| With the development of internet technology, Web applications increased explosively. It is obvious that the Internet has become an integral part of life. However, Web security problems have also become increasingly serious, and Web security problems mainly focused on Web application layer. According to the report of Garter, 75% of the information security vulnerabilities are targeted at Web application layer,not the network layer. Currently, the majority of Web application vulnerability scanner are based on C/S architecture.It is uneasy to deploy, difficult to use, and new vulnerabilities are not well integrated into the mechanism.What’s more,it is expensive to use the commercial software, which is big challenge to the medium and small companies.To solve these problems,this thesis analyzed and researched Web application vulnerability scanner and key technology, designed and implemented a high availability, high scalability and good performance of the Web application vulnerability scanner. It is will explore Web application vulnerabilitiey before the application released, thus ensuring Web security. The main work is as follows:1. Study various properties of Web application vulnerabilities as well as web application vulnerability scanning technology. Particularly, a detailed analysis of the the highest number of SQL injection vulnerabilities, XSS vulnerabilities, including causes, attacks, detection methods and defense methods, and so on.2. Research web crawler technology, design a focused web crawler, it is not only able to crawl web pages, but also for resolution. The method of using regular expressions to extract all available input field site, which also standard format for URLs URL, URL filtering, URL parameter transformation, enhanced system performance.3. To extract the commonalities of vulnerability scanning module, exploite class inheritance mechanism to design and implement an extension mechanism that enables a new vulnerability scanning module can be added to the scanner to enhance the system’s scalability.4. Design and implement a Web application vulnerability scanner based on B / S architecture,It can scan SQL injection vulnerabilities, XSS vulnerabilities and directory traversal vulnerability.And its ability to remotely access enhance the usability of the system. Finally, the vulnerability scanner be tested by samples to verify the effectivity of the vulnerability scanner,which achieve the desired functions and objectives.In the end, this thesis expolit web crawler technology, automated black-box testing techniques, plug-in mechanism, designed and implemented a Web application vulnerability scanner based on B / S architecture.It has high availability, scalability, and good performance, reaching the goal of this study subject.This thesis have a reference value for the Implementation of similar systems. |
PDF Full Text Request