus for determining the ownership of a website, the apparatus comprising:
a verification token; and a verification unit;
wherein the verification token is provided to the website, and the verification unit checks a plurality of remote servers for the verification token, and wherein ownership is verified when the number of checks
22 .
that return a predetermined positive threshold. ver; Lfication result exceeds a The apparatus of Claim 21, wherein the predetermined threshold is more than half of the number of checks
undertaken .
23.
24 .
25.
26.
27.
The apparatus of any of Claims 21 or 22, wherein the verification token is a file and/or a unique identifier.
The apparatus of any of Claims 21 - 23, wherein the verification unit checks at least three remote servers.
The apparatus of any of Claims 21 - 24, wherein the remote servers may be publicly cached DNS servers.
The apparatus of any of Claims 21 - 25, wherein the verification unit periodically checks the plurality of remote servers for the verification token when the number checks that return a negative verification result exceeds the predetermined threshold.
A method of determining ownership of a website; the method comprising the steps of:
28 .
29.
30.
31.
32.
33.
providing a verification token to the website; performing a plurality of verification checks on the website; and comparing results of the plurality of verification checks;
wherein website ownership is verified when the number of verification checks that return a positive verification result exceeds a predetermined threshold.
The method of Claim 27, wherein the predetermined threshold is more than half of the number of verification checks undertaken.
The method of any of Claims 27 or 28, wherein the verification token is a file and/or a unique identifier.
The method of any of Claims 27 29, further comprising running at least three verification checks.
The method of any of Claims 27 - 30, wherein the verification checks are run via a plurality of remote verification servers.
The method of any of Claims 27 - 31, wherein the verification servers are publicly cached DNS servers.
The method of any of Claims 27 - 32, further comprising periodically repeating the steps of running the plurality of verification checks on the website and comparing the results of the plurality of verification checks, when the verification checks return a negative result.
34, An apparatus comprising a processor and a memory having therein computer readable instructions, the processor being arranged in use to read the instructions to cause the performance of a method for detecting vulnerabilities of a website, the method comprising the steps of:
crawling the website to detect one or more site components; and scanning the one or more site components;
wherein the step of crawling comprises determining a type of each site component, and the step of scanning comprises one or more scans, and wherein the scans are selected based upon the type of each component.
35. A computer implemented method comprising detecting vulnerabilities of a website, the method comprising the steps of:
crawling the website to detect one or more site components; and scanning the one or more site components;
wherein the step of crawling comprises determining a type of each site component, and the step of scanning comprises one or more scans, and wherein the scans are selected based upon the type of each component.
36. A computer program product on a non-transitory computer readable storage medium, comprising computer readable instructions that, when executed by a computer, cause the computer to perform a method for detecting vulnerabilities of a website, the method comprising the steps of:
5 crawling the website to detect one or more site components; and scanning the one or more site components;
wherein the step of crawling comprises determining a type of each site component, and the step of scanning 10 comprises one or more scans, and wherein the scans are selected based upon the type of each component.
37. An apparatus comprising a processor and a memory having therein computer readable instructions, the processor 15 being arranged in use to read the instructions to cause the performance of a method of determining ownership of a website; the method comprising the steps of: providing a verification token to the website;
performing a plurality of verification checks on the 20 website; and comparing results of the plurality of verification checks;
wherein website ownership is verified when the number of verification checks that return a positive 25 verification result exceeds a predetermined threshold.
38. A computer implemented method comprising determining ownership of a website; the method comprising the steps of:
30 providing a verification token to the website;
performing a plurality of verification checks on the website; and comparing results of the plurality of verification checks;
5 wherein, website ownership is verified when the number of verification checks that return a positive verification result exceeds a predetermined threshold.
39. A computer program product on a non-transitory computer 10 readable storage medium, comprising computer readable instructions that, when executed by a computer, cause the computer to perform a method of determining ownership of a website; the method comprising the steps of:
15 providing a verification token to the website;
performing a plurality of verification checks on the website; and comparing results of the plurality of verification checks;
20 wherein website ownership is verified when the number of verification checks that return a positive verification result exceeds a predetermined threshold.
GB201805498A 2018-04-04 2018-04-04 Website vulnerability detection Withdrawn GB2575006A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB201805498A GB2575006A (en) 2018-04-04 2018-04-04 Website vulnerability detection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB201805498A GB2575006A (en) 2018-04-04 2018-04-04 Website vulnerability detection

Publications (2)

Publication Number Publication Date
GB201805498D0 GB201805498D0 (en) 2018-05-16
GB2575006A true GB2575006A (en) 2020-01-01

Family

ID=62142349

Family Applications (1)

Application Number Title Priority Date Filing Date
GB201805498A Withdrawn GB2575006A (en) 2018-04-04 2018-04-04 Website vulnerability detection

Country Status (1)

Country Link
GB (1) GB2575006A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130227640A1 (en) * 2010-09-09 2013-08-29 NSFOCUS Information Technology Co., Ltd. Method and apparatus for website scanning
US9015844B1 (en) * 2012-06-25 2015-04-21 Symantec Corporation Techniques for web application vulnerability scanning

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130227640A1 (en) * 2010-09-09 2013-08-29 NSFOCUS Information Technology Co., Ltd. Method and apparatus for website scanning
US9015844B1 (en) * 2012-06-25 2015-04-21 Symantec Corporation Techniques for web application vulnerability scanning

Also Published As

Publication number Publication date
GB201805498D0 (en) 2018-05-16

Similar Documents

Publication Publication Date Title
US9900346B2 (en) Identification of and countermeasures against forged websites
US8370407B1 (en) Systems providing a network resource address reputation service
Van Goethem et al. Large-scale security analysis of the web: Challenges and findings
US20130007870A1 (en) Systems for bi-directional network traffic malware detection and removal
US20130007882A1 (en) Methods of detecting and removing bidirectional network traffic malware
EP2608481B1 (en) Deception-based network security using false positive responses to unauthorized access requests
Tajalizadehkhoob et al. Herding vulnerable cats: a statistical approach to disentangle joint responsibility for web security in shared hosting
WO2009039434A2 (en) System and method for detecting security defects in applications
Buja et al. Detection model for SQL injection attack: An approach for preventing a web application from the SQL injection attack
Aliero et al. Systematic review analysis on SQLIA detection and prevention approaches
US11785044B2 (en) System and method for detection of malicious interactions in a computer network
Board United States Patent and Trademark Office
Samarasinghe et al. On cloaking behaviors of malicious websites
Falana et al. Detection of cross-site scripting attacks using dynamic analysis and fuzzy inference system
JP2020071637A (en) Website vulnerability diagnosis device, diagnosis system, diagnosis method, and diagnosis program
Awang et al. Detecting vulnerabilities in web applications using automated black box and manual penetration testing
Cho et al. Design and implementation of website information disclosure assessment system
GB2575006A (en) Website vulnerability detection
Quinkert et al. Dorkpot: A honeypotbased analysis of google dorks
Alqadhi et al. Entangled Clouds: Measuring the Hosting Infrastructure of the Free Contents Web
Almi Web Server Security and Survey on Web Application Security
Hussain et al. Content spoofing via compounded sql injection
Ray Countering cross-site scripting in web-based applications
Kaur et al. Input Based Attacks on Web Applications.
Petrosyan et al. Development and Implementation of Some Advanced Web Server Protection Methods

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)