The Design And Implementation Of Crowdsourced Vulnerability Validation Platform

In recent years,with the continuous development of information technology,Internet applications and mobile applications are inextricably linked to people's life.Unfortunately,many Internet applications and mobile applications now have many vulnerabilities.These potential vulnerabilities may be high-risk,so the demand for scanning for vulnerabilities is growing quickly.Based on the above circumstances,many companies are researching on security testing technology,including security of web applications and mobile applications.Due to the continuous development of vulnerability scanning technology,the number of discovered vulnerabilities has also increased.However,most of these vulnerabilities are low-risk.It takes members of ops teams a lot of time to verify these vulnerabilities and fix them.As a result,the demand for crowdsourcing is increasing rapidly.In order to solve the above problem,it is important to design a platform which can help users create crowdsourced tasks for vulnerabilities validation.This platform is based on vulnerability scanners,which can scan applications and export a report about the vulnerabilities of applications.This platform utilizes the advantages of crowdsourcing to filter a large number of low-risk vulnerabilities,identifies high-risk vulnerabilities and provides warning information so that the platform can help companies save cost.This platform is based on mircoservice architecture and uses Zookeeper and Dubbo to support this architecture.Also,this platform uses Springboot as the background framework and Hibernate as the orm framework.Because of these,this project has high scalability and availability.Besides,because of the real-time statistical algorithm,this platform also has high performance and high responsiveness.This project can be divided into task management module,verification module,scanner module and display module.Task management module can be divided into crowdsourcing task module and import vulnerabilities module.Verification module can be devided into crowdsourcing verification module and statics module.The thesis introduces the design and implement of task management module and verification module in detail.