Cost-Effective and Active Security Verification Framework for Web Application Vulnerabilities |
Han, KyungHyun
(홍익대학교 전자전산공학과)
Nguyen, Trong-Kha (홍익대학교 전자전산공학과) Joe, Hun (한국과학기술원 전산학과) Hwang, Seong Oun (홍익대학교 컴퓨터정보통신공학과) Lim, Chaeho (한국과학기술원 전산학과) |
1 | 박태훈, "허술한 관리로 개인정보 해킹당한 '뽐뿌', 과징금 1억 1700만원" [Internet], http://www.segye.com/content/html/2015/11/20/20151120002048.html. |
2 | 김민석, "'뽐뿌 해킹은 웹 취약점 DB 공격'... 200만 개인정보 털린 이유 밝혀져" [Internet], http://news.kukinews.com/article/view.asp?arcid=0009977886&code=41151111&cp=nv. |
3 | 한국인터넷진흥원(KISA), "Mass SQL Injection 피해 DB 복구 방안," 2009. |
4 | 전상훈, "웹 보안성 검수방법론," 2007. |
5 | Amrit T. Williams, Neil MacDonald, "Organizations Should Implement Web Application Security Scanning," Gatner, 2005. |
6 | 윤재섭, "현대캐피탈 사태 사고 예방 소홀한 '인재', 금감원 임직원 책임 묻기로" [Internet], http://ruliweb.daum.net/news/view/MD20110518193210260.daum. |
7 | 한국일보, "현대캐피탈 해킹 어떻게 이루어졌을까," 2011. |
8 | Sungyoung Cho, Suyeon Yoo, Sang-hun Jeon, Chae-ho Lim, and Sehun Kim, "A Web application vulnerability scoring framework by categorizing vulnerabilities according to privilege acquisition," Journal of The Korea Institute of Information Security and Cryptology, Vol.22, No.3, pp.601-613, 2012. |
9 | NIST, "Information security handbook: a guide for managers," The National Institute of Standards and Technology, p.19, 2006. |
10 | FIRST, "Common Vulnerability Scoring System" [Internet], http://www.first.org/cvss/. |
11 | P. Mell, K. Scarfone, and S. Romanosky, "Common Vulnerability Scoring System," IEEE Security & Privacy, Vol.4, No.6, pp.85-89, 2006. DOI |
12 | 김태형, "사이버전 무기 '악성코드' 감염 방지대책" [Internet], http://www.boannews.com/media/view.asp?idx=49835&kind=3. |
13 | 빈꿈, "개발자 임금은 'SW 기술자 노임 단가'보다 훨씬 적다" [Internet], http://emptydream.tistory.com/3640. |
14 | Bob Martin, "Common Wejavascript:addIndiv('vo', '3');akness Scoring System (CWSS)" [Internet], http://cwe.mitre.org/cwss. |