| Web applications have drawn increasing attention of users and hackers for the more and more powerful functionality and practicality. Internet is the main way to reveal data,which lead to a serious challenge for Web. The vulnerability scanning of Web application is based on vulnerability database and achieves automated scanning for the remote or local web applications to find available vulnerability.Three parts are included.1. Web applications are excessively dependence on WAF, which leads to ignore the ascension of the code. It makes higher false positives rate and missed positives rate in the process of vulnerability scanning by the WAF interception. The thesis combines Skipfish’s canning parameters with WAF bypassing. Furthermore, the thesis puts forward two-stage exploration strategy to deepening the depth of vulnerability detection. At last, the scheme can successfully bypass most of WAF defense to promote the accuracy of the tools.2. Detecting parameters of scanning tools should also be constantly updated and optimized in light of the actual situation for the changing hacking techniques and Internet security challenges.The thesis proposes an optimum proposal of parameters. Different types of parameters are ranked according to its success. This optimization scheme provides optimal security for the parameter optimization of system.3. In addition, the thesis improves the architecture of Skipfish in B/S and customizes scanning system for penetration testing in scanning strategies and scanning task management aspects. The system provides a choice of different vulnerability scanning types and the functions of scanning task management in order to satisfy the demands of penetration in the project scanning.The thesis achieves the fusion of vulnerability scanning technique and penetrating ideas and expands the thinking of vulnerability scanning to a new height, which lays the foundation for the next step of Web vulnerability scanning technology... |
PDF Full Text Request