| 一个典型的Web安全评测工具的分析与改进 |
| |
| 引用本文: | 宋海龄,文伟平. 一个典型的Web安全评测工具的分析与改进[J]. 信息网络安全, 2011, 0(8): 65-68. DOI: 10.3969/j.issn.1671-1122.2011.08.024 |
| |
| 作者姓名: | 宋海龄 文伟平 |
| |
| 作者单位: | 北京大学软件与微电子学院,北京,102600 |
| |
| 摘 要: | 文章较全面地分析和总结了现有的Web漏洞挖掘技术及工具,以开源的Web漏洞扫描工具Paros Proxy为研究对象,对Paros Proxy的爬虫模块及检测模块进行深入研究和分析,进而对其进行改进。经测试,改进后的Paros爬虫模块支持JavaScript URLs的解析及爬行,可以提取到更多的网页链接,而改进后的检测模块,在漏洞检测性能及效率上也有明显提高。
|
| 关 键 词: | 网络爬虫 漏洞检测 线程池 Web应用 |
Analysis and Improvement of a Typical Web Security Assessment Tool |
| |
| SONG Hai-Ling,WEN Wei-Ping. Analysis and Improvement of a Typical Web Security Assessment Tool[J]. Netinfo Security, 2011, 0(8): 65-68. DOI: 10.3969/j.issn.1671-1122.2011.08.024 |
| |
| Authors: | SONG Hai-Ling WEN Wei-Ping |
| |
| Affiliation: | SONG Hai-Ling,WEN Wei-Ping ( Department of Software Technology,SSM,Peking University,Beijing 102600,China ) |
| |
| Abstract: | This paper makes a comprehensive analysis and summary of the existing Web loophole mining technology and tools, to open source Web vulnerability scanning tool Paros Proxy as the research object, the Paros Proxy crawler module and a detection module for in-depth research and analysis, and its improvement. After the test, the improved Paros crawler module supports the JavaScript URLs analytical and crawling, can extract more webpage link, and the improved detection module, the vulnerability detection performa... |
| |
| Keywords: | web spider vulnerability detection thread pool web application |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
