Design And Implementation Of Web Application Vulnerability Scanner For HTML5

With the completion of the HTML5 standard,more and more Web applications began to use HTML5 standard.HTML5 standard made many contributions for Web applications to better display,including cross-browser,cross-client operation.With the widespread use of HTML5,the security issues associated with HTML5 gradually revealed,including revealing important information of users,such as passwords,locations.Currently,the market is not yet focused on HTML5 Web application vulnerability scanning system,how to test and find vulnerabilities for the HTML5 standard,and improve the corresponding Web applications,it is very urgent and important work.For Web applications increasingly serious security situation,the paper launched a Web application security research for the HTML5.Firstly,we analyze the current situation about Web application security and Web application vulnerability scanning system,in-depth study of the HTML5 standard,and analyzed the various reasons for HTML5 Web application vulnerabilities generated,detection and prevention methods.Subsequent Web crawler technology research and analysis of existing web crawler technology summary,designed and implemented for Web application vulnerability scanning system web crawler module,which the page is parsed by constructing DOM tree,and then express through positive extractor page URL and input forms,etc.can be achieved.Next,study the Web application vulnerability scanning technology,the use of penetration testing,points can be entered by sending test HTTP requests to simulate exploit,analyze whether the existence of vulnerabilities based on the response received.Final design and completed a HTML5 for Web application vulnerability scanning system,scanning detection of SQL injection vulnerabilities,cross-site scripting vulnerabilities,path traversal vulnerabilities.In this paper,we achieve the design and implementation of HTML5 for Web application vulnerability scanner.Experiments show that the vulnerability scanner web crawler module herein,vulnerability detection module and user interaction module are able to work effectively,and to be detected by the detection of the page to verify this vulnerability scanning system functionality and performance.