Web Security Testing Research And Design

Internet development today, WEB-based applications and database architectures have become mainstream, widely used in internal and external business systems. Highway network has expanded e-government, e-commerce and various business models based on WEB applications continue to mature today, there are reports that the development of global electronic commerce is declining. The reason is rooted in the past two years on phishing, SQL injection and cross site scripting and other serious consequences for the frequent reports of attacks, seriously affected the confidence of the people on the WEB application. According to Gartner's report, the current common network attacks have been by the traditional system exploits the gradual evolution of the application's own vulnerability to attack, the most common attack techniques is SQL Injection for the WEB applications, and phishing attacks. WEB-based application attacks, you can apply to the providing or receiving services WEB causing many injuries.According to Gattner data analysis,80% of the WEB-based applications are more or less security problem, much of it is a very serious problem. WEB application system security has drawn increasing attention, WEB application on whether or not depends on whether we can effectively stop such attacks, provided that we must advance Web by the weaknesses and fix these vulnerabilities.This paper analyzes the domestic and foreign Web security technology, based on in-depth study of other Web security testing tools, advantages and disadvantages, security detection systems on the Web to conduct interviews with potential users and market research, and the preparation of the corresponding functional requirements, as far as possible be a powerful and easy to use, generates various reports have also done a detailed composition of the division, for vulnerability and threat for the control than in the work. Then prepared according to the existing functional requirements of the program design documents, program design on the functional requirements of each function module has been designed to work under the guidance in this system. To do this create an automated Web security detection system, help Web security testing work in place of manual testing in the demand for automation, which reduce the huge of personnel costs, and effective assistance to B / S Ying Yong's development, its security escort.