Design And Implementation Of Web Application Vulnerability Scanning System

In recent years,computer technology has developed rapidly,and the network has become a part of people's lives,which makes network security more and more important.In the Huangpu Education Website security evaluation project of a company in Shanghai,the author found that some existing Web application vulnerability scanning tools could not meet the actual needs of enterprises.In actual business scenarios,enterprises often need Web application vulnerability scanning tools to have the highest possible scanning efficiency while ensuring a certain scanning accuracy,thereby improving work efficiency and saving enterprise costs.Aiming at some problems of vulnerability scanning tools for Web applications,such as low scanning efficiency,high tool coupling and some tools not supporting parsing JS,this paper proposes a new design scheme of vulnerability scanning system for Web applications based on the actual needs of enterprises.The design goal of this scheme is to improve the scanning efficiency of the system as much as possible under the condition of guaranteeing certain scanning accuracy.The whole system adopts B/S architecture.The browser is responsible for receiving user input and displaying scanning information,and the server is responsible for crawling and detection.The system uses message middleware RabbitMQ to decouple the crawler module and detection module.The crawler module and detection module are designed and implemented in the way of cluster,making full use of the computing power of cluster to improve the scanning efficiency of the whole system.Finally,the experiment shows that the system architecture can effectively shorten the scanning time and meet the actual needs of enterprises.This paper mainly carries out the following work:1.In-depth research on the causes of SQL injection vulnerability and XSS cross-site scripting vulnerability,vulnerability characteristics and detection methods;2.Research on some existing Web application vulnerability scanning tools,the system structure and scanning process of these tools are analyzed,and their advantages and disadvantages are analyzed and summarized.3.After understanding the working principle of the scanning tool,a new Web application vulnerability scanning system is designed and implemented.Separating the crawler and detecting two modules,so that the crawler module and the detection module can be designed and implemented in a cluster manner;4.By integrating selenium in the Web application vulnerability scanning system,the system has the ability to parse and execute the JS script;The overall architecture of the system and the functions of each module set up a system test environment,which verified that the Web application vulnerability scanning system achieved the expected effect in function,and could meet the actual needs of the enterprise in scanning efficiency.