1. Field of the Invention
The present invention relates to a device and method for inspecting software for vulnerabilities, and more particularly, to a device and method for inspecting software for vulnerabilities that performs fuzzing for specific functions of the software.
2. Discussion of Related Art
In a process of developing software, analysis of the software is generally performed by setting a break point at a part of source code likely to have vulnerability using a debugging program, and observing an execution environment of the software when the executed software stops at the break point.
On the other hand, since software vulnerability analysis is generally performed in an environment where a source code cannot be obtained, vulnerability of the software is analyzed in a black box test method which can be performed only with an executable file. Here, a black box test is a test method in which the software itself is regarded as a black box whose inner operation cannot be observed directly but can be analyzed based on input/output values of the software.
Fuzzing, one such black box test method, is an analysis method used to find defects of software in processing an input by inputting a variety of random data to the software and looking for abnormal operation. Fuzzing is generally performed by making a test case including random data, sequentially executing the test case by software, and analyzing any malfunction of the software.
A conventional method for inspecting software for vulnerabilities using such fuzzing randomly generates and analyzes data from regardless of the function of the software. Thus, this method does not enable intensive inspection for vulnerabilities in specific functions of the software.