Apparatus and method for analyzing security vulnerabilities

Assignee

• NAVER CLOUD CORPORATION · KR

Inventors

• Bong Goo Kang · Seongnam-si, KR
• Min Seob Lee · Seongnam-si, KR
• Won Tae JANG · Seongnam-si, KR
• June-Hyeon Ahn · Suwon-si, KR
• Jihwan Yoon · Yongin-si, KR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L61/4505
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method for analyzing vulnerabilities may include: an analysis target URL receiving step of receiving a plurality of analysis target uniform resource locator (URL) addresses extracted from the analysis target server; an identification key setting step of setting respective identification keys corresponding to the plurality of analysis target URL addresses; a vulnerability analyzing step of performing a simulated attack so as to access the external server by the analysis target server by inserting an analysis hypertext transfer protocol (HTTP) request sentence including a URL address of an external server and the identification key into the analysis target URL address; an access record checking step of requesting an access record of the analysis target server to the external server; and a vulnerability extracting step of extracting a vulnerability of the analysis target server by using the identification key included in the access record.