Patents by Inventor Guangxu Liu
Guangxu Liu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10491618Abstract: A website scanning apparatus having a policy analysis device for determining whether a link in a target website belongs to a known web application used by the target website, if the link belongs to the identified web application, then a vulnerability scanning is not performed on the link; a crawler device for obtaining the link content that the link points to; a web application identification device for determining whether the link belongs to a known web application; a full scan device for performing a full vulnerability scanning on a link determined as not belonging to the known web application; and a known web application vulnerability detection device for performing vulnerability detection on the website for the determined identified web application according to known vulnerabilities of the identified web application to determine whether the known vulnerabilities of the identified web application exist in the website is provided.Type: GrantFiled: September 8, 2011Date of Patent: November 26, 2019Assignee: NSFOCUS INFORMATION TECHNOLOGY CO., LTD.Inventors: Da Zhou, Xiaoming Wang, Ming Lv, Hui Jiang, Guangxu Liu, Xiaohai Lu, Na Li, Liang Lu, Jingjing Zeng
-
Patent number: 9215246Abstract: The invention discloses a website scanning apparatus for performing a security vulnerability scanning on a target website, which apparatus comprises: a web page obtaining component obtaining current content and/or features of a web page corresponding to a link to be processed; a link processing component including a change judgment device for judging whether the web page corresponding to the link to be processed has been changed based on stored web page content and/or features corresponding to the link to be processed as well as the current web page content and/or features of the link to be processed; and a vulnerability detecting component for performing a security vulnerability detection on a web page corresponding to a link to be processed for which the web page has been changed. The invention also discloses a website scanning method corresponding thereto.Type: GrantFiled: October 21, 2011Date of Patent: December 15, 2015Assignee: NSFOCUS INFORMATION TECHNOLOGY CO., LTD.Inventors: Da Zhou, Xiaoming Wang, Ming Lv, Hui Jiang, Guangxu Liu, Xiaohai Lu, Na Li, Xing Ye
-
Patent number: 9021593Abstract: The present invention discloses a XSS detection method for detecting the XSS vulnerabilities in a web page, comprising for each parameter-value pair in a set of parameter-value pairs that can be accepted by the web page: constructing a parameter-value pair in which a dedicated script is inserted; assembling a URL corresponding to the web page based on the parameter-value pair in which a dedicated script is inserted; acquiring the dynamic web page content corresponding to the assembled URL; and simulating the execution of the acquired dynamic web page content, if the dedicated script is executed, it is determined that the processing of the parameter in the web page contains XSS vulnerabilities. The present invention further discloses a corresponding XSS detection device and a web site security scanning system and a web scanning system using such a device.Type: GrantFiled: July 23, 2010Date of Patent: April 28, 2015Assignee: NSFOCUS Information Technology Co., Ltd.Inventors: Guangxu Liu, Yujie Wen, Da Zhou, Xiaoming Wang, Xiaoxia Liu
-
Publication number: 20130276126Abstract: The invention discloses a website scanning apparatus for performing a security vulnerability scanning on a target website, which apparatus comprises: a web page obtaining component obtaining current content and/or features of a web page corresponding to a link to be processed; a link processing component including a change judgment device for judging whether the web page corresponding to the link to be processed has been changed based on stored web page content and/or features corresponding to the link to be processed as well as the current web page content and/or features of the link to be processed; and a vulnerability detecting component for performing a security vulnerability detection on a web page corresponding to a link to be processed for which the web page has been changed. The invention also discloses a website scanning method corresponding thereto.Type: ApplicationFiled: October 21, 2011Publication date: October 17, 2013Applicant: NSFOCUS INFORMATION TECHNOLOGY CO., LTD.Inventors: Da Zhou, Xiaoming Wang, Ming Lv, Hui Jiang, Guangxu Liu, Xiaohai Lu, Na Li, Xing Ye
-
Publication number: 20130227640Abstract: Described is a website scanning apparatus comprising a policy analysis device for determining whether a link in a target website belongs to a known web application used by the target website. If the link belongs to the identified web application, then a vulnerability scanning is not performed on the link; a crawler device for obtaining the link content that the link points to; a web application identification device for determining whether the link belongs to a known web application; a full scan device for performing a full vulnerability scanning on a link determined as not belonging to the known web application; and a known web application vulnerability detection device for performing vulnerability detection for the identified web application according to known vulnerabilities to determine whether the known vulnerabilities exist in the website. A website scanning method employed by the website scanning apparatus is also described.Type: ApplicationFiled: September 8, 2011Publication date: August 29, 2013Applicant: NSFOCUS INFORMATION TECHNOLOGY CO., LTD.Inventors: Da Zhou, Xiaoming Wang, Ming Lv, Hui Jiang, Guangxu Liu, Xiaohai Lu, Na Li, Liang Lu, Jingjing Zeng
-
Publication number: 20120198558Abstract: The present invention discloses a XSS detection method for detecting the XSS vulnerabilities in a web page, comprising for each parameter-value pair in a set of parameter-value pairs that can be accepted by the web page: constructing a parameter-value pair in which a dedicated script is inserted; assembling a URL corresponding to the web page based on the parameter-value pair in which a dedicated script is inserted; acquiring the dynamic web page content corresponding to the assembled URL; and simulating the execution of the acquired dynamic web page content, if the dedicated script is executed, it is determined that the processing of the parameter in the web page contains XSS vulnerabilities. The present invention further discloses a corresponding XSS detection device and a web site security scanning system and a web scanning system using such a device.Type: ApplicationFiled: July 23, 2010Publication date: August 2, 2012Applicant: NSFOCUS INFORMATION TECHNOLOGY CO., LTD.Inventors: Guangxu Liu, Yujie Wen, Da Zhou, Xiaoming Wang, Xiaoxia Liu