Research On Web Vulnerability Mining And Web Safety

With the development of web technology, more and more applications began to set up on the web platform, but the web security situation is not optimistic.Since the Woo Yun platform announced the top ten security risks in 2014,web risks are too many,including SQL injection and cross-site scripting attacks, unauthorized access, the system logic errors brought by brute force, etc.Currently the security web site issues become more and more prominent, in order to avoid the vulnerabilities which exist on the Internet websites, to reduce losses due to vulnerability to websites, which makes the study of web security with greater needs.Vulnerability mining can understand the websites where the program is potentially vulnerable to security risks.By in-depth analysis of safety hazard-prone places, it can ensure corresponding protection measures.This paper mainly contains the following:(1)The author analyzes the website which is easy to issue safety problem areas.By analyzing of the file inclusion, xss, file upload, the author gives the reason why web vulnerability could happen. By understanding the basis of the principle of loopholes to mining of web vulnerability, the author gives solution suggestions.(2)Starting from the scanning technology, the paper introduced the host port scanning and host identification technology, and the principles of web crawlers were analyzed which gives a set of reptiles crawling framework.On the basis of it, the author designs of a customizable open source web scanning tools named Auto HackScan, and gives the scan plugin for SVN source code and Payload prepared,achieving good results in the actual testing process.(3)Taking into account of the limitations of the scanner in the vulnerability exists in the mining process and conversion perspective, the author uses code audit to dig holes, this paper introduces the concept, way of code audit file containing vulnerability are given, injection vulnerabilities, cross-site vulnerabilities code audit instance of the content, and the problem in the code audit findings are given settlement proposals.