System and method of monitoring attacks of cross site script

摘要

The present disclosure provides techniques for monitoring a cross site scripting attack. These techniques may receive and reply to, by a computing device, a service request from a client terminal. The computing device may then redefine a scripting internal function applied by the cross site scripting attack, and return redefined information for the scripting internal function to the client terminal. The computing device may monitor calling information of the client terminal in relation to the redefined scripting internal function, and analyze the security of the calling information. The computing device may monitor an attacking source, an attacking time period, leakage information in the attack, and/or a vulnerability point in the attack that are associated with the cross site scripting attack.

主权项

1. A system for monitoring cross site scripting attacks, comprising:
one or more processors; and memory including instructions executable by the one or more processors, which when executed perform the following steps:
receiving and replying to a service request from a client terminal,redefining a scripting internal function applied by a cross site scripting attack, the redefining of the scripting internal function comprising adding a monitoring code to monitor the calling of the scripting internal function, and the monitoring code being embedded in an application service page of a third party,returning redefined information for the scripting internal function to the client terminal,monitoring calling information of the client terminal in relation to the redefined scripting internal function, andanalyzing security of the calling information of the client terminal.