• Title/Summary/Keyword: Application Security

Search Result 2,546, Processing Time 0.025 seconds

A Study on Scenario-based Web Application Security Education Method

  • Gilja So
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.15 no.3
    • /
    • pp.149-159
    • /
    • 2023
  • Web application security education that can provide practical experience is needed to reduce damage caused by the recent increase in web application vulnerabilities and to strengthen security. In this paper, we proposed a scenario-based web application education method, applied the proposed method to classes, and analyzed the results. In order to increase the effectiveness of scenario-based education, a real-life practice environment to perform scenarios and instructions to be performed by learners are needed. As an example of the proposed method, instructions to be performed by learners from the viewpoint of the attacker and the victim were shown in a practice environment to teach XSS and SQL injection vulnerabilities. After applying the proposed method to the class for students majoring in cyber security, when the lecture evaluation results were analyzed, it was shown that the learner's interest, understanding, and major ability all improved.

A Research on Mobile Malware Model propagated Update Attacks (변조 업데이트를 통해 전파되는 모바일 악성어플리케이션 모델 연구)

  • Ju, Seunghwan;Seo, Heesuk
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.11 no.2
    • /
    • pp.47-54
    • /
    • 2015
  • The popularity and adoption of smart-phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. The fluidity of application markets complicate smart-phone security. There is a pressing need to develop effective solutions. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smart-phone application. Now, the analytical methods used mainly are the reverse engineering-based analysis and the sandbox-based analysis. Such methods are can be analyzed in detail. but, they take a lot of time and have a one-time payout. In this study, we develop a system to monitor that mobile application permissions at application update. We had to overcome a one-time analysis. This study is a service-based malware analysis, It will be based will be based on the mobile security study.

Security Policy Issue in Application Software Development Process of Smart Phone Environment (스마트폰 환경의 응용 소프트웨어 개발과정에서 보안정책 이슈)

  • Hong, Jin-Keun
    • Journal of Digital Convergence
    • /
    • v.10 no.10
    • /
    • pp.319-324
    • /
    • 2012
  • The application software, which is developed on smart phone environment, is applied to according to system development methodology. This paper presents security consideration, that is required to major application program, which is developed in smart phone environment. First it reviews security issues in application program, and the next it considered to security policy for secure application program.

A Study on the Intrustion Tolerance System Applied To the Security System

  • Shin Seung-jung;Kim Jung-tae;Ryu Dae-hyun;Na Jong-Whoa
    • Journal of information and communication convergence engineering
    • /
    • v.3 no.1
    • /
    • pp.38-42
    • /
    • 2005
  • The cyber attacks on the computer system in nowadays are focused on works that do not operate specific application. The main key point that we protect information security system has an access control to keep an application. Most of system has a main function to protect an infrastructure such as hardware, network and operating system. In this paper, we have presented an intrusion tolerance system that can service an application in spite of cyber attacks. The proposed system is based on the middle ware integrating security mechanism and separate function of application and intrusion tolerance. The main factor we use security system in nowadays is service to keep a persistency. The proposed intrusion tolerance system is applicable to such as medical, national defense and banking system.

A Design for Network Security System via Non-security Common Network (일반망과 보안망을 연계한 네트워크 보안체계 설계)

  • Cho, Chang-Bong;Lee, Sang-Guk;Dho, Kyeong-Cheol
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.12 no.5
    • /
    • pp.609-614
    • /
    • 2009
  • In this paper, we have proposed a design for security network system passing through the non-security network which is commonly used for various networking services. Based on the security requirements which are assumed that the large classified data are bi-transmitted between a server and several terminals remotely located, some application methods of security techniques are suggested such as the network separation technique, the scale-down application technique of certification management system based on the PKI(Public Key Infrastructure), the double encryption application using the crypto-equipment and the asymmetric keys encryption algorithm, unrecoverable data deleting technique and system access control using USB device. It is expected that the application of this design technique for the security network causes to increase the efficiency of the existing network facilities and reduce the cost for developing and maintaining of new and traditional network security systems.

Android Application Code Protection Scheme Using Fingerprint Authentication and Dynamic Loading (지문 인증과 동적 로딩을 이용한 안드로이드 애플리케이션 코드 보호 기법)

  • Lyoo, Hwahn-il;Suk, Jae-Hyuk;Park, Jin-Hyung;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.6
    • /
    • pp.1361-1372
    • /
    • 2017
  • If an external attacker takes from a victim's smartphone a copy of a secret application or an application to which fingerprinting technique is applied, secret information can be leaked or the legitimate user can be misunderstood as an illegal redistributor, which results in a serious security problem. To solve this problem, this paper proposes an Android application code protection scheme using fingerprint authentication and dynamic loading. The proposed scheme divides one application into CLR(Class LoadeR) and SED(SEperated Dex). CLR is an APK file with the ability to dynamically load the SED, and the SED is a file containing the classes required to run the application. The SED is stored inside the smartphone after being encrypted, and the SED can be decrypted only if the user is successfully authenticated using his or her fingerprint. The proposed scheme can protect the application code from the attacker who physically acquired user's smartphone.

Security of Web Applications: Threats, Vulnerabilities, and Protection Methods

  • Mohammed, Asma;Alkhathami, Jamilah;Alsuwat, Hatim;Alsuwat, Emad
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.8
    • /
    • pp.167-176
    • /
    • 2021
  • This is the world of computer science and innovations. In this modern era, every day new apps, webs and software are being introduced. As well as new apps and software are being introduced, similarly threats and vulnerable security matters are also increasing. Web apps are software that can be used by customers for numerous useful tasks, and because of the developer experience of good programming standards, web applications that can be used by an attacker also have multiple sides. Web applications Security is expected to protect the content of critical web and to ensure secure data transmission. Application safety must therefore be enforced across all infrastructure, including the web application itself, that supports the web applications. Many organizations currently have a type of web application protection scheme or attempt to build/develop, but the bulk of these schemes are incapable of generating value consistently and effectively, and therefore do not improve developers' attitude in building/designing stable Web applications. This article aims to analyze the attacks on the website and address security scanners of web applications to help us resolve web application security challenges.

ISM Application Tool, A Contribution to Address the Barrier of Information Security Management System Implementation

  • Chandra, Nungky Awang;Sadikin, Mujiono
    • Journal of information and communication convergence engineering
    • /
    • v.18 no.1
    • /
    • pp.39-48
    • /
    • 2020
  • Information-security management systems (ISMSs) are becoming very important, even for micro, small, and medium enterprises (MSMEs). However, implementing an ISMS is not an easy task. Many obstacles must be overcome, e.g., complexity, document tracking, competency management, and even changing cultures. The objective of our study is to provide ISMS application tools, based on ISO 27001:2013 ISM frameworks. The application was developed on the Odoo Open Enterprise Resource Planning platform. To validate its feasibility for future improvement, the application was implemented by an MSME company. For this implementation, information-security-related users gave their feedback through a questionnaire. The distributed feedback questionnaire consists of nine assessment parameters, covering topics from the application's technical aspects to users' experiences. Based on the questionnaire feedback, all users of the application were satisfied with its performance.

Smart and Secure Point of Sale Framework with Threat Modeling and Formal Verification

  • Mona faraj Nasser alwahabi;Shaik Shakeel Ahamad
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.6
    • /
    • pp.41-48
    • /
    • 2024
  • Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application's integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows-Abadi-Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.