• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.741-742
• /
• 2016

Secure Coding is in the development phase, removing a potential security vulnerability that could lead to attacks such as hacking in advance, says the technique to develop secure software from external attacks. In this paper, we'll learn about the needs and expectations of the effectiveness of these security software development. Due to this, the threat to the safe software development project, and there is an effect to improve quality.

• Journal of KIISE:Software and Applications
• /
• v.37 no.10
• /
• pp.773-778
• /
• 2010

OWASP announced most of vulnerabilities result from the data injection by user in 2010 after 2007. Because the contaminated input data is determined at runtime, those data should be checked dynamically. To analyze data and its flow at runtime, dynamic analysis method usually inserts instrument into source code. Intermediate code insertion makes it difficult to manage and extend the code so that the instrument code would be spreaded out according to increase of analysis coverage and volume of code under analysis. In addition, the coupling gets strong between instrument modules and target modules. Therefore developers will struggle against modify or extend the analysis code as instrument. To solve these problem, this paper defines vulnerabilities as a concern using AOP, and suggest the flexible and extensible analysis method to insertion and deletion without increase of coupling.

• KIISE Transactions on Computing Practices
• /
• v.21 no.2
• /
• pp.115-120
• /
• 2015

The Testing Frontier Capability Assessment Model (TCAM) is based on ISO/IEC 9126, TMMi and TPI. Since ISO/IEC 9126, TMMi and TPI were made over 10 years ago, TCAM faces the problem that it can not assess and analyze the capability of small businesses that employ new software development methods or processes, for example Agile, TDD(Test Driven Development), App software, and Web Software. In this paper, a method to improve the problem is proposed. The paper is composed of the following sections: 1) ISO/IEC 9126, ISO/IEC 25010 and ISO/IEC/IEEE 29119 part 2 review 2) TCAM review 3) software product quality perspective comparison, and analysis between ISO/IEC 9126, ISO/IEC 25010 and TCAM 4) comparison, and analysis between ISO/IEC/IEEE 29119 part2 and TCAM and 5) proposal for the improvement of TCAM.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.37-44
• /
• 2018

Today we live in a flood of web sites and access numerous websites through the Internet to obtain various information. However, unless the security of the Web site is secured, Web site security can not be secured from various malicious attacks. Hacking attacks, which exploit Web site security vulnerabilities for various reasons, such as financial and political purposes, are increasing. Various attack techniques such as SQL-injection, Cross-Site Scripting(XSS), and Drive-By-Download are being used, and the technology is also evolving. In order to defend against these various hacking attacks, it is necessary to remove the vulnerabilities from the development stage of the website, but it is not possible due to various problems such as time and cost. In order to compensate for this, it is important to identify vulnerabilities in Web sites through web vulnerability checking and take action. In this paper, we investigate web vulnerabilities and diagnostic techniques and try to understand the priorities of vulnerabilities in the development stage according to the actual status of each case through cases of actual web vulnerability diagnosis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1169-1178
• /
• 2012

Recently, since the most software intensive systems are using internet environment for data exchange, the software security is being treated as a big issue. And, to minimize vulnerability of software system, security ensuring steps which are applying secure coding rules, are introduced in the software development process. But, since actual attacks are using a variety of software vulnerabilities, it is hard to analyze software weakness by monotonic analysis. In this paper, it is tried to against the complex attack on the variety of software vulnerability using the coupling which is one of the important characteristic of software. Furthermore, pre-analysis of the complex attack patterns using a combination of various attack methods, is carried out to predict possible attack patterns in the relationship between software modules. And the complex attack pattern analysis method is proposed based on this result.