First the paper analyzes severe situations of Web application vulnerabilities security and urgent requirements of Web application vulnerability detection technology. Then it analyzes the working principle of the scanning system, studies and summarizes detection methods of SQL injection, XSS and uploads file vulnerability. Based on those achievements, a system infrastructure of Web application vulnerability scanner is designed. The final experimental testing results prove the feasibility of the system design.