| 摘要 |
A security device using transaction information collected from a web application server of the present invention comprises: a WAS plugin agent which is installed on the web application server in a plugin way and operates, and collects user transaction information, decrypted in a web server or the web application server, from a memory of the web application server; and a management server which receives the transaction information from the WAS plugin agent, analyzes whether the transaction information is normal or abnormal, produces detecting information according to the analysis result, and transmits a command for blocking the abnormal transaction to the WAS plugin agent. The WAS plugin agent further comprises a unique session ID managing module which when the web application server of a user requests a service, detects a unique session ID, which does not change, in permanent cookies, and if there is no unique session ID, generates a unique session ID for the user and transmits the same to a user web client, sets the generated unique session ID in the permanent cookies and identifies users by the unique session ID in a service request. The management server, according to the present invention which generates detecting information by using user identification through the unique session ID, is capable of detecting attacks, which are encrypted in SSL/TSL through a decrypted transaction information analysis, and of responding to a hacking attack in a session stage after a normal log-in. |
