Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Reflective vulnerability detection method based on static and dynamic combination

A vulnerability detection and reflective technology, which is applied in the direction of instrument, platform integrity maintenance, electrical digital data processing, etc., can solve problems such as cross-site scripting attacks, and achieve the effects of reducing blindness, narrowing the scope, and narrowing the area

Active Publication Date: 2019-03-12
NANJING UNIV OF POSTS & TELECOMM
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Technical problem: The purpose of the present invention is to propose a reflective XSS vulnerability detection method combined with static stain propagation and dynamic Fuzzing test to solve the possible cross-site scripting attack problem when web applications parse pages

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Reflective vulnerability detection method based on static and dynamic combination
  • Reflective vulnerability detection method based on static and dynamic combination
  • Reflective vulnerability detection method based on static and dynamic combination

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The present invention is a reflective XSS loophole detection method combined with static taint propagation and dynamic Fuzzing test, by means of static analysis source code and taint propagation method, loopholes are searched, and the loopholes are automatically detected by using a randomization algorithm and a fuzzing test method.

[0044] in such as figure 2In the schematic diagram shown, the attacker lures the user to click on the email, so that the URL containing the malicious code in the page is executed, thereby stealing the user's password, login name and other private information.

[0045] The method mainly includes (1) static analysis of source code; (2) taint propagation; (3) dynamic Fuzzing test 3 steps, such as figure 1 shown. These three parts are described in detail below:

[0046] (1) Static analysis

[0047] The static analysis of web applications can be regarded as a continuous tracking and inspection of external input variables. According to the re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a reflective vulnerability detection method based on static and dynamic combination, which is a reflective XSS vulnerability detection method combining static stain propagationand dynamic Fuzzing test. Existing vulnerability detection is based on detection methods such as a single stain analysis or a genetic algorithm, and the stain analysis often uses a method combined with HTTP request packet interception analysis processing to track user's sensitive information and private data to prevent a malicious program code from being sent to a third party, which causes the leakage of user data. While the traditional genetic algorithm only contains the basic genetic operations of selection, crossover and mutation, only an approximate global optimal solution can be found dueto the inherent defects of the genetic algorithm in practice, but the global optimal solution cannot be guaranteed to be converged. The method simultaneously uses a randomization algorithm and a fuzzy test method to automatically detect the vulnerability while utilizing a static analysis source code and a stain propagation method to narrow the search range of the reflective XSS vulnerability, sothat the detection efficiency is high, and the method is highly feasible.

Description

technical field [0001] The present invention proposes a kind of reflective XSS (Cross Site Scripting, cross-site scripting attack) vulnerability detection method based on static and dynamic combination for the security problem that web application program may exist, and is mainly used to solve the rapid development of web2.0 technology The reflective XSS vulnerability security problem faced by the Internet era belongs to the field of computer web network security technology. Background technique [0002] With the rapid development of web2.0 technology and the popularization of the Internet, web applications have been widely used, and web technologies represented by online shopping and social networking sites are changing the way people work and communicate to a large extent. However, the development of these new technologies, on the one hand, makes business activities more convenient and efficient, but at the same time, it also brings serious security risks such as leakage o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/57H04L29/08
CPCG06F21/577G06F2221/034H04L63/1433H04L67/02
Inventor 肖甫陈晶沙乐天韩崇王汝传
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com