System and Method of Monitoring Attacks of Cross Site Script
First Claim
1. A system for monitoring cross site scripting attacks, comprising:
- one or more processors; and
memory to maintain a plurality of components executable by the one or more processors, the plurality of components comprising;
a business module configured to receive and reply to a service request from a client terminal,a redefining module configured to;
redefine a scripting internal function applied by a cross site scripting attack, andreturn redefined information for the scripting internal function to the client terminal,a monitoring module configured to monitor calling information of the client terminal in relation to the redefined scripting internal function, andan analyzing module configured to analyze security of the calling information of the client terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure provides techniques for monitoring a cross site scripting attack. These techniques may receive and reply to, by a computing device, a service request from a client terminal. The computing device may then redefine a scripting internal function applied by the cross site scripting attack, and return redefined information for the scripting internal function to the client terminal. The computing device may monitor calling information of the client terminal in relation to the redefined scripting internal function, and analyze the security of the calling information. The computing device may monitor an attacking source, an attacking time period, leakage information in the attack, and/or a vulnerability point in the attack that are associated with the cross site scripting attack.
6 Citations
20 Claims
-
1. A system for monitoring cross site scripting attacks, comprising:
-
one or more processors; and memory to maintain a plurality of components executable by the one or more processors, the plurality of components comprising; a business module configured to receive and reply to a service request from a client terminal, a redefining module configured to; redefine a scripting internal function applied by a cross site scripting attack, and return redefined information for the scripting internal function to the client terminal, a monitoring module configured to monitor calling information of the client terminal in relation to the redefined scripting internal function, and an analyzing module configured to analyze security of the calling information of the client terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for monitoring cross site scripting attacks, comprising:
-
receiving and replying to a service request from a client terminal; redefining a scripting internal function applied by a cross site scripting attack; returning redefined information for the scripting internal function to the client terminal; monitoring calling information of the client terminal in relation to the redefined scripting internal function; and analyzing security of the calling information of the client terminal. - View Dependent Claims (12, 13, 14, 15)
-
-
16. One or more computer-readable media storing computer-executable instructions that, when executed by one or more processors, instruct the one or more processors to perform acts comprising:
-
receiving a service request from a client terminal; redefining a scripting internal function applied a cross site scripting attack; returning redefined information for the scripting internal function to the client terminal; monitoring calling information of the client terminal in relation to the redefined scripting internal function; and analyzing security of the calling information of the client terminal. - View Dependent Claims (17, 18, 19, 20)
-
Specification