• The Journal of the Korea Contents Association
• /
• v.22 no.2
• /
• pp.125-134
• /
• 2022

Due to the development of smartphone technology, as of 2020, 91.9% of people use the Internet[1] to frequently acquire information through websites and mobile apps. As the number of homepages in charge of providing information is increasing every year, the number of applications for web vulnerability diagnosis, which diagnoses the safety of homepages, is also increasing. In the existing web vulnerability check, the number of diagnostic personnel should increase in proportion to the number of homepages that need diagnosis because the diagnosticians manually test the homepages for vulnerabilities. In reality, however, there is a limit to securing a web vulnerability diagnosis manpower, and if the number of diagnosis manpower is increased, a lot of costs are incurred. To solve these problems, an automatic diagnosis tool is used to replace a part of the manual diagnosis. This paper explores a new method to expand the current automatic diagnosis range. In other words, automatic diagnosis possible items were derived by analyzing the impact of web vulnerability diagnosis items. Furthermore, automatic diagnosis identified possible items through comparative analysis of diagnosis results by performing manual and automatic diagnosis on the website in operation. In addition, it is possible to replace manual diagnosis for possible items, but not all vulnerability items, through the improvement of automatic diagnosis tools. This paper will explore some suggestions that can help improve plans to support and implement automatic diagnosis. Through this, it will be possible to contribute to the creation of a safe website operating environment by focusing on the parts that require precise diagnosis.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.11
• /
• pp.197-207
• /
• 2024

In the modern Internet environment where web applications can be easily produced, this study aims to check how much manual inspection can be replaced through automatic inspection to solve the problem that it is difficult to secure sufficient stability of web application services only with manual inspection, identify improvements to the shortcomings, and reflect them in the automatic inspection solution. To this end, automatic inspection and manual inspection were compared and analyzed for 175 homepages using a commercial solution. As a result of the analysis, it was confirmed that automatic inspection is possible in 10 items out of 21 web vulnerability inspection items of the Ministry of Public Administration and Security. In particular, the top five items found the most accounted for about 80% of the total vulnerabilities, so the effectiveness of automatic inspection has been proven. However, items with complex structures are difficult to automatically check, so when manual inspection and automatic inspection are used complementarily, the efficiency of web vulnerability inspection can be maximized.