| In recent years, Web applications are more widely used because of its short development lifetime, low maintenance cost, strong portability and other advantages. Web applications have become a popular and widespread interaction medium in our daily lives. Web applications bring people great convenience, but they are so exposed to attacks that vulnerabilities that endanger the personal data of users are discovered regularly.In the background of Web applications booming, Web applications penetration technique was developed in the recent years. The vulnerabilities can be detected and eliminated early by penetration test. We can take preventive measures to enhance the credibility of the software products. Also the vulnerabilities can be detected earlier in the software development life cycle, the cost for the repair and maintenance can be less. As an important class of tools, Web application vulnerability scanning software is an important class of tools. It can aid detectors and reduce their workload by the automation or combination of manual and automation. Automatic web vulnerability scanners are often used by web application developed and system administrators to test web applications against vulnerabilities.This paper analyzes the causes, vulnerability detection methods and key technologies of testing of Web application vulnerabilities. We propose an efficient Web application vulnerability detection mechanisms based on optimization of the crawler and feature recognition for the deficiencies of existing Web vulnerability detection tools. Based on the vulnerability detection mechanisms proposed in this paper, we design the detection method for the XSS and SQL injection, and we realize the detection method of the SQL injection. The results show that the detection method can detect SQL injection effectively, it also demonstrate the feasibility and effectiveness of the Web application vulnerability detection mechanism and methods proposed in this paper. |
PDF Full Text Request