• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11c
• /
• pp.2063-2066
• /
• 2002

지금까지 연구되어 제시되고 있는 인터넷 사용자를 위한 웹 애플리케이션의 개발방법론들은 거의 대부분 기능적인 측면, 화면설계 및 구현영역을 주로 대상으로 하고 있으며 기존과 다른 인터넷 환경을 감안한 사용자의 요구사항 분석 절차에 대해서는 언급하지 않고 있어, 웹 애플리케이션을 개발하는데 있어서 광범위한 사용자의 요구사항을 충분하게 반영하지 못한다거나, 사용자가 자유롭게 정보에 접근하는 항해 기능의 설계가 어렵다는 등의 문제가 발생하고 있다. 본 논문에서는 객체지향 애플리케이션 개발을 위한 요구공학 프로세스를 살펴보고, 웹 애플리케이션에 적용할 때 발생하는 문제점들을 보완하는 웹 애플리케이션 개발에 적용할 수 있는 요구분석 프로세스를 확립하여 제안하고, K업체의 인터넷 구매관리 시스템에 적용하여 구현하였다.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.9
• /
• pp.2846-2856
• /
• 2000

Recently, according to the rapid development of web technology, a lot of applications based on web techniques have been developed. However, most of web applications have been developed relying on knowledge and experiences of the developer without systematic process. Web Applications are seldom developed in isolation. For web application designers, the simple and semantically rich methodology is needed to improve design and development process. In this paper, we propose a new development process methodology to improve low level technology based application development process which do not provide high level abstraction. We also suggest a new methodology to construct applications based on web. We describe a systematic web application development process by using Navigation Diagram as a analysis, design modeling method to develop web application with productivity and Quality. We apply the new development process to the EPBS(Electronic Problem Bank System) as examples. Web application development process proposed in this thesis can be maintained through reverse development, because it can be defined as high level abstraction for modeling. It is very easy to be understood as a process based on models. Also, analysis and design models can be reused as useful component whenever similar web application is developed.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.127-137
• /
• 2012

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2004.10a
• /
• pp.531-534
• /
• 2004

최근의 웹 서비스 기술은 주문을 받아서 만드는 클라이언트 애플리케이션을 위한 서비스 수단을 제공하기 위해 기능이 향상된 솔루션으로 개발되고 있다. 특히 웹 서비스는 현재의 웹 포털 사이트보다 서버들로 융통성 있는 접근을 제공한다. 즉 웹 서비스를 사용하는 것은 클라이언트 애플리케이션이 인터넷을 단순하게 표시하는 기능만을 하는 것이 아니라 시스템간의 정보 교환을 자동화함으로써 프로세스의 성능을 향상시키는 것이다. 이 논문에서는 웹 서비스 기반 eCard 메일 전송 시스템을 기술하고, 시맨틱 웹 서비스 언어를 이용하여 eCard 웹 서비스를 표현하는 것에 대해 기술한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.1
• /
• pp.31-36
• /
• 2015

As web accessibility has been easier, security issue becomes much more important in web applications demanding user authentication. Cookie is used to reduce the load of the server from the session in web applications and manage the user information efficiently. However, the cookie containing user information can be sniffed by an attacker. With this sniffed cookie, the attacker can retain the web application session of the lawful user as if the attacker is the lawful user. This kind of attack are called cookie replay attack and it causes serious security problems in web applications. In this paper, we have introduced a mechanism to detect cookie replay attacks and defend them, and verified effectiveness of the mechanism.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.2
• /
• pp.119-128
• /
• 2009

As use of web applications and web-based information systems increases, so web application attacks are increasing. Recently, XSRF(Gross Site Request Forgery) attacks among a variety of web attacks become important because victim's damage caused by such attacks can be severe. But adding security functions for preventing XSRF attacks to existing developed and running software systems could affect move dangerous and expensive to companies and organizations. We suggest effectively adding these security functions to legacy systems, could separate concerns using advantage of the modularity offered by AOP(Aspect-Oriented Programming) methodology. In this paper, we have presented approach for detecting and preventing XSRF in JEE systems using aspect of AOP.

• Journal of Advanced Navigation Technology
• /
• v.22 no.5
• /
• pp.467-471
• /
• 2018

During the fourth industrial revolution, the amount of data available to users has surged. And it became a stepping stone for various convergence technologies such as ECMA script, WebAssembly, and web of things using web technology. Also, as the amount of data shared on the web increases, the web has emerged as the most influential media in modern life. As a result, web developers have tried to deliver data quickly over the Web. So, various web application analysis tools appeared, and developers tried to find a solution to solve the speed problem by analyzing the web application. However, the performance of web application analysis tools has not improved significantly. Most existing analytical tools require direct installation, require expertise on the Web to perform analysis, and do not have function to analysis new technologies such as WebAssembly. Therefore, in this paper, we propose the design of a new reporting solution that can solve problems of existing web application analysis tool.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.449-455
• /
• 2021

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.

• Journal of Korea Multimedia Society
• /
• v.13 no.5
• /
• pp.627-640
• /
• 2010

In a web 2.0 environment, as a wide range of web services are being utilized, it requires quick and convenient way to develop web applications. For this purpose, the framework has been recently introduced and has been applied to web applications. However, software quality application model has not been presented for the web application using framework. In this paper, we develop web application, online library system using a number of frameworks. The system allows users to freely share book information. In order to evaluate the system, we present new software quality evaluation model for web applications using framework. The five quality attributes, functionality, usability, efficiency, maintainability, stability are defined based on the international standard for software quality evaluation, ISO/IEC 9126-2. We also propose the evaluation metrics for the web application using framework and perform quantitative evalzuation for the online library system.

• Proceedings of the Korea Association of Information Systems Conference
• /
• 2004.11a
• /
• pp.223-234
• /
• 2004

본 연구는 웹서버와 비주얼 인터데브를 각각 서버, 클라이언트의 개념적 툴로 사용해서 인터넷이나 인트라넷상에서 웹 애플리케이션을 개발하는 방법과 이 애플리케이션에 데이터베이스를 동적으로 총합하는 사례를 보임으로써 데이터베이스 정보를 다루는 파일과 웹 페이지를 다루는 파일을 각각 따로 개발하지 않고도 비주얼 인터데브를 이용하면 하나의 통합 환경 안에서 쉽고도 강력한 동적 웹데이터베이스를 개발할 수 있다는 사례를 보이고 향후 보다 적은 코딩 작업으로 보다 더 쉽게 웹 프로그램을 개발할 수 있는 기법과 원리를 제공하고자 함에 그 목적이 있다.