Design And Implementation Of The Penetration Testing System Based On Web

With the rapid development of Internet,Web applications have been widely used in various fields.However,the usability,ease of development and openness of Web applications make the increase of Web application security issues.A large number of Web application attacks have caused huge economic losses for companies and users.Web application security has become one of the most concerned by people about network problems.At the same time,how to detect Web application efficiently and accurately has become one of the hot researches in field of information security.Through the Web application penetration test scan,some security risks can be found,after these security risks be modified and made up in a timely manner,we can enhance the security of Web system,and this has a very important practical significance.The main work includes the following aspects:(1)This paper introduces the related HTTP protocol technologies,analyzes the causes of several common vulnerabilities generated attack methods and procedures,hazards,the detection and prevention methods,and the related theory of the penetration testing.(2)This paper introduces details of relevant web crawler technology,selects the breadth-first algorithm strategies and multi-threading technology,and use the technology to crawl URL of the site.(3)A penetration testing system based on Web application,which is mainly aiming to analysis and test the popular vulnerabilities,was designed to identify and detect popular SQL injection vulnerabilities,XSS vulnerabilities and directory traversal vulnerabilities on the current network.(4)A detailed description of the system work flow,and then introduces the realization process of the web crawler module,including the entire recursive crawling URL,URL standard format,URL filtering,URL transform process parameters.At the end of the paper,the design and implementation of the testing tool is introduced,which includes three typical Web application vulnerabilities.(5)Through develop test programs,set up a test environment,test and analysis for Web-based application penetration testing system,each module can verify that the system is working properly,the whole system functions achieves the desired design expectations.Finally,this paper summarizes the current work has been done,and the work carried out after planning and prospect.