Design And Implementation Of Web Application Vulnerability Detection System

With the rapid development of information technology, Web applications more widely, the Internet has become a wide range of open network. It allows us to enjoy the convenience brought by science and technology; our lives have become increasingly inseparable from the Internet. The application of information technology greatly promote the development of the human society, human enter into a new era of information. However, at the same time all kinds of security issues affect the provision of normal services. We can see that in recent years often have security issues related to coverage.How to detect Web application security fast and accurately has become one of the research focuses in the field of security. Through the Web application security scanning, repair the problems identified in a timely can reduce the risk of Web system security; this has very important practical significance.This paper first followed the Web application security situation at home and abroad, and then studied the causes and detection and prevention methods of common Web application vulnerabilities such as SQL injection vulnerabilities, XSS vulnerabilities, etc. Based on the previous study, it design and implementation of a simple operation, high accuracy, scalability, and easy to update and maintain Web application security vulnerability detection system. As an active type of vulnerability scanning system, it includes a Web crawler module. In this paper, Web crawler has been improved, so that it can capture hidden pages, which expands the vulnerability of the inspection face, reducing the false negative rate. The system can generate the target system’s security status of statistics by analysis of test results obtained, it also be able to report in detail the security provided to the user.Finally, this paper established test plan, the Web application vulnerability detection system was tested and the results analyzed, the test results show that the system is working properly and can basically. At the end of this paper has done the work to carry on the summary and future research prospects.