| With the rapid development of Internet, web applications have been widely used in various fields. However, the usability, ease of development and openness of web applications make the increase of web application security issues. A large number of web application attacks have caused huge economic losses for companies and users. Web application security has become one of the most concerned by people about network problems.Users can early discover security vulnerabilities of web application through the scan of web security vulnerability scanning system. Then repair it to make sure the security of web application. Therefore, the issue has a strong pertinence and practicability, worth studying.Web security vulnerability scanning system detects vulnerabilities by simulating a hacker attack. The system sends http request which has specific vulnerability detection features to the server, and receives the response. Determine whether there are loopholes by analysis the response.Firstly, the paper analyzes the current grim situation of web application security, make a research about the internal and external security product and summarize the advantages and disadvantages of vulnerability scanning tools. These provide ideas for the design and development of the system. Secondly, studies the key technologies of web crawlers, summarizes the causes, detection methods, defense means of SQL injection and XSS. These provide a theoretical basis for the realization of the system. After that, designes a scalable infrastructure for the system, on this basis, combined with network crawler, vulnerability detection and security evaluation techniques to achieve the automatic vulnerability scanning system which can detect SQL injection and XSS. Finally, verifies the availability, accuracy and efficiency of the system by a series of tests, and the next-step works are talked about. |
PDF Full Text Request