The Design And Implementation Of Distributed XSS Based On Penetration Testing

Along with the accelerated development of computer and network technologies, the Web applications have brought much convenience to our social development. The Web applications have become more widely received, but various security vulnerabilities are also brought about to relevant applications. The security vulnerability of the application of Web2.0have become the most serious security concern, and those cross site scripting vulnerability especially have ranked top among the major threats, which has greatly affected the security and reliability of the Internet. Conclusively, the task to strengthen the construction of Internet security is imminent.Based on the above analysis, the research and preventative measures on the security vulnerability in particular, of cross site scripting vulnerability are significant for the security of web2.0and its relevant applications. The mission to guarantee the safety of Web applications, to design a highly efficiency, safe, comprehensive vulnerability mining system for Cross site scripting, has become a demand and also a hot research topic.The XSS(cross site scripting) vulnerability of the Web applications is researches in this paper, with the integration of the penetration test theory and the idea of distributed system set. A design for the cross site scripting vulnerability mining system based on the web2.0is finished, and this paper covers the following work:1) The key technology of web2.0, internet security, and permeability-test related theories are summarized and analyzed, and the detailed cross site scripting vulnerability is analyzed, its causes, related principles, hazards, preventative modes and the detection methods;2) The web crawler technology is introduced, in light of the characteristics of XSS vulnerability, the improved web crawler technology; In addition, an implementation is done to realize the web URL test;3) Relevant theoretical knowledge of the distributed system Gearman is introduced, and a distributed cross site scripting vulnerability mining system is designed4) In the process of vulnerability detection test, we use a penetration test and the technique of regular expressions, combined with the vulnerability detection to test the doubtful point; 5) An automatic vulnerability mining system for the distributed XSS vulnerability of Web2.0is implemented.