The Research On Key Technolody Of Web Application Vulnerability Detection

Web application has been widely used in multiple businesses on the Internet while playing an increasingly important role. However, various sorts of security vulnerabilities in web application greatly threaten the flourishing web application security. Therefore, adopting vulnerability detection to check whether web applications are vulnerable or not, is the key measure to enhance the security of web applications. In order to defend the web applications from the threat of sundry vulnerabilities, the research on web applications vulnerability detection has an realistic meaning.The dissertation has done some researches into the related technologies of web application vulnerability detection. The main work and innovation points include:(1) Propose and realize a web application entry-search algorithm. According to the features of black-box web application vulnerability detection, this dissertation proposes a dynamic execution based entry-search algorithm. To solve the URL extraction problem in the process of entry-search, this dissertation adopts a novel URL extraction algorithm. This algorithm significant enhances the URL extraction ability of entry-search and more valid information can obtain during entry searching.(2) Propose and realize a Cross-Site Scripting vulnerability detection algorithm. This dissertation makes a close study on the formation reasons and detection problems of Cross-Site Scripting and proposes a browser engine based Cross-Site Scripting detection algorithm. Design the test cases for this algorithm and provide the detailed procedures of this algorithm. Realize a Cross-Site Scripting detection module based on this algorithm which can automatically detect Cross-Site Scripting vulnerabilities.(3) On the basis of current methods on SQL injection detection, this dissertation designs and realizes a SQL injection automatic detection algorithm. This algorithm adopts a different method which can gain a fine result. Realize a SQL injection detection module combined with regular method. The module supports the automatic detection of SQL injection vulnerabilities.(4) This dissertation employs a web application that contains known vulnerabilities to test the abilities of Cross-Site Scripting detection module and SQL injection detection module.