Design And Implementation Of Web Application Security Vulnerability Scanning Tools

With the development of computer technology and information technology, Web applications are widely used in many areas, accompanied by attacks increased significantly. Web application development cycle is very short, but programmers lack the awareness and ability of security programming, loopholes in Web applications are inevitable. How to detect and assess security of Web applications is a serious problem of Web security.Web application security vulnerability detection techniques, working at the application layer protocol HTTP, to simulate the way that hacker attacks to send specific vulnerability characteristics of HTTP request to the server, look forward to discovering the Web application security vulnerabilities in the response from the server. Firewall, IDS/IPS provide security protection for Web systems at network level, Web application security vulnerability scanner is complementary with them, they all ensure the security of Web systems.Through the Web application security vulnerability scanning, Web application can be healthy checked before the attack happens, we can find out Web application security vulnerabilities earlier and carry out repairing to reduce the risk of the system under attack, that is the lowest cost and most effective Web security protection measure. Web security is one of the most serious problems of network security. It is a very meaningful work to research the Web application vulnerability detection technology.First the paper analyzed severe situations of Web application security and urgent requirements of Web application vulnerability detection technology. Then followed the domestic and international present condition of the web application security, finished studying the classification of Web application security vulnerability and the development of Web application vulnerability detection technology, summarized SQL injection and XSS vulnerability detection methods based on Web crawler. Based on those achievements, a scalable system infrastructure of Web application security vulnerability scanner is designed, the working principle of major components is introduced and its prototype is implemented. Then a test of the system prototype is carried out, which proofs the feasibility and rationality of the design. Finally the drawback of system is analyzed and un-done works are talked about.