• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.693-706
• /
• 2024

The browser is utilized to render web pages in programs that perform tasks such as data extraction, format conversion, and development testing on web pages. Online services that utilize browsers can cause security issues if browser information is exposed or used in an unsafe manner. This paper presents security requirements for the safe use of browsers and explains the security threats that arise if these requirements are not met. Through evaluation, the security verification of commercial web applications is conducted, and the vulnerabilities that allow browsers to be exploited as attack tools are analyzed.

• IE interfaces
• /
• v.13 no.4
• /
• pp.599-607
• /
• 2000

In recent days, Internet advertising effects are expanded by the steep increase of the Internet users and the extension of the advertising market will be accelerated through Internet. This paper indicates the importance of Internet advertising and suggests the solution of a network advertising service. The system is divided into an Advertise Server, an Advertiser and a Web Publisher. This study proposes both the collection and the analysis of traffic data in real time. Also, the banner advertising frames not for sale purpose are levelled for the impression using the solution for the banner exchange engine. In addition, with developing the advertising service system by using Active Server Pages, the newest language of server side script will be able to lead the additional supplement of more various profitable functions when it is considered the rapid increment of Active Server Pages.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2000.04a
• /
• pp.766-769
• /
• 2000

In recent years, Internet/Intranet represents the next generation of computing environment. Therefore, it is necessary to integrate WWW((World Wide Web) over internet/intranet and DBMS(Database Management System) in proportion to the increase of various users' request and an amount of data variety. Also, also full variety of service over WWW need to accomplish rapidly modification of bug and make a betterment of system according to a feature of rapid change of information and an importance of interaction with users. The typical CGI method commonly used to connect with database has a disadvantage in time and resources in system due to frequent connection with database. Therefore, this paper provides the conceptual structure and implementation of information management system over WWW with applying a recent information technology called ASP(Active Server Pages) that controls and arranges client logic dynamically in server-side and introducing a concept of working group and folder to database design.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.12
• /
• pp.1003-1007
• /
• 2009

Client-side attacks including drive-by download target vulnerabilities in client applications that interact with a malicious server or process malicious data. A typical client-side attack is web-based one related to a malicious web page exploiting specific browser vulnerability that can execute mal ware on the client system (PC) or give complete control of it to the malicious server. To defend those attacks, this paper has constructed high interaction client honeypot system using Capture-HPC that adopts execution-based detection in virtual machine. We have detected and classified malicious web pages using the system. We have also analyzed the system's performance in terms of the number of virtual machine images and the number of browsers executed simultaneously in each virtual machine. Experimental results show that the system with one virtual machine image obtains better performance with less reverting overhead. The system also shows good performance when the number of browsers executed simultaneously in a virtual machine is 50.

• The KIPS Transactions:PartD
• /
• v.14D no.5
• /
• pp.517-530
• /
• 2007

Recently web applications have growl rapidly and have become more and more complex. As web applications become more complex, there is a growing concern about their quality. But very little attentions are paid to web applications testing and there are scarce of the practical research efforts and tools. Thus, in this paper, we suggest the automated testing methods for web applications. For this, the methods generate an analysis model by analyzing the HTML codes and the source codes. Then test targets are identified and test cases are extracted from the analysis model. In addition, test drivers and test data are generated automatically, and then they are depleted on the web server to establish a testing environment. Through this process we can automate the testing processes for web applications, besides the automated methods makes our approach more effective than the existing research efforts.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.4
• /
• pp.405-414
• /
• 2010

According to the statistics of SecurityFocus in 2008, client-side attacks through the Microsoft Internet Explorer have increased by more than 50%. In this paper, we have implemented a behavior-based malicious web page detection system and a blacklist-based malicious web page filtering system. To do this, we first efficiently collected the target URLs by constructing a crawling system. The malicious URL detection system, run on a specific server, visits and renders actively the collected web pages under virtual machine environment. To detect whether each web page is malicious or not, the system state changes of the virtual machine are checked after rendering the page. If abnormal state changes are detected, we conclude the rendered web page is malicious, and insert it into the blacklist of malicious web pages. The malicious URL filtering system, run on the web client machine, filters malicious web pages based on the blacklist when a user visits web sites. We have enhanced system performance by automatically handling message boxes at the time of ULR analysis on the detection system. Experimental results show that the game sites contain up to three times more malicious pages than the other sites, and many attacks incur a file creation and a registry key modification.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.304-306
• /
• 2005

CGI 프로그래밍 기법이후에 동적 웹 페이지 기술은 CGI 프로그래밍 기법을 개선하기 위해 활발히 연구되었고, 그 결과 Fast-CGI, 서버 사이드 스크립트 그리고 확장 서버 사이드 스크립트 기법이 제안되었다. 본 논문에서는 이러한 동적 웹 페이지 기술을 고찰함과 동시에 벤치마크 테스트를 통해 확장된 서버 사이드 스크립트 기법과 서버 사이드 스크립트 기법의 성능을 비교분석하였다. 벤치마크 테스트 결과에 의하면 확장 서버 사이드 스크립트 기법이 성능과 프로그램 개발 및 유지보수 비용을 함께 고려할 때 2-계층구조와 3-계층구조에서 우수하다는 것을 알 수 있었다. 특히, 대부분의 웹 시스템이 데이터베이스에 의존하는 전형적인 3-계층구조를 따르고 있기 때문에 웹 환경에서 확장 서버 사이드 스크립트 기법은 다른 기법에 비해 우수한 효율성을 나타내리라 기대된다.

• Journal of Internet Computing and Services
• /
• v.17 no.5
• /
• pp.89-95
• /
• 2016

In a software testing domain, test case prioritization techniques improve the performance of regression testing, and arrange test cases in such a way that maximum available faults be detected in a shorter time. User-sessions and cookies are unique features of web applications that are useful in regression testing because they have precious information about the application state before and after making changes to software code. This approach is in fact a user-session based technique. The user session will collect from the database on the server side, and test cases are released by the small change configuration of a user session data. The main challenges are the effectiveness of Average Percentage Fault Detection rate (APFD) and time constraint in the existing techniques, so in this paper developed an intelligent framework which has three new techniques use to manage and put test cases in group by applying useful criteria for test case prioritization in web application regression testing. In dynamic weighting approach the hybrid criteria which set the initial weight to each criterion determines optimal weight of combination criteria by evolutionary algorithms. The weight of each criterion is based on the effectiveness of finding faults in the application. In this research the priority is given to test cases that are performed based on most common http requests in pages, the length of http request chains, and the dependency of http requests. To verify the new technique some fault has been seeded in subject application, then applying the prioritization criteria on test cases for comparing the effectiveness of APFD rate with existing techniques.