| With WEB application popularizing, hackers have attacked WEB applications by using vunlerabiltes of WEB applications. These attacks made huge harm. Now, WEB application security is one of most important issues of network application. Many vulnerabilites detect systems have some shortcomings such as can only detect known vulnerabilities,can not fully scan and detect WEB applications,blindly detect. It is necessary that we can efficiently,exactly test and assess security of WEB application. Therefore, that fully research WEB application security test and assessment technologies is significant.The paper discusses WEB application vulnerabilities, researches principles and key technologies of how to detect WEB application vulnerabilities, presents a new module that is a WEB application security test and assessment module based on data gathering. WEB application traverse module can automatically,fully traverse WEB application and efficiently extract,gather WEB application protocol datum which can help to understand,grasp WEB application and detect all kinds of unknown vulnerabilities. WEB application security test and assessment module adds white-box test elements to black-box test. This module can improve pertinency,veracity,efficiency of vunlerabilty detection and can authentically simulate hacker's attacks. The paper presents a feedback mechanism which is a new mechansim that can help optimize performance of vulnerabilites database and a relevant feedback dyanmaic optimize arithmetic. Vulnerabilites database can embody variational rule of real vulnerabities by using the feedback mechanism. The paper researches OCTAVE risk assess method which be applied to assess risk of WEB application system. Finally, the paper designs and implements a WEB application security test and assessment prototype system. The system can scan and detect many kinds of WEB application vulnerabilites and can give a full, detailed report of WEB application vunlerabilites. |
PDF Full Text Request