Abstract: A method for providing a software service of a license management server is disclosed. The method comprises the steps of: receiving a virtual machine interface from a cloud server; installing software of a service provider in the virtual machine interface; transmitting a license to the virtual machine interface; providing ID and password related authority to a user terminal; and providing a service of the software to the user terminal through the virtual machine interface when the user terminal accesses the software. Therefore, source code leakage due to static analysis can be fundamentally prevented.

Abstract: Disclosed is an operation method for a dynamic analyzer for analyzing an execution state of a web application. The present invention comprises the steps of: analyzing an execution state of the web application on the basis of a final attack string including a parameter which indicates a particular operation to be executed through the web application; and performing an analysis of the execution state of the web application, wherein the final attack string is generated so as to avoid filtering logic which is designed to filter a raw attack string including a predefined parameter. Therefore, the present invention can detect a security vulnerability, which cannot be detected by the existing dynamic analyzer, through easy generation of a final attack string capable of bypassing filtering.

Abstract: A method for providing a software service of a license management server is disclosed. The method comprises the steps of: receiving a virtual machine interface from a cloud server; installing software of a service provider in the virtual machine interface; transmitting a license to the virtual machine interface; providing ID and password related authority to a user terminal; and providing a service of the software to the user terminal through the virtual machine interface when the user terminal accesses the software. Therefore, source code leakage due to static analysis can be fundamentally prevented.

Abstract: A method for providing a software service of a license management server is disclosed. The method comprises the steps of: receiving a virtual machine interface from a cloud server; installing software of a service provider in the virtual machine interface; transmitting a license to the virtual machine interface; providing ID and password related authority to a user terminal; and providing a service of the software to the user terminal through the virtual machine interface when the user terminal accesses the software. Therefore, source code leakage due to static analysis can be fundamentally prevented.

Abstract: The present invention relates to a source code analysis device, a computer program for the same, and a recording medium thereof. Disclosed is a source code analysis device including: a source code analysis module including: a syntax analysis unit for extracting and refining information required for analysis; a defect detection unit for detecting defect information; a correction example generation unit for generating correction example information or notice information or both; and an analysis result transmission unit for constructing synthesized analysis result information and transmitting the constructed information to an analysis result output module, and the analysis result output module including: a defect output unit for extracting and outputting the defect information from the synthesized analysis result information, and a correction example output unit for extracting and outputting the correction example information and or notice information or both from the synthesized analysis result information.

Abstract: Disclosed is an operation method for a dynamic analyzer for analyzing an execution state of a web application. The present invention comprises the steps of: analyzing an execution state of the web application on the basis of a final attack string including a parameter which indicates a particular operation to be executed through the web application; and performing an analysis of the execution state of the web application, wherein the final attack string is generated so as to avoid filtering logic which is designed to filter a raw attack string including a predefined parameter. Therefore, the present invention can detect a security vulnerability, which cannot be detected by the existing dynamic analyzer, through easy generation of a final attack string capable of bypassing filtering.

Abstract: The present invention relates to a method for classifying alarm types in detecting source code errors, a computer program therefor, and a recording medium thereof. The method for classifying alarm types in detecting source code errors includes: receiving input of alarm path information about an occurring error detection alarm and source code information that is an object associated with the occurring alarm, the alarm path information being information about an execution path related to the error detection; converting the source code into an abstract syntax tree (AST); removing, from the AST, an unnecessary sub-tree that is not related to the error detection alarm; obtaining a feature vector of the AST having the unnecessary sub-tree removed therefrom based on a preset feature pattern set; and classifying, by types, the error detection alarm associated with the feature vector by clustering the obtained feature vector using a preset method.

Abstract: Disclosed is a source code transfer control method, a computer program therefor, and a recording medium therefor. The source code transfer control method is a method executed in a configuration management system interworking with a static analyzer server. The method includes: (a) receiving a source code transfer request; (b) transmitting file identification information on a source code that is requested for transfer, to a static analyzer server; (c) receiving a return value from the static analyzer server on the basis of the file identification information, the return value being produced from an analysis result associated with the transfer-requested source code and loaded on the static analyzer server, the return value being a value produced for each check item that is preset for transfer control; and (d) providing information on whether the transfer-requested source code can be normally transferred on the basis of the return value.