Vulnerability Scanning And Detection For Web Application Security Based On Crawler

Since entering the 21 st century,the rapid development of Internet technology,especially after entering the era of Web2.0,Web applications have become more and more complex and the number of users has become more and more large.However,at the same time,various Web security problems emerge one after another,and the security field has suffered unprecedented threats.Cross-site scripting attacks are a relatively large threat vulnerability.Due to its simple injection and rapid propagation characteristics,a large number of XSS vulnerability attacks occur every year.Moreover,with the popularization of Ajax technology,XSS vulnerabilities become more hidden and more difficult to detect.Traditional XSS vulnerability detection methods are divided into static testing and dynamic testing.Although there are many related detection tools at present,many of them have the problem of high false positive rate.After analyzing and comparing the advantages and disadvantages of the two tests,this thesis chooses to study dynamic testing and designs an automated vulnerability scanning and detection system based on crawler for cross-site script attack vulnerabilities.The main work is as follows:(1)The generation principle and attack methods of XSS vulnerabilities are studied.The types and variation modes of attack vectors are summarized.Finally,a model for automatically generating XSS attack vectors is designed and implemented.The generated attack vectors are classified and stored in different data tables in the database so as to select targeted vectors for testing in subsequent detection.(2)Studied the crawler-related technologies,and designed a set of programs to obtain and detect website page links through the crawler.The combination of Selenium+FireFox was used to analyze the page,simulate user operations,trigger page events,analyze page DOM status,and dig dynamic page injection points deeply.Experiments proved that the page injection points can be mined more effectively.(3)In order to reduce the number of server requests in the testing process,a probe vector testing scheme is used,and the corresponding type of attack vector constructed before is selected according to the position of the page response probe vector for testing,which can effectively improve the scanning efficiency.Furthermore,in view of the fact that the feature output page is not necessarily the test request response page when testing storage XSS vulnerabilities,an improved snoop testing scheme is proposed,which can effectively determine the input page and injection point according to the value of snoop characters in the page before formal testing,store the corresponding relationship,and then carry out subsequent testing.Experiments prove that the scheme can effectively detect storage vulnerabilities.(4)The XSS vulnerability testing tool XSS-finder is designed and implemented using the above mentioned scheme.The tool can input the website address of the website to be tested for testing,and can manually input Cookie value to simulate login,so as to test some websites that need to log in to obtain more content.The XSS-finder is used to test three websites that contain vulnerabilities and are developed based on python,Java and php languages respectively.The tests are compared with AppScan,XSSer and other testing tools.The experiments prove that the tools in this paper can more effectively exploit XSS vulnerabilities.