With the rapid development of society and scientific technology in recent years, software products are widely applied to every field of the society. At the same time people are more and more concerned about the quality of software products. In order to survive in the competitive environment, the software manufacturers have to improve the quality of software and take it as the primary task.Testing in the process of software production is the premise to guarantee the quality of software; therefore, it should be done accurately. With the continuous development of software industry and the improvement of market demand, people become more and more familiar with the traditional C/S model of software testing. Meanwhile, the B/S model has also been used more widely than before. Subsequently, Web testing becomes the focus of attention, of which the Web Security testing is the most important part.After the literature review, the author puts forward a new model of Web security testing based on AHP algorithm. With this model, a new automated testing tool - WSAT (Web Security auto-Testing Tool) is designed and implemented. The tool consists of white-box testing and Black-box testing. In Black-box testing, AHP algorithm is used to prioritize the object of the test, and at the same time, detect vulnerabilities pages. In White-box testing, vulnerabilities pages are analyzed and bugs fixed. A program named ESSP is tested by WSAT and other Web security testing tools. Finally, the rationality and superiority of WSAT is verified by comparing the data received in the process of testing. |