Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cross-site scripting attack defense method and device and application server

A cross-site scripting attack, application server technology, applied in the computer field, can solve problems such as low efficiency and large workload, and achieve the effect of reducing workload and improving efficiency

Active Publication Date: 2015-04-15
NEW FOUNDER HLDG DEV LLC +1
View PDF4 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because the existing technology needs to hard-code each form of each web page, the workload is relatively large, so the existing cross-site scripting attack defense method is inefficient

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-site scripting attack defense method and device and application server
  • Cross-site scripting attack defense method and device and application server
  • Cross-site scripting attack defense method and device and application server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] figure 1 A schematic flowchart of a method for defending a cross-site scripting attack provided by an embodiment of the present invention, such as figure 1 shown, including:

[0022] 101. The application server receives the access request sent by the terminal.

[0023] The access request is used to request access to the application program in the application server.

[0024] Before further step 101, the application server analyzes the malicious code of the historical cross-site scripting attack, obtains the keyword of the malicious code, and establishes a feature library storing the keyword of the malicious code.

[0025] 102. The application server parses the access request to obtain a request header.

[0026] Wherein, the request header includes target information input by the terminal through the form of the web page.

[0027] 103. The application server uses a regular expression to match the keyword in the signature database with the target information in the re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a cross-site scripting attack defense method and device and an application server. The method comprises the following steps: receiving an access request sent by a terminal through the application server; resolving the access request to obtain a request header; matching keywords in a feature library with target information in the request header by using a regular expression; and if keywords matched with the target information in the request header exist in the feature library, determining that a malicious code exists in the target information in the request header through the application server, and denying the access request through the application server in order to defense cross-site scripting attacks. Through uniform detection of the access requests sent by the terminal on the application server, hard coding of each Web page is avoided; the workload is lowered; and the cross-site scripting attack defense efficiency is increased.

Description

technical field [0001] The invention relates to computer technology, in particular to a method and device for defending against cross-site scripting attacks, and an application server. Background technique [0002] Cross-site scripting attack is a network attack method that exploits web page vulnerabilities. The attack terminal uses the method of inputting information containing malicious code in a web page, and sends an access request containing malicious code to the application program in the application server, so that the application program generates a web page containing malicious code after receiving the access request. Thereby inserting malicious code in Web pages. When the user terminal opens the web page, the malicious code in the web page is executed. The malicious code is often used to implement network attacks such as maliciously stealing information from the user terminal, so that the attack terminal completes the network attack on the user terminal. [0003]...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 蔡林
Owner NEW FOUNDER HLDG DEV LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com