AUTOMATIC ANALYIZING SYSTEM AND METHOD OF SECURITY WEEKNESS OF APPLICATION

摘要

The present invention relates to an automatic application security vulnerability analysis system, and more specifically, a vulnerability analysis server for automatically performing static analysis and dynamic analysis of an analysis target application to produce a security vulnerability analysis resu And an analysis terminal connected to the vulnerability analysis server and installing and executing the analysis target application. In addition, the present invention relates to an automatic method for analyzing application security vulnerabilities, more specifically, the vulnerability analysis server, (1) installing the analysis target application in the analysis terminal; (2) executing an analysis target application installed in the analysis terminal; (3) automatically attempting an attack on the analysis target application, and monitoring a response to the attack; And (4) automatically analyzing the monitoring result for the attack, and providing a security vulnerability analysis result. According to the proposed system and method for automatically analyzing the security vulnerability of the application proposed by the present invention, by including a vulnerability analysis server for automatically performing static and dynamic analysis of the analysis target application and an analysis terminal for installing and executing the analysis target application, The result of the vulnerability analysis can be quickly obtained through automated analysis, and multiple analysis terminals can be connected to the vulnerability analysis server to automatically analyze multiple applications at the same time. Can be. In addition, according to the present invention, by selecting and standardizing the items required for security vulnerability analysis, and automatically check and analyze the analysis target application for the standardized items, it is possible to obtain a consistent analysis results and improve the analysis reliability Can be. In addition, according to the present invention, by further including a web server, the client can facilitate the security vulnerability analysis request and analysis result confirmation through the web server.