Abstract: A website scanning apparatus having a policy analysis device for determining whether a link in a target website belongs to a known web application used by the target website, if the link belongs to the identified web application, then a vulnerability scanning is not performed on the link; a crawler device for obtaining the link content that the link points to; a web application identification device for determining whether the link belongs to a known web application; a full scan device for performing a full vulnerability scanning on a link determined as not belonging to the known web application; and a known web application vulnerability detection device for performing vulnerability detection on the website for the determined identified web application according to known vulnerabilities of the identified web application to determine whether the known vulnerabilities of the identified web application exist in the website is provided.

Abstract: The invention discloses a website scanning apparatus for performing a security vulnerability scanning on a target website, which apparatus comprises: a web page obtaining component obtaining current content and/or features of a web page corresponding to a link to be processed; a link processing component including a change judgment device for judging whether the web page corresponding to the link to be processed has been changed based on stored web page content and/or features corresponding to the link to be processed as well as the current web page content and/or features of the link to be processed; and a vulnerability detecting component for performing a security vulnerability detection on a web page corresponding to a link to be processed for which the web page has been changed. The invention also discloses a website scanning method corresponding thereto.

Abstract: The present invention discloses a XSS detection method for detecting the XSS vulnerabilities in a web page, comprising for each parameter-value pair in a set of parameter-value pairs that can be accepted by the web page: constructing a parameter-value pair in which a dedicated script is inserted; assembling a URL corresponding to the web page based on the parameter-value pair in which a dedicated script is inserted; acquiring the dynamic web page content corresponding to the assembled URL; and simulating the execution of the acquired dynamic web page content, if the dedicated script is executed, it is determined that the processing of the parameter in the web page contains XSS vulnerabilities. The present invention further discloses a corresponding XSS detection device and a web site security scanning system and a web scanning system using such a device.

Abstract: The invention discloses a website scanning apparatus for performing a security vulnerability scanning on a target website, which apparatus comprises: a web page obtaining component obtaining current content and/or features of a web page corresponding to a link to be processed; a link processing component including a change judgment device for judging whether the web page corresponding to the link to be processed has been changed based on stored web page content and/or features corresponding to the link to be processed as well as the current web page content and/or features of the link to be processed; and a vulnerability detecting component for performing a security vulnerability detection on a web page corresponding to a link to be processed for which the web page has been changed. The invention also discloses a website scanning method corresponding thereto.

Abstract: Described is a website scanning apparatus comprising a policy analysis device for determining whether a link in a target website belongs to a known web application used by the target website. If the link belongs to the identified web application, then a vulnerability scanning is not performed on the link; a crawler device for obtaining the link content that the link points to; a web application identification device for determining whether the link belongs to a known web application; a full scan device for performing a full vulnerability scanning on a link determined as not belonging to the known web application; and a known web application vulnerability detection device for performing vulnerability detection for the identified web application according to known vulnerabilities to determine whether the known vulnerabilities exist in the website. A website scanning method employed by the website scanning apparatus is also described.

Abstract: The present invention discloses a XSS detection method for detecting the XSS vulnerabilities in a web page, comprising for each parameter-value pair in a set of parameter-value pairs that can be accepted by the web page: constructing a parameter-value pair in which a dedicated script is inserted; assembling a URL corresponding to the web page based on the parameter-value pair in which a dedicated script is inserted; acquiring the dynamic web page content corresponding to the assembled URL; and simulating the execution of the acquired dynamic web page content, if the dedicated script is executed, it is determined that the processing of the parameter in the web page contains XSS vulnerabilities. The present invention further discloses a corresponding XSS detection device and a web site security scanning system and a web scanning system using such a device.