摘要 |
<p><P>PROBLEM TO BE SOLVED: To efficiently diagnose a Web application. <P>SOLUTION: A framework identification information accumulation part 113 stores framework identification information including a character string for discriminating a framework used in a Web application 111 that is a diagnostic object, and a communication recording part 114 records communications with the Web application 111. A framework determination part 112 extracts a Web page received from the Web application 111 from the communication records, analyzes whether the character string of the framework identification information is included in the extracted Web page, and determines, when the character string is included in the Web page, that a framework corresponding to the character string is used. A security hole determination part 102 and a pseudo attack generation part 103 perform a pseudo attack to the Web application while omitting a pseudo attack for the framework to determine a security hole. <P>COPYRIGHT: (C)2011,JPO&INPIT</p> |