JP2012226461A - Web inspection support system - Google Patents

Abstract

[PROBLEMS] To realize a support system that enables an administrator to effectively audit the use status of a Web application by each employee while suppressing an increase in necessary storage capacity.
When an HTTP request is transmitted from a client terminal to a Web server and a response is received, a relay processing unit that stores log information in a storage unit and a request that matches a search condition transmitted from an audit terminal are extracted, A search processing unit for transmitting a search result is provided. The search result screen 60 includes a request list display area 62 that displays a list of attribute items of each extracted request, and a response display area 66 that displays data in response. If the selected request is for requesting the transmission of HTML data, the search processing unit generates a Web screen with the necessary image data embedded in the HTML data, and the search result is displayed in the response display area 66 A screen 60 is generated.
[Selection] Figure 4

Description

  The present invention relates to a Web audit support system, and more particularly, to a technology that supports a manager of a company so that the use status of a Web application by an employee can be effectively audited at a low cost.

In recent years, with the enactment of the Japanese version of the SOX Law, etc., there has been a call for strengthening of the company's internal control system. The person is checked afterwards.
Specifically, the usage status of Web applications by employees is recorded in the following manner.
(1) Recording of access log This is to record the outline of HTTP request sent from the client terminal operated by each employee to the Web server and the outline of HTTP response in response to the log file in the proxy server. (See Non-Patent Document 1).
(2) Video recording of the operation screen This is because the dedicated monitoring program is placed in the client terminal operated by each employee, and the screen display when the user uses the Web application is displayed as continuous image data. Is recorded in an external storage device (see Non-Patent Document 2).

The Apache Software Foundation / Log file Internet URL: http://httpd.apache.org/docs/2.2/logs.html Search date: April 5, 2011 ESS REC (registered trademark) / system operation inspection / audit solution http://www.et-x.jp/product/ess_rec/index.html Search date: April 5, 2011

  In the case of the recording method (1) above, the log file is limited to the URL of the access destination, the operation command, the user name, the date, etc., so the administrator can confirm the specific browsing contents. Had to input this URL into a Web browser and actually access the Web site, which took a lot of work. Also, if the link was broken, the target website could not be browsed, and the audit could be insufficient.

  In the case of the recording method (2) above, the data entered by employees on the screen and the movement of the mouse pointer can be reproduced as movies, so the administrator can perform sufficient audits in terms of content. However, it is necessary to prepare a large-capacity external storage device, and the problem of cost performance has been pointed out. In addition, it takes a lot of labor and time to actually reproduce the moving image and confirm the contents, and there is a problem that human and time costs increase.

  The present invention has been devised in view of such a current situation, and an administrator can effectively use the Web application usage status by each employee while suppressing necessary increase in storage capacity. The purpose is to realize a support system that can be audited.

  In order to achieve the above object, the Web audit support system described in claim 1 transmits an HTTP request transmitted from a client terminal to a Web server, and stores the HTTP request in a log information storage unit; The HTTP response transmitted from the Web server is transmitted to the client terminal, and the HTTP processing is associated with the HTTP request and stored in the log information storage unit. The process for transmitting the search condition setting screen to the audit terminal when transmitted, and the HTTP that matches the search condition from the log information storage means when the log information search condition is transmitted from the audit terminal Executes the process of extracting the request or HTTP response and the process of generating the search result screen and sending it to the above audit terminal The search result screen is a list of requests that display the attribute items of the extracted HTTP request or the HTTP request attribute items corresponding to the extracted HTTP response. And at least a response display area for displaying data included in an HTTP response associated with one HTTP request selected in the request list display area in a predetermined format, and selected in the request list display area When the HTTP request is for requesting transmission of HTML data, the search processing means performs various external data specified in the HTML data for the HTML data included in the corresponding HTTP response. A search that generates a Web screen with embedded URL and displays it in the response display area It is characterized by generating a result screen.

  The Web audit support system described in claim 2 is based on the system of claim 1, and the search result screen further includes a detailed information display area for displaying the full text of the HTTP request selected in the request list display area. The Web audit support system according to claim 1, wherein the system is supported.

  The Web audit support system according to claim 3 is based on the system of claim 1 or 2, and further, the HTTP request selected in the request list display area transmits image data specified in HTML data. When requested, the search processing means generates a search result screen in which image data included in a corresponding HTTP response is displayed in the response display area.

  In the case of the Web audit support system according to claim 1, the response display area of the search result screen transmitted to the audit terminal includes the external data linked in the HTML data, as displayed on the client terminal screen. The system allows the administrator to check the contents of the screen the employee was browsing without having to access the actual website.

  In order to accurately reproduce the Web screen in the response display area of the search result screen, it is necessary to store the HTTP request and HTTP response full text in the log information storage means. Since it is generated by rendering processing for embedding data and the entire Web screen is not stored as image data, it is possible to effectively suppress the capacity expansion of the external storage device.

  In the case of the Web audit support system according to claim 2, the administrator has a mechanism for displaying the full text of the HTTP request in the detailed information display area. Therefore, the administrator can input data sent from the client terminal to the Web server, It is possible to check the contents of the selected data.

  The Web audit support system according to claim 3 has a mechanism for displaying the corresponding response content (image data) for each HTTP request for requesting delivery of the image data specified in the HTML data. The administrator can check the data exchange between the client terminal and the Web server more finely.

As shown in FIG. 1, the web audit support system 10 according to the present invention includes a relay processing unit 14, a log information storage unit 16, and a search processing unit 18 provided in the server 12.
The relay processing unit 14 and the search processing unit 18 are realized by the CPU of the server 12 operating according to the OS and a dedicated application program. The log information storage unit 16 is provided in the external storage device of the server 12.

  The relay processing unit 14 is a component that functions as a so-called proxy server, and an HTTP request (hereinafter, “request”) is received from each employee's client terminal 22 connected via a communication network 20 such as the Internet or a LAN. When it is sent, it is sent to the internal and external web servers 26 via the communication network 24 such as the Internet or LAN, and the HTTP response (hereinafter “response”) returned from the web server 26 is transferred to the client terminal 22. Execute the process.

  The relay processing unit 14 stores the requests transmitted from the respective client terminals 22 in the log information storage unit 16 one by one, and associates the responses transmitted from the web server 26 with the request, in the log information storage unit 16 Execute the process of storing one by one.

The client terminal 22 is a PC equipped with an OS and a web browser program.
The Web server 26 is composed of a server computer on which an OS and application programs for Web servers and application programs for various Web services are installed.

The search processing unit 18 is connected to an audit terminal 30 operated by an administrator via a communication network 28 such as the Internet or a LAN.
The audit terminal 30 includes a PC equipped with an OS and a web browser program.

The processing procedure in the system 10 will be described below according to the flowchart of FIG.
First, when a search request for log information is transmitted from the audit terminal 30 to the search processing unit 18 of the server 12 (S10), a search condition setting screen is transmitted from the search processing unit 18 to the audit terminal 30. (S12).
As a result, a search condition setting screen is displayed on the web browser of the audit terminal 30 (S14).

As shown in FIG. 3, the search condition setting screen 40 is provided with a date / time range designation field 42, a user account designation field 44, a method designation field 46, a URL designation field 48, and a keyword designation field 50. ing.
On the other hand, the administrator can limit only the requests and responses in which the date and time within this range are described as search targets by inputting specific numerical values in the date and time range specification field 42.
Further, the administrator can limit only the requests including the user account as search targets by inputting the user account of the employee in the user account designation field 44.

  The method specification field 46 is an item for limiting the method of the request. The administrator can use GET (command for requesting a data return), POST (command for sending data to the server), PUT (file to the server). By checking the check box 52 of what is necessary in the command when uploading a request, etc., it becomes possible to limit requests including a specific method as search targets.

In addition, the administrator can narrow down requests that have accessed a specific Web server as extraction targets by inputting a predetermined URL in the URL designation field 48.
Furthermore, the administrator can limit a request or a response including the character string as a search target by inputting a predetermined character string in the keyword specifying field 50.

The administrator who has specified the search condition in the necessary setting items clicks the search button 54. As a result, the search condition is transmitted from the Web browser of the audit terminal 30 to the search processing unit 18 (S16).
By the way, in FIG. 3, “March 25, 2011, midnight to March 30, 2011, midnight” is set as the date and time range, “user01” is set as the user account, and “GET” is set as the method. ing.

  Receiving this, the search processing unit 18 extracts a request and response that match the set search condition from the log information storage unit 16 (S18), and generates a search result screen based on the log information (S20). .

This search result screen is transmitted from the server 12 to the audit terminal 30 (S22) and displayed on the Web browser (S24).
As shown in FIG. 4, in this search result screen 60, a request list display area 62 for displaying a list of request attributes (date and time, user, method, URL, etc.) in a one-line format, and a list selected from this list are displayed. A detailed information display area 64 that displays the entire text (request line, message header, message body) of a single request, and a response display area 66 that displays a screen generated based on the response corresponding to the request Yes.

The response display area 66 displays a Web screen in which image data linked in the HTML data is embedded at a specified position with respect to the HTML data requested by the employee for distribution.
As a result, the administrator can immediately check the Web page that the audited employee actually sees.

  In the detailed information display area 64, since all the data entered by the employee for the form sent from the Web server 26 is also displayed, the administrator can accurately grasp the screen operation by the employee. Become.

When the administrator places the mouse pointer on another request in the list and clicks, the selection information of the request is transmitted from the audit terminal 30 to the server 12 (S26).
Receiving this, the search processing unit 18 performs a search in which the entire text of the request is described in the detailed information display area 64 and the Web screen generated based on the response corresponding to the request is reproduced in the response display area 66. A result screen 60 is generated (S28) and transmitted to the audit terminal 30 (S30).
As a result, although not shown, this new search result screen 60 is displayed on the web browser of the audit terminal 30 (S32).

  If the request selected by the administrator in the list is a request for delivery of specific image data linked in HTML data, the search result screen in which the image is displayed alone in the response display area 66 60 is transmitted from the server 12 and displayed on the audit terminal 30 (not shown).

The search result screen 60 has a sidebar including a date / time range specification field 42, a user account specification field 44, a method specification field 46, a URL specification field 48, a keyword specification field 50, and a search button 54. A condition setting area 68 is provided.
For this reason, the administrator sets other search conditions here and clicks the search button 54 to display the search result screen 60 related to another employee or another method, so that the audit can be performed from a different viewpoint. Can continue.

1 is a block diagram showing an overall configuration of a Web audit support system according to the present invention. It is a flowchart which shows the process sequence between an audit terminal and a server. It is a figure which shows the search condition setting screen displayed on the web browser of an audit terminal. It is a figure which shows the search result screen displayed on the web browser of an audit terminal.

10 Audit support system
12 servers
14 Relay processing section
16 Log information storage
18 Search processing section
20 Communication network
22 Client terminal
24 Communication network
26 Web server
28 Communication network
30 Audit terminal
40 Search condition setting screen
42 Date / time range specification field
44 User account specification field
46 Method specification field
48 URL specification field
50 Keyword specification field
52 Check box
54 Search button
60 Search results screen
62 Request list display area
64 Detailed information display area
66 Response display area
68 Search condition setting area

Claims (3)

The HTTP request transmitted from the client terminal is transmitted to the Web server, the HTTP request is stored in the log information storage means, and the HTTP response transmitted from the Web server is transmitted to the client terminal. Relay processing means for executing processing for storing the response in the log information storage means in association with the HTTP request;
When a search request is transmitted from the audit terminal, a process for transmitting a search condition setting screen to the audit terminal, and when a search condition for log information is transmitted from the audit terminal, the log information storage means A Web audit support system comprising: a process for extracting an HTTP request or an HTTP response that matches a search condition; and a search processing means for executing a process for generating a search result screen and transmitting it to the audit terminal,
The above search result screen shows the request list display area that lists the attribute items of the extracted HTTP request or the HTTP request attribute items that correspond to the extracted HTTP response, and one HTTP request selected in this request list display area And at least a response display area for displaying the data included in the HTTP response associated with the URL in a predetermined format,
When the HTTP request selected in the request list display area is for requesting transmission of HTML data, the search processing means, for the HTML data included in the corresponding HTTP response, A Web audit support system that generates a Web screen in which various specified external data are embedded, and generates a search result screen in which the screen is displayed in the response display area.   2. The Web audit support system according to claim 1, wherein the search result screen includes a detailed information display area for displaying the entire text of the HTTP request selected in the request list display area.   When the HTTP request selected in the request list display area is a request for transmission of image data specified in HTML data, the search processing means calculates the image data included in the corresponding HTTP response as described above. 3. The Web audit support system according to claim 1, wherein a search result screen displayed in the response display area is generated.

Images