Nuclear power plants, like other national critical infrastructures, could be under the threat of terrorism or other malicious action. Thus, a nuclear power plant has a robust security system that includes security guards, sensors, barriers, access control systems, lights, and alarm stations with security procedures. However, an effective security system is hard to design because a chain is only as strong as its weakest link, and there could be a vulnerable hole even in the robust security system. Thus, an effective security system requires the evaluation of all possible scenarios. Evaluation software for security system effectiveness assists in systematically assessing all the possible attack scenarios. Many countries developed security effectiveness evaluation software. The first software was developed by the U.S. Sandia National Laboratories in the 1980s. Now there are several commercially available software packages with a function to simulate limited-scope combat between security guards and attacking enemies. However, academic communication is comparatively weak because it may contain sensitive information on the vulnerability of nuclear power plants. We developed original software called Tools for Evaluating Security Systems (TESS) to identify the most vulnerable path to the designated target and model the security systems of all South Korean nuclear power plants. We also used commercial security effectiveness evaluation software, AVERT, to model the same nuclear power plants. TESS was developed to verify the results of commercial security effectiveness evaluation software for the purpose of regulatory use. For the feasibility test, we compared the results of two software with those of force-on-force (FoF) exercises in nuclear power plants. According to the relevant Act, every nuclear power plant site should perform the FoF exercises every year. KINAC was in charge of evaluating the FoF exercise and used several of its results for the study. In the results, even in some differences in detail, the two software and FoF exercises showed qualitative similarity. Conclusively, evaluation software is a useful tool to design and/or assess the security systems of nuclear power plants. We modeled the security systems of all South Korean nuclear power plants, and compared the developed software, a commercial software and FoF exercises. The results showed qualitative similarity. We provided the results of evaluation to nuclear operators for the better security of nuclear power plants.