WEB SERVER/WEB APPLICATION SERVER SECURITY MANAGEMENT APPARATUS AND METHOD

摘要

A security management apparatus and method for a web server/web application server is provided. The security management apparatus includes a connection state table storage unit for, as a web client accesses a web server/web application server, storing connection state information, an access time, and a connection policy. A connection state information inspection unit inspects whether current connection state information is present in connection state information of the connection state table storage unit in which the connection policy is set to blocking. If current connection state information is not present, a web session reuse attack determination unit determines whether a current connection is a web session reuse attack. If the current connection is not the web session reuse attack, an attack pattern analysis unit analyzes whether an attack pattern is present. A blocking unit blocks a connection between the web client and the web server/web application server.