Research And Implementation Of Web Application Vulnerabilities Positioning Technology

SQL injection attacks and Cross-Site Scripting attacks are the most serious security issues in Web applications, which could lead to data loss or data corruption, denial of service, or even worse, the host being completely taken over and system failures, therefore the research to detect the SQL injection attacks and Cross-Site Scripting attacks has important practical significance.Fuzzing test is automated or semi-automated vulnerability mining technology based on defect injection, which provides a large number of semi-valid data to the target (such as file formats, network protocols, API, etc.) as input and monitors the execution of the program to find potential security vulnerabilities in Web application. Dynamic taint analysis (DTA) is a kind of data flow tracking technology, and it can find out the dependencies between source data and destination data by marking and tracking the propagation of the data while the program is running.This thesis studies the common Web application vulnerability detection methods, analyzes black-box-based scanner and white-box-based code audit tool. The scanner is fast but can not locate specific vulnerabilities generated code, while code audit tools can position the code generating vulnerabilities by analyzing all of the source code which costs a lot of time. Then proposes a method for locating Web applications vulnerabilities using fuzzing and dynamic taint techniques. Designs a system and accomplish the prototype for experimental verification.The main work is as follows:(1) Analyzes the causes, classification, hazards, prevention and detection of SQL injection and Cross-Site Scripting vulnerabilities and summarizes their attack mode, then designs the attack vector library.(2) Proposes a method for locating Web applications vulnerabilities using fuzzing and dynamic taint techniques. In the Fuzzing test phase, uses attack string vector library to test the procedures and get SQL injection and Cross-Site Scripting vulnerabilities injection points quickly. In the dynamic taint analysis phase, tracks the data in these injection points to get the whole propagation path from injection point to the sink point, thus completing the positioning of vulnerabilities.(3) Studies the principle and process of Dynamic Taint Analysis and applies them to positioning SQL injection and Cross-Site Scripting vulnerabilities. Designs taint propagation rules based on advanced language, implements the marking, tracking and testing of the tainted data in source code level.(4) Designs WebPOS for the proposed method, and realizes the vulnerability positioning system prototype.Innovation of this paper is mainly reflected in the following aspects:(1) Proposes a method for locating Web applications vulnerabilities using fuzzing and dynamic taint techniques.Experiments show that there is a low false alarm rate and smaller time overhead.(2) Designs taint propagation rules based on advanced language, implements the marking, tracking and testing of the tainted data in source code level.The runtime overhead is small and it is fast.(3) Designs and implements the system prototype WebPOS to locating SQL injection and Cross-Site Scripting vulnerabilities in Web applications using Java.