Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Unauthorized web access vulnerability detecting method and device

A vulnerability detection and vulnerability technology, applied in the field of network security, can solve the problems of user sensitive information leakage, URL unauthorized vulnerability, labor consumption, etc., and achieve the effect of improving detection efficiency and high recognition rate.

Active Publication Date: 2016-02-24
SANGFOR TECH INC
View PDF3 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When the business is complicated to a certain extent, it is difficult to ensure that the access to these data has passed strict permission verification, resulting in URL unauthorized access vulnerabilities
The URL unauthorized access vulnerability can be exploited by attackers, resulting in horizontal unauthorized access and leakage of sensitive user information
[0003] In the prior art, the detection of URL unauthorized vulnerabilities is mainly through the penetration testing of web programs by testers, and manual detection of vulnerabilities, that is, manual detection and processing of various URL parameters indiscriminately to find the existence of unauthorized vulnerabilities. URL parameters are not only inefficient and labor-intensive, but also cannot ensure that all URL parameters detected in the test range are covered

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unauthorized web access vulnerability detecting method and device
  • Unauthorized web access vulnerability detecting method and device
  • Unauthorized web access vulnerability detecting method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0046] The invention provides a method for detecting an unauthorized loophole in web access.

[0047] refer to figure 1 , figure 1 It is a schematic flowchart of the first embodiment of the web access unauthorized vulnerability detection method of the present invention.

[0048]In the first embodiment, the method for detecting an unauthorized vulnerability of web access includes:

[0049] Step S10, collecting HTTP traffic information to be detected within a preset time, the HTTP traffic information including URL parameter information and session identifiers, wherein the URL parameter information includes URL parameters and parameter values;

[0050] In this embodiment, when it is necessary to detect an unauthorized loophole in web access, the hypertext transfer protocol (HyperTextTransferProtocol, referred to as HT...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an unauthorized web access vulnerability detecting method. The unauthorized web access vulnerability detecting method comprises the following steps of acquiring HTTP flow information to be detected within a preset time, wherein the HTTP flow information comprises URL (Uniform Resource Locator) parameter information and a session ID, and the URL parameter information comprises URL parameters and parameter values; identifying index parameters used for indexing a server resource in the URL parameters based on the URL parameter information and the session ID and extracting private parameters used for indexing a user private resource from the index parameters; performing preset unauthorized access vulnerability testing operation for each private parameter and determining private parameters with unauthorized access vulnerability based on a testing result. The invention also discloses an unauthorized web access vulnerability detecting device. The unauthorized web access vulnerability detecting method and device can cover all the URL parameters with unauthorized access vulnerability within a detecting and testing range, and the identifying rate is high.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting unauthorized loopholes in web access. Background technique [0002] One of the most serious loopholes currently existing in the Internet is unauthorized access. For example, in the Uniform Resource Locator (UniformResourceLocator, referred to as URL) unauthorized loophole, due to web programming flaws, the use of the guessability of URL incoming parameters, By changing the input parameter value, it may cause horizontal unauthorized access and obtain other people's private information. The URL unauthorized vulnerability is a very harmful business logic vulnerability. It can directly bypass the basic network security service defense, and the unauthorized vulnerability is difficult to find. In the existing technology, website designers will check the permissions of these parameters to ensure that users can only access their own resources, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1433H04L67/02H04L67/146
Inventor 王蔚
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com