| With the development of Internet, web applications have become common way for companies to conduct business with the outside world. Web technologies are widely deployed in nowadays information systems. But, for the attackers, this fact offers two opportunities: First, http/https traffic is often the only service allowed through the fire-wall and filtering technologies. The second opportunity lies in increasing numbers of Web related application vulnerabilities.For the emerging Web security issues, this paper studies two kinds of web application vulnerabilities which threat the web applications , mainly SQL injection and XSS vulnerabilities, and the technologies of penetration testing to web application.The main contributions of this paper can be summarized as follows:1) By building local environment for analysis, this paper deeply analyzed the reasons for the formation of SQL injection and XSS vulnerabilities.2) By capturing the network packets with wireshark, compared with different tools now available,analyzed methods and some characters of different tools for detecting SQL injection.3) According to the analysis of SQL injection and XSS vulnerability detection methods, for some actual sites and TRP project-related sites in penetration testing and risk assessment, found some great harmful vulnerabilities and noted that the designed methods were effective to some extent. |
PDF Full Text Request