Vulnerability Detection And Attack Method For Penetration Testing

Penetration testing,which plays an important role in assessing security of network environment and crucial information systems,has been an essential part of a lot of industrial security standards.Nowadays,there are still many security risks and attack events by employing known or unknown vulnerabilities,thus it's necessary to launch penetration testing and it has been a hotspot to study vulnerability detection,vulnerability analysis and penetration attack in penetration testing.This paper studies and summarizes existing vulnerability detection methods and attack methods,and then propose reverse engineering method of web application for XSS detection as well as Petri net based automatic single target penetration attack scheme.The main work is as follows:1.We put forward a new web application model and inference algorithm,which improves the efficiency and effectiveness of XSS detection.The new web application model introduces micro state,which makes it able to describe both transition relation among states and navigation in web applications.Besides,we present improved web application model inference method based on hierarchy web application,in which state transition function and navigation function are introduced to make decision while page clustering and state reduction help reduce the complexity.Finally,the experiment shows the scheme is more effective in XSS detection compared with other tools.2.For vulnerability analysis and penetration attack phase,we also propose a petri-net based automatic penetration attack method for single target.The method generates real-world penetration attack process based on attack graph which generated automatically,which achieves automatic attack graph generation,attack path planning,attack process and threat assessment.The scheme introduces the concept of multi-network attack path and presents a more effective attack graph generation algorithm.Also,it completes automatic attack process with attack graph.The scheme is proved effective and efficient in real-world penetration testing.