Research On Web Application Offense And Defense Exercise System Based On Hotness Of Vulnerability

The increasing popularity of the Internet has made Web applications become an indispensable part of people's lives.Correspondingly,the security risks facing Web applications are also increasing.In order to deal with severe Web attacks,designing and implementing an offensive and defensive exercise system for Web applications can enhance the user's Web offensive and defensive capabilities and has a strong practical significance.For this reason,this paper analyzed the hotness of the Web application vulnerability based on the open vulnerability database,then proposed the method of the evaluation of offensive and defensive exercise.Lastly,we designed and implemented a Web offense and defense exercise system based on the high-temperature vulnerability.The main research contents are as follows:(1)Analysis of the hotness of the vulnerability based on open vulnerability databaseWe got the Web application vulnerability data from Vulnerabilities Public Disclosure Platforms(CNVD,CVE,etc.)by using Web crawler,then preprocessed it,and classified the vulnerability using keywords extraction.Lastly,three assessment indicators: hotness of harm,click,time was introduced into the assessment of the hotness of the vulnerability.These indicators can portray the timeliness of vulnerability effectively.(2)Research on the evaluation of offensive and defensive exerciseThe attack time consuming and difficulty of attack(vulnerability)are introduced into the assessment of attack and defense performance.Compared with the precious method which only consider attack result,the comprehensiveness of the assessment method is improved and plays a positive role in improving the user's Web attack and defense capabilities.(3)Web Application Offense and Defense Exercise System Based on Hotness of VulnerabilityFor the high-temperature Web application vulnerability type,we designed the system's overall architecture,built exercise environment,analyzed Web offense and defense exercise toolbox,and designed the system's functional module.Finally,the Web application offense-defense exercise system was implemented.This system considers the hotness of vulnerability analysis results,and has a practical value in improving the user's Web offensive and defensive capabilities.