• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.04a
• /
• pp.283-285
• /
• 2016

최근 정보통신 기술의 발전과 함께 M2M(Machine-to-Machine) 산업분야의 시스템이 다기능 고성능화되고 있으며 IoT(Internet of Things), IoE(Internet of Everything)기술 등과 함께 많은 발전해가고 있다[1]. 가장 오래 된 정보통신 기술의 근간인 웹 애플리케이션은 점점 발전하고 고도화 되어가고 있으며 이러한 웹 애플리케이션을 해킹하는 기술도 다양한 관점에서 발전하고 있다. 웹 애플리케이션을 구성하는데 필수적인 파일인 TTF(True Type Font)파일에 대한 보안적 관심이 필요하다. TTF파일을 외부에서 받아옴으로서 웹 애플리케이션에 적용시키는 방식을 사용할 때, 다른 서버에서 URL을 통해 받아오는 TTF파일에 대해 보안적 검사가 제대로 실행되지 않는다. 본 논문에서는 TTF파일의 감염과 그 파일에 대한 대응 방법을 제안하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.601-613
• /
• 2012

It is required to design and implement secure web applications to provide safe web services. For this reason, there are several scoring frameworks to measure vulnerabilities in web applications. However, these frameworks do not classify according to seriousness of vulnerability because these frameworks simply accumulate score of individual factors in a vulnerability. We rate and score vulnerabilities according to probability of privilege acquisition so that we can prioritize vulnerabilities found in web applications. Also, our proposed framework provides a method to score all web applications provided by an organization so that which web applications is the worst secure and should be treated first. Our scoring framework is applied to the data which lists vulnerabilities in web applications found by a web scanner based on crawling, and we show the importance of categorizing vulnerabilities according to privilege acquisition.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.66-75
• /
• 2023

Recently, the number of cloud web applications is increasing owing to the accelerated migration of enterprises and public sector information systems to the cloud. Traditional network attacks on cloud web applications are characterized by Denial of Service (DoS) attacks, which consume network resources with a large number of packets. However, HTTP DoS attacks, which consume application resources, are also increasing recently; as such, developing security technologies to prevent them is necessary. In particular, since low-bandwidth HTTP DoS attacks do not consume network resources, they are difficult to identify using traditional security solutions that monitor network metrics. In this paper, we propose a new detection model for detecting HTTP DoS attacks on cloud web applications by collecting the application metrics of web servers and learning them using machine learning. We collected 18 types of application metrics from an Apache web server and used five machine learning and two deep learning models to train the collected data. Further, we confirmed the superiority of the application metrics-based machine learning model by collecting and training 6 additional network metrics and comparing their performance with the proposed models. Among HTTP DoS attacks, we injected the RUDY and HULK attacks, which are low- and high-bandwidth attacks, respectively. As a result of detecting these two attacks using the proposed model, we found out that the F1 scores of the application metrics-based machine learning model were about 0.3 and 0.1 higher than that of the network metrics-based model, respectively.

• Journal of Advanced Navigation Technology
• /
• v.15 no.3
• /
• pp.372-377
• /
• 2011

Until now, the study and research on the projects which have internationally conducted are in poor condition with regard to the security vulnerability analysis of web application. This is due to a lack of precedent study for improving the quality of the web services in order to provide better services for the future. In this paper, I analyze the types of the web application vulnerabilities which have been studied and mapped out a plan for protecting them.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.99-106
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.115-122
• /
• 2012

As the most common application development of software development time, error-free quality, adaptability to frequent maintenance, such as the need for large and complex software challenges have been raised. When developing web applications to respond to software reusability, reliability, scalability, simplicity, these quality issues do not take into account such aspects traditionally. In this situation, the traditional development methodology to solve the same quality because it has limited development of new methodologies is needed. Quality of applications the application logic, data, and architecture in the entire area as a separate methodology can achieve your goals if you do not respond. In this study secure coding, the big issue, web application factors to deal with security vulnerabilities, web application architecture, design procedure is proposed. This proposal is based on a series of ISO/IEC9000, a web application architecture design process.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.387-389
• /
• 2014

It is preferred to the popularization of smart device business processes through mobile. The ratio of Internet access via mobile devices is reached 30% of PC in September 2012. It is reproduced in a mobile environment that security threats arising from the Internet. that is the characteristics of cyber security threats appearing on the mobile era. Web Application Service security research firm OWASP (The Open Web Application Security Project) issued Session Management threat. That threat will be reproduced in the mobile environment. But Mobile is significantly different from Desktop Computer about Session Management environment. This proceeding proposes a improved Session Management method in Mobile environment.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1969-1972
• /
• 2003

최근 이 기종 시스템 및 애플리케이션의 상호호환을 위해 웹 기반 서비스에 대한 관심이 고조되어가고 있다. 웹의 편리함과 동시에 누구에게나 접근 가능한 웹의 개방성은 보안에 대한 문제점을 야기시키는데, 웹서비스 보안기술은 이에 대한 해결책을 제시하고 있다. 본고에서는 웹서비스 보안기술에 대해 살펴보고, 웹서비스 보안 기술의 취약점 및 이를 보완할 수 있는 향상방안에 대해 기술하고자 한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.8
• /
• pp.189-196
• /
• 2016

Many companies have struggled to manage Web vulnerabilities and security incidents have also frequently happened. The current inspection methods are mainly based on the OWASP vulnerabilities. In practice, however, it is very difficult to cope with frequent changes of Web applications. In this paper, we first investigate the existing quantification of Web application vulnerabilities and verification process. Then we propose an improved inspection framework which is focused on removing essential and realistic vulnerabilities and active verification process.