Настройки

Укажите год
-

Небесная энциклопедия

Космические корабли и станции, автоматические КА и методы их проектирования, бортовые комплексы управления, системы и средства жизнеобеспечения, особенности технологии производства ракетно-космических систем

Подробнее
-

Мониторинг СМИ

Мониторинг СМИ и социальных сетей. Сканирование интернета, новостных сайтов, специализированных контентных площадок на базе мессенджеров. Гибкие настройки фильтров и первоначальных источников.

Подробнее

Форма поиска

Поддерживает ввод нескольких поисковых фраз (по одной на строку). При поиске обеспечивает поддержку морфологии русского и английского языка
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Укажите год
Укажите год
Применить Всего найдено 3. Отображено 3.
01-02-2012 дата публикации

Dynamic detection method for cross-site forged request

Номер: CN0101883024B
Автор: PENG SHUSHEN, GU QING, CHEN DAOXU, SHUSHEN PENG, QING GU, DAOXU CHEN
Принадлежит:

The invention discloses a dynamic detection method for a cross-site forged request, which comprises the following steps: collecting HTTP request information; analyzing whether a request is a CSRF suspect request or not according to the collected information; generating a test case aiming at the suspect request and finding out all suspect parameters contained by the suspect request; using the suspect parameters to generate a plurality of forged requests and generating a test case for each forged request; when an environment in which the suspect request is generated recurs, executing the forgedrequest corresponding to each test case; detecting CSRF vulnerabilities; and according to the suspect request, the execution information of the suspect request, the forged requests and the execution information of the forged requests, analyzing whether the forged requests find the CSRF vulnerabilities in Web application or not, forming a report and helping a Web application developer to repair the vulnerabilities ...

Подробнее
Номер записи: 1
15-12-2010 дата публикации

Static detection method of incredible variables in PHP (Professional Hypertext Preprocessor) language Web application

Номер: CN0101916340A
Автор: QING GU, SHUSHEN PENG, XIAOAN CHEN, DAOXU CHEN, GU QING, PENG SHUSHEN, CHEN XIAOAN, CHEN DAOXU
Принадлежит:

The invention discloses a static detection method of incredible variables in a PHP (Professional Hypertext Preprocessor) language Web application, which comprises the following steps of: (1) recognizing all entry files of PHP Web application; (2) extracting PHP codes starting from the entry files, avoiding the interference of HTML codes, and integrating all related PHP files and codes by using an iterative method; (3) based on the unit of integrated functional modules, recognizing the incredible variables by using a static analysis method; and (4) summarizing the extraction results of all the modules, generating reports, and recording the PHP files and the specific position of each incredible variable. Compared with the prior art, the static detection method has simple realization, high recognition rate and good expandability; the problem that the incredible variables are difficult to be detected in the Web application programmed in weak type language and typeless language in the prior ...

Подробнее
Номер записи: 2
10-11-2010 дата публикации

Dynamic detection method for cross-site forged request

Номер: CN0101883024A
Автор: SHUSHEN PENG, QING GU, DAOXU CHEN, PENG SHUSHEN, GU QING, CHEN DAOXU
Принадлежит:

The invention discloses a dynamic detection method for a cross-site forged request, which comprises the following steps: collecting HTTP request information; analyzing whether a request is a CSRF suspect request or not according to the collected information; generating a test case aiming at the suspect request and finding out all suspect parameters contained by the suspect request; using the suspect parameters to generate a plurality of forged requests and generating a test case for each forged request; when an environment in which the suspect request is generated recurs, executing the forged request corresponding to each test case; detecting CSRF vulnerabilities; and according to the suspect request, the execution information of the suspect request, the forged requests and the execution information of the forged requests, analyzing whether the forged requests find the CSRF vulnerabilities in Web application or not, forming a report and helping a Web application developer to repair the ...

Подробнее
Номер записи: 3