• Journal of the Korea Society of Computer and Information
• /
• v.29 no.11
• /
• pp.197-207
• /
• 2024

In the modern Internet environment where web applications can be easily produced, this study aims to check how much manual inspection can be replaced through automatic inspection to solve the problem that it is difficult to secure sufficient stability of web application services only with manual inspection, identify improvements to the shortcomings, and reflect them in the automatic inspection solution. To this end, automatic inspection and manual inspection were compared and analyzed for 175 homepages using a commercial solution. As a result of the analysis, it was confirmed that automatic inspection is possible in 10 items out of 21 web vulnerability inspection items of the Ministry of Public Administration and Security. In particular, the top five items found the most accounted for about 80% of the total vulnerabilities, so the effectiveness of automatic inspection has been proven. However, items with complex structures are difficult to automatically check, so when manual inspection and automatic inspection are used complementarily, the efficiency of web vulnerability inspection can be maximized.