| Application-level security belongs to the level of host security in information system security architecture, along with operating system security, constitute the core components of host security. With the rapid development of network technology, web applications have played increasingly important roles in the enterprise business management and business decision-making activities. The position of application-level security in the enterprise and organization’s information systems security has become more prominent. Aiming at application-level security analysis, the project is to achieve an easy-use, highly reused automated application security analysis tool with high-performance, which can break the situation that the area occupied mainly by foreign products, thus well adapted to the domestic market demand. The stakeholders throughout the whole software development life cycle can get code-level security guidance, which they can benefit from.This paper starts from studying the safety of commonly used Web application technology problems, then sums up the common Web application security risks, and lists some of the more easy to implement risk prevention measures. With study on web application security issues, this paper designs a Web application security vulnerability detection system based on static code analysis, assumes a part of the system development task and the whole project management functions including designing and implementing the system database, coding to achieve de-compilation, task scheduling, and analysis of JSP pages, writing a Web Service interface, improving security rules, completing system database, user interface and integration testing module and achieving the JSP application security vulnerability detection. The detection system uses static code analysis, can detect not only source code but also web applications, according to hundreds of safety rules, to achieve a comprehensive safety analysis, finally a configurable report is used to display the results. There are improvements in the system architecture compared to the commonly used code analysis tools. Using J2EE framework and multi-user multi-task management, support for unified management of data related is enhanced, but also to reduce the complexity of the system configuration. By increasing the backdoor detection, safety rules becomes more perfect. The function of de-compilation is integrated to expanding the scope of the detection object. According to the system performance testing, system performance meets the design requirements. As long as server hardware configuration satisfies the requirements, the detection task can be successfully executed in a short period of time, the server stuck, system error exit problems will not appear, and the false rate of detection results are less than 10%. |
PDF Full Text Request