| With the rapid development of Internet technology, Web applications as an important part of the major Internet services to provide users with an intuitive and efficient service. Users enjoy the efficient and fast bring by Internet technology. There are a lot of known and unknown vulnerabilities in Web applications because of the limited Web application development time and developers’ mixed skills. These vulnerabilities have done great harm and threaten network security. Web application vulnerability discovery and protection became the focus of academia and industry naturally.This paper proposed a new approach of generating fuzzing testing vectors, which can expand testing dataset vastly and make up for deficiencies that testing vectors are fixed and non-extendable in existing methods and tools in Web applications vulnerabilities detection. The new approach created templates via classifying existing testing vectors and combined those templates with constraint and random variation to generate vast various vectors dynamically. These various vectors improved Web applications vulnerabilities detection rate and make the Web applications fuzzing testing possible. The experimental results show that the vulnerability testing tool, which uses testing vectors generated by the new method, finds more Web applications vulnerabilities than comparable testing tools. The experiment proved the validity of the method.For SQL injection(SQLI) and cross site scripting(XSS) two vulnerabilities, we designed and implemented a Web application vulnerabilities detector. This paper improved unreasonable module and structure of the existing Web application vulnerabilities detector. Our Web application vulnerabilities detector detected a lot of vulnerabilities in two reality Web applications. |
PDF Full Text Request