Abstract: To diagnose vulnerabilities such as SQL injection, even for web-server devices that change the content of responses to requests in accordance with prescribed conditions. A normal-response collection means (10) transmits a normal request (REQN), accompanied by a registered user ID and password, a plurality of times. Said normal-response collection means (10) receives a plurality of responses (RESN) (hereafter “normal responses”) from a web server in response to the normal requests. A common-region extraction means (12) extracts a common region from the plurality of normal responses. An abnormal-response collection means (18) performs SQL injection on the web server, receives the response (RESA) (hereafter “abnormal response”), and records same in a storage unit (16). A determination means (14) determines that the web server has a vulnerability if the normal responses and the abnormal response are the same in the common region.

Abstract: To diagnose vulnerabilities such as SQL injection, even for web-server devices that change the content of responses to requests in accordance with prescribed conditions. A normal-response collection means (10) transmits a normal request (REQN), accompanied by a registered user ID and password, a plurality of times. Said normal-response collection means (10) receives a plurality of responses (RESN) (hereafter “normal responses”) from a web server in response to the normal requests. A common-region extraction means (12) extracts a common region from the plurality of normal responses. An abnormal-response collection means (18) performs SQL injection on the web server, receives the response (RESA) (hereafter “abnormal response”), and records same in a storage unit (16). A determination means (14) determines that the web server has a vulnerability if the normal responses and the abnormal response are the same in the common region.