Design And Implementation For Web Vulnerability Scanning System

Posted on:2015-10-02

Degree:Master

Type:Thesis

Country:China

Candidate:Y T Yin

Full Text:PDF

GTID:2298330431464607

Subject:Software engineering

Abstract/Summary:

PDF Full Text Request

With the rapid development of computer network technology, Web and relatedtechnologies are widely used, a growing demand for web design, but its securityissues have become increasingly prominent, its security is also a growing concern,protect the security of Web applications has become an important issue. There aremany Web application protection systems for the defense to attack, but will have nosmall performance loss and maintenance costs. Therefore, early detection and repairWEB vulnerabilities can greatly reduce the cost of software maintenance follow-up,to avoid unnecessary losses. Web Vulnerability Scanner Web application security isbased on a very wide range of active defense technology, which has been widely usedin current network environment, it can effectively help detect Web loopholes thatvulnerability detection more accurate and efficient.The main focus of this thesis is on the Web application vulnerabilities in keytechnology research, on the basis of vulnerability signatures for Web applicationvulnerabilities XSS and SQL injection, based on the design of a web crawlerrelevance and usefulness of scanning with systems.In this thesis, a Web application for XSS and SQL injection vulnerabilities forthe study, mainly in the following aspects:1. A study various properties of Web application vulnerabilities. Detailed analysisof the vulnerabilities such as XSS and SQL injection. Including reasons,classification, hazard and defense methods.2. For XSS and SQL injection vulnerabilities features designed to achieve atheme-based web crawler module contains the main analytical parametersURL, the phone may exist XSS and SQL injection page, and set the depth ofreptiles, until the end of reptiles. 3. Designed and implemented based on statically inject malicious code and thenscan the code the way XSS detection module.4. Design and realization of the injection detection module based on a way tobypass the user authentication and view the returned error code based oninjecting the way information SQL.5. To generate a report of the test results in the form of the show.6. Black box testing of the system.

Keywords/Search Tags:

Web Vulnerability Scanner, XSS attacks, SQL injection attacks, Reptile

PDF Full Text Request

Related items

1	Vulnerability Analysis of False Data Injection Attacks on Supervisory Control and Data Acquisition and Phasor Measurement Unit
2	The Implementation Of SQL Injection Attacks Scanning Analysis Tool And Research On Prevention Technology
3	Detecting Code Injection Attacks Withmemory Dumps Analysis
4	SQL Injection Vulnerability Detection And Counter Based On Penetration Test
5	Design And Implementation Of SQL Injection Detection Scanner
6	Detection Of SQL Injection Attacks Based On Proxy Server
7	Research On Control For Networked Systems Under Complex Attacks
8	Consensus-based Security Of Cyber-physical Systems Under DoS And Data Injection Attacks
9	Precise Detection of Injection Attacks on Concrete Systems
10	The Study On Parse Tree Based SQL Injection Attacks Mechanisms