| With the emergence of most emerging Internet products such as Web2.0,chat dating networks,blogs,etc.,Web applications developed under the Web system environment are used by more and more people,and are becoming more and more common and used by more users.Recognized.Of course,it also brings a lot of problems.The faster the network is developed,the more malicious attackers are.Therefore,the security of the Web system is also receiving much attention,and Web security is also a subject that is increasingly being studied.Regarding the issue above,this paper analyzes the basic principles of Web application security vulnerabilities and their causes,introduces vulnerability scanning methods and existing vulnerability scanner scanning key technologies,addresses the deficiencies of existing Web application security vulnerability scanning tools,and designs an efficient Web application vulnerability scanning mechanism based on optimized crawlers.Based on the vulnerability scanning mechanism designed in this paper,a scanning method is designed and implemented for the typical Web vulnerability such as XSS vulnerability and SQL injection vulnerability.This paper has designed and implemented a web application security vulnerability scanner based on SAAS mode with high availability,high scalability,and good performance.The main work of this paper is as follows:(1)The characteristics of various Web application vulnerabilities and the scanning technology of Web application vulnerabilities are analyzed.Especially the SQL injection vulnerabilities,XSS vulnerabilities,and information leakage vulnerabilities that occur the most frequently,including the causes,attack methods,detection methods,and defense methods,etc.(2)The network crawler technology is researched,and an optimized web crawler algorithm based on breadth-first strategy is designed,so that it can not only crawl the webpage,but also parse the webpage and effectively remove the duplicates.Using the method of regular expressions,all the inputable areas of the website are extracted,and the URL standard formatting,URL filtering,URL parameter transformation,are performed on the website to enhance the performance of the system.(3)Designed and implemented a web application security vulnerability scanner,the scanner uses the vulnerability information database to implement scanning functions for SQL injection vulnerabilities,XSS vulnerabilities,and directory traversal vulnerabilities.The scanning results based on the Web application security vulnerability scanner show that the scanning method can effectively scan SQL injection and XSS vulnerabilities,and also verify the effectiveness and feasibility of the Web application vulnerability scanning mechanism designed in this paper. |
PDF Full Text Request