Journal of Advanced Navigation Technology (한국항행학회논문지)

The Korean Navigation Institute (한국항행학회)
권호 표지
DOI QR코드

DOI QR Code

Study on the OWASP and WASC-oriented Web Application Security

OWASP 및 WASC 중심의 웹 애플리케이션 보안에 관한 고찰

  • 이재현 (강릉원주대학교 과학기술대학)
  • Received : 2011.04.27
  • Accepted : 2011.06.30
  • Published : 2011.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Until now, the study and research on the projects which have internationally conducted are in poor condition with regard to the security vulnerability analysis of web application. This is due to a lack of precedent study for improving the quality of the web services in order to provide better services for the future. In this paper, I analyze the types of the web application vulnerabilities which have been studied and mapped out a plan for protecting them.

지금까지의 웹 애플리케이션의 보안 취약성 분석과 관련하여 현재 국외에서 진행되고 있는 각종 프로젝트들에 대한 조사와 국내 연구 자료가 미비한 실정이다. 이는 국내 웹 서비스의 질적 향상 및 향후 발전된 서비스의 제안을 위한 선행 연구의 부족이 주요 원인이라 할 수 있다. 본 논문에서는 현재까지 발표되어 악용되어온 웹 애플리케이션의 취약성 유형들을 체계있게 살펴보고 향후 방안에 대해 살펴보고자 한다.

Keywords

References

  1. http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  2. 김성락, "A Study of Web Application Attack Detection extended ESM Agent," 한국컴퓨터정보학회논문지, 제 12권, 제 1호, pp. 161-168, 2008.
  3. 장문수, 오창석, "Web Application Attack Prevention by Traffic Analysis," 한국컴퓨터정보학회논문지, 제 13권, 제 3호, pp. 139-146, 2008.
  4. V. Benjamin-Livshits, S. Monica, "Finding Security Vulnerabilities in Java Applications with Static Analysis," Technical Report, Dept. Computer Science, Stanford University, 2005.
  5. F. Jacobs and B. Joosen, "Software Security: Experiments on the .NET Common Language Run-time and the Shared Source Common Language Infrastructure," Software : IEE Proceedings, vol. 150, issue 5, pp. 303-307, 2003. https://doi.org/10.1049/ip-sen:20030985
  6. J. Bau, E. Bursztein, D. Gupta, and J. Mitchell, " State of the Art: Automated Black-Box Web Application Vulnerability Testing," 2010 IEEE Symposium on Security and Privacy, pp. 332-345, 2010.
  7. C. Vanden-Berghe, F. Piessens, and J. Riordan, "A Vulnerability Taxonomy Methodology applied to the Web Services," Proc. the 10th Nordic Workshop on Secure IT Systems, 2005
  8. OWASP(Open Web Application Security Project), http://www.owasp.org
  9. WASC(Web Application Security Consortium), http://webappsec.org
  10. http://www.kisa.or.kr/notice/noticeView.jsp? mode =view&b_No=4&d_No=189