SYSTEM FOR ANALYZING ATTACK ACTION FOR VULNERABLE POINT OF SOURCE CODE-BASED SOFTWARE

摘要

The present invention relates to a system for analyzing an attack action for a vulnerable point of a source code-based software, which can define an action that may actually attack a vulnerable point of software on the basis of a vulnerable point detected as a result of a dynamic analysis of software, a static analysis of a source code, and a collection of information used for analyzing a vulnerable point of software. The system for analyzing an attack action for a vulnerable point of source code-based software is embodied by including: a vulnerable point development environment analysis engine for analyzing whether a vulnerable point is activated when software is actually operated, by comparing an environment required for driving the software and an environment where a vulnerable point may be maliciously used; a vulnerable point attack flow analysis engine for analyzing whether a software flow is expected to lead to a known attack action, or is expected to be connected to another detected vulnerable point and defined as a continuous action; and a scenario establishing engine for establishing a violation scenario by determining an attack technique and whether a developable vulnerable point is included in a flow in which a vulnerable point may be maliciously used, on the basis of each result analyzed through the vulnerable point development environment analysis engine and the vulnerable point attack flow analysis engine.