APPARATUS FOR AUTOMATICALLY INSPECTING SECURITY OF APPLICATIONS AND METHOD THEREOF

摘要

PURPOSE: A device for automatically inspecting an application security and a method thereof are provided to quickly analyze malicious codes by integrating a static analysis result of an automatic script with an execution result. CONSTITUTION: A static analyzing unit(104) reverses an execution file of an application to perform static analysis. An automatic execution processing unit(106) generates a script for the automatic execution of the execution file and automatically executes the script to generate a log. A dynamic analyzing unit(108) analyzes a pattern of a malicious code executed in the execution file by using the log and the static analysis result. The static analyzing unit performs the structure analysis, permission analysis, control, and data flow analysis of the execution file through reversing. The static analyzing unit shows detailed descriptions about classes and methods of the execution file to perform an automatic a static analysis process. [Reference numerals] (102) Database; (104) Static analyzing unit; (106) Automatic execution processing unit; (108) Dynamic analyzing unit; (AA) Execution file; (BB) Analysis result