Abstract: A URL collecting method includes accessing, by a URL collecting apparatus, a web server of a first URL; receiving, by the URL collecting apparatus, a first web page from the web server; and a URL dynamic collecting step of collecting, by the URL collecting apparatus, one or more URLs invoked while performing some or all of source codes of the first web page.

Abstract: A URL address determining method includes receiving a URL address extracted from a target server; requesting a response corresponding to the URL address from the target server; when receiving response data from the target server, extracting a response URL address corresponding to the URL address from the response data; and determining a resource indicated by the URL address by using the response URL address.

Abstract: A method for determining duplication of a vulnerability may include a vulnerability extraction step of extracting vulnerability uniform resource locator (URL) addresses including the vulnerability from an analysis target server; a hash generation step of generating the URL hash value corresponding to the extracted vulnerability from the vulnerability URL address; and a duplication determination step of determining, when the URL hash value is present in the first comparison table, that the vulnerability is duplicated and excluding the corresponding vulnerability from vulnerability information.

Abstract: A method for analyzing vulnerabilities may include: an analysis target URL receiving step of receiving a plurality of analysis target uniform resource locator (URL) addresses extracted from the analysis target server; an identification key setting step of setting respective identification keys corresponding to the plurality of analysis target URL addresses; a vulnerability analyzing step of performing a simulated attack so as to access the external server by the analysis target server by inserting an analysis hypertext transfer protocol (HTTP) request sentence including a URL address of an external server and the identification key into the analysis target URL address; an access record checking step of requesting an access record of the analysis target server to the external server; and a vulnerability extracting step of extracting a vulnerability of the analysis target server by using the identification key included in the access record.

Abstract: A URL processing method includes a response data determining step in which a URL processing apparatus determines whether to exclude one or more URLs included in a first web page from a valid URL list using header information for the first web page of a first web site and a similarity based valid URL calculating step of estimating a similarity between web pages corresponding to respective URLs according to a predetermined criterion with respect to one or more URLs included in the first web page and selecting some of URLs of a similar web page calculated according to the similarity and adding the selected URLs in the valid URL list.

Abstract: A URL address determining method includes receiving a URL address extracted from a target server; requesting a response corresponding to the URL address from the target server; when receiving response data from the target server, extracting a response URL address corresponding to the URL address from the response data; and determining a resource indicated by the URL address by using the response URL address.

Abstract: A method for determining duplication of a vulnerability may include a vulnerability extraction step of extracting vulnerability uniform resource locator (URL) addresses including the vulnerability from an analysis target server; a hash generation step of generating the URL hash value corresponding to the extracted vulnerability from the vulnerability URL address; and a duplication determination step of determining, when the URL hash value is present in the first comparison table, that the vulnerability is duplicated and excluding the corresponding vulnerability from vulnerability information.

Abstract: A method for analyzing vulnerabilities may include: an analysis target URL receiving step of receiving a plurality of analysis target uniform resource locator (URL) addresses extracted from the analysis target server; an identification key setting step of setting respective identification keys corresponding to the plurality of analysis target URL addresses; a vulnerability analyzing step of performing a simulated attack so as to access the external server by the analysis target server by inserting an analysis hypertext transfer protocol (HTTP) request sentence including a URL address of an external server and the identification key into the analysis target URL address; an access record checking step of requesting an access record of the analysis target server to the external server; and a vulnerability extracting step of extracting a vulnerability of the analysis target server by using the identification key included in the access record.

Abstract: A URL processing method includes a response data determining step in which a URL processing apparatus determines whether to exclude one or more URLs included in a first web page from a valid URL list using header information for the first web page of a first web site and a similarity based valid URL calculating step of estimating a similarity between web pages corresponding to respective URLs according to a predetermined criterion with respect to one or more URLs included in the first web page and selecting some of URLs of a similar web page calculated according to the similarity and adding the selected URLs in the valid URL list.

Abstract: A URL collecting method includes accessing, by a URL collecting apparatus, a web server of a first URL; receiving, by the URL collecting apparatus, a first web page from the web server; and a URL dynamic collecting step of collecting, by the URL collecting apparatus, one or more URLs invoked while performing some or all of source codes of the first web page.