Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.5.1217

A Study On Advanced Model of Web Vulnerability Scoring Technique  

Byeon, Autumn (Korea University)
Lim, Jong In (Korea University)
Lee, Kyong-Ho (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.5, 2015 , pp. 1217-1224 More about this Journal
Abstract
Web application security problems are addressed by the web vulnerability analysis which in turn supports companies to understand those problems and to establish their own solutions. Ministry of Science, ICT and Future Planning (MSIP) has released its guidelines for analysis and assessment of the web vulnerability. Although it is possible to distinguish vulnerability items in a manner suggested in the MSIP's guidelines, MSIP's factors and criteria proposed in the guidelines are neither sufficient nor efficient in analyzing specific vulnerability entries' risks. This study discusses analysis of the domestic and international Vulnerability Scoring system and proposes an appropriate evaluating method for web vulnerability analysis.
Keywords
Scoring; Web application; Vulnerability;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Young-Tek Jo, "Study on Improving the information protection level by Integrated Evaluation Items(IEI)," The Korea Institute information and communications university, pp. 54, May. 2011
2 Money Today broadcast, "Government hacked, 750000 of i-pin illegal issued by system hacking" http://news.mtn.co.kr/v/2015030518213352488, Mar, 2015
3 Jin-Young Lee, Dong-Jin Kim, Min-Jae-Kim, "Taxonomy Comparison of CWE and 7PK vulnerabilities," Proceedings of KISS, 36(D), pp. 26, Nov. 2009
4 Dong-Jin Kim, "An Anaysis of Domestic and Foreign Security Vulnerability Management Systems based on a National Vulnerability Database," Internet and Information Security, 1(2), pp. 140-145, Nov. 2010
5 Jae-Hyun Lee, "Study on the OWASP and WASC-oriented Web Application Security," Journal of Advanced Navigation Technology, 15(3), pp. 376, Jun. 2011
6 Kyoung-Ki Kim, "Research of improved CVSS vulnerability management in Financial ISAC," Department of Information Security Graduate School of Information Communication Sungkyunkwan University, 37-52, Aug. 2008
7 Joonseon Ahn and Ji-ho Bang, "Quantitative Scoring Criteria on the Importance of Software Weaknesses," Journal of KIISC, 22(6), pp. 1408-1417, Dec. 2012
8 Jae-Chan Moon, "Vulnerability Analysis and Threat Mitigation for Secure Web Application Development," Journal of the Korea Society of Computer and Information, 17(2), pp 133, Feb. 2012
9 Jae-Chan Moon, "Selection and Ranking of Common Attack Patterns for Developing Secure Web Applications," Proceedings of KIISE, 39(B), pp 226-228, Jun. 2012
10 Sooho Lee, "Researching Information System Security Survey," Graduate Schoolof Konkuk Information and Communications, pp. 35-43, Feb. 2013
11 Hee-gwan Noh, "A Study on the Improvement of the Vulnerability Management System in the Information and Communications Infrastructure(Vulnerability analysis and evaluation for Major Information and Communications Infrastructure)," Department of Information Security Graduate School Soongsil University, pp. 19-20, Dec. 2012
12 Ministry of Science, ICT and Future Planning, "Vulnerability analysis and evaluation criteria for Major Information and Communications Infrastructure(Vulnerability analysis and evaluation calculation)," pp. 1-5, Aug. 2013
13 OWASP, "OWASP Risk Rating Methodology," OWASP(https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology), Feb. 2015
14 Peter Mell, Karen Scarfone, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0, ", CVSS, p. 2-23, Jun. 2007
15 Bob Martin, Steve Christey Coley, "Common Weakness Scoring System," CWE(http://cwe.mitre.org/cwss/cwss_v1.0.1.html) Sep. 2014