| It is very important to analyze and test the vulnerability of Web application before it is used in order to find out the potential vulnerabilities. However, the analysis and testing of the vulnerability is mostly done by manual operation or is done with the help of some software tools, the level of automation is very low.Obviously, in order to improve the efficiency and automation level of the testing, it is urgent to study the automatic analysis technology of Web application vulnerability.he paper studies the background of the subject and the research at home and abroad, then the vulnerability of common Web application is studied, the attack strings for SQL injection and XSS vulnerability are made up. In order to enhance the level of Web applications' s automated test, the self-learning response analysis algorithm which is based on keyword response analysis and negative response extraction is proposed, the algorithm uses the keyword lexicon to analyze Web application's response, and if there is no keyword to match, negative response extraction will be used. When the result is success the algorithm will extract keywords and put them into the lexicon, so it achieve the purpose of self learning.Experiments show that the proposed algorithm can automatically analyze the response results. It breaks through the limitation that the keyword analysis technology can only analyze the response with keywords. At the same time, it has a higher efficiency than the negative response extraction. Finally, a automated analysis platform to test Web application's vulnerability is designed, and self-learning response analysis algorithm is applied to practice. |
PDF Full Text Request