A Web application vulnerability scoring framework by categorizing vulnerabilities according to privilege acquisition |
Cho, Sung-Young
(KAIST Graduate School of Information Security)
Yoo, Su-Yeon (KAIST Department of Industrial and Systems Engineering) Jeon, Sang-Hun (KAIST Cyber Security Research Center) Lim, Chae-Ho (KAIST Graduate School of Information Security) Kim, Se-Hun (KAIST Graduate School of Information Security) |
1 | 한국인터넷진흥원(KISA), 안전한 소프트웨어 개발 도입을 위한 보안 가이드. 2008년 12월. http://www.kisa.kr/jsp/common/libraryDown.jsp?folder=016551 |
2 | 한국인터넷진흥원(KISA) 인터넷침해대응센터(krCERT). 인터넷침해사고 동향 및 분석월보. http://www.krcert.or.kr |
3 | The Web Application Security Consortium, "The Web Hacking Incident Database Semiannual Report July to December 2011", Trustwave Holdings, Inc, March 2011. |
4 | 헤럴드경제, "현대캐피탈 사태 사고 예방 소홀한 '인재', 금감원, 임직원 책임 묻기로," http: //news.khan.co.kr/kh_news/khan_art_v iew.html?artid=201105180000035&code=920301, 2011년 5월. |
5 | 한국일보, "현대캐피탈 해킹, 어떻게 이루어졌을까", http://news.hankooki.com/lpage/ economy/201104/h2011041102403321540.htm, 2011년 4월. |
6 | Forum of Incident Response and Security Teams (FORUM). Common Vulnerability Scoring System (CVSS). June 2007. http://www.first.org/cvss/ |
7 | Mell, P., Scarfone. K. and Romanosky, S., "Common Vulnera- bility Scoring System," IEEE Security & Privacy, vol. 4, no. 6, pp. 85-89, Nov.-Dec. 2006. DOI |
8 | Bob Martin, Common Weakness Scoring System (CWSS). The Mitre Corporation. June 2011. http://cwe.mitre.org/cwss |
9 | Bob Martin, Mason Brown, Alan Paller, and Dennis Kirby. 2011 CWE/SANS Top 25 Most Dangerous Software Errors. June 2011. http://cwe.mitre.org/top25 |
10 | The Open Web Application Security Project (OWASP) Top 10 - 2010. http://www. owasp.org |
11 | Bob Martin, Common Weakness Risk Analysis Framework (CWRAF), June 2011, http: //cwe.mitre.org/cwraf |
12 | United States Computer Emergency Readiness Team (US-CERT). US-CERT Vulnerability Note Field Descriptions. 2006. http://www.kb .cert.org/vuls/html/fieldhelp #metric |
13 | Microsoft Corporation, Microsoft Security Response Center Security Bulletin everity Rating System, Nov. 2002, http://technet.microsoft.com/en-us/security/bulletin /rating |