The Research And Realization Of The Army Network Security Loophole Examinable System

Enters for the 21st century, the world military holds up the head to enter into the information war time.The Iraqi war, the Afghan war and so on the near several high tech local war practices indicated that, in hostile bilateral firepower attack condition balanced today, to a great extent, the information flow security unobstructed already became the decision war victory and defeat day by day the main condition.The network relied on its highly effective fast characteristic already to become the information war time military command correspondence the main method . For the time being, there are more and more Web vulnerabilities which can be exploited by hackers, deliberate attacking and ill codes are spre ading out by Web world. Because of the limitation of the intrusion detection, the complexity of the network and system configuration and the like, Web is inevitably attacked by this or that means. Therefore, the construction vigorous and healthy, safe, the highly effective military information network becomes the world various armed forces the consistent topic.Web vulnerability detection is a kind of detective technique of remote or local Web vulnerability, which can complete the complex Web security detection by computer programs. The Web security loophole examines is carries on the inspection to the important Web server information, discovery in which may by the hacker use security loophole.The security loophole examines the result in fact is a Web system safety performance appraisal, it had pointed out which attack is possible, therefore the Web security loophole examines also is a Web safety program important constituent, this also causes the Web security loophole to examine the system to become the current information security domain the research hot spot. So it can also be thought a kind of Web security assess technique .Web vulneratility detection also provides Web vulnerability analysis and assess, at the same time which supplies decisive support for improving Web security rank. In short, Web vulnerability detection technique is a highly efficient means to be against Web attacking. The Web security loophole examines the system to be able to carry on the security collection of information and the security information integration to the Web security part, and carries on the security information analysis in this foundation, auxiliary decision-making, thus promotes the Web system the security.It can be said that, the Web security loophole examined the system already to become strengthens one of Web system safety important security tools.Therefore, examines the system to the Web security loophole the research to have the vital practical significanceThis paper first discusses the definition, source, characteristic attribute and detecting methods of Web vulnerability. Then it studies the Web vulnerability detection technique, including port scanning,vulnerability detection,operating system analysis,holes matching and Web application security. After that, the paper pays attention to the Web attacking technique on vulnerability then suggests apply web attacking to test SQL Injection vulnerability of Web application in this system . Based on above discuss, it puts forward a Web vulnerability detection model applying network architecture. In the end, this paper describes the design and implementation of Web Security Vulneratility Detection System ,that is"army eyes"system."army eyes"system will detect an appointed Web Server via internet.A Web security administrator(the user) uses"army eyes"system to perform Web vulnerability detection. Detection methods can be augmented by"army eyes"system plugins. And the detection results of"army eyes"system give suggestion for improving Web security rank.This article mainly divides into four major parts, the first part examines some basic concepts to the Web security loophole which in the system involves to carry on the classification and the simple introduction, and narrates the Web security loophole to examine the main technology in detail which in the system involves. For example: Examines the security loophole divides into two kind of strategies, the passive form strategy and the driving-type strategy, simultaneously proposed the examination three methods: (1) networking (2) port scanning technology and operating system characteristic analysis technology (3) loophole characteristic match technology. The second part explains the Web loophole attack and the Web safe examination relations by the example. Usually, a successful Web attack, first needs to collect the goal Web system the information, the definite goal Web ip address, the network architecture, the main engine type, the operating system, the opening service port, the movement Web server software and already existed informations and so on system loophole,Then has the pointed effective attack again to its implementation.But to the goal Web system information and the loophole information gain, at present mainly is examines the tool through the Web port scanning and the Web loophole to realize. The third part is examines the system function to the Web security loophole to carry on the analysis, then the establishment corresponding Web security loophole examines the model, proposed one kind examines the system based on the network Web security loophole.It carries on the safe examination through the network way to goal Web. Therefore, the Web safety manager may through use this examination system, examines to the goal system execution long-distance Web security loophole.The Web security loophole examines the loophole storehouse the expansion is through the plug-in unit way realization, the loophole examines the result the security loophole and the patching method which possibly exists to Web puts forward the effective proposal.This part is this article key point. The fourth part emphatically examines the main technical question to the Web security loophole which the system realization involves as well as for compiles the connection function which this system uses to carry on the specification, and finally is using the experiment to prove the Ming dynasty printed books Web security loophole to examine the system the feasibility.