The invention relates to a web
vulnerability scanning method and a
vulnerability scanner. The web
vulnerability scanning method comprises the following steps: deploying a plurality of scanning nodes;scanning the asset information of the target
software system and the asset information of the target
server, and carrying out
web page intelligent
crawling after completing preliminary information collection; after
crawling is completed, exploring different detection points in the request, analyzing the URL to be detected, and decomposing to obtain all possible detection points; cleaning all the detection
point data, completing preliminary screening, analyzing and counting to obtain the
page view and the access sequence of different URLs of the target, judging whether scanning is needed or notaccording to the content change of URL pages, if scanning is needed, performing
statistical classification on results, adding labels, and otherwise, giving up scanning; and judging whether a vulnerability exists or not according to a statistical result, verifying the accuracy of the vulnerability if the vulnerability exists, and otherwise, giving up the operation. The method is beneficial to improving the efficiency and verifying the accuracy of the vulnerability.