{"id":838,"date":"2018-01-25T15:31:56","date_gmt":"2018-01-26T00:31:56","guid":{"rendered":"\/blog\/?p=838"},"modified":"2023-09-21T09:37:38","modified_gmt":"2023-09-21T00:37:38","slug":"%eb%8f%99%ec%a0%81%ec%a7%84%eb%8b%a8-%ea%b4%80%eb%a0%a8-%ec%9a%a9%ec%96%b4","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=838","title":{"rendered":"[\ub3d9\uc801\uc9c4\ub2e8] \uad00\ub828 \uc6a9\uc5b4"},"content":{"rendered":"\n<div style=\"\"><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 SAST (Static Application Security Testing)<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\uc815\uc801 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \ud14c\uc2a4\ud305<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 DAST (Dynamic Application Security Testing)<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\ub3d9\uc801 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \ud14c\uc2a4\ud305<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 IAST (Interactive Application Security Testing) = SAST + DAST<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\uc0c1\ud638\uc791\uc6a9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \ud14c\uc2a4\ud305<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 RASP (Run-time Application Self-Protection)<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\uc2e4\uc2dc\uac04 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uc790\uac00\ubcf4\ud638<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 DevOps(\ub370\ube0c\uc635\uc2a4)<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\uc18c\ud504\ud2b8\uc6e8\uc5b4\uc758 \uac1c\ubc1c(Development)\uacfc \uc6b4\uc601(Operations)\uc758 \ud569\uc131\uc5b4\ub85c\uc11c, \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uac1c\ubc1c\uc790\uc640 \uc815\ubcf4\uae30\uc220 \uc804\ubb38\uac00 \uac04\uc758 \uc18c\ud1b5, \ud611\uc5c5 \ubc0f \ud1b5\ud569\uc744 \uac15\uc870\ud558\ub294 \uac1c\ubc1c \ud658\uacbd\uc774\ub098 \ubb38\ud654\ub97c \ub9d0\ud55c\ub2e4.<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 DevSecOps(\ub370\ube0c\uc2dc\ud06c\uc635\uc2a4)<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">&nbsp; -\uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uac1c\ubc1c\uc758 \ubaa8\ub4e0 \uacfc\uc815\uc5d0 \uc815\ubcf4 \ubcf4\uc548\uc744 \ud3ec\ud568\uc2dc\ud0a4\ub294 \ud504\ub85c\uc138\uc2a4<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">&nbsp; -\uc2dc\uc791\ubd80\ud130 \ubcf4\uc548\uc744 \uc5fc\ub450\uc5d0 \ub454 \uc0c1\ud0dc\uc5d0\uc11c \uc124\uacc4\ub97c \ud558\uace0, \ube44\uc988\ub2c8\uc2a4 \ubaa9\ud45c\uc640 \ubcf4\uc548 \uc0ac\uc774\uc5d0 \uade0\ud615\uc744 \uc7a1\uc744 \uc218 \uc788\uc74c.<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">&nbsp; -DevOps \ubaa9\uc801:&nbsp; \uc6b4\uc601 \ud300\uc744 \uac1c\ubc1c \ud300\uc5d0 \ud569\ub958<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">&nbsp; -DevSecOps \ubaa9\uc801: \uac1c\ubc1c \ud504\ub85c\uc81d\ud2b8\uc758 \ubaa8\ub4e0 \ub2e8\uacc4\uc5d0 \ubcf4\uc548\ud300\uc744 \ud1b5\ud569<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 SDLC(Software Development Life Cycle)<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\uac1c\ubc1c \ub77c\uc774\ud504\uc0ac\uc774\ud074<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 REST API(Representational State Transfer API)<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">&lt;\ub300\ud45c\uc801\uc778(\ud45c\ud604) \uc0c1\ud0dc \uc804\ub2ec API&gt;<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\uc6f9 \uc0c1\uc758 \uc790\ub8cc\ub97c HTTP\uc704\uc5d0\uc11c SOAP\uc774\ub098 \ucfe0\ud0a4\ub97c \ud1b5\ud55c \uc138\uc158 \ud2b8\ub799\ud0b9 \uac19\uc740 \ubcc4\ub3c4\uc758 \uc804\uc1a1 \uacc4\uce35 \uc5c6\uc774 \uc804\uc1a1\ud558\uae30 \uc704\ud55c \uc544\uc8fc \uac04\ub2e8\ud55c \uc778\ud130\ud398\uc774\uc2a4\ub97c \ub9d0\ud55c\ub2e4.<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 RESTful<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">REST API\uc758 \uc124\uacc4 \uc758\ub3c4\ub97c \uc815\ud655\ud558\uac8c \uc9c0\ucf1c\uc8fc\ub294 API\ub97c 'RESTful \ud558\ub2e4'\ub77c\uace0 \ubd80\ub978\ub2e4. RESTful\ud55c API\ub294 \uad6c\uc131\uc694\uc18c\ub4e4\uc758 \uc5ed\ud560\uc774 \uba85\ud655\ud558\uac8c \ubd84\ub9ac\ub418\uc5b4 \uc788\uc5b4\uc57c \ud55c\ub2e4. URI\ub294 \uc790\uc6d0\uc744 \uc815\ud655\ud558\uace0 \uc778\uc2dd\ud558\uae30 \ud3b8\ud558\uac8c \ud45c\ud604\ud558\ub294\ub370\uc5d0 \uc9d1\uc911\ud558\uace0, \uc790\uc6b0\ub108\uc5d0 \ub300\ud55c \ud589\uc704\ub294 Uniform\ud558\uac8c HTTP \uba54\uc18c\ub4dc\ub97c \ud1b5\ud574 \uc815\uc758\ub97c \ud55c\ub2e4. \ub098\uba38\uc9c0 \ud398\uc774\ub85c\ub4dc\ub294 Json\uc774\ub098 XMl, YAML \uac19\uc740 \uc5b8\uc5b4\ub97c \uc774\uc6a9\ud558\uc5ec \ubcc4\ub3c4\ub85c \uc815\uc758\ud55c\ub2e4.<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 SOAP(Simple Object Access Protocol)<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">HTTP, HTTPS, SMTP \ub4f1\uc744 \ud1b5\ud574 XML \uae30\ubc18\uc758 \uba54\uc2dc\uc9c0\ub97c \ucef4\ud4e8\ud130 \ub124\ud2b8\uc6cc\ud06c \uc0c1\uc5d0\uc11c \uad50\ud658\ud558\ub294 \ud504\ub85c\ud1a0\ucf5c\uc774\ub2e4. SOAP\uc740 \uc6f9 \uc11c\ube44\uc2a4\uc5d0\uc11c \uae30\ubcf8\uc801\uc778 \uba54\uc2dc\uc9c0\ub97c \uc804\ub2ec\ud558\ub294 \uae30\ubc18\uc774 \ub41c\ub2e4. SOAP\uc5d0\ub294 \uba87\uac00\uc9c0 \ud615\ud0dc\uc758 \uba54\uc2dc\uc9c0 \ud328\ud134\uc774 \uc788\uc9c0\ub9cc, \ubcf4\ud1b5\uc758 \uacbd\uc6b0 \uc6d0\uaca9 \ud504\ub85c\uc2dc\uc838 \ud638\ucd9c(Remote Procedure Call:RPC) \ud328\ud134\uc73c\ub85c, \ub124\ud2b8\uc6cc\ud06c \ub178\ub4dc(\ud074\ub77c\uc774\uc5b8\ud2b8)\uc5d0\uc11c \ub2e4\ub978 \ucabd \ub178\ub4dc(\uc11c\ubc84)\ucabd\uc73c\ub85c \uba54\uc2dc\uc9c0\ub97c \uc694\uccad \ud558\uace0, \uc11c\ubc84\ub294 \uba54\uc2dc\uc9c0\ub97c \uc989\uc2dc \uc751\ub2f5\ud558\uac8c \ub41c\ub2e4. SOAP\ub294 XML-RPC\uc640 WDDX\uc5d0\uc11c envelope\/header\/body\ub85c \uc774\ub8e8\uc5b4\uc9c4 \uad6c\uc870\uc640 \uc804\uc1a1(transport)\uc640 \uc0c1\ud638 \uc911\ub9bd\uc131(interaction neutrality)\uc758 \uac1c\ub150\uc744 \uac00\uc838\uc654\ub2e4.<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\"><br \/><\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\u25a0 Attack Surface<\/span><\/div><div style=\"\"><span style=\"font-size: 12px;\">\uacf5\uaca9 \uac00\ub2a5 \uc601\uc5ed. Attack Surface\ub294 \uacf5\uaca9\uc790\uac00 \uc2dc\uc2a4\ud15c\uc5d0 \uce68\uc785 \ud560 \uc218 \uc788\ub294 \ubaa8\ub4e0 \uc9c0\uc810\uacfc \ub370\uc774\ud130\ub97c \uac00\uc838\uc62c \uc218 \uc788\ub294 \ubaa8\ub4e0 \uc9c0\uc810\uc744 \uc758\ubbf8.<\/span><\/div><div style=\"font-size: 12px;\"><br \/><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u25a0 SAST (Static Application Security Testing) \uc815\uc801 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \ud14c\uc2a4\ud305 \u25a0 DAST (Dynamic Application Security Testing) \ub3d9\uc801 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \ud14c\uc2a4\ud305 \u25a0 IAST (Interactive Application Security Testing) = SAST + DAST \uc0c1\ud638\uc791\uc6a9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \ud14c\uc2a4\ud305 \u25a0 RASP (Run-time Application Self-Protection) \uc2e4\uc2dc\uac04 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uc790\uac00\ubcf4\ud638 \u25a0 DevOps(\ub370\ube0c\uc635\uc2a4) \uc18c\ud504\ud2b8\uc6e8\uc5b4\uc758 \uac1c\ubc1c(Development)\uacfc \uc6b4\uc601(Operations)\uc758 \ud569\uc131\uc5b4\ub85c\uc11c, \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uac1c\ubc1c\uc790\uc640 \uc815\ubcf4\uae30\uc220 \uc804\ubb38\uac00 \uac04\uc758 \uc18c\ud1b5, \ud611\uc5c5 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[12],"tags":[],"class_list":["post-838","post","type-post","status-publish","format-standard","hentry","category-computing_security"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=838"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/838\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}