Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system of safety protection of Web application

A security protection and web application technology, applied in the field of information security, can solve problems such as insufficient security assessment of applications, large maintenance costs, inability to detect and prevent attacks by firewall intrusion prevention systems, avoid repeated development or omission of interception, improve Safety, cost reduction effect

Inactive Publication Date: 2014-10-01
PEKING UNIV FOUNDER GRP CO LTD +1
View PDF8 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1. The rapid update of enterprise business requires a large number of web applications to be launched quickly
However, due to the impact of funds, progress, awareness, etc., these applications have not been fully evaluated for security
[0004] 2. Attacks against the Web will be hidden in a large number of normal business activities, and the use of various deformation and camouflage methods will cause traditional firewalls and signature-based intrusion prevention systems to be unable to detect and block such attacks
For production systems, it will bring a lot of maintenance costs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system of safety protection of Web application
  • Method and system of safety protection of Web application
  • Method and system of safety protection of Web application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0060] This embodiment takes the url protection that includes user input parameters as an example, and its main steps include:

[0061] Step 1: Configure protection rules;

[0062] For example, to prevent possible harmful SQL commands from being included in input parameters, you can create the following protection rule file QuerystringRule.json:

[0063]

[0064] Among them, the protection rule file in json format is a lightweight data exchange format file, which is easy to read and write. Of course, when creating the protection rule file, it can also be stored in other forms such as xml or database table.

[0065] Step 2: Deploy the protection rule file in the security protection module.

[0066] Deploy the protection rule file set in the previous step in the security protection module, and set the security protection module as a global filter. Web application access requests will first be sent to the security protection module for security checks.

[006...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system of safety protection of a Web application. According to the method and the system, the method comprises the following steps that: an administrator configures a protection rule on a Web client according to the need, so that a protection rule file is formed, the protection rule file is arranged in a safety protection module of a server, and a global filter is provided; when a Web application server receives a Web application access request of a user, the safety protection module compares request data of the Web application access request and the configured protection rule file and checks whether the request data is matched with the protection rule file, if so, the Web application access is intercepted; and otherwise, the Web application access is allowed. According to the method and the system, which are disclosed by the invention, all Web applications can be protected according to the need, so that safety of the Web access is improved. The intercept action of the Web application access is transferred into a proxy service server from an application program, so that repeated development or missing intercept of the application program is avoided, and the cost is reduced.

Description

technical field [0001] The present invention relates to the field of information security, in particular to a security protection method and system for a Web application deployed on a Web server in the technical field of Web application security. Background technique [0002] The Web application system is a transaction processing system based on the B / S (browser / server) model developed by using various dynamic Web technologies. Currently, Web security threats are becoming more and more serious. For users, Web security is a disaster. Attacks against the Web have become the biggest challenge in the global security field. The main reasons are as follows: [0003] 1. The rapid update of enterprise business requires a large number of web applications to be launched quickly. However, due to the impact of funds, progress, awareness, etc., these applications have not been fully evaluated for security. [0004] 2. Attacks against the Web will be hidden in a large number of normal ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 刘胜飏王飞
Owner PEKING UNIV FOUNDER GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com