利索-全球专利检索

  1. 登录
  2. 注册
发明授权
CN101459548B 一种脚本注入攻击检测方法和系统 失效 - 权利终止

一种脚本注入攻击检测方法和系统
摘要:
一种脚本注入攻击检测方法和系统,属于计算网络技术领域。包括HTTP请求获取、从HTTP请求中提取用户输入数据、对用户输入数据进行脚本注入攻击检测和脚本注入攻击事件报警等步骤,所述的对用户输入数据进行脚本注入攻击检测步骤包括用户输入数据解码、文档对象模型结构分析、文档对象模型脚本提取和脚本语法检测等步骤。所述的脚本注入攻击检测系统包括HTTP请求获取模块、用户输入数据提取模块、脚本注入攻击检测模块和脚本注入攻击报警模块,所述的脚本注入攻击检测模块包括用户输入数据解码模块、文档对象模型结构分析模块、注入脚本提取模块和脚本语法检测模块。脚本注入攻击检测方法和系统适合应用于Web服务安全保障产品。
摘要(英):

A script injection and attacking detection method and a system belong to the technical field of computing network, wherein the method comprises requesting and obtaining by HTTP, extracting user input data from HTTP request, doing script injection and attacking detection to user input data, and alarming script injection and attacking affairs and the like, wherein script injection and attacking detection step to user input data comprises decoding user input data, analyzing document object model structure, extracting document object model script and detecting script grammar and the like. The script injection and attacking detection system comprises an HTTP requesting and obtaining module, a user inputting data extraction module, a script injection and attacking module and a script injection and attacking alarm module, wherein the script injection and attacking detection module comprises a user input data decoding module, a document object model structure analyzing module, an injection script extracting module and a script grammar detecting module. The script injection and attacking detection method and the system are suitable for applying in Web service security insurance products.

公开/授权文献
0/0