Method and device for web application security using security tag

摘要

PURPOSE: A web application security method using a security tag and a device thereof are provided to take action against an web application attack in real time by verifying a parameter input value based on the security tag and using a filtering scheme. CONSTITUTION: A parameter and input value are extracted from web service request data(S30). A security tag is confirmed in the extracted parameter and input value(S32). Verification calls a verification module according to the inputted security tag and is performed(S34). The verification result is transmitted to a web server(S36). In case of a user-defined security tag, a cross-site scripting verification module, an instruction insertion verification module and a file insertion verification module are called.