| Along with the development of Internet technology and Web technology Web applications about e-government, online trading, virtual communities, corporate office services continue to emerge. During the time that Web application system has gradually been accepted, various kinds of malicious attack behavior according to the system emerge one after another. Based on the status of our network security and the legitimate user’s actual demand, there is an urgent need to develop high-performance Web application security risk analysis system and monitoring mechanism which can accurately and timely discover and eliminate security risks and vulnerabilities in the Web site and protect the safe operation of the Web application, the information of the legitimate users and property safety.The paper firstly research TCP/IP, HTTP protocol which is used in Web application system data transmission, the common DOS attacks, cross-site scripting, SQL injection, cross-site request forgery cyber attack methods and major loophole mining. Then I make detailed and comprehensive analysis and research to OpenVAS to grasp the idea of its safety assessment and the specific implementation method, My aim is also to grasp the structure of its scripting language and development process. Finally, according to the actual needs, I design and build Web application vulnerability scanning system. The system will be a combination of web crawler for the user to interact with the penetration testing technology. After the completion of system I verify the functionality of the system from both unknown vulnerability situation and known vulnerability situation to know clearly further work direction. |
PDF Full Text Request