摘要 |
PROBLEM TO BE SOLVED: To provide a diagnostic device for diagnosing a parameter alteration detection function of a web application without depending on a keyword. SOLUTION: The server diagnostic device 200 detects the vulnerability of a web application operating on a diagnostic object web server 212. The server diagnostic device 200 transmits a normal request and an illegal request obtained by altering the normal request to the web server 212. The diagnostic object web server 212 returns normal response to the normal request and illegal response to the illegal request. The server diagnostic device 200 receives the "normal response" and the "illegal response" and compares respective tag structures. According to the comparison result of the tag structures, it is decided whether the diagnosed web server 212 is vulnerable. COPYRIGHT: (C)2007,JPO&INPIT |