Research And Implementation Of The Penetration Testing System Based On Web Crawler

With the development of network applications, Web applications have been widely applied in all areas of society, but accompanied with it, the number of Web application attack is rising. When exploited leaks exist in Web applications, hackers can attack them to achieve access to information, implant trojans and virus, camouflage fishing site, maliciously insert advertising and other illegal operations. When general users browse the Web pages process, it is easy to cause computer poisoning or a loss of property. If developers are lack of good security programming awareness and programming habits in the process of Web application development, or if the Website administrators’security awareness is weak in the process of Website deployment, it will be likely to cause hidden security troubles in Web applications procedure and give a malicious attacker opportunities. So security testing is very necessary for the Website Web application.The thesis introduces the research background and the purpose and significance of penetration testing system, analyses several major security threats in the Web applications and testing means of a variety of leaks, and for previous crawler schemes’high storage cost, propose Webpage crawler algorithm based on Bloom filter, which can effectively reduce the system memory resource consumptions in the Webpage crawling process. Meanwhile, it designs and implements a penetration testing system based on Web crawler, which is divided into automatic testing and manual testing, can test SQL injection leaks, XSS script injection leaks, sensitive directories and the third party editor leaks, further obtain database information based on SQL injection leaks, provide dynamically testers with testing information during testing process and display testing result after the end of the testing. The system discover the existing leaks during the Website running and provide Website administrators or penetration testers with reliable, effective security leak information by simulating the hacker attack behaviors to have the penetration testing of Website Web application. The test result of the system shows that the system runs well, effectively detects existing security leaks in the application, and provide users with effective security detection system and technical support.