摘要 |
PROBLEM TO BE SOLVED: To certainly perform a vulnerability inspection to an alteration attack for an important parameter. SOLUTION: A Web page type specification part 122 specifies a type of a test object Web page by referring to information in a Web page feature information DB 121, etc., and a Web page importance determination part 125 specifies a transaction flow to be attained by a test object Web page group by referring to information in a transaction flow pattern DB 124. In the transaction flow pattern DB 124, an important page is defined for every transaction flow, and the Web page importance determination part 125 specifies an important page in the specified transaction flow. In a parameter attribute DB 126, an important parameter is defined, and an important parameter specification part 127 specifies the important parameter in the important page by referring to information in the parameter attribute DB 126. An evaluation data generation part 112 alters the important parameter in the important page to perform a pseudo alteration attack to a Web application 131. COPYRIGHT: (C)2012,JPO&INPIT |