The Development of Web Security Scanner Based on XSS and SQL Injection Method

摘要

Nowaday, there is so many vulnerabilities in web application layer. This is because of security issues that are often overlooked by a web developer when creating a website. In fact, caused by the presence of vulnerabilities on a website, a hacker can do a variety of activities that destroy of website. Adverse events that can be done by a hacker includes changing the web page (defacing), obtain sensitive information, even taking over control of the website system. To help overcome these problems, we make an application to detect vulnerabilities that exist on a website. The process is started by crawling to get the entire link from the target website. Followed by attacking the process that is useful to attempt an attack on a link that has the potential security hole. The application will then continue in the process of reporting where the application would create a vulnerability report on the website. This application was built using Microsoft Visual C # 2010. Based on the results of tests made on this application, it can be concluded that the application can detect vulnerabilities in the website and report any form of link that has a security hole on the website.