Developing a website analysis tool for vulnerability scanning and reporting
Vulnerability scanning is a security technique used to identify security weaknesses in websites. The numbers of security vulnerabilities that are being found today are much higher in websites than in operating systems. Many transactions are performed online with various kinds of web applications. Almost in all of them user is authenticated before providing access to backend database for storing all the information. A well-designed injection can provide access to the unauthorized users and mostly achieved through SQL injection, Cross-site scripting (XSS) and file inclusion. In this thesis we are providing a vulnerability scanning and analyzing tool of various kinds of SQL injection, Cross Site Scripting (XSS) attacks and files inclusion. Our approach can use with any web application not only the known ones. We validate the proposed vulnerability scanner to develop vulnerabilities scanner will use to spot potential problems the more information the scanner has, the more accurate its performance. Once a tool has a report of the vulnerabilities, developers can use penetration testing as a means to see where the weaknesses are, so the problem can fixed and future mistakes can avoided. When employing frequent and consistent scanning, one will start to see common threads between the vulnerabilities for a better understanding of the website. Our tool is base on machine learning algorithm, document object model (DOM) algorithm and aggregation algorithm. This tool scans the website using to method one is “without login” scanning and another is “with login” scanning. First method is use to check website is malicious and reachable or not. If website is malicious then second method we need to use. In a second method web owner and web developer can use because they have websites user id and password. After login main scanning process will start and pages scan one by one. Finally, VAPT report will show. In a VAPT report number of vulnerability, number of vulnerability occurrence and URL link of vulnerability occurred page. This tool will provide direct reaching to vulnerability occurred page. Also, this tool is very useful since they allow identifying the unknown vulnerabilities on the website.