Research and design on Web application vulnerability scanning service

Abstract

Web application has got a remarkable change in the past few years, many new technologies are reshaping the pattern of Web applications. Since many manufacturers' promotion on HTML5 technology, more and more websites are using HTML5 gradually. The new technology provides users with a variety of Internet applications, but introduces new security problems at the same time. Currently, most Web application scanners can not detect the security problems with HTML5 features, which make HTML5 security issues become blind spots in security vulnerability scanning process. The paper focuses on a research among the existing Web application scanners firstly. Then we selected W3af(Web Application Attack and Audit Framework) as a basic platform for transformation, and by customizing scanning modules and scripts, we designed a Web application security scanning service. The practical scan results show that it can not only detect the Clickjacking vulnerabilities brought by HTML5, but also provide efficient Web application security scanning and evaluation services for the websites.