Website security evaluation method and system

The invention discloses a website security evaluation method and a website security evaluation system. The method comprises the following steps: performing dynamic webpage analysis or static webpage analysis according to a basic URL (Uniform Resource Locator) of a website, and acquiring all derived URLs of the website according to analysis result; performing loophole detection on webpages corresponding to all derived URLs of the website by using a plurality of detection models, and outputting loophole detection information, wherein each detection model corresponds to one application dimension; performing security evaluation on the website according to the loophole detection information. According to the method, all URL links of the website can be completely acquired through dynamic webpage analysis and static webpage analysis on the website, and meanwhile loopholes can be automatically detected through a plurality of preset detection models, the accuracy and the efficiency in detection are improved, and the website security evaluation can be efficiently and accurately achieved.