Research And Implementation Of Security Test Automation Technology Based On Selenium

With the development of science and technology, a best time for internet has come. People use the internet to do other things more than browse information than ever before, more and more affairs can be approached online. We can do no matter buy tickets, pay bills or buy some other things on the internet and it become a indispensible part of life, therefore Web application is in a explosive growth. However, more kinds of vulnerabilities exist in web application, it is hard to support development of web application. Security test using manual simulation attack for Web application penetration test in traditional way, but manual test cost is lack of efficiency and human factors often influence accuracy of tested report. Most of smaller companies can’t afford to use commercial automation tools.This thesis analyzed and researched automatic test technology of security based on Selenium. Because of Selenium is a open source tool, it can effectively reduce the cost by using Selenium. This thesis designed and implemented a high availability of the Web application vulnerability scanner and used the feature of scalability. It can test Web application no matter online or offline, so that we can advance the corresponding countermeasures and reduce losses. The main work is as follows:1.Analyzed the situation of Web application security, introduced the researcher of automatic test home and abroad, analyzed security threats of Web application at present, it explain the risks by listing data and illustrates the importance of developing a automatic tools for security test.2.Analyzed different kinds of vulnerabilities’ characteristic, and causes, testing method, defense method etc of SQL injection and XSS cross site vulnerability, introduced some popular automatic tools at present, including Selenium that this thesis used.3. For vulnerability information of Web application, it researched HTTP protocol, URLs getting, form and Web pages crawling, designed to target web pages crawling and filtering web crawler module construction URL.4.After getting information of webpage, designed vulnerability scanner module for SQL injection and XSS cross site by interactive, scalability of Selenium, generated detailed report after test work.In the end, it verified the availability and reliability of the system by doing the function test and performance test in the experimental environment.