| The arrival of the Information Society has brought the world to the rapid development of information technology opportunities. The application of information technology, raising production, lifestyles and ideas changed greatly promoted. The development of human society and civilization bring human into a new era. With the computer and network communication technology is developing rapidly, now the Internet has become a global reach any corner of the open network, brings real-time, convenient, fast and low-cost services. At the same time, network security problem has become acute. How to tap the network application software security vulnerabilities are loopholes in the current mining technology hot spots.Based on Web applications in SQL injection and XSS vulnerability studies, the main works of this paper are as follow:1) This paper analyzed three vulnerability exploiting technology, such as static analysis techniques, Fuzzing technology and dynamic technology, and summed up and analysis the static analysis as major.2) It has been detailed analysis of SQL injection and XSS vulnerable, including their cause, harm, the way to avoid detection methods, etc.3) Using SQL injection and XSS vulnerability characteristics, improved crawler technology, and the use this technology to collection Web applications possible SQL injection and XSS vulnerability of suspicious points.4) Using Fuzzing technology, and combined with SQL injection and XSS vulnerability's detection technology tested the suspicious points.5) Realizing a tool (SQL_XSS) mined the SQL injection and XSS vulnerability in the Web application automatic.6) SQL_XSS was tested, and analyzed test result. |
PDF Full Text Request