Security method and apparatus for web-applications using security tag

摘要

A web application security method using a security tag and a system thereof are provided to cope with a web application attack in real time by verifying and filtering a parameter input value by using the security tag. A verification module manager(210) determines whether a parameter into which a security tag is inserted is used for requested data or not. A user-defined tag verifier(220) verifies an input value according to a user-defined security tag equipped in the security tag. A basic tag verifier(230) verifies the input value according to an allowed security tag equipped in the security tag. According to the verification results, an attack filtering module(240) makes a web server reject a request as an attack or receive a request which is normally determined.