| As the field of computer is larger and larger, the number of computer software is growing in geometric progression. The software brought fast and convenient life style to us, but at the same time, a large number of software security vulnerabilities showed up to us. No matter the Windows itself or the application software run on it are not safe enough. The software with security vulnerabilities is constantly affecting people’s life and production, in negative direction. These security vulnerabilities are not only a threat to the benefit of people, some of them have been even a threat to the security of society and country. It has attracted serious attention and concern.Software security vulnerabilities have special relation with information of individual and country. To avoid information crime few literature and technology are open to people in current situation. Personal security vulnerability information found online is more for a general overview which lacks of actual vulnerability analysis technology and the method which can leads them into projects.Learning analysis of software vulnerability is the basic of studying vulnerability usage. Some bottom-level knowledge is needed when defect analysis processes. After getting the reasons which cause the software vulnerability, some actions should be made to avoid the generation of defects. Some principle for safe coding should be applied to produce strong and safe codes. It is conducive to the training of personnel and the accumulation of information security in our country, and also regulates moral legal norms of the computer industry to a certain extent, helps to combat computer-related crime, and ensure the national security.Understanding of the principles of software vulnerabilities how to detect and attack or defense is a good subject. There has been a complete open source security testing framework called Metasploit Framework abroad now. After learning the vulnerability principle, A tools for detecting and attacking the defects of web containers is being designed combining parts of the codes in the Metasploit Framework. Principle and practice are connected well. Thanks to this mature framework’s architecture, the tools are also designed with high extensity.This paper mainly contains the following aspects:1. Introduces the research background of software security vulnerabilities, summarizes security vulnerabilities focused on buffer overflow. This paper lists and introduces some improvements on protection of buffer flow based on Windows platform. After experimental validations of Windows security mechanisms, states the defects it may exist. This part is the basis of the paper.2. Introduces the Metasploit framework, studies on source code level in some core modules. Analyzes its mature architecture and finds the codes which need to be extracted. For the core technology used the web container tools in the design or implementation this paper states the concepts. This paper lists some difficult problems about the project and the solutions for them.3. Describe the Detailed design of the system. First, describes the needs and functions of the system, lays out the blueprint of the system. Overall description of the structure of the system, including the the SSH architecture, front-end server, database, MSF, adapters and other parts will be showed second. Finally Analysis and design some core modules, some of the core functions will be accompanied by the relevant code and annotations.4. Encode the implementation of the system, to complete the main part of the system, and test. Analyzes the system defects and make some possible improvement measures are proposed and look forward to the prospects for the tools. |
PDF Full Text Request