| With the rapid increase of internet users, the internet has been closely linked with real life. The websites related people's daily life. Meanwhile people are getting many kinds of information and resources from the websites. Therefore, the security of the website has been paid more and more attended. However, there are variety security risks on the website. If malicious used them, the users'information will be revealed, the data will be destroyed, impact the normal business and so on. So that people visit the websites with trepidation.For the threat of the website's risk, this paper combines specific experience of assessment Olympics-related website during the Olympic Games; and in-depth analysis of the related vulnerability, integration of a set of work steps to evaluate websites'security. There are five aspects in this procedure:collect websites' information, remote penetration, internal penetration, hidden control, and explore information. First, people should use various methods to collect websites'information, in order to analyze websites'vulnerability. Second, use a variety of penetrant methods and hidden control's methods to check the weakness of the website. Finally, via the LAN to further penetrate and explore, in order to gather sensitive information, and reveals how much risk will result in vulnerability.After these steps, the website can get a fully scan and the junior website security specialists can learn something from it. Then they will have clear proposal and won't miss something during the future security scan. So the website provider and visitor will be avoided from the damage caused by the website which has multiple vulnerability. |
PDF Full Text Request