網際網路的蓬勃發展為生活帶來許多便利，若程式開發者與網站管理者未顧及網站應用程式之安全性，則網站可能因弱點而遭受攻擊造成許多損失。為提高網站安全，管理者多藉由弱點檢測工具來掃描網站弱點，但檢測工具可能因使用者操作不熟練，造成弱點判定發生誤報情況。多數工具使用者亦無能力解決誤報而造成後續修復之問題。

本論文獨立開發適用於大型網站之網站應用程式弱點檢測平台，並改善現有檢測工具架構，可視佈署時之資源現況改變檢測平台規模與效能並可大量縮減檢測時間。論文中提出6種網站應用程式弱點判定方法，可改進現有檢測工具弱點誤報發生機率，減低因誤報產生之修復問題。

The Internet has developed so vigorously that it has brought lots of convenience to people’s lives. However, if the web application developers and the website administers don’t pay attention to the security of the web application programs, the website might get attacked due to some vulnerabilities and that will bring a series of losses. To enhance the security of the website, the website administers can find out the vulnerabilities by the vulnerability scanner. But, the scanner might show misjudgment when judging the vulnerability because the users are not proficient in operation. Most users are not able to solve the misjudgment conditions, which bring about the following recovering problems.

Thesis we independently develop a web application vulnerabilities detection platform, which adapts to big scale websites and that also improves the present scanner framework. It can also change the scale and efficiency of the detection platform according to the resource condition and reduce a large quantity of the scanning time as well. The paper also brings up six common ways to judge the vulnerabilities of the web application programs. That can improve on the misjudgment percentage of the present scanner and reduce the recovering problems resulted from the vulnerability misjudgment.

[1] Absinthe, http://sourceforge.net/projects/absinthe/
[2] Achilles, http://mavensecurity.com/Achilles.php
[3] Acunetix web vulnerability scanner, http://www.acunetix.com
[4] Brutus, http://www.hoobie.net/brutus/
[5] Burp suite, http://portswigger.net/burp/
[6] CAL9000, http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
[7] Cirt , http://cirt.net/passwords
[8] Default Password, http://www.default-password.info/
[9] E.V. Nava, D. Lindsay, “Our Favorite XSS Filters and How to Attack Them,” BlackHat USA, Auguest 2009.
[10] 30Elizabeth Fong, Romain Gaucher, Vadim Okun, Paul E. Black, “Building a Test Suite for Web Application Scanners,” Proceedings of the 41st Hawaii International Conference on System Sciences 2008.
[11] Engin Kirda, Christopher Kruegel, Giovanni Vigna, Nenad Jovanovic, “Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks,” SAC’06 Proceedings of the 2006 ACM symposium on Applied computing pp.330-337.
[12] Fscan v1.0, http://www.tarasco.org/
[13] G. Buehrer, B.W. Weide, P.A. Sivilotti, “Using parse tree validation to prevent SQL injection attacks,” Proceedings of the 5th International Workshop on Software Engineering and Middleware, 2005, pp. 105–113.
[14] Gamja, http://sourceforge.net/projects/gamja/
[15] Grabber, http://rgaucher.info/beta/grabber/
[16] Grendel-Scan, http://grendel-scan.com/
[17] Hossain Shahriar, Mohammad Zulkernine, “MUTEC: Mutation-based Testing of Cross Site Scripting,” IWSESS '09 Proceedings of the 2009 ICSE Workshop on software Engineering for Secure Systems.
[18] Httrack, http://www.httrack.com/
[19] HTTP Protocol, http://en.wikibooks.org/wiki/Communication_Networks/HTTP_Protocol
[20] IETF, http://www.ietf.org/
[21] IIS Xploit, http://www.geocities.com/server_tools/misc_tools.htm
[22] Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, “State of the Art: Automated Black-Box Web Application Vulnerability Testing,” IEEE Symposium on Security and Privacy 2010.
[23] Joomla Security Scanner, http://sorceforge.net/projects/joomscan/
[24] JSky, http://nosec.org/jsky.html
[25] Kamal Kumar, Sandeep Jain, “An Authentication Mechanism against SQL Injection on Web Platform,” International Journal of Engineering and Information Technology, 2011, pp. 5-14.
[26] Kayra, http://www.softpedia.com/get/Internet/Servers/Server-Tools/KayRa.shtml
[27] Lilith, http://angelo.scanit.biz
[28] Mass SQL Injection 2011/07, http://blog.armorize.com/2011/07/willysycom-mass-injection-ongoing.html
[29] Mass SQL Injection 2011/10, http://www.zdnet.com/blog/security/over-a-million-web-sites-affected-in-mass-sql-injection-attack/9662
[30] Nessus, http://www.nessus.org
[31] Nikto, http://www.cirt.net/nikto2/
[32] N-Stalker, http://www.nstalker.com/nstealth/
[33] OWASP, http://www.owasp.org
[34] Pangolin, http://www.nosec.org/
[35] Paros, http://www.parosproxy.org/
[36] Passwordsdatabase, http://www.passwordsdatabase.com/
[37] Powerfuzzer, http://www.powerfuzzer.com
[38] R. McClure, I. Krüger, “SQL DOM: compile time checking of dynamic SQL statements,” Proceedings of the 27th International Conference on Software Engineering, 2005, pp. 88–96.
[39] R.Fielding, J. Gettys, J. C. Mogul, H.Frystyk, L. Masinter, P. Leach, T. Berners-Lee, “Hypertext Transfer Protocol – HTTP/1.1,” Request for Comments 2616, Internet Engineering Task Force (IETF), June 1999
[40] Ratproxy, http://code.google.com/p/ratproxy/
[41] Remote PHP Vulnerability Scanner, http://overdose.tcpteam.org/
[42] Sandcat, http://www.syhunt.com/?n=Sandcat.Sandcat
[43] Scrawlr, https://h30406.www3.hp.com/campaigns/2008/wwcampaign/1-57C4K/index.php
[44] SFX-SQLi, http://www.kachakil.com/papers/SFX-SQLi-en.htm
[45] SiteScope, http://www.mcafee.com/us/downloads/free-tools/sitescope.aspx
[46] SPIKE proxy, http://www.immunitysec.com/spkieproxy.html
[47] Sprajax, https://www.owasp.org/index.php/Category:OWASP_Sprajax_Project
[48] Springenwerk Security Scanner, XSS, http://springenwerk.org/
[49] SQL Power Injection, SQL Injection, http://www.sqlpowerinjector.com/
[50] Sqlninja, SQL Injection, http://sqlninja.sourceforge.net/
[51] SSDLC, http://www.amxecure.com/index.php/zh/weapssdlc
[52] Stefan Kals, Engin Kirda, Christopher Kruegel, Nenad Jovanovic, “ SecuBat: A Web Vulnerability Scanner,” WWW 2006.
[53] SWFIntruder, XSS, http://code.google.com/p/swfintruder/
[54] T.C. Pietraszek, V. Berghe, “Defending against injection attacks through context–sensitive string evaluation,” Proceeding of Recent Advances in Intrusion Detection, in: LNCS, vol. 3858, 2006, pp. 124–145.
[55] Teleport Pro, http://www.tenmax.com/teleport/pro/home.htm
[56] THC-Hydra, http://freeworld.thc.org/thc-hydra/
[57] Top 125 Network Security Tools, http://sectools.org/tag/web-scanners/
[58] Vmware, http://www.vmware.com/
[59] W.G. Halfond, A. Orso, “AMNESIA: analysis and monitoring for neutralizing SQL-injection attacks,” Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering, 2005, pp. 174–183.
[60] W3af, http://w3af.sourceforge.net/
[61] W3C, http://www.w3.org/
[62] Wapiti, http://wapiti.sourceforge.net/
[63] WASAT, http://www.instisec.com/publico/descargas/
[64] Web Scanner, http://sourceforge.net/projects/webscanner/
[65] WebInspect, https://download.hpsmartupdate.com/webinspect/
[66] WebScarab, https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
[67] Wfuzz, http://www.edge-security.com/wfuzz.php
[68] Wikto, http://www.sensepost.com/
[69] William G.J. Halfond, Jeremy Viegas, Alessandro Orso, “A Classification of SQL Injection Attacks and Countermeasures,” Proceeding on International Symposium on Secure Software Engineering, Raleigh, NC, USA, 2006, pp. 65–81.
[70] Wscan, http://www.lengmo.net/post/1048/
[71] WSTOOL, http://wstool.sourceforge.net/
[72] XSSS, http://www.sven.de/xsss/
[73] Z. Su, G. Wassermann, “The essence of command injection attacks in web applications,” Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2006, pp. 372–382.
[74] Zone-h, http://www.zone-h.org/
[75] 盧建同，鍾沛原，高志忠，劉志威，賴溪松，網站應用程式弱點檢測平台之建置，「第二十屆資訊安全會議研討會(CISC2010)」，國立交通大學
[76] 盧建同，高志忠，鍾沛原，賴溪松，李忠憲，應用網站應用程式弱點檢測平台於TANet連線單位網站安全之研究，「TANet2011臺灣網際網路研討會」，國立宜蘭大學