Browse > Article
http://dx.doi.org/10.14400/JDC.2017.15.5.197

Construction of Security Evaluation Criteria for Web Application Firewall  

Lee, Ha-Yong (Dept. of Fusion Industry, Seoul Venture University)
Yang, Hyo-Sik (Samil PricewaterhouseCoopers IT Risk & Security)
Publication Information
Journal of Digital Convergence / v.15, no.5, 2017 , pp. 197-205 More about this Journal
Abstract
To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.
Keywords
Web Application Firewall; Security; Quality Requirements; Information Security; Quality Evaluation;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 Ha-Young Lee, Hyo-Sik Yang, “Development of Functional Suitability Evaluation Measure of DRM Software,” Journal of digital Convergence , Vol. 14, No. 5, pp. 293-300, 2016.   DOI
2 Ha-Yong Lee, Jung_Gyu Kim, “Quality Evaluation Model about Efficiency for Fingerprint Recognition System,” Journal of digital Convergence, Vol. 12, No. 6, pp. 215-216, 2014.   DOI
3 Sang-Won Kang, In-Oh Jeon, Hae-Sool Yang, "Usability Quality Evaluation Plan of DRM Softwares," Proceedings of The Korea Academia-Industrial Cooperation Society, 2010. 11.
4 Wikipedia, https://ko.wikipedia.org/wiki/%EC%9B%B9%EB%B0%A9%ED%99%94%EB%B2%BD, 2017. 2. 9.
5 Sang-Soo Hong, http://www.ciociso.com/news/articleView.html?idxno=11072, 2017. 2. 9.
6 You-Ji Lee, http://byline.network/2016/06/1-206/, 2017. 2. 10.
7 ISO/IEC 15408, Information technology--Security techniques--Evaluation criteria for IT security, 1999.
8 ISO/IEC 18045, Information technology == Security techniques--Methodology for IT security evaluation, 2005.
9 ISO/IEC 9126-1, 2, 3, 4, Software engineering--Product quality--Part 1, 2, 3, 4, 2001.
10 ISO/IEC 25041, Systems and software engineering--Systems and software Quality Requirements and Evaluation(SQuaRE)--Evaluation guide for developers, acquirers and independent evaluators, 2012.
11 ISO/IEC 25051, Systems and software engineering--Systems and software Quality Requirements and Evaluation(SQuaRE)--Requirements for quality of Ready to Use Software Product(RUST) and instructions for testing, 2014.
12 Yun-A Hur, Keun-Ho Lee, “A Study on Countermeasures of Convergence for Big Data and Security Threats to Attack DRDoS in U-Healthcare Device,” Journal of the Korea Convergence Society, Vol. 6, No. 4, pp. 243-248, 2015. 8.   DOI
13 Byung-Jun Jeon, Deok-Byeong Yoon, Seung-Soo Shin, “Improved Integrated Monitoring System Design and Construction,” Journal of Convergence Society for SMB, Vol. 7, No. 1, pp. 25-33, 2017. 2.
14 Sunghyuck Hong, "DDos attack traffic through the analysis of responses to research," Journal of Convergence Society for SMB, Vol. 4, No. 3, p. 1, 2014. 8.
15 Bae-Keun Kang, "Research about Quality Analysis of Web Fire Wall System," The Graduate School of Hoseo University, 2009.
16 Ju-Hye Oh, Keun-Ho Lee, “Attack Scenarios and Countermeasures using CoAP in IoT Environment,” Journal of the Korea Convergence Society, Vol. 7, No. 4, pp. 33-38, 2016. 7.   DOI