Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.4.885

Effective Countermeasures against Vulnerability Assessment for the Public Website of Financial Institution  

Park, Hyun-jin (Korea University)
Kim, In-seok (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.4, 2017 , pp. 885-895 More about this Journal
Abstract
Security issues arise due to various types of external intrusions as much as the rapidly changing IT environment. Attacks using vulnerabilities in web applications are increasing, and companies are trying to find the cause of the vulnerability, prevent external intrusion, and protect their systems and important information. Especially, according to the Supervision Regulation, each financial institution and electronic financial service provider shall perform vulnerability analysis evaluation for the website for disclosure once every six months and report the result to the Financial Services Commission. In this study, based on the Web vulnerability items defined in the Supervision Regulation, based on the inspection cases of actual financial institution, we analyze the most frequently occurring items and propose effective countermeasures against them and ways to prevent them from occurring in advance.
Keywords
Vulnerability Assessment; Web application; Secure coding;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 "Survey and Analysis of Web Application Vulnerability and Inspection," Industry-Academia Collaboration Foundation of Seoul Women's University, KISA, pp. 157-168, Dec. 2014.
2 Yeon-Soo Choo, "A Study on Intelligent Method of Vulnerability Analysis for Secure Application," Department of Computer Science and Engineering Graduate School of Soongsil University, pp. 31-33, Jun 2016.
3 Lo R., Kerchen P., Crawford R., Ho W., Crossley J., Fink G., Levitt K., Olsson R. and Archer M., "Towards a Testbed for malicious code detection," COMPCON Spring '91. Digest of Paper. San Fransisco, CA, pp.160-166, Feb-Mar. 1991.
4 Min-Seong Seo, "A Study on Threat Scenario-based Security Vulnerability Analysis," Dept. of Information Security The Graduate School of Information & Communications SungKyunKwan University, pp. 38-48, Jun. 2011.
5 I NEWS24 Broadcast, "By 2016, a massive security incident" http://news.inews24.com/php/news_view.php?g_serial=1017593&g_menu=020200, Apr, 2017
6 Autumn Byeon and Jong In Lim and Kyong-Ho Lee, "A Study On Advanced Model of Web Vulnerability Scoring Technique," Journal of The Korea Institute of information Security & Cryptology, 25(5), Oct. 2015.
7 Keun-dug Park and Heung-youl Youm, "Improvements of Information Security Level in Electronic Financial Infrastructure(By Analyzing Information Security Management Level)," Journal of The Korea Institute of information Security & Cryptology, 26(6), Dec. 2016.
8 Jae-Chan Moon and Seong-Je Cho, "Vulnerability Analysis and Threat Mitigation for Secure Web Application Development," Journal of the Korea Society of Computer and Information, 17(2), pp. 127-137, Feb 2012.   DOI
9 Jung-Sook Kim, "Secure Coding for Software Security," The Korea Contents Association 11(4), pp. 56-60, Dec. 2013.
10 Young-Jik Kim and Bong-Nam Noh, "Study on the trend Homepage Defacement Incident and Defacement Hacker group," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp. 695-701, Nov. 2008.
11 https://www.owasp.org/index.php/Top_10_2017-Top_10.