Browse > Article
http://dx.doi.org/10.9717/kmms.2014.17.6.706

A Study on the Secure Coding for Security Improvement of Delphi XE2 DataSnap Server  

Jung, Myoung-Gyu (Dept. of Information Systems, Pukyong Nat. Univ.)
Park, Man-Gon (Dept. of IT Convergence and Application Engineering, PuKyong Nat. Univ.)
Publication Information
Journal of Korea Multimedia Society / v.17, no.6, 2014 , pp. 706-715 More about this Journal
Abstract
It is used to lead to serious structural vulnerability of the system security of security-critical system when we have quickly developed software system according to urgent release schedule without appropriate security planning, management, and assurance processes. The Data Set and Provider of DataSnap, which is a middleware of Delphi XE2 of the Embarcadero Technologies Co., certainly help to develop an easy and fast-paced procedure, but it is difficult to apply security program and vulnerable to control software system security when the connection structure Database-DataSnap server-SQL Connection-SQL Data set-Provider is applied. This is due to that all kinds of information of Provider are exposed on the moment when DataSnap Server Port is sure to malicious attackers. This exposure becomes a window capable of running SQL Command. Thus, it should not be used Data Set and Provider in the DataSnap Server in consideration of all aspects of security management. In this paper, we study on the verification of the security vulnerabilities for Client and Server DataSnap in Dlephi XE2, and we propose a secure coding method to improve security vulnerability in the DataSnap server system.
Keywords
System security; Secure coding; Delphi; DataSnap;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 M.H. Kim and M.G. Park, "A Study on the Software Fault Modes and Effect Analysis for Software Safety Evaluation," Journal of Korea Multimedia Society, Vol. 15, No. 1, pp. 113-130, 2012.   과학기술학회마을   DOI   ScienceOn
2 S.K. Kim and J.I. Lee, "Analyzing Secure Coding Initiatives: An Ecosystem Approach," Journal of The Korea Institute of Information Security & Cryptology, Vol. 22, No. 5, pp. 1205-1216, 2012.   과학기술학회마을
3 D.H. Jung, J.Y. Choi, and S.H. Lee, "Nuclear-Related Software Analysis Based on Secure Coding," Journal of The Korea Institute of Information Security & Cryptology, Vol. 23, No. 2, pp. 243-250, 2013.   과학기술학회마을   DOI   ScienceOn
4 Y.H. Choi and E.M. Choi, "Analysing Weak Point of Android Applications by using Static Analysis based on Anti-patterns," Journal of KIISE : Computing Practices and Letters, Vol. 38, No. 2, pp.132-135, 2011.   과학기술학회마을
5 D.W. Kim and K.H. Han, "A Study on Self Assessment of Mobile Secure Coding," Journal of The Korea Institute of Information Security & Cryptology, Vol. 22, No. 4, pp. 901-911, 2012.   과학기술학회마을
6 Delphi XE DataSnap Development Courseware Manual, Embarcadero Technologies, http://www.ebob42.com/courseware/(accessed Feb., 12, 2014).
7 RAD Studio in Action-DataSnap 2010 white paper, http://www.embarcadero-info.com/in_action/radstudio/db.html (accessed Feb., 12, 2014).
8 T.S. Lee, K.W. Lee, D.H. Won, and N.J. Park, "Information Technology Security Evaluation Using CERT C Secure Coding Standard," Lecture Notes in Computer Science, Vol. 7105, pp. 335-342, 2011.
9 M. Johns, C. Beyerlein, R. Giesecke, and J. Posegga, "Secure Code Generation for Web Applications," Lecture Notes in Computer Science, Vol. 5965, pp 96-113, 2010.
10 R.L. Jones and A. Rastogi, "Secure Coding: Building Security into the Software Development Life Cycle," Journal of Information Systems Security, Vol. 13, No. 5, pp. 29-39, 2004.   DOI   ScienceOn
11 Delphi, http://www.embarcadero.com/(accessed Oct., 20, 2013).
12 G. McGraw, Software Security: Building Security In, Addison-Wesley Software Security Series, Boston, 2005.
13 M.G. Graff and K.R. van Wyk, Secure Coding: Principles and Practices, O'Reilly Media, Sebastopol, 2003.
14 K.S. Hoo, A.W. Sudbury, and A.R. Jaquith, Tangible ROI through Secure Software Engineering, Secure Business Quarterly, Vol. 1, Issue 2, pp.1-6, 2001.
15 R. Seacord, "Secure Coding Standards," Proceedings of the Static Analysis Summit, pp. 14-16, 2006.
16 Advance Persistent Threat Attack, http://navercast.naver.com/contents.nhn?rid=122&contents_id=32568(accessed Oct., 20, 2013).
17 J. Grembi, Secure Software Development: A Security Programmer's Guide, Cengage Learning Publishing Co., Singapore, 2008.
18 M. Dowd, J. McDonald, and J. Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Addison-Wesley Professional, Boston, 2006.
19 Ministry of Security and Public Administration, Software Security Vulnerability Diagnosis Guide, 2012.
20 Ministry of Security and Public Administration, Software Development Security Guide, 2012.
21 S.M. Lee, J.S. Oh, and J.Y. Choi, "Comparative Analysis on Potential Error-Possibility and Security Vulnerability in Software," Korea Computer Congress 2012, Vol. 37, No. 1, pp. 106-109, 2010.