| With the growth of Web applications,the security of Web applications is attracting more and more attention.By studying the principles and methods of Web application vulnerability detection,we design and implement a Web application vulnerability detection system.The system mainly detects and analyzes XSS vulnerabilities and SQL injection vulnerabilities of Web application vulnerabilities.Through the analysis of the current Web application vulnerability detection tools,the system has been improved in the following aspects.First,the system uses the method of saving Cookie to simulate logon,so as to crawl the dynamic URL for the Web application that needs authentication;two,on the crawler strategy,the system customize a reptilian class,take the method of setting the threshold after the breadth first traversal and set the threshold to climb the URL;the three is that some Web applications can be used for the reptilian tool.To identify and prohibit crawler tool crawling for Web application content,the system has added measures to deal with anti reptiles in the crawler module.The system mainly includes the following functional modules:using the Python language to write the crawler module,adding the analog login function and responding to the anti reptilian measures in the Web,expanding the scope of the vulnerability detection and preventing the limitation of the Web application to the crawler tool;the system XSS detection block,and the attack vector through the anti filtering rules.The XSS probe is used to detect the reflection type XSS vulnerability automatically;the SQL injection detection module of the system is used to search for the injection point,and to analyze whether the Web application contains SQL injection holes,and uses a dichotomy to guess the various fields of the database. |
PDF Full Text Request