CN103312692A - Link address safety detection method and device - Google Patents
Link address safety detection method and device Download PDFInfo
- Publication number
- CN103312692A CN103312692A CN201310152898XA CN201310152898A CN103312692A CN 103312692 A CN103312692 A CN 103312692A CN 201310152898X A CN201310152898X A CN 201310152898XA CN 201310152898 A CN201310152898 A CN 201310152898A CN 103312692 A CN103312692 A CN 103312692A
- Authority
- CN
- China
- Prior art keywords
- address
- webpage
- web
- secure
- internal links
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a link address safety detection method, which comprises the steps of: acquiring an entry address and crawling a webpage corresponding to the entry address; taking the webpage corresponding to the entry address as a target webpage and recursively executing the operations: extracting an internal link address included in the target webpage, crawling the webpage corresponding to the extracted internal link address and taking the crawled webpage as the target webpage; and judging whether the recursively extracted internal link address is a safety link. In addition, the invention also relates to a link address safety detection device. According to the link address safety detection method and device, the accuracy for safety link address judgment can be improved, so that the safety of web application is improved.
Description
Technical field
The present invention relates to the network security technology field, particularly relate to a kind of chained address safety detecting method and device.
Background technology
Webshell attacks and is a kind of common web script attack pattern.The web page files that the assailant will include malicious script usually uploads on the web server, moves corresponding malicious script by this webpage of remote access then, thereby reaches the purpose that web attacks.
In the conventional art, be that the web page files of the chained address correspondence by the web page files the user uploaded at the gateway place and visit carries out string matching and filters to realize to the safeguard procedures of webshell attack.Usually extract the text message of the corresponding web page files of link at the gateway place, and text information is carried out syntactic analysis judge whether this web page files comprises the code of malicious script, if then chained address that it is corresponding is judged to be script and attacks entrance.
Yet, said method in the process of implementation, server background programming languages such as picture asp, php, jsp are very flexible, the assailant is easy to walk around detection by the grammer that uses language itself to provide, therefore, it is not high whether the chained address to visit in the conventional art is that script is attacked the judgement accuracy of entrance, thus the fail safe deficiency that causes web to use.
Summary of the invention
Based on this, be necessary to provide a kind of chained address safety detecting method that can improve fail safe.
A kind of chained address safety detecting method comprises:
Obtain the entry address, grasp the webpage of described entry address correspondence;
As target web, recurrence is carried out with the webpage of described entry address correspondence: extract the internal links address that comprises in the described target web, grasp the webpage of the described internal links address correspondence of extracting, with the described webpage that grabs as target web;
Judge that the internal links address that described recurrence is extracted is secure link.
Among embodiment, also comprise after the step of the internal links address that comprises in the described target web of described extraction therein:
Described internal links address of extracting is stored or is updated in the secure address storehouse.
Among embodiment, described method also comprises therein:
Intercept and capture the web page access request, the resource request address of extracting described web page access request correspondence;
Judge whether described resource request address of extracting belongs to described secure address storehouse, if then transmit described web page access request.
Therein among embodiment, describedly judge described resource request address of extracting also comprises after whether belonging to the step in described secure address storehouse:
If described resource request address of extracting does not belong to described secure address storehouse, then obtain described web page access request corresponding response webpage;
Extract the internal links address that comprises in the described response webpage, judge whether have at least the threshold value number to belong to described secure address storehouse in the described internal links address, if then described resource request address is added in the described secure address storehouse.
Among embodiment, described method also comprises therein:
Obtain the resource request address of input;
Described resource request address is stored or is updated in the secure address storehouse.
In addition, also be necessary to provide a kind of chained address fail safe checkout gear that can improve fail safe.
A kind of chained address fail safe checkout gear comprises:
The entry address acquisition module is used for obtaining the entry address, grasps the webpage of described entry address correspondence;
Webpage grasps module, be used for webpage with described entry address correspondence as target web, recurrence is carried out: extract the internal links address that comprises in the described target web, grasp the webpage of the described internal links address correspondence of extracting, with the described webpage that grabs as target web;
The secure link determination module is used for judging that the internal links address that described recurrence is extracted is secure link.
Among embodiment, the secure address storehouse is stored or be updated in the internal links address that described secure link determination module also is used for describedly extracting therein.
Therein among embodiment, described device also comprises the request filtering module, be used for intercepting and capturing the web page access request, extract the resource request address of described web page access request correspondence, judge whether described resource request address of extracting belongs to described secure address storehouse, if then transmit described web page access request.
Therein among embodiment, described device also comprises the response filtering module, when being used for not belonging to described secure address storehouse in described resource request address of extracting, then obtain described web page access request corresponding response webpage, extract the internal links address that comprises in the described response webpage, judge whether have at least the threshold value number to belong to described secure address storehouse in the described internal links address, if then described resource request address is added in the described secure address storehouse.
Among embodiment, described device comprises that also white list arranges module therein, is used for obtaining the resource request address of input, with the storage of described resource request address or be updated in the secure address storehouse.
Above-mentioned chained address safety detecting method and device by the internal links address in the recurrence extracting target web extraction target web, have got access to the internal links address of the generation linking relationship corresponding with the entry address of web application.Because the web attack script is uploaded voluntarily by the assailant usually, web uses in the webpage of issuing can not exist the internal links address of pointing to this web attack script, and therefore, the internal links address that recurrence gets access to is the secure link address.Compare with the mode of passing through string matching inspection grammer in the conventional art, accuracy is higher, thereby has also improved the fail safe that web uses.
Description of drawings
Fig. 1 is the flow chart of chained address safety detecting method among the embodiment;
Fig. 2 is the flow chart that grasps the target web process among the embodiment;
Fig. 3 is to the flow chart of web page access request and corresponding method of filtering among the embodiment;
Fig. 4 is the structural representation of fail safe checkout gear in chained address among the embodiment;
Fig. 5 is the structural representation of fail safe checkout gear in chained address among another embodiment.
Embodiment
In one embodiment, as shown in Figure 1, a kind of chained address safety detecting method, this method computer program that places one's entire reliance upon, the computer program of carrying out this method run on the computer system based on the Feng Luoyiman system.This method comprises the steps:
Step S102 obtains the entry address, grasps the webpage of entry address correspondence.
The entry address is that web uses the reference address of (website), is generally the homepage that web uses or the url that lands page or leaf.The webpage of extracting entry address correspondence namely obtains the html response of web server by the access entrance address, extract the webpage that comprises in the html response.In one embodiment, can grasp webpage by web crawlers.
In the present embodiment, also can obtain the cookie information that web uses, and grasp the webpage of entry address correspondence according to this cookie information.Include the log-on message that web uses in the cookie information, can this logon information be set in the parameter of web crawlers, make web crawlers to simulate and land the web application, thereby grasp the page that some need land.
For example, in web uses, landing state and the state that do not land when visiting same link respectively, the page that returns is different usually, can make that the webpage that grasps is more comprehensive, thereby improve the accuracy of judgement by adding or deleting cookie information and grasp corresponding webpage respectively.
Step S104, as target web, recurrence is carried out with the webpage of entry address correspondence: extract the internal links address that comprises in the target web, grasp the webpage of the internal links address correspondence of extracting, with the webpage that grabs as target web.
The internal links address is defined under a label in the html file or under the href attribute usually, for the web at its place of sensing of mark in the webpage chained address under using, is the form of character string.Can be by all internal links addresses that comprise in a label in the traversal web page text or the href attributes extraction target web.
For example, the domain name of using as if web is
Www.abc.com, the internal links address of the webpage x.html under this web of same sensing that then defines in the webpage under this web uses uses namely can be "/x.html ".When directly visiting this webpage, its corresponding url is actual to be "
Www.abc.com/xxx.html".
If domain name be "
Www.abc.com" the webpage of web under using in comprise "
Www.def.com/ a.html " link, then this is linked as the external linkage address, is used for jumping to the page that other web use.In present embodiment and following embodiment, only extract the internal links address in the webpage, the external linkage address in the webpage is then skipped over.
In the present embodiment, as shown in Figure 2, the process that the recurrence among the step S104 is carried out is as follows:
Step S202 extracts the internal links address (may be a plurality of) that target web comprises, and does not then finish if do not comprise any internal links address in the target web.
Step S204, the webpage of the internal links address correspondence that extracting is extracted (may be a plurality of).
Step S206, with in the webpage that grabs each all as target web, respectively to its execution in step S202.
That is to say, by the internal links address in the recurrence extraction webpage, and the webpage of extracting internal links address correspondence, pass through all related pages of internal links address generation with the entry address down thereby can obtain whole web application.Because the web attack script is uploaded voluntarily by the assailant usually, web uses in the webpage of issuing can not exist the internal links address of pointing to this web attack script, and therefore, the internal links address that recurrence is extracted is safe and reliable chained address.
In one embodiment, extract after the internal links address that comprises in the target web, also can filter the internal links address of extracting, remove the internal links address of the corresponding resource file that extracts.Resource file in the webpage can comprise picture, audio frequency, video, flash, document and application program etc.Because the http that returns that the internal links address of access resources file correspondence obtains response is not web page files, therefore its filtration can be reduced expending of bandwidth resources.
Step S106 judges that the internal links address that recurrence is extracted is secure link.
As previously mentioned, the internal links address of extracting by recurrence extracting webpage is the secure link address.In the present embodiment, the step of extracting the internal links address that comprises in the target web also can store the internal links address (character string) of extracting or be updated in the secure address storehouse afterwards.The internal links address that is stored in the secure address storehouse is the internal links address that is judged as secure link.
The secure address storehouse can be a kind of in database table, xml file, configuration file or the memory cache.In the present embodiment, the secure address storehouse is corresponding with the entry address.That is to say that if exist a plurality of web to use, then each web uses by its domain name or IP address corresponding with corresponding secure address storehouse.Therefore, when the secure link address that each web uses is stored in the secure address storehouse, can only store the internal links address that aforementioned recurrence is extracted.
In one embodiment, can regularly carry out above-mentioned steps S102 to step S106, thus regular update secure address storehouse.
In one embodiment, also can utilize the secure address storehouse to web page access request filter.As shown in Figure 3, this filter method comprises:
Step S302 intercepts and captures the web page access request, extracts the resource request address of web page access request correspondence.
Step S304 judges whether the resource request address extract belongs to the secure address storehouse, if, execution in step S306 converting web page access request then.
The resource request address is the URL(Uniform Resource Locator in the web page access request, URL(uniform resource locator)) on the expression web server with the relative path of the corresponding resource file of web page access request, be the form of character string.The assailant is when utilizing the web attack script to steal the information of web application, usually earlier the web attack script is uploaded to the web server, address field input by browser (or other web clients) comprises the URL of the resource request address corresponding with this attack script then, thereby does not fetch this web attack script of direct visit by the chain in the webpage clicking.For example, if the web attack script that the assailant uploads is c.php, uploading the path is root, and the domain name that web uses is
Www.abc.com, then the assailant can be by keying in browser address bar
Www.abc.com/c.phpStart this web attack script.
Therefore, judgement by step S304, can be when the assailant directly visits resource file (being generally webpage) on the web server, obtain the resource request address in the web page access request, and judge whether it belongs to the secure address storehouse, namely judge by string matching whether this resource request address has been judged as the secure link address, if, then represent the internal links address character string coupling in the normal webpage of issuing on this resource request address and the web server, thereby transmit this request to corresponding web server, otherwise, can end to connect or redirected entry address and the log of being connected to.
In the present embodiment, further, if the resource request address of extracting does not belong to the secure address storehouse, execution in step S308 then, obtain web page access request corresponding response webpage, extract the internal links address that comprises in the response webpage, and execution in step S310, judge whether have at least the threshold value number to belong to the secure address storehouse in the internal links address, if, execution in step S312 then, resource request address (character string) added in the secure address storehouse, otherwise, execution in step S314, end to connect or be redirected and be connected to entry address and log.
Web uses the webpage of new issue, or the webpage that needs certain authority to visit, and aforesaid step S104 can't grasp usually fully, thereby makes the secure address storehouse not obtain real-time update.Therefore, at this situation, can be by the execution in step S308 webpage that meets with a response, and by the response webpage being filtered to judge whether its corresponding web page access request is used for starting the web attack script.Owing to can not comprise the internal links address or comprise less internal links address usually in the web attack script that the assailant uploads, therefore, can be by threshold value be set, and judge the internal links address that comprises in the response webpage whether have part belong to the secure address storehouse judge this response webpage whether with this web use other webpages down produce by internal links related, thereby judgement responds whether the web page access request of webpage correspondence is the trigger request that the assailant is used to start the web attack script.
Generally, owing to the web application self has the access limit management, the assailant usually can only be by the confidential data of web attack script reading section web application, and application destroys to web by write operation and do not have authority.Therefore, if response only comprises the internal links address that belongs to the secure address storehouse that is less than the threshold value number in the webpage, then this response webpage is namely very likely stolen the result data of stealing that returns behind the web application private data for the web attack script.It can be abandoned and make the assailant can't take private data by be redirected connecting, thereby improve the fail safe that web uses.
Need to prove, said method relies on computer program fully and realizes, can run on gateway device, virtual gateway etc. has on the computer system of gateway function, and the computer program in aforementioned generation secure address storehouse both can run on this computer system with gateway function, also may operate at other independently on the computer system.For the computer program that generates the secure address storehouse, both only are the memory location difference in secure address storehouse.
In one embodiment, also white list can be set manually, its step is the resource request address that obtains input, and the resource request address is stored or is updated in the secure address storehouse.
Some web is applied in after the issue; website maintenance personnel can use some resource request address visit web servers that are used to test usually; these resource request addresses can not be recorded in announced other web pages as the internal links address, directly import the URL that comprises this resource request address by the tester by browser usually and visit and trigger corresponding test script.For this test script, manually add in the secure address storehouse resource request address that then can it is corresponding, thereby make the tester can normally finish the script test function.
In one embodiment, as shown in Figure 4, a kind of chained address fail safe checkout gear 10 includes port address acquisition module 102, webpage extracting module 104 and secure link determination module 106, wherein:
Entry address acquisition module 102 is used for obtaining the entry address, grasps the webpage of entry address correspondence.
The entry address is that web uses the reference address of (website), is generally the homepage that web uses or the url that lands page or leaf.The webpage of extracting entry address correspondence namely obtains the html response of web server by the access entrance address, extract the webpage that comprises in the html response.In one embodiment, can grasp webpage by web crawlers.
In the present embodiment, also can obtain the cookie information that web uses, and grasp the webpage of entry address correspondence according to this cookie information.Include the log-on message that web uses in the cookie information, can this logon information be set in the parameter of web crawlers, make web crawlers to simulate and land the web application, thereby grasp the page that some need land.
For example, in web uses, landing state and the state that do not land when visiting same link respectively, the page that returns is different usually, can make that the webpage that grasps is more comprehensive, thereby improve the accuracy of judgement by adding or deleting cookie information and grasp corresponding webpage respectively.
Webpage grasps module 104, is used for webpage with the entry address correspondence as target web, and recurrence is carried out: extract the internal links address that comprises in the target web, grasp the webpage of the internal links address correspondence of extracting, with the webpage that grabs as target web.
The internal links address is defined under a label in the html file or under the href attribute usually, for the web at its place of sensing of mark in the webpage chained address under using, is the form of character string.Can be by all internal links addresses that comprise in a label in the traversal web page text or the href attributes extraction target web.
For example, the domain name of using as if web is
Www.abc.com, the internal links address of the webpage x.html under this web of same sensing that then defines in the webpage under this web uses uses namely can be "/x.html ".When directly visiting this webpage, its corresponding url is actual to be "
Www.abc.com/xxx.html".
If domain name be "
Www.abc.com" the webpage of web under using in comprise "
Www.def.com/ a.html " link, then this is linked as the external linkage address, is used for jumping to the page that other web use.In present embodiment and following embodiment, only extract the internal links address in the webpage, the external linkage address in the webpage is then skipped over.
By the internal links address in the recurrence extraction webpage, and the webpage of extracting internal links address correspondence, all related pages of internal links address generation passed through with the entry address down thereby can obtain whole web application.Because the web attack script is uploaded voluntarily by the assailant usually, web uses in the webpage of issuing can not exist the internal links address of pointing to this web attack script, and therefore, the internal links address that recurrence is extracted is safe and reliable chained address.
In one embodiment, extract after the internal links address that comprises in the target web, webpage grasps module 104 and also can be used for the internal links address of extracting is filtered, and removes the internal links address of the corresponding resource file that extracts.Resource file in the webpage can comprise picture, audio frequency, video, flash, document and application program etc.Because the http that returns that the internal links address of access resources file correspondence obtains response is not web page files, therefore its filtration can be reduced expending of bandwidth resources.
Secure link determination module 106 is used for judging that the internal links address that recurrence is extracted is secure link.
As previously mentioned, the internal links address of extracting by recurrence extracting webpage is the secure link address.In the present embodiment, secure link determination module 106 can be used for the internal links address (character string) of extracting is stored or is updated in the secure address storehouse.The internal links address that is stored in the secure address storehouse is the internal links address that is judged as secure link.
The secure address storehouse can be a kind of in database table, xml file, configuration file or the memory cache.In the present embodiment, the secure address storehouse is corresponding with the entry address.That is to say that if exist a plurality of web to use, then each web uses by its domain name or IP address corresponding with corresponding secure address storehouse.Therefore, when the secure link address that each web uses is stored in the secure address storehouse, can only store the internal links address that aforementioned recurrence is extracted.
In one embodiment, as shown in Figure 5, chained address fail safe checkout gear 10 also comprises request filtering module 108, be used for intercepting and capturing the web page access request, extract the resource request address of web page access request correspondence, judge whether the resource request address extract belongs to the secure address storehouse, if, converting web page access request then.
The resource request address is the URL(Uniform Resource Locator in the web page access request, URL(uniform resource locator)) on the expression web server with the relative path of the corresponding resource file of web page access request, be the form of character string.The assailant is when utilizing the web attack script to steal the information of web application, usually earlier the web attack script is uploaded to the web server, address field input by browser (or other web clients) comprises the URL of the resource request address corresponding with this attack script then, thereby does not fetch this web attack script of direct visit by the chain in the webpage clicking.For example, if the web attack script that the assailant uploads is c.php, uploading the path is root, and the domain name that web uses is
Www.abc.com, then the assailant can be by keying in browser address bar
Www.abc.com/c.phpStart this web attack script.
Therefore, filter by request filtering module 108, can be when the assailant directly visits resource file (being generally webpage) on the web server, obtain the internal links address of this webpage, and judge whether it belongs to the secure address storehouse, namely judge by string matching whether this resource request address has been judged as the secure link address, if, then represent the internal links address character string coupling in the normal webpage of issuing on this resource request address and the web server, thereby transmit this request to corresponding web server, otherwise, can end to connect or redirected entry address and the log of being connected to.
In the present embodiment, further, as shown in Figure 5, chained address fail safe checkout gear 10 also comprises response filtering module 110, when being used for not belonging to the secure address storehouse in the resource request address of extracting, then obtains web page access request corresponding response webpage, extract the internal links address that comprises in the response webpage, judge whether have at least the threshold value number to belong to the secure address storehouse in the internal links address, if then resource request address (character string) added in the secure address storehouse
Web uses the webpage of new issue, or the webpage that needs certain authority to visit, and aforesaid webpage grasps module 104 and can't grasp fully usually, thereby makes the secure address storehouse not obtain real-time update.Therefore, at this situation, response filtering module 110 can be by filtering to judge whether its corresponding web page access request is used for starting the web attack script to the response webpage.Owing to can not comprise the internal links address or comprise less internal links address usually in the web attack script that the assailant uploads, therefore, can be by threshold value be set, and judge the internal links address that comprises in the response webpage whether have part belong to the secure address storehouse judge this response webpage whether with this web use other webpages down produce by internal links related, thereby judgement responds whether the web page access request of webpage correspondence is the trigger request that the assailant is used to start the web attack script.
Generally, owing to the web application self has the access limit management, the assailant usually can only be by the confidential data of web attack script reading section web application, and application destroys to web by write operation and do not have authority.Therefore, if response only comprises the internal links address that belongs to the secure address storehouse that is less than the threshold value number in the webpage, then this response webpage is namely very likely stolen the result data of stealing that returns behind the web application private data for the web attack script.It can be abandoned and make the assailant can't take private data by be redirected connecting, thereby improve the fail safe that web uses.
In one embodiment, as shown in Figure 5, chained address fail safe checkout gear 10 comprises that also white list arranges module 112, is used for obtaining the resource request address of input, and the resource request address is stored or is updated in the secure address storehouse.
Some web is applied in after the issue; website maintenance personnel can use some resource request address visit web servers that are used to test usually; these resource request addresses can not be recorded in announced other web pages as the internal links address, directly import the URL that comprises this resource request address by the tester by browser usually and visit and trigger corresponding test script.For this test script, manually add in the secure address storehouse resource request address that then can it is corresponding, thereby make the tester can normally finish the script test function.
Above-mentioned chained address safety detecting method and device by the internal links address in the recurrence extracting target web extraction target web, have got access to the internal links address of the generation linking relationship corresponding with the entry address of web application.Because the web attack script is uploaded voluntarily by the assailant usually, web uses in the webpage of issuing can not exist the internal links address of pointing to this web attack script, and therefore, the internal links address that recurrence gets access to is the secure link address.Compare with the mode of passing through string matching inspection grammer in the conventional art, accuracy is higher, thereby has also improved the fail safe that web uses.
The above embodiment has only expressed several execution mode of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to claim of the present invention.Should be pointed out that for the person of ordinary skill of the art without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection range of patent of the present invention should be as the criterion with claims.
Claims (10)
1. chained address safety detecting method comprises:
Obtain the entry address, grasp the webpage of described entry address correspondence;
As target web, recurrence is carried out with the webpage of described entry address correspondence: extract the internal links address that comprises in the described target web, grasp the webpage of the described internal links address correspondence of extracting, with the described webpage that grabs as target web;
Judge that the internal links address that described recurrence is extracted is secure link.
2. chained address according to claim 1 safety detecting method is characterized in that, also comprises after the step of the internal links address that comprises in the described target web of described extraction:
Described internal links address of extracting is stored or is updated in the secure address storehouse.
3. chained address according to claim 2 safety detecting method is characterized in that described method also comprises:
Intercept and capture the web page access request, the resource request address of extracting described web page access request correspondence;
Judge whether described resource request address of extracting belongs to described secure address storehouse, if then transmit described web page access request.
4. chained address according to claim 3 safety detecting method is characterized in that, describedly judges described resource request address of extracting also comprises after whether belonging to the step in described secure address storehouse:
If described resource request address of extracting does not belong to described secure address storehouse, then obtain described web page access request corresponding response webpage;
Extract the internal links address that comprises in the described response webpage, judge whether have at least the threshold value number to belong to described secure address storehouse in the described internal links address, if then described resource request address is added in the described secure address storehouse.
5. according to the described chained address of claim 1 to 4 safety detecting method, it is characterized in that described method also comprises:
Obtain the resource request address of input;
Described resource request address is stored or is updated in the secure address storehouse.
6. a chained address fail safe checkout gear is characterized in that, comprising:
The entry address acquisition module is used for obtaining the entry address, grasps the webpage of described entry address correspondence;
Webpage grasps module, be used for webpage with described entry address correspondence as target web, recurrence is carried out: extract the internal links address that comprises in the described target web, grasp the webpage of the described internal links address correspondence of extracting, with the described webpage that grabs as target web;
The secure link determination module is used for judging that the internal links address that described recurrence is extracted is secure link.
7. fail safe checkout gear in chained address according to claim 6 is characterized in that, described secure link determination module also is used for described internal links address storage of extracting or is updated to the secure address storehouse.
8. fail safe checkout gear in chained address according to claim 7, it is characterized in that, described device also comprises the request filtering module, be used for intercepting and capturing the web page access request, extract the resource request address of described web page access request correspondence, judge whether described resource request address of extracting belongs to described secure address storehouse, if then transmit described web page access request.
9. fail safe checkout gear in chained address according to claim 8, it is characterized in that, described device also comprises the response filtering module, when being used for not belonging to described secure address storehouse in described resource request address of extracting, then obtain described web page access request corresponding response webpage, extract the internal links address that comprises in the described response webpage, judge whether have at least the threshold value number to belong to described secure address storehouse in the described internal links address, if then described resource request address is added in the described secure address storehouse.
10. according to the described chained address fail safe of claim 6 to 9 checkout gear, it is characterized in that described device comprises that also white list arranges module, be used for obtaining the resource request address of input, described resource request address is stored or is updated in the secure address storehouse.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310152898.XA CN103312692B (en) | 2013-04-27 | 2013-04-27 | Chained address safety detecting method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310152898.XA CN103312692B (en) | 2013-04-27 | 2013-04-27 | Chained address safety detecting method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103312692A true CN103312692A (en) | 2013-09-18 |
CN103312692B CN103312692B (en) | 2016-09-14 |
Family
ID=49137477
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310152898.XA Active CN103312692B (en) | 2013-04-27 | 2013-04-27 | Chained address safety detecting method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103312692B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104102697A (en) * | 2014-06-27 | 2014-10-15 | 深信服网络科技(深圳)有限公司 | Method and device for managing external link in web application |
CN104468694A (en) * | 2013-09-25 | 2015-03-25 | 索尼公司 | System and methods for providing a network application proxy agent |
CN106657044A (en) * | 2016-12-12 | 2017-05-10 | 杭州电子科技大学 | Webpage address hopping method for improving security defense of website system |
CN110300111A (en) * | 2019-06-28 | 2019-10-01 | 北京金山云网络技术有限公司 | Page display method, device, terminal device and server |
CN110851840A (en) * | 2019-11-13 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | WEB backdoor detection method and device based on website vulnerability |
CN113329032A (en) * | 2021-06-23 | 2021-08-31 | 深信服科技股份有限公司 | Attack detection method, device, equipment and medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040205076A1 (en) * | 2001-03-06 | 2004-10-14 | International Business Machines Corporation | System and method to automate the management of hypertext link information in a Web site |
CN1870493A (en) * | 2006-06-15 | 2006-11-29 | 北京华景中天信息技术有限公司 | Scanning method for network station leakage |
CN101388768A (en) * | 2008-10-21 | 2009-03-18 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting malicious HTTP request |
CN101510195A (en) * | 2008-02-15 | 2009-08-19 | 刘峰 | Website safety protection and test diagnosis system structure method based on crawler technology |
CN102419808A (en) * | 2011-09-28 | 2012-04-18 | 奇智软件(北京)有限公司 | Method, device and system for detecting safety of download link |
-
2013
- 2013-04-27 CN CN201310152898.XA patent/CN103312692B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040205076A1 (en) * | 2001-03-06 | 2004-10-14 | International Business Machines Corporation | System and method to automate the management of hypertext link information in a Web site |
CN1870493A (en) * | 2006-06-15 | 2006-11-29 | 北京华景中天信息技术有限公司 | Scanning method for network station leakage |
CN101510195A (en) * | 2008-02-15 | 2009-08-19 | 刘峰 | Website safety protection and test diagnosis system structure method based on crawler technology |
CN101388768A (en) * | 2008-10-21 | 2009-03-18 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting malicious HTTP request |
CN102419808A (en) * | 2011-09-28 | 2012-04-18 | 奇智软件(北京)有限公司 | Method, device and system for detecting safety of download link |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468694A (en) * | 2013-09-25 | 2015-03-25 | 索尼公司 | System and methods for providing a network application proxy agent |
CN104102697A (en) * | 2014-06-27 | 2014-10-15 | 深信服网络科技(深圳)有限公司 | Method and device for managing external link in web application |
CN106657044A (en) * | 2016-12-12 | 2017-05-10 | 杭州电子科技大学 | Webpage address hopping method for improving security defense of website system |
CN110300111A (en) * | 2019-06-28 | 2019-10-01 | 北京金山云网络技术有限公司 | Page display method, device, terminal device and server |
CN110851840A (en) * | 2019-11-13 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | WEB backdoor detection method and device based on website vulnerability |
CN110851840B (en) * | 2019-11-13 | 2022-03-11 | 杭州安恒信息技术股份有限公司 | WEB backdoor detection method and device based on website vulnerability |
CN113329032A (en) * | 2021-06-23 | 2021-08-31 | 深信服科技股份有限公司 | Attack detection method, device, equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN103312692B (en) | 2016-09-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102469113B (en) | Security gateway and method for forwarding webpage by using security gateway | |
CN105184159B (en) | The recognition methods of webpage tamper and device | |
CN101895516B (en) | Method and device for positioning cross-site scripting attack source | |
CN103179095B (en) | A kind of method and client terminal device detecting fishing website | |
CN101388768B (en) | Method and device for detecting malicious HTTP request | |
CN105933268A (en) | Webshell detection method and apparatus based on total access log analysis | |
CN103312692A (en) | Link address safety detection method and device | |
CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
CN102467633A (en) | Method and system for safely browsing webpage | |
CN103001817B (en) | A kind of method and apparatus of real-time detection of webpage cross-domain request | |
CN104199962B (en) | A kind of credible webpage evidence-obtaining system and its evidence collecting method based on three layers of credible webpage Forensics Model | |
CN103914655A (en) | Downloaded file security detection method and device | |
CN105760379B (en) | Method and device for detecting webshell page based on intra-domain page association relation | |
CN101808093A (en) | System and method for automatically detecting WEB security | |
CN104253785B (en) | Dangerous network address recognition methods, apparatus and system | |
CN104125209A (en) | Malicious website prompt method and router | |
CN103561012A (en) | WEB backdoor detection method and system based on relevance tree | |
WO2017063274A1 (en) | Method for automatically determining malicious-jumping and malicious-nesting offensive websites | |
CN113342639B (en) | Applet security risk assessment method and electronic device | |
KR100968126B1 (en) | System for Detecting Webshell and Method Thereof | |
CN107437026B (en) | Malicious webpage advertisement detection method based on advertisement network topology | |
CN104967628A (en) | Deceiving method of protecting web application safety | |
CN105488400A (en) | Comprehensive detection method and system of malicious webpage | |
CN102855418A (en) | Method for discovering Web intranet agent bugs | |
CN103294952A (en) | Method and system for detecting webshell based on page relation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200615 Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SANGFOR TECHNOLOGIES Inc. Address before: 518051 room 410, technology innovation service center, 1 Qilin Road, Shenzhen, Guangdong, Nanshan District Patentee before: Shenxin network technology (Shenzhen) Co.,Ltd. |