| Web vulnerability scanning method is adopted by the industry to detect the vulnerability in the web applications,due to its simple detection model and low requirement on the scanning environment.However,modern web applications generated a massive number of web pages by employing server-side program and backend database dynamically.This dynamic mechanism results a poor efficiency of web vulnerability scanning systems and limits its employment.Scanning more vulnerabilities under the time-restrict situation has a significant theoretical and practical meaning.This paper focuses on the web vulnerabilities scanning efficiency and the contributions are as follows.First,this paper surveys the background and the related works on the web security vulnerability detection methods,and summaries their limitations.The popular used web vulnerability scanning system uses the so-called “maximum scanning time” and “maximum pages to be scanning” method as an upper bound of scanning time.However,these two methods would raise the problem of neglecting the server-side programs that may be vulnerable and cause a precision down gradation of vulnerability scanning.Second,targeting on the problem of web vulnerability scanning method,this paper proposes an HTTP response-based efficient scanning method.The proposed method identifies the web pages generated by the same server-side program,by clustering the responses collected by the scanning system.The response clusters are then being used to generate a partial sequence of web pages for scanning,which may cover all the vulnerabilities does the full sequence can do.The experimental result shows that the proposed HTTP response-based method can identify more vulnerabilities than the traditional scanning procedure with 30% less of time consumes.However,the responsebased method needs receiving,storing,and analyzing HTTP responses to do its efficient scanning,which may limit the flexibility of vulnerability scanning.Third,this paper proposes a HTTP request-based efficient scanning method to overcome the response-based method's limitation.The proposed request-based method is based on a regular expression like request-dispatching model which is coincides with the mechanisms that employed by the main stream web servers and development frameworks.The request-based method extracts the parameters from the requests and learns the web application's dispatching model from the HTTP request information.The request-dispatching model is used to generate the target sequence for scanning.The request-based method is more flexible than the response-based method,as the information of request is easier to collect.The experimental result shows that the HTTP request-based method can achieve the same efficiency as the heavy response-based method can do.In conclusion,this paper proposes the HTTP response-based and request-based efficient scanning methods by analyzing the traditional scanning methods' limitation,and the experimental result shows that the proposed methods can detect more vulnerabilities than the traditional methods with the same number of web pages being scanned. |
PDF Full Text Request