Research And Design Of Web Vulnerability Scanning System

With the rapid development of computing technology and Web2.0 technologies,Web applications on the Internet as the most widely used service,has brought great convenience to people's lives,and greatly promoted the development of social life and the progress of civilization,the people's way of life has been brung into a new era.Web application technology has been extended to all types of people's life and has been widely used.At the same time,due to problems of the differences in most Web developers and technical level of safety awareness,and other external factors,so that the security risk that Web application faced with is surging day by day.Spam overwhelming,cross-site unauthorized access,sensitive personal information disclosure and fishing information and Trojans.In this paper,based on a research and discussion on the security problem of Web application,at the first to explore the current status of Web applications's security and then make an objective analysis of discussion.Then make a research on the main types of security vulnerabilities detection technology,analyze of domestic security products,analyze the advantages and disadvantages of existing vulnerability scanning tools,find the design idea of system;make corresponding improvements in vulnerability scanning system for Web crawler technology.About common reason that the Web vulnerability occurs,the detection methods and defense technology,we make a discussion.On this basis,make out of the design of Web-based network vulnerability scanning system framework.The main contents of this article are:1?Make a research on Web application security,analyze the current development of existing vulnerability scanning tools.2?For the general Web crawler,we make the appropriate improvements,the use of secondary development based on Webkit browser engine,and the introduction of multi-threading methods to improve the efficiency of the crawler.3?Analyze the scanning procedure of SQL injection vulnerability and make some progressions.Putting forward an method which based on edit distance to detect SQL injection vulnerabilities.4?About the XSS vulnerability scanning,we use the legitimate test parameters for investigation at first,and then use the message entity ETag HTTP caching technology to improve the efficiency of XSS exploit.5?At the last,we make a detailed design of the system.And achieve some functions of the system,combined with the experimental results demonstrate the feasibility of the system design.Then we conclude that the shortcomings of the study and analyze the content of the next work.