CN103312692B - Chained address safety detecting method and device - Google Patents
Chained address safety detecting method and device Download PDFInfo
- Publication number
- CN103312692B CN103312692B CN201310152898.XA CN201310152898A CN103312692B CN 103312692 B CN103312692 B CN 103312692B CN 201310152898 A CN201310152898 A CN 201310152898A CN 103312692 B CN103312692 B CN 103312692B
- Authority
- CN
- China
- Prior art keywords
- address
- webpage
- secure
- internal links
- web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of chained address safety detecting method, including: obtain entry address, capture the webpage that described entry address is corresponding;Using webpage corresponding for described entry address as target web, recurrence performs: extract the internal links address comprised in described target web, and the webpage that the internal links address extracted described in crawl is corresponding, using the described webpage grabbed as target web;Judge that internal links address that described recurrence extracts is as secure link.Additionally, also include a kind of chained address safety detection device.Above-mentioned chained address safety detecting method and device can improve the accuracy that secure link address judges, thus improve the safety of web application.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to a kind of chained address safety detecting method
And device.
Background technology
Webshell attacks as a kind of common web script attack pattern.Assailant generally will include malice
The web page files of script uploads in web server, and then by remotely accessing, the operation of this webpage is corresponding dislikes
Meaning script, thus reach the purpose that web attacks.
In conventional art, the safeguard procedures to webshell aggressive behavior are by uploading user at gateway
The web page files web page files corresponding with the chained address of access carry out string matching and filter and to realize.
Generally extract the text message of web page files corresponding to link at gateway, and text information is carried out grammer
Analyze and judge whether this web page files comprises the code of malicious script, if then by the chained address of its correspondence
It is judged to that entrance attacked by script.
But, said method in the process of implementation, as the server background programming languages such as asp, php, jsp are non-
The most flexibly, assailant is easy to walk around detection by the grammer using language itself to provide, therefore, and tradition
In technology to the chained address accessed to be whether that the judgement accuracy of entrance attacked by script the highest, thus cause
The safety of web application is not enough.
Summary of the invention
Based on this, it is necessary to provide a kind of chained address safety detecting method that can improve safety.
A kind of chained address safety detecting method, including:
Obtain entry address, capture the webpage that described entry address is corresponding;
Webpage corresponding for described entry address is performed as target web, recurrence: extract described target web
In the internal links address that comprises, the webpage that the internal links address extracted described in crawl is corresponding, by described
The webpage grabbed is as target web;
Judge that internal links address that described recurrence extracts is as secure link.
Wherein in an embodiment, the step of the internal links address comprised in the described target web of described extraction
Also include after rapid:
The described internal links address extracted is stored or updates in secure address storehouse.
Wherein in an embodiment, described method also includes:
Intercept and capture web access requests, extract the resource request address that described web access requests is corresponding;
Whether the resource request address extracted described in judgement belongs to described secure address storehouse, the most then forward
Described web access requests.
Wherein in an embodiment, whether the resource request address extracted described in described judgement belongs to described
Also include after the step in secure address storehouse:
If the resource request address extracted described in is not belonging to described secure address storehouse, then obtain described webpage and visit
The response webpage that the request of asking is corresponding;
Extract the internal links address comprised in described response webpage, it is judged that in described internal links address whether
At least threshold number belongs to described secure address storehouse, the most then add described resource request address to institute
State in secure address storehouse.
Wherein in an embodiment, described method also includes:
Obtain the resource request address of input;
Described resource request address is stored or updates in secure address storehouse.
Additionally, there is a need to provide a kind of chained address safety detection device that can improve safety.
A kind of chained address safety detection device, including:
Entry address acquisition module, is used for obtaining entry address, captures the webpage that described entry address is corresponding;
Webpage capture module, for webpage corresponding for described entry address is performed as target web, recurrence:
Extract the internal links address comprised in described target web, the internal links address pair extracted described in crawl
The webpage answered, using the described webpage grabbed as target web;
Secure link determination module, for judging that internal links address that described recurrence extracts is as secure link.
Wherein in an embodiment, described secure link determination module is additionally operable to the described inside extracted
Chained address stores or updates in secure address storehouse.
Wherein in an embodiment, described device also includes asking filtering module, for intercept net access to web page
Request, extracts the resource request address that described web access requests is corresponding, it is judged that described in the resource extracted please
Ask whether address belongs to described secure address storehouse, the most then forward described web access requests.
Wherein in an embodiment, described device also includes responding filtering module, for extracting described
Resource request address when being not belonging to described secure address storehouse, then obtain the sound that described web access requests is corresponding
Answer webpage, extract the internal links address comprised in described response webpage, it is judged that in described internal links address
The most at least threshold number belongs to described secure address storehouse, added the most described resource request address
In described secure address storehouse.
Wherein in an embodiment, described device also includes that white list arranges module, for obtaining input
Resource request address, stores described resource request address or updates in secure address storehouse.
Above-mentioned chained address safety detecting method and device, capture target web by recurrence and extract target network
Internal links address in Ye, has got the generation linking relationship corresponding with the entry address of web application
Internal links address.Owing to web attack script is generally uploaded voluntarily by assailant, the net that web application is issued
The internal links address pointing to this web attack script, therefore, the inside that recurrence gets is not had in Ye
Chained address is secure link address.With being checked by the way of grammer by string matching in conventional art
Comparing, accuracy is higher, thus also improves the safety of web application.
Accompanying drawing explanation
Fig. 1 is the flow chart of chained address safety detecting method in an embodiment;
Fig. 2 is the flow chart capturing target web process in an embodiment;
Fig. 3 is to web access requests and the flow chart of method that filters accordingly in an embodiment;
Fig. 4 is the structural representation of chained address safety detection device in an embodiment;
Fig. 5 is the structural representation of chained address safety detection device in another embodiment.
Detailed description of the invention
In one embodiment, as it is shown in figure 1, a kind of chained address safety detecting method, the method is complete
Entirely depending on computer program, the computer program performing the method runs on meter based on Feng Luoyiman system
In calculation machine system.The method comprises the steps:
Step S102, obtains entry address, captures the webpage that entry address is corresponding.
The i.e. web in entry address application (website) reference address, usually web application homepage or log in
The url of page.The webpage capturing entry address corresponding i.e. obtains web server by access entrance address
Html responds, and extracts the webpage comprised in html response.In one embodiment, can be grabbed by web crawlers
Take webpage.
In the present embodiment, also can obtain the cookie information of web application, and grab according to this cookie information
The webpage that taking mouth address is corresponding.Cookie information includes the log-on message of web application, can be at network
The parameter of reptile arranges this logon information so that web crawlers can be simulated and be logged in web application, thus grabs
Take some page needing to log in.
Such as, in web applies, when Entered state and non-Entered state access same link respectively, return
The page returned is typically different, and can capture the webpage of correspondence respectively by adding or deleting cookie information so that
The webpage captured is more comprehensive, thus improves the accuracy of judgement.
Step S104, performs webpage corresponding for entry address as target web, recurrence: extract target network
The internal links address comprised in Ye, captures the webpage that the internal links address extracted is corresponding, will grab
Webpage as target web.
Internal links address is typically defined under a label in html file or under href attribute, in webpage
Chained address under the web application pointing to its place of labelling, for the form of character string.Can be by traversal net
All internal links addresses of comprising in a label in page text or href attributes extraction target web.
Such as, if the domain name of web application iswww.abc.com, then fixed in the webpage under this web applies
The internal links address of the webpage x.html being also directed under this web application of justice can be for "/x.html ".Directly
When this webpage is asked in receiving, the url of its correspondence is actual is "www.abc.com/xxx.html”。
If domain name be "www.abc.com" web application under webpage in comprise "www.def.com/a.html”
Link, then this is linked as external linkage address, for jump to other web application the page.In this reality
Execute in example and following embodiment, only extract the internal links address in webpage, and to the external linkage in webpage
Address then skips over.
In the present embodiment, as in figure 2 it is shown, the process that the recurrence in step S104 performs is as follows:
Step S202, extracts the internal links address (may be multiple) that target web comprises, if in target web
Do not comprise any internal links address then to terminate.
Step S204, captures webpage corresponding to the internal links address extracted (may be multiple).
Step S206, in the webpage that will grab each as target web, respectively it is performed step
Rapid S202.
It is to say, extract the internal links address in webpage by recurrence, and capture internal links address pair
The webpage answered, thus lower the generation by internal links address with entry address of whole web application can be obtained and associate
All pages.Owing to web attack script is generally uploaded voluntarily by assailant, the webpage that web application is issued
In do not have point to this web attack script internal links address, therefore, recurrence extract internal links
Address is safe and reliable chained address.
In one embodiment, after extracting the internal links address comprised in target web, also can be to extraction
To internal links address filter, remove the internal links address of corresponding resource file extracted.Net
Resource file in Ye can include picture, audio frequency, video, flash, document and application program etc..Due to
The http response accessing the return that internal links address corresponding to resource file obtains is not web page files, therefore
Filtered the consuming that can reduce bandwidth resources.
Step S106, it is determined that the internal links address that recurrence is extracted is secure link.
As it was previously stated, capture the internal links address extracted of webpage by recurrence to be secure link address.
In the present embodiment, also can will extract after extracting the step of the internal links address comprised in target web
Internal links address (character string) store or update in secure address storehouse.It is stored in secure address storehouse
Internal links address be the internal links address being judged as secure link.
Secure address storehouse can be the one in database table, xml document, configuration file or memory cache.?
In the present embodiment, secure address storehouse is corresponding with entry address.If it is to say, there is multiple web application,
The most each web application is corresponding with corresponding secure address storehouse by its domain name or IP address.Therefore, each
The secure link address of web application is when being stored in secure address storehouse, and can only store that aforementioned recurrence extracts is interior
Chained address, portion.
In one embodiment, above-mentioned steps S102 can be periodically executed to step S106, thus regular update peace
Storehouse, full address.
In one embodiment, it is also with secure address storehouse web access requests is filtered.Such as Fig. 3
Shown in, this filter method includes:
Step S302, intercepts and captures web access requests, extracts the resource request address that web access requests is corresponding.
Step S304, it is judged that whether the resource request address extracted belongs to secure address storehouse, the most then hold
Row step S306 converting web page access request.
URL(Uniform Resource Locator in resource request address i.e. web access requests is unified
URLs) in represent satisfying the need mutually of resource file corresponding with web access requests in web server
Footpath, for the form of character string.Assailant is when the information utilizing web attack script to steal web application, logical
Often first web attack script is uploaded to web server, then by browser (or other web client)
Address field input comprise the URL of the resource request address corresponding with this attack script, thus by clicking on
Chain in webpage fetches and directly accesses this web attack script.Such as, if the web that assailant uploads attacks foot
This is c.php, and uploading path is root, and the domain name of web application iswww.abc.com, then assailant can
By keying in browser address barwww.abc.com/c.phpStart this web attack script.
Therefore, by the judgement of step S304, can directly access the resource in web server assailant
During file (usually webpage), obtain the resource request address in web access requests, and whether judge it
Belong to secure address storehouse, i.e. judge that this resource request address has been judged as safety the most by string matching
Chained address, if, then it represents that on this resource request address and web server in the normal webpage issued
Internal links address character String matching, thus forward this request to corresponding web server, otherwise, can in
Only connect or redirect and be connected to entry address, and log.
In the present embodiment, further, if the resource request address extracted is not belonging to secure address storehouse,
Then perform step S308, obtain the response webpage that web access requests is corresponding, extraction response webpage comprises
Internal links address, and perform step S310, it is judged that in internal links address, the most at least threshold number belongs to
In secure address storehouse, the most then perform step S312, resource request address (character string) is added to peace
In storehouse, full address, otherwise, perform step S314, stop to connect or redirect to be connected to entry address, and remember
Record daily record.
The new webpage issued of web application, or need the webpage that certain authority could access, aforesaid step S104
Generally cannot capture completely, so that secure address storehouse does not obtain real-time update.Therefore, for this situation,
Can meet with a response webpage by performing step S308, and judge that it is corresponding by response webpage is carried out filtration
Web access requests whether be used for starting web attack script.The web attack script uploaded due to assailant
In generally will not comprise internal links address or comprise less internal links address, therefore, can by arrange
Threshold value, and judge whether the internal links address comprised in response webpage partly belongs to secure address storehouse and sentence
Other webpages under whether this response webpage disconnected is applied with this web are associated by internal links generation, thus sentence
Whether the web access requests that disconnected response webpage is corresponding is that assailant please for the triggering starting web attack script
Ask.
Under normal circumstances, self having access limit management owing to web applies, assailant is typically only possible by
Web attack script reads the confidential data of part web application, and authority does not passes through write operation to web
Application destroys.Therefore, secure address storehouse is belonged to if response webpage only comprises less than threshold number
Internal links address, then this response webpage the most very likely steals web application privacy number for web attack script
Result data is stolen according to rear return.Can be abandoned and make assailant to take by redirecting connection
Private data, thus improve the safety of web application.
It should be noted that said method be completely dependent on computer program realize, can run on gateway device,
Virtual gateways etc. have in the computer system of gateway function, and the computer journey in aforementioned generation secure address storehouse
Sequence both can run on this and had in the computer system of gateway function, it is possible to operate in other independent computers
In system.For generating the computer program in secure address storehouse, both are only the storage in secure address storehouse
Position is different.
In one embodiment, also can manually arrange white list, its step is to obtain the resource request ground of input
Location, stores resource request address or updates in secure address storehouse.
Some web applies after issuing, and website maintenance personnel would generally use some to be used for the resource of test
Request address accesses web server, and these resource request addresses will not record as internal links address
In other web pages issued, generally directly inputted by browser by tester and comprise this resource request
The URL of address accesses and triggers corresponding test script.For this test script, then can be by its correspondence
Resource request address is added manually in secure address storehouse, so that tester can normally complete script and survey
Examination function.
In one embodiment, as shown in Figure 4, a kind of chained address safety detection device 10, including entering
Port address acquisition module 102, webpage capture module 104 and secure link determination module 106, wherein:
Entry address acquisition module 102, is used for obtaining entry address, captures the webpage that entry address is corresponding.
The i.e. web in entry address application (website) reference address, usually web application homepage or log in
The url of page.The webpage capturing entry address corresponding i.e. obtains web server by access entrance address
Html responds, and extracts the webpage comprised in html response.In one embodiment, can be grabbed by web crawlers
Take webpage.
In the present embodiment, also can obtain the cookie information of web application, and grab according to this cookie information
The webpage that taking mouth address is corresponding.Cookie information includes the log-on message of web application, can be at network
The parameter of reptile arranges this logon information so that web crawlers can be simulated and be logged in web application, thus grabs
Take some page needing to log in.
Such as, in web applies, when Entered state and non-Entered state access same link respectively, return
The page returned is typically different, and can capture the webpage of correspondence respectively by adding or deleting cookie information so that
The webpage captured is more comprehensive, thus improves the accuracy of judgement.
Webpage capture module 104, for webpage corresponding for entry address is performed as target web, recurrence:
Extract the internal links address comprised in target web, capture the webpage that the internal links address extracted is corresponding,
Using the webpage that grabs as target web.
Internal links address is typically defined under a label in html file or under href attribute, in webpage
Chained address under the web application pointing to its place of labelling, for the form of character string.Can be by traversal net
All internal links addresses of comprising in a label in page text or href attributes extraction target web.
Such as, if the domain name of web application iswww.abc.com, then fixed in the webpage under this web applies
The internal links address of the webpage x.html being also directed under this web application of justice can be for "/x.html ".Directly
When this webpage is asked in receiving, the url of its correspondence is actual is "www.abc.com/xxx.html”。
If domain name be "www.abc.com" web application under webpage in comprise "www.def.com/a.html”
Link, then this is linked as external linkage address, for jump to other web application the page.In this reality
Execute in example and following embodiment, only extract the internal links address in webpage, and to the external linkage in webpage
Address then skips over.
Extract the internal links address in webpage by recurrence, and capture the webpage that internal links address is corresponding,
Thus the lower all pages associated with entry address of whole web application can be obtained by the generation of internal links address.
Owing to web attack script is generally uploaded voluntarily by assailant, the webpage that web application is issued does not haves finger
To the internal links address of this web attack script, therefore, the internal links address that recurrence is extracted is safety
Chained address reliably.
In one embodiment, after extracting the internal links address comprised in target web, webpage capture mould
The internal links address that block 104 can be additionally used in extracting is filtered, and removes the corresponding resource literary composition extracted
The internal links address of part.Resource file in webpage can include picture, audio frequency, video, flash, document
And application program etc..Ring owing to accessing the http of the return that internal links address corresponding to resource file obtains
Should not be web page files, therefore be filtered the consuming that can reduce bandwidth resources.
Secure link determination module 106, for judging that internal links address that recurrence extracts is as secure link.
As it was previously stated, capture the internal links address extracted of webpage by recurrence to be secure link address.
In the present embodiment, secure link determination module 106 can be used for the internal links address (character that will extract
String) store or update in secure address storehouse.The internal links address being stored in secure address storehouse be by
It is judged to the internal links address of secure link.
Secure address storehouse can be the one in database table, xml document, configuration file or memory cache.?
In the present embodiment, secure address storehouse is corresponding with entry address.If it is to say, there is multiple web application,
The most each web application is corresponding with corresponding secure address storehouse by its domain name or IP address.Therefore, each
The secure link address of web application is when being stored in secure address storehouse, and can only store that aforementioned recurrence extracts is interior
Chained address, portion.
In one embodiment, as it is shown in figure 5, chained address safety detection device 10 also includes requested
Filter module 108, is used for intercepting and capturing web access requests, extracts the resource request address that web access requests is corresponding,
Judge whether the resource request address extracted belongs to secure address storehouse, the most then converting web page access request.
URL(Uniform Resource Locator in resource request address i.e. web access requests is unified
URLs) in represent satisfying the need mutually of resource file corresponding with web access requests in web server
Footpath, for the form of character string.Assailant is when the information utilizing web attack script to steal web application, logical
Often first web attack script is uploaded to web server, then by browser (or other web client)
Address field input comprise the URL of the resource request address corresponding with this attack script, thus by clicking on
Chain in webpage fetches and directly accesses this web attack script.Such as, if the web that assailant uploads attacks foot
This is c.php, and uploading path is root, and the domain name of web application iswww.abc.com, then assailant can
By keying in browser address barwww.abc.com/c.phpStart this web attack script.
Therefore, filtered by request filtering module 108, can directly access web services assailant
During resource file (usually webpage) on device, obtain the internal links address of this webpage, and judge that it is
By string matching, the no secure address storehouse that belongs to, i.e. judges that this resource request address has been judged as peace the most
Full chained address, if, then it represents that on this resource request address and web server in the normal webpage issued
Internal links address character String matching, thus forward this request to corresponding web server, otherwise, can
Stop to connect or redirect to be connected to entry address, and log.
In the present embodiment, further, as it is shown in figure 5, chained address safety detection device 10 is also wrapped
Include response filtering module 110, for when the resource request address extracted is not belonging to secure address storehouse, then obtain
Take the response webpage that web access requests is corresponding, extract the internal links address comprised in response webpage, it is judged that
In internal links address, the most at least threshold number belongs to secure address storehouse, the most then by resource request ground
Location (character string) is added in secure address storehouse
The new webpage issued of web application, or need the webpage that certain authority could access, aforesaid webpage capture
Module 104 generally cannot capture completely, so that secure address storehouse does not obtain real-time update.Therefore, pin
To this situation, response filtering module 110 can be by filtering the webpage judging its correspondence to response webpage
Whether access request is used for starting web attack script.Due to usual in the web attack script that assailant uploads
Internal links address will not be comprised or comprise less internal links address, therefore, can by arranging threshold value,
And judge to respond whether the internal links address comprised in webpage partly belongs to secure address storehouse to judge this sound
Other webpages under answering webpage whether to apply with this web are produced by internal links and associate, thus judge response
Whether the web access requests that webpage is corresponding is that assailant asks for the triggering starting web attack script.
Under normal circumstances, self having access limit management owing to web applies, assailant is typically only possible by
Web attack script reads the confidential data of part web application, and authority does not passes through write operation to web
Application destroys.Therefore, secure address storehouse is belonged to if response webpage only comprises less than threshold number
Internal links address, then this response webpage the most very likely steals web application privacy number for web attack script
Result data is stolen according to rear return.Can be abandoned and make assailant to take by redirecting connection
Private data, thus improve the safety of web application.
In one embodiment, as it is shown in figure 5, chained address safety detection device 10 also includes white list
Module 112 is set, for obtaining the resource request address of input, peace is arrived in the storage of resource request address or renewal
In storehouse, full address.
Some web applies after issuing, and website maintenance personnel would generally use some to be used for the resource of test
Request address accesses web server, and these resource request addresses will not record as internal links address
In other web pages issued, generally directly inputted by browser by tester and comprise this resource request
The URL of address accesses and triggers corresponding test script.For this test script, then can be by its correspondence
Resource request address is added manually in secure address storehouse, so that tester can normally complete script and survey
Examination function.
Above-mentioned chained address safety detecting method and device, capture target web by recurrence and extract target network
Internal links address in Ye, has got the generation linking relationship corresponding with the entry address of web application
Internal links address.Owing to web attack script is generally uploaded voluntarily by assailant, the net that web application is issued
The internal links address pointing to this web attack script, therefore, the inside that recurrence gets is not had in Ye
Chained address is secure link address.With being checked by the way of grammer by string matching in conventional art
Comparing, accuracy is higher, thus also improves the safety of web application.
Embodiment described above only have expressed the several embodiments of the present invention, and it describes more concrete and detailed,
But therefore can not be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that, for this area
Those of ordinary skill for, without departing from the inventive concept of the premise, it is also possible to make some deformation and
Improving, these broadly fall into protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be with appended
Claim is as the criterion.
Claims (4)
1. a chained address safety detecting method, including:
Obtain entry address, capture the webpage that described entry address is corresponding;
Webpage corresponding for described entry address is performed as target web, recurrence: extract described target web
In the internal links address that comprises, capture the webpage that the internal links address extracted is corresponding, by grab
Webpage is as target web;
Judge that internal links address that recurrence extracts is as secure link;
The described internal links address extracted is updated in secure address storehouse, is stored in secure address storehouse
Internal links address be the internal links address being judged as secure link;
Intercept and capture web access requests, extract the resource request address that described web access requests is corresponding;
Judge whether the resource request address extracted belongs to described secure address storehouse, the most then forward described
Web access requests;
If the resource request address extracted described in is not belonging to described secure address storehouse, then obtain described webpage and visit
The response webpage that the request of asking is corresponding;
Extract the internal links address comprised in described response webpage, it is judged that in described internal links address whether
At least threshold number belongs to described secure address storehouse, the most then add described resource request address to institute
State in secure address storehouse.
Chained address the most according to claim 1 safety detecting method, it is characterised in that described side
Method also includes:
Obtain the resource request address of input;
Described resource request address is stored or updates in secure address storehouse.
3. a chained address safety detection device, it is characterised in that including:
Entry address acquisition module, is used for obtaining entry address, captures the webpage that described entry address is corresponding;
Webpage capture module, for webpage corresponding for described entry address is performed as target web, recurrence:
Extract the internal links address comprised in described target web, capture the internal links address extracted corresponding
Webpage, using the webpage that grabs as target web;
Secure link determination module, for judging that internal links address that recurrence extracts, will as secure link
The internal links address extracted updates in secure address storehouse, is stored in the internal links in secure address storehouse
Address is the internal links address being judged as secure link;
Request filtering module, is used for intercepting and capturing web access requests, extracts the money that described web access requests is corresponding
Source request address, it is judged that whether the resource request address extracted belongs to described secure address storehouse, the most then
Forward described web access requests;
Response filtering module, for being not belonging to described secure address storehouse in the described resource request address extracted
Time, then obtain the response webpage that described web access requests is corresponding, extract comprise in described response webpage interior
Chained address, portion, it is judged that in described internal links address, the most at least threshold number belongs to described secure address
Storehouse, the most then add to described resource request address in described secure address storehouse.
Chained address the most according to claim 3 safety detection device, it is characterised in that described dress
Put and also include that white list arranges module, for obtaining the resource request address of input, by described resource request ground
Location stores or updates in secure address storehouse.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310152898.XA CN103312692B (en) | 2013-04-27 | 2013-04-27 | Chained address safety detecting method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310152898.XA CN103312692B (en) | 2013-04-27 | 2013-04-27 | Chained address safety detecting method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103312692A CN103312692A (en) | 2013-09-18 |
CN103312692B true CN103312692B (en) | 2016-09-14 |
Family
ID=49137477
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310152898.XA Active CN103312692B (en) | 2013-04-27 | 2013-04-27 | Chained address safety detecting method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103312692B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150089338A1 (en) * | 2013-09-25 | 2015-03-26 | Sony Corporation | System and methods for providing a network application proxy agent |
CN104102697B (en) * | 2014-06-27 | 2018-07-31 | 深信服网络科技(深圳)有限公司 | Manage the method and device of exterior chain in web applications |
CN106657044B (en) * | 2016-12-12 | 2019-09-06 | 杭州电子科技大学 | It is a kind of for improving the web page address jump method of web station system Prevention-Security |
CN110300111A (en) * | 2019-06-28 | 2019-10-01 | 北京金山云网络技术有限公司 | Page display method, device, terminal device and server |
CN110851840B (en) * | 2019-11-13 | 2022-03-11 | 杭州安恒信息技术股份有限公司 | WEB backdoor detection method and device based on website vulnerability |
CN113329032B (en) * | 2021-06-23 | 2023-02-03 | 深信服科技股份有限公司 | Attack detection method, device, equipment and medium |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040205076A1 (en) * | 2001-03-06 | 2004-10-14 | International Business Machines Corporation | System and method to automate the management of hypertext link information in a Web site |
CN1870493A (en) * | 2006-06-15 | 2006-11-29 | 北京华景中天信息技术有限公司 | Scanning method for network station leakage |
CN101510195A (en) * | 2008-02-15 | 2009-08-19 | 刘峰 | Website safety protection and test diagnosis system structure method based on crawler technology |
CN101388768B (en) * | 2008-10-21 | 2011-03-23 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting malicious HTTP request |
CN102419808B (en) * | 2011-09-28 | 2015-07-01 | 奇智软件(北京)有限公司 | Method, device and system for detecting safety of download link |
-
2013
- 2013-04-27 CN CN201310152898.XA patent/CN103312692B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN103312692A (en) | 2013-09-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102469113B (en) | Security gateway and method for forwarding webpage by using security gateway | |
CN103312692B (en) | Chained address safety detecting method and device | |
CN105184159B (en) | The recognition methods of webpage tamper and device | |
US9509714B2 (en) | Web page and web browser protection against malicious injections | |
US9712560B2 (en) | Web page and web browser protection against malicious injections | |
CN104766014B (en) | For detecting the method and system of malice network address | |
CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
CN103023710B (en) | A kind of safety test system and method | |
CN101895516B (en) | Method and device for positioning cross-site scripting attack source | |
CN101388768B (en) | Method and device for detecting malicious HTTP request | |
CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
CN105933268A (en) | Webshell detection method and apparatus based on total access log analysis | |
CN106528657A (en) | Control method and device for browser skipping to application program | |
CN103888490A (en) | Automatic WEB client man-machine identification method | |
CN105760379B (en) | Method and device for detecting webshell page based on intra-domain page association relation | |
CN103118035B (en) | Method and the device of analyzing web site access request parameters legal range | |
CN104199962B (en) | A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model | |
WO2017063274A1 (en) | Method for automatically determining malicious-jumping and malicious-nesting offensive websites | |
CN113342639B (en) | Applet security risk assessment method and electronic device | |
KR100968126B1 (en) | System for Detecting Webshell and Method Thereof | |
CN103561012A (en) | WEB backdoor detection method and system based on relevance tree | |
CN103716394B (en) | Download the management method and device of file | |
CN103166966A (en) | Method and device for distinguishing illegal access request to website | |
CN108667770A (en) | A kind of loophole test method, server and the system of website | |
CN102662840A (en) | Automatic detecting system and method for extension behavior of Firefox browser |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200615 Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SANGFOR TECHNOLOGIES Inc. Address before: 518051 room 410, technology innovation service center, 1 Qilin Road, Shenzhen, Guangdong, Nanshan District Patentee before: Shenxin network technology (Shenzhen) Co.,Ltd. |
|
TR01 | Transfer of patent right |