The most frequently used Major Information and Communication Infrastructure s Web vulnerability check items are all categorized by the same risk level, which is a lot of difficulty when determining the order of action when an actual company wants to take action against the results of a web vulnerability check. The purpose of this study is to propose a method to calculate the risk of Major Information and Communication Infrastructure s web vulnerability check items in order to provide basic data for classifying the risk of web vulnerability check items that are widely used in industrial field. In this paper, in order to calculate the risk of web vulnerability check items, we used the indicators of possibility of attack and impact on attack according to Web vulnerability check item. Using the two indicators, the AHP technique was used for each of the Web vulnerability check items, and the priorities were compared by pair-wise comparison. And the priority value of two indicators obtained by the web vulnerability check item is represented as quantitative value, and the degree of risk of the web vulnerability check item is classified into three levels and classified. Through the proposed technique, it is possible to distinguish the risk of the Web vulnerability check item that was previously displayed with the same rating. Through this, it is expected that agencies and companies will be able to prioritize measures in response to the detected Web vulnerability results and contribute significantly to the actual action plan.