Welcome to Journal of University of Chinese Academy of Sciences,Today is

›› 2016, Vol. 33 ›› Issue (5): 679-685.DOI: 10.7523/j.issn.2095-6134.2016.05.016

• Research Articles • Previous Articles     Next Articles

An efficient method of web fingerprint identification

YAN Shujun1,3, WANG Wenjie1,2, ZHANG Yuqing1,2,3   

  1. 1 School of Computer and Control Engineering, University of Chinese Academy of Sciences, Beijing 101408, China;
    2 State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
    3 National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408, China
  • Received:2016-02-19 Revised:2016-04-01 Online:2016-09-15

Abstract:

It is very important to accurately acquire information of the web server and deployed application for website security testing. Since the web server's Banner was apt to be modified, we used the black-box testing method to analyze major web servers, and then selected web server's fingerprint which could prevent Banner cheating. Since the web application's keywords were apt to be deleted, we used the source code audit method to analyze major web applications, and then selected web application's fingerprint, which was associated with its function, and built a web fingerprint database. Furthermore, a web fingerprint identifying tool WebEye was designed and implemented. Experimental results show that WebEye faster and more accurately identifies the web server and application than similar tools, and it has good scalablity.

Key words: web server, web application, web fingerprint identification, web fingerprint database

CLC Number: