Web firewall and method for automatically checking web server for vulnerabilities
First Claim
1. An administrating web server including a web firewall for automatically checking for vulnerabilities, comprising:
- a processor;
an administrating server scheduling part for ordering the examination of the administrating web server according to a predetermined examination schedule;
a vulnerability search database calling part for calling a vulnerability search database previously stored according to the order of the administrating server scheduling part,wherein the called vulnerability search database comprises a list of vulnerabilities included in the web firewall from internet data transmitted thought the web firewall to the web servers, andwherein the list of vulnerabilities are generated prior to the ordered examination of the administrating web server according to the predetermined examination schedule;
a vulnerability searching part for searching for potential vulnerabilities of the administrating web server corresponding to data included in the called vulnerability search database, wherein the vulnerability searching part searches for potential vulnerabilities of the administrating web server using at least one external search engine, andwherein the at least one external search engine searches for the potential vulnerabilities from the list of vulnerabilities included in the web firewall;
a vulnerability information deducing part for optimizing the results searched in the vulnerability searching part to deduce vulnerability information;
a vulnerability checking part for checking the vulnerabilities of the administrating web server based on the results deduced from the vulnerability information deducing part; and
a detailed vulnerability information reporting part for reporting detailed information on the checked vulnerabilities.
5 Assignments
0 Petitions
Accused Products
Abstract
Provided is a web firewall for automatically checking for vulnerabilities, including: an administrating server scheduling part for ordering the examination of an administrating web server according to a predetermined examination schedule; a vulnerability search database calling part for calling a vulnerability search database previously stored according to the order of the administrating server scheduling part; a vulnerability searching part for searching for potential vulnerabilities of the administrating web server corresponding to data included in the called vulnerability search database; a vulnerability information deducing part for optimizing the results searched in the vulnerability searching part to deduce vulnerability information; a vulnerability checking part for checking the vulnerabilities of the administrating web server based on the results deduced from the vulnerability information deducing part; and a detailed vulnerability information reporting part for reporting detailed information on the checked vulnerabilities.
-
Citations
13 Claims
-
1. An administrating web server including a web firewall for automatically checking for vulnerabilities, comprising:
-
a processor; an administrating server scheduling part for ordering the examination of the administrating web server according to a predetermined examination schedule; a vulnerability search database calling part for calling a vulnerability search database previously stored according to the order of the administrating server scheduling part, wherein the called vulnerability search database comprises a list of vulnerabilities included in the web firewall from internet data transmitted thought the web firewall to the web servers, and wherein the list of vulnerabilities are generated prior to the ordered examination of the administrating web server according to the predetermined examination schedule; a vulnerability searching part for searching for potential vulnerabilities of the administrating web server corresponding to data included in the called vulnerability search database, wherein the vulnerability searching part searches for potential vulnerabilities of the administrating web server using at least one external search engine, and wherein the at least one external search engine searches for the potential vulnerabilities from the list of vulnerabilities included in the web firewall; a vulnerability information deducing part for optimizing the results searched in the vulnerability searching part to deduce vulnerability information; a vulnerability checking part for checking the vulnerabilities of the administrating web server based on the results deduced from the vulnerability information deducing part; and a detailed vulnerability information reporting part for reporting detailed information on the checked vulnerabilities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of automatically checking for vulnerabilities using a web firewall for automatically checking for vulnerabilities, comprising the steps of:
-
setting a time schedule for checking administrating web server vulnerabilities corresponding to a predetermined examination schedule; confirming a time corresponding to the set schedule and measuring available system resources when the set time has arrived; calling a vulnerability search database when the system resources exceed a predetermined standard value, and wherein the called vulnerability search database comprises a list of vulnerabilities include in the web firewall from internet data transmitted thought the web firewall; searching for potential vulnerabilities of the administrating web server corresponding to data extracted from the called vulnerability search database, wherein the potential vulnerabilities of the administrating web server are searched using at least one external search engine, and wherein the at least one external search engine searches for the potential vulnerabilities from the list of vulnerabilities included in the web firewall; optimizing the results of the potential vulnerability search; checking the vulnerabilities of the administrating web server corresponding to the optimized results; and making a detailed report on the results of the vulnerability check of the administrating web server. - View Dependent Claims (10, 11, 12)
-
-
13. An administrating web server including a web firewall for automatically checking for vulnerabilities in a web server, comprising:
-
a processor; an administrating server scheduling part for ordering the examination of the administrating web server according to a predetermined examination schedule; a vulnerability search database calling part for calling a vulnerability search database previously stored according to the order of the administrating server scheduling part, wherein the called vulnerability search database comprises a list of vulnerabilities included in a web firewall from internet data transmitted thought the web firewall to the web server, and wherein the list of vulnerabilities are generated prior to using at least one external search engine to search for at least one or more of the vulnerabilities from the list of vulnerabilities; a vulnerability searching part for searching for potential vulnerabilities of the administrating web server corresponding to data included in the called vulnerability search database, wherein the vulnerability searching part searches for potential vulnerabilities of the administrating web server using at least one external search engine, and the vulnerability searching part searches for potential vulnerabilities by examining whether a network port prohibited to the administrating web server is open; a vulnerability information deducing part for optimizing the results searched in the vulnerability searching part to deduce vulnerability information; a vulnerability checking part for checking the vulnerabilities of the administrating web server based on the results deduced from the vulnerability information deducing part; and a detailed vulnerability information reporting part for reporting detailed information on the checked vulnerabilities.
-
Specification