In this paper, an Automated Cyber Attack-Defense System (ACADS) is proposed in which various information systems are integrated and interconnected together through a flexible interface to establish the attack-defense test platform. Considering the variety of information systems, ACADS is not conducted using a single technique but a composite of multiple attack and defense techniques. ACADS is equipped with various classes of attack and defense systems. It consists of three subsystems: Reconnaissance, offense, and defense. For each subsystem, the current status of existing systems is first summarized, and then customized systems are proposed to complement these existing systems. The first subsystem, reconnaissance, aims to collect information of targets in order to assist both offense and defense subsystems. Among all reconnaissance systems, VulCrawl we propose is a reconnaissance subsystem to discover hidden entry points and related information in a large website. With this information, the offense subsystem can launch attacks in three different cases where source code, binary programs, and no information is available. In the case that source code is available, program analysis techniques can be utilized to discover vulnerabilities. Web Injection Scanner (WIS) is developed to discover injection vulnerabilities via string analysis. In the case that binary programs are available, Binary Vulnerability Assessment (BVA) automatically reverse binary programs with symbolic execution and model checking to find vulnerabilities. Even in the case that no information is available, VulScanner we propose can still be used to generate and mutate attack payload for web-based applications. In contrast to the offense subsystem, the defense subsystem is used to protect the system. While system defensive modules, such as WAF and IDS, protect the system without modifying vulnerable software, software repair modules directly patch the software to eliminate vulnerabilities. In this subsystem, BinaryPatcher and WebPatcher are proposed to repair binary and web applications.