| With the rapidly development of computer science and network technology, the Internet is gradually affecting social advancement and changing people’s daily life. But at the same time, some kinds of security issues, which are being paid attention by more and more people, are becoming increasingly prominent. Web system, which is the most common application system on the Internet, is essential to ensure its security. On the contrary, the programmers have little experiences both in developing web system and safety consciousness. In addition the defect of traditional manual detection, the security issues has become the main barrier of web system. So researching the automatic vulnerability detection technology for web system turns into effective means which can improve detection efficiency, reduce detection time and save the cost.Firstly, this paper investigated the research related the web vulnerability detecting technology at home and abroad, and explained the research background&significance. Secondly, it introduced some knowledge about web vulnerabilities and analyzes its characteristics and shortcomings, such as the taxonomy of web vulnerabilities, the commonly used detecting technology of web vulnerabilities. Then, in view of the existing problems, this paper carried out a taxonomy of web vulnerabilities based on the attack life-cycle and a web vulnerability detection model. Based on these studies, this paper designed a web vulnerability detection system in B/S architecture, and explained the system framework, business processes as well as the core modules in detail. After that, this paper implemented the Web vulnerability detection system, and set up experience for the system. The results showed that the system meets the requirements of the design. Meanwhile, the experience verified the usability and practicability of the design. Finally, this paper summarizes the work, and points out the directions for further researches. |
PDF Full Text Request