The present invention relates to a system for analyzing a software vulnerability attack behavior based on a source code, which enables to define a behavior capable of attacking vulnerability of an actual software based on vulnerability detected by a result of information collection, static analysis of a source code, and dynamic analysis of a software, which are used to analyze software vulnerability. The present invention implements a system for analyzing a software vulnerability attach behavior based on a source code, comprising: a vulnerability realizing environment analysis engine for analyzing whether vulnerability is activated or not when a software is actually operated by comparing an environment required for operating the software with an environment in which the vulnerability may be abused; a vulnerability attack flow analysis engine for analyzing whether an attack behavior can be defined as a sequent behavior by being connected to an attack behavior known on a software flow or to another detected vulnerability; and a scenario building engine for building an invasion scenario by determining whether vulnerability which can be realized with respect to a flow in which the vulnerability may be abused and attack techniques based on the results analyzed through each of the vulnerability realizing environment analysis engine and the vulnerability attack flow analysis engine.
展开▼
