KR101640479B1 - Software vulnerability attack behavior analysis system based on the source code - Google Patents

Software vulnerability attack behavior analysis system based on the source code Download PDF

Info

Publication number
KR101640479B1
KR101640479B1 KR1020150121728A KR20150121728A KR101640479B1 KR 101640479 B1 KR101640479 B1 KR 101640479B1 KR 1020150121728 A KR1020150121728 A KR 1020150121728A KR 20150121728 A KR20150121728 A KR 20150121728A KR 101640479 B1 KR101640479 B1 KR 101640479B1
Authority
KR
South Korea
Prior art keywords
vulnerability
analysis
software
attack
source code
Prior art date
Application number
KR1020150121728A
Other languages
Korean (ko)
Inventor
이승한
Original Assignee
(주)엔키소프트
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)엔키소프트 filed Critical (주)엔키소프트
Priority to KR1020150121728A priority Critical patent/KR101640479B1/en
Priority to PCT/KR2016/007283 priority patent/WO2017039136A1/en
Application granted granted Critical
Publication of KR101640479B1 publication Critical patent/KR101640479B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)
  • Computing Systems (AREA)

Abstract

The present invention relates to a system for analyzing a software vulnerability attack behavior based on a source code, which enables to define a behavior capable of attacking vulnerability of an actual software based on vulnerability detected by a result of information collection, static analysis of a source code, and dynamic analysis of a software, which are used to analyze software vulnerability. The present invention implements a system for analyzing a software vulnerability attach behavior based on a source code, comprising: a vulnerability realizing environment analysis engine for analyzing whether vulnerability is activated or not when a software is actually operated by comparing an environment required for operating the software with an environment in which the vulnerability may be abused; a vulnerability attack flow analysis engine for analyzing whether an attack behavior can be defined as a sequent behavior by being connected to an attack behavior known on a software flow or to another detected vulnerability; and a scenario building engine for building an invasion scenario by determining whether vulnerability which can be realized with respect to a flow in which the vulnerability may be abused and attack techniques based on the results analyzed through each of the vulnerability realizing environment analysis engine and the vulnerability attack flow analysis engine.

Description

A software vulnerability attack analysis system based on a source code-based software vulnerability attack analysis system

The present invention relates to a software vulnerability attack analysis based on a source code, and more particularly, to a vulnerability detection method using a vulnerability detection result obtained as a result of information collection used for analyzing a software vulnerability, static analysis of a source code, The present invention relates to a software vulnerability attack analysis system based on a source code capable of defining an action that can be exploited by a vulnerability of actual software.

Most of the security problems using the recent security vulnerabilities are due to software vulnerability. Security vulnerabilities in software are caused by a developer's mistake.

A security vulnerability is a property that can be derived from fundamental problems of software and cause security accidents. When a hacker exploits a security vulnerability, it becomes a security vulnerability and causes security incidents.

Security vulnerabilities in other respects are not a fundamental problem of software in the background, but security problems in individual software caused by mistakes of software developers.

Software vulnerability analysis is performed in an environment where most of the source code can not be obtained. Therefore, it is performed in the form of a black box test that can be performed only by an executable file. Here, the black box test is a test method in which the software itself is assumed to be a black box that can not observe the internal operation, and analysis is performed based on the input / output values of the software.

In order to determine whether the software can be infringed, the vulnerability is detected through dynamic analysis of the source code of the software and dynamic analysis of the memory, registers, etc. during the operation of the software. It is judged whether or not it can be infringed.

These methods are classified into three categories: information collection, static analysis, and dynamic analysis.

First, gather information about the software, such as crawling, and predict vulnerabilities to the environment in which the software operates.

Second, by analyzing the source code of the software, such as symbolic auditing, it is checked whether the source code known to be vulnerable is included, or the source code is checked for a flow that does not go through the normal processing procedure, And checks for vulnerabilities in the same way.

Third, run software such as Fuzzing and Taint to input various values that can be input during execution or check the effect of input values on software such as memory, registers, etc. Examine the vulnerability in the same manner as if there is an exploitable part.

Prior arts for checking and analyzing the vulnerability of software are disclosed in Patent Documents 1 to 2 below.

The prior art disclosed in Patent Document 1 includes a target function selection module for selecting a function of software to perform a software vulnerability check; A comparison file generation module for generating a first file and a second file not including the selected function; A binary pattern comparison module for comparing the binary values of the first file and the second file to search for a changed or added binary pattern; A test case generation module that generates one or more test cases based on the retrieved binary patterns; And a vulnerability verification module that performs a vulnerability check based on the one or more test cases and generates a vulnerability check result.

According to the conventional technology configured as described above, the purging is performed intensively on the changed or added portions according to the function of the software, so that not only the vulnerability of each function of the software can be found but also the efficiency of purging can be increased.

The prior art disclosed in Patent Document 2 defines weaknesses that may become vulnerabilities when writing source code at the development stage of software as rules and analyzes input sources to compare / The security vulnerability is detected in real time and a solution is provided.

According to the related art, it is possible to reduce the time and cost required for security prevention by reducing the security incidents occurring after the execution of the program by preventing weak security problems in the program development step in advance.

Korean Patent Publication No. 10-2009-0044656 (published on May 7, 2009) Korean Registered Patent No. 10-0653122 (registered on November 27, 2006)

However, since the above-described general software vulnerability analysis technique and the conventional technology stay at the level of checking basic data about the exploitability of software, it is impossible to explain procedurally how the expected vulnerability will affect the software In addition, there is a limited disadvantage that the experienced vulnerability must be verified through experience.

SUMMARY OF THE INVENTION Accordingly, the present invention has been made to solve the above-mentioned problems occurring in the prior art, and it is an object of the present invention to provide a method and apparatus for analyzing software vulnerabilities, The purpose of this study is to provide a software vulnerability attack analysis system based on source code that can define vulnerabilities of actual software.

It is another object of the present invention to provide an easy analysis of how a vulnerability is exploited by providing vulnerable information of a software as an attack procedure and providing a basis for proving a vulnerability of a target software based on an attack procedure And provides a source code based software vulnerability attack analysis system.

In order to achieve the above object, a source code-based software vulnerability attack analysis system according to the present invention includes software execution-related information collection, software vulnerability information obtained through source code branch flow suitability analysis and source code weakness static analysis, A vulnerability analysis engine for analyzing whether the vulnerability is activated when the software is actually operated by comparing the environment where the software needs to be run and the environment where the vulnerability can be exploited based on the environment analysis engine;
The above-mentioned source code branch flow suitability analysis, source code weak point static analysis, possible input value analysis at the time of software execution, and known attack behavior in software flow based on software vulnerability information acquired through influence analysis based on input values at software execution A vulnerability attack flow analysis engine that analyzes whether or not a subsequent attack can be defined as a series of subsequent attacks; And
Based on the results analyzed through the vulnerability analysis environment analysis engine and the vulnerability attack flow analysis engine, it is determined whether or not the vulnerability exists that can be exploited in the flow that the vulnerability can be exploited, and the scenarios And a construction engine.

In the above, the vulnerability manifestation environment analysis engine classifies the program installation environment based on the obtained software vulnerability according to a dictionary criterion including an operating system, a compiler, a related library, and redefines the compatibility with the vulnerability manifest environment ; A vulnerability manifestation environment analysis module for extracting a preset management area from a list of occurrence environments among the information on the software vulnerabilities and defining the predefined management areas as dictionary standards compatible with the program installation environment; The analysis results obtained by the software execution environment analysis module and the vulnerability expression environment analysis module are verified through cross queries. The pre-analysis result and the final analysis result are reflected in the vulnerability database, And a vulnerability code clone analysis module that manages the proportion of the vulnerability code to be higher.

Wherein the vulnerability attack flow analysis engine comprises: a vulnerability-associated attack behavior analysis module for cataloging an attack activity associated with a vulnerability in each flow through an attack tree according to a vulnerability of the vulnerability database defined by the source code weak point static analysis; The source code flow tree, which is the result of performing the source code branch flow conformance analysis, and the vulnerability defined in the input value analysis when executing the software, based on the flow tree of the input value effect, Related software structure analysis module for analyzing whether the characteristics of the vulnerability-related features are continuously displayed and cataloging the associated attacking actions into respective flows; A vulnerability linkage flow definition module for reviewing the items crossed in the flow list based on the vulnerability-associated attack analysis module and the result lists of the vulnerability-associated software structure analysis module, and reconstructing the vulnerability- .

The scenario construction engine extracts a list of actual attacking actions by applying a vulnerability analyzed to be manifested in the list of attacking actions based on the analysis results of the vulnerability detection environment analysis engine and the vulnerability attack flow analysis engine An infiltration scenario building module for constructing an infiltration scenario; An aggressive behavior technique constraint that examines technical constraints that can be applied to attacks that are actually expected to occur based on the infringement scenario constructed by the infringement scenario building module and the database of the source code weak point static analysis, And a condition review module.

According to the present invention, when a vulnerability and an underlying knowledge of an attack are insufficient, it is possible to identify a single vulnerability by verifying the exploitation possibility by defining an attack activity including a relation between an operating environment and vulnerabilities and an action that can be abused, The vulnerability of the software can be detected and defined based on the source code, which is difficult to verify. Therefore, there is an advantage that the security of the vulnerability of the software in the software development project can be provided from the real attacker's point of view.

1 is a schematic configuration diagram of a source code-based software vulnerability attack analysis system according to a preferred embodiment of the present invention;
FIG. 2 is a block diagram of an embodiment of the basic software vulnerability analysis engine of FIG. 1;
FIG. 3 is a block diagram of an embodiment of the vulnerability expression environment analysis engine of FIG. 1;
FIG. 4 is a block diagram of an embodiment of the vulnerability attack flow analysis engine of FIG. 1;
5 is a block diagram showing an embodiment of the scenario construction engine of FIG.

Hereinafter, a source code-based software vulnerability attack analysis system according to a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.

1 is a schematic block diagram of a source code-based software vulnerability attack analysis system according to a preferred embodiment of the present invention.

The source code-based software vulnerability attack analysis system according to the present invention includes a basic software vulnerability analysis engine 10, a vulnerability expression environment analysis engine 20, a vulnerability attack flow analysis engine 30, and a scenario construction engine 40 .

The basic software vulnerability analysis engine 10 includes a crawling engine 11 for collecting software execution related information, a symbolic engine 12 for analyzing a source code branch flow suitability, an auditing engine 13 for performing static analysis of source code weakness, A purging engine 14 for analyzing possible input value analysis when the software is executed, and a taint engine 15 for analyzing the influence of the input value when the software is executed.

The vulnerability manifesting environment analysis engine 20 compares the environment required for the software to be activated based on the software vulnerability analysis information acquired through the respective analyzes in the basic software vulnerability analysis engine 10 and the environment in which the vulnerability can be exploited If the software is actually running, it analyzes whether the vulnerability is activated.

The vulnerability attack flow analysis engine 30 analyzes the software vulnerability analysis information and analyzes whether the vulnerability can be defined as continuous action connected with other known vulnerabilities connected to the known attack on the software flow.

The scenario construction engine 40 includes a vulnerability point that can be expressed in a flow in which a vulnerability can be exploited based on the analyzed results through the vulnerability detection environment analysis engine 20 and the vulnerability attack flow analysis engine 30 And determine the attack technology and build a scenario of infringement.

The operation of the source code-based software vulnerability attack analysis system according to the preferred embodiment of the present invention will now be described in detail.

First, the basic software vulnerability analysis engine 10 includes a culling engine 11, a symbolic engine 12, an auditing engine 13, a purging engine 14, and a taint engine 15 ) And analyzes the software vulnerability and provides the analysis result to the vulnerability analysis environment analysis engine 20 and the vulnerability attack flow analysis engine 30.

2, the crawling engine 11 collects software execution related information, and the symbolic engine 12 analyzes the fitness of the source code branch flow based on the information collected by the crawling engine 11 And the results of the analysis are stored in a database. The auditing engine 13 statically analyzes the weak points of the source code based on the information collected by the crawling engine 11 and converts the result into a database. In addition, the purging engine 14 analyzes the input value analysis at the time of execution of the software, and converts the result into a database, and the taint engine 15 analyzes the influence of the input value when the software is executed and stores the result in a database. Here, the detailed description of each analysis technique will be omitted since the crawling engine, the new bolil engine, the auditing engine, the purging engine, and the taint engine are already known to analyze software vulnerabilities.

When the basic software vulnerability analysis is performed as described above, the vulnerability manifesting environment analysis engine 20 analyzes the software execution related information, the source code branch Based on static analysis results on flow suitability analysis information and source code weaknesses, the environment needed to run the software and the environment in which the vulnerability can be exploited are compared to analyze whether the vulnerability is activated when the software is actually operated. For example, it analyzes how a source known as a vulnerability will work in a real environment.

3, the program installation environment collected through the software execution-related information acquisition module 20 acquired by the basic software vulnerability analysis engine 10 in the software execution environment analysis module 21 is referred to as an operating system, a compiler, Library, and so on, and redefine compatibility with the vulnerability manifestation environment.

In addition, the vulnerability analysis environment analysis module 22 extracts a preset management area from the list of the occurrence environments among the information on the existing vulnerabilities defined as database by the auditing engine 13 among the software vulnerability information, It is defined in advance as compatibility with installation environment.

The analysis results defined in the structured environment, that is, the software execution environment analysis module 21 and the vulnerability analysis environment analysis module 22, are verified through an intersection query. In addition, the results of the preliminary analysis and the final analysis are reflected in the vulnerability database, and the proportion of the latest environment is managed through the learning algorithm.

For example, the vulnerability manifestation environment analysis module 20 creates an environment description when an individual vulnerability that has been detected occurs.

Next, the vulnerability attack flow analysis engine 30 checks whether there is an association between the vulnerabilities or the vulnerabilities.

For example, source code branch flow suitability analysis, source code weak point static analysis, function input value analysis at software execution, and input analysis result at software execution ◎ Tree structure analysis and vulnerability association analysis .

4, the vulnerability-associated attack behavior analysis module 31 analyzes the vulnerability-associated attack behavior through the attack tree according to the vulnerability of the vulnerability database defined by the source code weak point static analysis, Flow.

In addition, the vulnerability-related software structure analysis module 32 is based on a source code flow tree as a result of the source code branch flow conformance analysis and a flow tree of the influence of the input value, which is the result of the influence analysis on the function input value, Analyzes whether the features of the vulnerability defined in the analysis of the input value at the execution of the software appear consecutively and lists the associated attacking actions into the respective flows.

Then, the vulnerability linkage flow definition module 33 reviews the intersection items in the flow list based on the result lists of the vulnerability-associated attack behavior analysis module 31 and the vulnerability-associated software structure analysis module 32 Then, the attack action flow is reconstructed by merging.

Finally, the scenario construction engine 40 judges whether the flow of the attack of the software is valid from the viewpoint of the attacker.

5, a list of attacking actions derived based on the analysis results of the vulnerability detection environment analysis engine 20 and the vulnerability attack flow analysis engine 30 in the infringement scenario building module 41 And the vulnerability that is analyzed to be expressed in the vulnerability is applied to extract the list of actual attacking actions to construct the infringement scenario.

In addition, the attacking technology description constraint review module 42 analyzes the source code weakness point static analysis based on the source code weak point static analysis database to determine whether the attack scenario constructed in the invasion scenario building module 41 can be applied to attack actions Review the constraints and structure them into final scenarios only for the attacking actions that are actually considered to occur.

Among these structured results, the attack procedure that can exploit the proved vulnerability can verify the abuse of the vulnerability as its own, and the structured result can be used as the base data for the actual verification of the attack behavior.

Although the present invention has been described in detail with reference to the above embodiments, it is needless to say that the present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the spirit of the present invention.

The present invention is applied to a technique for defining an attacking behavior that infringes a software vulnerability based on source code.

10: Basic software vulnerability analysis engine
11: The crawling engine
12: Symbolic engine
13: Auditing engine
14: Purge engine
15: Taint engine
20: Vulnerability manifestation environment analysis engine
21: Software execution environment analysis module
22: vulnerability manifestation environment analysis module
23: Vulnerability Code Clone Analysis Module
30: Vulnerability attack flow analysis engine
31: Vulnerability association attack analysis module
32: Vulnerability related software structure analysis module
33: Vulnerability Associated Flow Definition Module
40: scenario building engine
41: Infringement scenario building module
42: Attack Behavior Technology Constraint Review Module

Claims (4)

A system for analyzing the attack of software vulnerabilities based on source code,
Software execution related information collection, and source code branch flow suitability analysis and source code vulnerability. Software Vulnerability Information obtained through static analysis is used to compare the environment needed to run the software and the environment where the vulnerability can be exploited, A vulnerability analysis engine that analyzes whether a vulnerability is activated;
The above-mentioned source code branch flow suitability analysis, source code weak point static analysis, possible input value analysis at the time of software execution, and known attack behavior in software flow based on software vulnerability information acquired through influence analysis based on input values at software execution A vulnerability attack flow analysis engine that analyzes whether or not a subsequent attack can be defined as a series of subsequent attacks; And
Based on the results analyzed through the vulnerability analysis environment analysis engine and the vulnerability attack flow analysis engine, it is determined whether or not the vulnerability exists that can be exploited in the flow that the vulnerability can be exploited and the scenarios And a construction engine for detecting a vulnerability of the source code based software vulnerability attack.
The vulnerability detection system according to claim 1, wherein the vulnerability detection environment analysis engine is configured to classify the program installation environment based on the acquired software vulnerability according to a dictionary criterion including an operating system, a compiler, and a related library and to redefine compatibility with the vulnerability expression environment Execution environment analysis module; A vulnerability manifestation environment analysis module for extracting a preset management area from a list of occurrence environments among the information on the software vulnerabilities and defining the predefined management areas as dictionary criteria compatible with the program installation environment; The analysis results obtained by the software execution environment analysis module and the vulnerability expression environment analysis module are verified through cross queries. The pre-analysis result and the final analysis result are reflected in the vulnerability database, And a vulnerability code clone analysis module that manages the vulnerability code clone analysis module to increase the weight of the vulnerability code.
[Claim 4] The vulnerability attack analysis method of claim 1, wherein the vulnerability attack flow analysis engine includes a vulnerability-associated attack function for listing an attack related to a vulnerability in each flow through an attack tree according to a vulnerability of the vulnerability database defined by the source code weak point static analysis Analysis module; The source code flow tree, which is the result of performing the source code branch flow conformance analysis, and the vulnerability defined in the input value analysis when executing the software, based on the flow tree of the input value effect, Related software structure analysis module for analyzing whether the characteristics of the vulnerability-related features are continuously displayed and cataloging the associated attacking actions into respective flows; And a vulnerability linkage flow definition module for analyzing the items crossed in the flow list based on the result lists of the vulnerability-associated software structure analysis module and merging the possible attack action flows to reconstruct the vulnerability- A vulnerability analysis system for detecting a vulnerability of a source code based software.
The scenario construction engine according to any one of claims 1 to 3, wherein the scenario construction engine applies a vulnerability analyzed to be expressed in a list of attack actions derived based on the analysis results of the vulnerability detection environment analysis engine and the vulnerability attack flow analysis engine An infringement scenario building module for extracting a list of actual attacking actions and constructing an infringing scenario; An aggressive behavior technique constraint that examines technical constraints that can be applied to attacks that are actually expected to occur based on the infringement scenario constructed by the infringement scenario building module and the database of the source code weak point static analysis, And a condition review module.



KR1020150121728A 2015-08-28 2015-08-28 Software vulnerability attack behavior analysis system based on the source code KR101640479B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR1020150121728A KR101640479B1 (en) 2015-08-28 2015-08-28 Software vulnerability attack behavior analysis system based on the source code
PCT/KR2016/007283 WO2017039136A1 (en) 2015-08-28 2016-07-06 System for analyzing attack action for vulnerable point of source code-based software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150121728A KR101640479B1 (en) 2015-08-28 2015-08-28 Software vulnerability attack behavior analysis system based on the source code

Publications (1)

Publication Number Publication Date
KR101640479B1 true KR101640479B1 (en) 2016-07-18

Family

ID=56679816

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150121728A KR101640479B1 (en) 2015-08-28 2015-08-28 Software vulnerability attack behavior analysis system based on the source code

Country Status (2)

Country Link
KR (1) KR101640479B1 (en)
WO (1) WO2017039136A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018101575A1 (en) * 2016-11-29 2018-06-07 한국전력공사 Binary code-based embedded software vulnerability analysis device and method therefor
KR101963756B1 (en) 2018-11-19 2019-03-29 세종대학교산학협력단 Apparatus and method for learning software vulnerability prediction model, apparatus and method for analyzing software vulnerability
KR20190090436A (en) * 2018-01-25 2019-08-02 주식회사 엑스게이트 Apparatus, method and system for checking vulnerable point
KR20200080541A (en) * 2018-12-27 2020-07-07 아주대학교산학협력단 Apparatus and method for detecting vulnerability of software
KR20220007395A (en) * 2020-07-10 2022-01-18 한국전자통신연구원 Apparatus and Method for Classifying Attack Tactics of Security Event in Industrial Control System

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112788009B (en) * 2020-12-30 2023-01-17 绿盟科技集团股份有限公司 Network attack early warning method, device, medium and equipment
CN115801408A (en) * 2022-11-17 2023-03-14 国网福建省电力有限公司 Security state monitoring method based on attack access analysis

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050100278A (en) * 2004-04-13 2005-10-18 한국전자통신연구원 Vulnerability analysis apparatus and method of web application
KR100653122B1 (en) 2005-08-31 2006-12-01 학교법인 대전기독학원 한남대학교 Real-time detection system and method based rule for safety software development
KR20090044656A (en) 2007-11-01 2009-05-07 한국전자통신연구원 Device and method for inspecting vulnerability of software
JP2010507165A (en) * 2006-10-19 2010-03-04 チェックマークス リミテッド Detect security vulnerabilities in source code
KR101479516B1 (en) * 2014-03-05 2015-01-07 소프트포럼 주식회사 Source code security weakness detection apparatus and method
KR101507469B1 (en) * 2015-01-06 2015-04-03 (주)싸이버텍 Method for providing source code analysis service

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015130152A (en) * 2013-12-06 2015-07-16 三菱電機株式会社 Information processing device and program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050100278A (en) * 2004-04-13 2005-10-18 한국전자통신연구원 Vulnerability analysis apparatus and method of web application
KR100653122B1 (en) 2005-08-31 2006-12-01 학교법인 대전기독학원 한남대학교 Real-time detection system and method based rule for safety software development
JP2010507165A (en) * 2006-10-19 2010-03-04 チェックマークス リミテッド Detect security vulnerabilities in source code
KR20090044656A (en) 2007-11-01 2009-05-07 한국전자통신연구원 Device and method for inspecting vulnerability of software
KR101479516B1 (en) * 2014-03-05 2015-01-07 소프트포럼 주식회사 Source code security weakness detection apparatus and method
KR101507469B1 (en) * 2015-01-06 2015-04-03 (주)싸이버텍 Method for providing source code analysis service

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018101575A1 (en) * 2016-11-29 2018-06-07 한국전력공사 Binary code-based embedded software vulnerability analysis device and method therefor
KR20190090436A (en) * 2018-01-25 2019-08-02 주식회사 엑스게이트 Apparatus, method and system for checking vulnerable point
KR102032958B1 (en) * 2018-01-25 2019-10-16 주식회사 엑스게이트 Apparatus, method and system for checking vulnerable point
KR101963756B1 (en) 2018-11-19 2019-03-29 세종대학교산학협력단 Apparatus and method for learning software vulnerability prediction model, apparatus and method for analyzing software vulnerability
KR20200080541A (en) * 2018-12-27 2020-07-07 아주대학교산학협력단 Apparatus and method for detecting vulnerability of software
KR102190727B1 (en) 2018-12-27 2020-12-14 아주대학교산학협력단 Apparatus and method for detecting vulnerability of software
KR20220007395A (en) * 2020-07-10 2022-01-18 한국전자통신연구원 Apparatus and Method for Classifying Attack Tactics of Security Event in Industrial Control System
KR102357630B1 (en) * 2020-07-10 2022-02-07 한국전자통신연구원 Apparatus and Method for Classifying Attack Tactics of Security Event in Industrial Control System

Also Published As

Publication number Publication date
WO2017039136A1 (en) 2017-03-09

Similar Documents

Publication Publication Date Title
KR101640479B1 (en) Software vulnerability attack behavior analysis system based on the source code
CN109426722B (en) SQL injection defect detection method, system, equipment and storage medium
CN107368417B (en) Testing method of vulnerability mining technology testing model
Antunes et al. Defending against web application vulnerabilities
Zhang et al. Program logic based software plagiarism detection
CN111008376B (en) Mobile application source code safety audit system based on code dynamic analysis
Agosta et al. Automated security analysis of dynamic web applications through symbolic code execution
CN105653956A (en) Android malicious software sorting method based on dynamic behavior dependency graph
CN110287693B (en) Automatic buffer overflow vulnerability detection method based on symbol execution path pruning
Cimitile et al. Formal methods meet mobile code obfuscation identification of code reordering technique
CN114996126B (en) Vulnerability detection method and system for EOSIO intelligent contracts
CN107886000B (en) A kind of software vulnerability detection method, response at different level method and software bug detection system
Lin et al. Recovering fitness gradients for interprocedural Boolean flags in search-based testing
Mirsky et al. {VulChecker}: Graph-based Vulnerability Localization in Source Code
Jimenez et al. Software vulnerabilities, prevention and detection methods: A review1
Homaei et al. Athena: A framework to automatically generate security test oracle via extracting policies from source code and intended software behaviour
CN116383833A (en) Method and device for testing software program code, electronic equipment and storage medium
Al-Ghamdi A survey on software security testing techniques
Chen et al. Automatic Mining of Security-Sensitive Functions from Source Code.
Lin et al. A priority based path searching method for improving hybrid fuzzing
Ghorbanian et al. Signature-based hybrid Intrusion detection system (HIDS) for android devices
CN112817877B (en) Abnormal script detection method and device, computer equipment and storage medium
Kang et al. Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability
CN111291377A (en) Application vulnerability detection method and system
CN116932381A (en) Automatic evaluation method for security risk of applet and related equipment

Legal Events

Date Code Title Description
AMND Amendment
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant