Research And Implementation Of Network Based Web Vulnerability Detection System

The development of World Wide Web, i.e. Web, Web is a great enovation of the computer technology, Web have changed all the things on the net. Web server software, allows the remote clients have the access to a certain part of the server hard disk, have changed the way of file share and information transmission completely; Web browser, with which we can interview more and more Web page on the net. Web technology is mostly on the basis of the dynamic Web interview, but not with the static Web page. This made Web popular.With the application of Web becoming more and more popular, there caused increasing attack of Web based on the Web server and the Web application vulnerabilities, and this arose most people's attention.The current detection and attacking tools are imperfect in detecting unknown vulnerabilities, traversing the target system completely, overall assessment of a target net and etc. The Web detection system based on the net is a part of the net evaluation system. Using the technology of plug-ins and detection databases, the detection system can find the target's Web server and some Web applications vulnerabilities, from the attacker's eyes. This kind of detection system has some strong points. The first it has a broad detection scope. The cecond is easy to use and flexible to upgrade. The third lies in the detecting way that is similar to what the hackers do. Therefore, to study this kind of scanning system is significative.First this paper followed the domestic and international present condition to study the corresponding data according to the extensive background of the project designation; then gave the concept of detection of the Web vulnerabilities. Studied and discussed the basic principle and frames of the design. Gave the integrate concept of the basic principle and frames of the design. With the knowledge, in the paper, a Web vulnerability detecting system based-on network is designed and its prototype is implemented. Lastly a test is carried out to validate the feasibility and rationality of the design.