The Research And Implement Of A Page Link Analysis-Based Vulnerability Scanning Scheme

The current loopholes in the network are very prominent due to network security problems.According to Gartner,75% of the Internet attacks and network security incidents occur because of the web application vulnerabilities.Most of the web application programmers have not received professional safety training and serious lack of safety awareness leading to the existence of a large number of web site vulnerabilities. According to open WEB Application Security Project released the lastest web application in the top ten key risks, the cross-site scripting vulnerability and injection vulnerability are both the primacy of vulnerability. This shows that these two vulnerabilities exist in the broad scope of the harm large.Web page information extraction means identifying data or content which the user or system is interest in, from no structure, semi-structured, irregular web page and transforming them to structured or clear semantic content. Vulnerability scanning is detecting a computer system or other network devices to identify network security risks and vulnerabilities could be exploited, then giving a test basis or detailed solution for each specific vulnerability.This paper focuses on the XSS vulnerability and SQL injection vulnerability, gives the experimental analysis of the two vulnerabilities and improves the existing SQL injection vulnerability identification method. Using the page link analysis methods based HtmlParser, and javascript page analysis, putting forward analytical methods for the page ajax under the framework, then does experimental analysis using the methods.At last this paper gives the the design and implementation of the vulnerability scanning system, the system functional testing, the accuracy of the tests and comparison tests.This paper uses the method of page link analysis, dynamically tests the XSS vulnerability and SQL injection vulnerabilities on the web.The experimental analysis and comparision prove the scanning scheme can better detect vulnerability,and the key technology we discuss has some reference value for the relevant research in the field.