首页>
外国专利>
SYSTEM FOR ANALYZING ATTACK ACTION FOR VULNERABLE POINT OF SOURCE CODE-BASED SOFTWARE
SYSTEM FOR ANALYZING ATTACK ACTION FOR VULNERABLE POINT OF SOURCE CODE-BASED SOFTWARE
展开▼
机译:基于源代码的软件易受攻击点的攻击行为分析系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention relates to a system for analyzing an attack action for a vulnerable point of a source code-based software, which can define an action that may actually attack a vulnerable point of software on the basis of a vulnerable point detected as a result of a dynamic analysis of software, a static analysis of a source code, and a collection of information used for analyzing a vulnerable point of software. The system for analyzing an attack action for a vulnerable point of source code-based software is embodied by including: a vulnerable point development environment analysis engine for analyzing whether a vulnerable point is activated when software is actually operated, by comparing an environment required for driving the software and an environment where a vulnerable point may be maliciously used; a vulnerable point attack flow analysis engine for analyzing whether a software flow is expected to lead to a known attack action, or is expected to be connected to another detected vulnerable point and defined as a continuous action; and a scenario establishing engine for establishing a violation scenario by determining an attack technique and whether a developable vulnerable point is included in a flow in which a vulnerable point may be maliciously used, on the basis of each result analyzed through the vulnerable point development environment analysis engine and the vulnerable point attack flow analysis engine.
展开▼