Research And Application Of Web Security Vulnerability Detection System Base-on Grails

With the rapid development of Web technology, more and more Web applications which include online communities, online stores, online bank and so on have become a part of our life. So more attention has been paid to the research on its security, especially all kinds of Web security vulnerabilities such as Cross site scripting (XSS), SQL injection, cross site request forgery (CSRF) and so on continuously appear.Web application vulnerabilities have their unique nature, the attacks of Web application can bypass these basic precautions, for example,firewall, security operating systems. So Web application vulnerabilities must be detected by specialized system.At present there has been no specific vulnerability detection system for Web application. Therefore, the research on Web security vulnerabilities detection system has important practical significance.This paper firstly researched the theory about Web security vulnerability, compared and analysed the two detection systems which were based on network and hostbased, at the same time, researched vulnerability database technology and plug-in technology,and then designed a Web security vulnerability detection system base-on Grails. The main work of this system is as follows:(1) Improved vulnerability description and used the matching technology based on regular expression technology to realize vulnerability feature code detection;(2) Realized vulnerability detection plug-in by using Groovy script language;(3) Realized multi-threaded mechanism by using Timer class and TimerTask class;(4) Designed distributed vulnerability detection task scheduling model, and realized the model by genetic algorithm;(5) Completed the fast development of the prototype system by using Grails framework;Finally, through testing the system which had completed, the results showed that Web security vulnerability detection system can check the Web application procedure security in advance,find the security vulnerabilities that can be exploited by the attacker, guarantee the security of the Web application, therefore achieve the purpose of this study.