Design Of Web Vulnerabilities Detection System Based On Browser/Server Structure

Web applications on the Internet are service which considered as the mostwidely used, by reason of most web sites are not designed by a professionaldeveloper of security and technical personnel, many web sites become the maintarget of attackers, cross-site scripting vulnerabilities (hereinafter referred to asXSS), SQL injection attacks, cross-site request forgery (hereinafter referred to asCSRF) vulnerabilities, buffer overflows and other forms tampering webvulnerabilities are emerging. Some mainstream web vulnerability scanning toolson the Internet are based on Client/Server (hereinafter referred to as C/S)structure currently, so the users need to install clients separately on theircomputers. The clients occupy part of system resource to a certain extent, andalso they are limited by application platform. The web applications based onBrowser/Server(hereinafter referred to as B/S) structure only needs to bedeployed on the web server, the application can be HTML (Hypertext Mark-upLanguage) files or ASP (Active Server Page), PHP (Hypertext Preprocessor) andother scripting files. Users only need to install a web browser so that you canbrowse the contents of all sites and complete the task of web vulnerabilitiesdetection.The web vulnerability detection system based on B/S structure can provide acomplete, secure system connection for users. The system improves theefficiency and performance of the system and fully reflects the independence anddistribution of the platform compared with the structure based on Client/Server(hereinafter referred to as C/S). Web vulnerability detection system on the basisof web applications and web topology traversal code analysis to follow OWASP(Open Web Application Security Project) of TOP10vulnerabilities classificationestablished feature database based XML web application vulnerabilities as thebasis to construct targeted assault test messages to implement simulation attacks. The system combines with the algorithm of feature extraction to identify webapplication development code and vulnerabilities in the runtime system. Providereports for code optimization to the developers, security configuration to themanagement developers and security experts.In order to detect common vulnerabilities in web applications, this paperdesigns a kind of web vulnerabilities detection system based on B/S structure.The paper summarizes common web vulnerabilities and corresponding detectionmethods, such as XSS, SQL injection vulnerabilities, CSRF. The detectionmodule of the system improves the detection rate and reduces the false alarm rateeffectively by combining with the algorithm of feature extraction; it actuallyproved its feasibility.