Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Website safety protection method and website safety protection device based on form scrambling

A security protection and form technology, applied in the field of information security, can solve the problems of breaking the website, unable to guarantee that there is no security loophole, and unable to effectively guarantee the security of the website, etc. Effect

Active Publication Date: 2017-03-15
傅书豪
View PDF2 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The current method still can not effectively guarantee the security of the website
If only defense devices such as WAF / IDS (Web Application Defense System / Intrusion Detection System) are deployed for the website, then the security of the entire website depends entirely on these devices, but WAF / IDS devices cannot guarantee that there are no security holes
If the hacker exploits the vulnerability of the WAF / IDS device, the hacker can still break through the website
At the same time, there are endless new attack methods and attack methods. Attackers will transform malicious code or malware according to the current WAF / IDS defense rules to escape security detection.
All current security products cannot provide a safe deployment method to ensure that the website will not be attacked by malicious scanning, credential library and browser man-in-the-middle

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Website safety protection method and website safety protection device based on form scrambling
  • Website safety protection method and website safety protection device based on form scrambling
  • Website safety protection method and website safety protection device based on form scrambling

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] In order to facilitate those of ordinary skill in the art to understand and implement the present invention, the present invention will be described in further detail below in conjunction with the accompanying drawings, that is, embodiments. It should be understood that the implementation examples described this time are only used to illustrate and explain the present invention, and are not intended limit the invention.

[0042] The purpose of the technical solution of the present invention is to dynamically change the content of the webpage by statically analyzing the PHP source code and scrambling the form to ensure the security of the website.

[0043] A method for protecting website security based on form scrambling provided by the present invention comprises the following steps:

[0044] Step 1: Select the PHP program that needs to randomize the parameter name, and analyze the source code of the PHP program as input;

[0045] Step 2: Add a form scrambling form scr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a website safety protection method and a website safety protection device based on form scrambling. A form on a webpage is deformed. Deformation manners comprise randomizing field names in the form, namely changing the field names to a ruleless character string; changing positions between the fields; and adding interference fields in the form. Through the manner of the invention, a user can use the service which is provided by a website without difference, but on the condition that a malicious behavior which applies automatic attacks occurs, no rule of the deformed webpage form can be found, thereby realizing high difficulty in performing attacks by a hacker according to the field names of the form. The website safety protection method and the website safety protection device can effectively prevent malicious attacking behaviors of CSRF, SQL injection, hit-the-base, browser middleman attacks and information leakage.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a method and device for website security protection based on form scrambling. The invention improves website security by randomizing field names in forms, moving parameter names, and increasing interference parameters. security. [0002] technical background [0003] With the rapid development of the Internet, cloud computing, and mobile computing, attack methods such as XSS attacks, SQL injection attacks, CSRF attacks, click hijacking, file uploads, and directory traversal seriously threaten the security of websites. The current security situation is very serious. More than half of websites and web application data are leaked, causing significant financial losses. Corporate website security incidents occur frequently, and they are subject to blackmail from hackers and malicious attacks from competitors. According to the 360 ​​Security Big Data report, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F21/54
CPCG06F21/54H04L63/1433H04L63/1441
Inventor 傅书豪王应军
Owner 傅书豪
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com