한국인터넷진흥원

목 차
제 1 장 서론 ···········································································1
제 2 장 취약점 점검 상황 ···················································3
제 1 절 통계자료 ················································································3
제 2 절 진행 상황 및 점검 방법 ·················································· 10
제 3 장 취약점 점검 결과의 검토 절차 ························22
제 1 절 서비스 진단 프로세스 ······················································ 22
제 2 절 주요 취약점 ········································································ 23
제 3 절 발견 되는 오탐 리스트 ···················································· 28
제 4 절 원격 웹 취약점 점검 서비스 업무 지원 FAQ ············ 34
제 5 절 원격 웹 취약점 점검 서비스 운영 지원 FAQ ············ 38
제 4 장 취약점 점검 능력을 향상시키기 위한 교육 활
동 ·······························································································42
제 1 절 전공과목을 통해 이론학습 및 모의서버에 대한 실습 42
제 2 절 실제 서버에 대한 문제수정 실습 ·································· 63
제 3 절 외부 전문가 초청을 통한 주기적인 세미나 및 실습 86
제 4 절 주기적인 미팅을 통한 문제 및 해결책 공유 ············ 112
제 5 절 포트폴리오 ········································································117
제 5 장 웹 취약점 보안 가이드 ·····································144
제 1 절 크로스 사이트 요청 위조 ··············································144
제 2 절 크로스 사이트 스크립트 ················································157
제 3 절 검증되지 않은 리다이렉트와 포워드 ·························· 168
제 4 절 기능 수준의 접근 통제 누락 ········································ 176
제 5 절 민감 데이터 노출 ····························································184
제 6 절 파일 업로드 취약점 ························································189
제 6 장 결론 ········································································201
[ 참고문헌 ] ··········································································202
[ 부록 ] ··················································································203