• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.79-87
• /
• 2024

This paper addresses the increasing cyber attacks exploiting security vulnerabilities in software due to the rise in web applications. CSRF (Cross-Site Request Forgery) attacks pose a serious threat to web users and developers and must be prevented in advance. CSRF involves performing malicious requests without the user's consent, making protection methods crucial for web applications. This study compares and verifies the CSRF defense performance of two frameworks, Spring Security and Apache Shiro, to propose an effectively applicable framework. The results show that both frameworks successfully defend against CSRF attacks; however, Spring Security processes requests faster, averaging 2.55 seconds compared to Apache Shiro's 5.1 seconds. This performance difference stems from variations in internal processing methods and optimization levels. Both frameworks showed no significant differences in resource usage. Therefore, Spring Security is more suitable for environments requiring high performance and efficient request processing, while Apache Shiro needs improvement. These findings are expected to serve as valuable references for designing web application security architectures

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.243-246
• /
• 2024

본 논문에서는 Spring Boot와 Spring Security 프레임워크를 기반으로 개발된 웹 애플리케이션을 소개한다. OAuth2 Client를 활용한 사용자 인증 절차를 통해 쉽게 접근 가능하며 다양한 후기를 주고 받을 수 있는 커뮤니티 공간과 한국관광공사의 Open Rest API를 활용한 다양한 관광지의 정보를 무작위, 키워드, 지역별로 검색하여 찾아보기 힘든 다양한 정보를 한곳에서 쉽게 확인할 수 있다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.01a
• /
• pp.259-261
• /
• 2022

스프링은 자바 엔터프라이즈 애플리케이션 개발에 사용되는 프레임워크로써, 애플리케이션을 빠르고 효율적으로 개발할 수 있도록 틀과 공통 프로그래밍 모델, 기술 API 등을 지원해주며, 스프링 부트는 스프링 프레임워크를 사용하는 프로젝트를 간단하게 준비할 수 있는 스프링 프레임워크의 서브 프로젝트이다. 본 연구에서는 스프링 부트를 활용하여 간단한 블로그를 설계 및 구현한다. 간단한 블로그에서는 다른 사람과의 식별을 위한 로그인 및 회원가입, 다른 사람과의 생각을 공유하기 위해 게시물 및 댓글 읽기, 쓰기, 수정, 삭제의 기능을 설계하였다. 이러한 설계는 스프링 부트를 사용하여 모듈 간의 의존성 관리, Spring Web MVC를 사용하여 서비스 로직과 사용자 인터페이스를 분리하며, Spring Data JPA, Spring Security 등을 이용하여 회원식별과 게시물 및 댓글 쓰기, 읽기, 수정, 삭제 등을 구현하였다.

• Journal of Digital Convergence
• /
• v.16 no.12
• /
• pp.343-349
• /
• 2018

Electroencephalograph(EEG) information, which is an important data of brain science, reflects various levels of information from the molecular level to the behavior and cognitive stages, and the explosively amplified information is provided at each stage. Therefore, EEG information is an intrinsic privacy area of an individual, which is important information to be protected. In this paper, we apply spring security to web based system of spring MVC (Model, View, Control) framework to build independent and lightweight server system with powerful security system. Through the proposal of the platform type EEG analysis system which enhances the security function, the web service security of the EEG information is enhanced and the privacy of the EEG information can be protected.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.17 no.4
• /
• pp.77-83
• /
• 2021

As Open Source Software(OSS) recently invigorates, many companies actively use the OSSes in their business software. With such OSS invigoration, our web application is developed in order to provide the safety in using the OSSes, and update the information on the new vulnerabilities and the patches at all times by crawling the web pages of the relevant OSS home pages and the managing organizations of the vulnerabilities. By providing the updated information, our application helps the OSS users and developers to be aware of such security issues, and gives them to work in the safer environment from security risks. In addition, our application can be used as a security platform to greatly contribute to preventing potential security incidents not only for companies but also for individual developers.

• Journal of Agricultural Extension & Community Development
• /
• v.18 no.2
• /
• pp.281-313
• /
• 2011

67.82% of domestic hot springs are in rural areas. (Ministry of Public Administration and Security statistics, 2010) Most of hot spring's facilities are aging and inability to accommodate the current changes of leisure patterns. So, a decrease of the number of visitor to the hot spring resulted in economic decline of rural areas. Hot spring has been studied, but Architecture of Hot Springs has never been interested in and research. Therefore, Nation architecture of Hot spring and foreign architecture was compared and analyzed. Then, Architectural characteristics of Hot spring in rural areas was identify. The architecture of Hot spring type of foreign and images are routinely burned, the organic form and old-fashioned adrift. However, our country found in Hot spring architecturally and daily life had any features. Thus, the country's hot springs spa area for construction of the architecture design should be characterized. And, through institutional guidelines and deliberations should be provided in the right direction.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.303-308
• /
• 2019

Spring framework is widely used as a base technology for e-government frameworks and to the extent it is a standard for web service development tools of Korean public institutions. However, recently, a remote code execution vulnerability(CVE-2018-1270) was found in an application using a spring framework. This paper proposes a method of analyzing the vulnerability experiment using a hacking scenario, Proof Of Concept(POC), in which the spring framework is a hazard to the server. We propose the patch to version 4.3.16 and version 5.0.5 or later as an ultimate response. It is also expected that the proposed experiment analysis on vulnerability of hacking scenario will be used as a data for improving performance of security programs and establishing a new authentication system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.244-247
• /
• 2010

In this paper, propose for the international standards of security and reliability SEED block cipher algorithm is applied to the ICMP. This paper is improve security, reliability and user comfort of weakness existing integrated case management system on spring based java framework technology. As a result, part of the user interface to improve performance and can be applied to real world applications.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.45-46
• /
• 2024

스프링 부트는 개발 및 실행 환경 설정이 간편하기 때문에 백엔드 개발에 활용되는 프레임워크이고 React는 프론트엔드 개발에 활용되는 프레임워크이다. 본 논문에서는 스프링 부트와 React를 사용하는 웹 응용에서 로그인 시스템 구축 시 JWT를 활용하는 방법과 구조에 관해 설명하였다.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.21-30
• /
• 2010

Wireless network is one of the 2010's most important security issues. As smartphone is popularize, the number of Wireless Internet users is really growing and wireless AP spring up everywhere. But most wireless AP haven't being managed properly in terms of security, Wireless Internet users also don't recognize important of security. This situation causes grave security threats. This paper design and analyze a new cyber attack whose it circulates malware via QR code and activates Mobile AP to induce service charge. The new vulnerability we suggest forces to activate Mobile AP of smartphone based on Android and responds to all Probe Request are generated around, and brings induction of service charge and communication problems in its train.