| With the wide utilization of the internet,people enjoy its conveniences while also encounter the problems it brought.In recent years,a variety of web attacks appeared,and accordingly the penetration testing and evaluation methods of internet have been born.In order to improve the security of the web,it's very important for practical application to make further study on the issue of the penetration testing and evaluation methods for internet.In the paper,we firstly study the techniques involved in the penetration testing,and summarize the methods,characteristics and defects of the penetration testing.Secondly,based on the website testing results which by varieties penetration testing technology,we design penetration testing and safety assessment programs based on automated integrated testing system.Furtherly we study the core algorithm of security assessment,comprehensive analysis two factors influencing the goal assessment,which are pre-assessment of the target by systematic maintenance personnel and assessment of the target after testing,and propose a Web security assessment algorithm and evaluation process based on the results of the attack and defense game.At last,we complete an automated penetration testing integrated system,contrast the testing result of system with the testing result of single penetration testing technology.Experiments show that penetration testing method in this paper can effectively detect the security problems and loopholes in the system without destroying the testing system,and the automated test method is effective and feasible.The results of Web security assessment are consistent with the actual test results,indicating that the safety assessment method proposed in this paper is accurate and effective.As the experimental results suggest,this system can meet the primary target and the general protective requirements against security attack of website. |
PDF Full Text Request