• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.149-159
• /
• 2023

Web application security education that can provide practical experience is needed to reduce damage caused by the recent increase in web application vulnerabilities and to strengthen security. In this paper, we proposed a scenario-based web application education method, applied the proposed method to classes, and analyzed the results. In order to increase the effectiveness of scenario-based education, a real-life practice environment to perform scenarios and instructions to be performed by learners are needed. As an example of the proposed method, instructions to be performed by learners from the viewpoint of the attacker and the victim were shown in a practice environment to teach XSS and SQL injection vulnerabilities. After applying the proposed method to the class for students majoring in cyber security, when the lecture evaluation results were analyzed, it was shown that the learner's interest, understanding, and major ability all improved.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.439-441
• /
• 2022

This study compares the monitoring application for monitoring data predicted by the demand prediction algorithm and the web page of the construction site safety management system used by the power demand management application 'Hajumon' and U&E Communications. This study is two representative examples above, and it is possible to identify an appropriate application or web by comparing the difference between the web and the application's UI, advantages and disadvantages, and data supplementation.

• The KIPS Transactions:PartD
• /
• v.10D no.2
• /
• pp.293-300
• /
• 2003

As Internet has grown rapidly and been more complex by technology in connection with Web and requirement of business, qualify and reliability of Web application are getting important. It is necessary to study about testing method along with design technique specially in Web application. This paper explains automation method of user interface test to make test cases about user input form with HTML pages using by built-in browser objects. Examples shows the possibility of testing automation with Javascript objects get mapped. Overhead of writing Javascript can be reduced by making script generator. Generated test scripts are repeatedly used in regression testing Web-based application.

• The KIPS Transactions:PartD
• /
• v.11D no.2
• /
• pp.371-380
• /
• 2004

E-commerce is in wide use with the rapid advance of internet technology. The main component of an e-commerce application is a Web-based database application. Currently, it takes a lot of time in developing Web applications since developers should write codes manually or semi-automatically for user interface forms and query processing of an application. Therefore, the productivity increase of Web-based database applications has been demanded. In this paper, we introduce a software tool, which we call the WebSiteGen2, that automatically generates the forms that we used as user interfaces and the EJB/JSP components that process the query made through the forms for an application that needs a new database or uses an existing database. The WebSiteGen2 thus increases the productivity, reusability, expandibility, and portability of an application by automatically generating a 3-tier application based on component technology. Moreover, one user interface form that are generated by the WebSiteGen2 provides information on an interested entity as well as information on all the directly or indirectly related entities with the interested one. In this paper, we explain the functionality and implementation of the WebSiteGen2 and then show the merits by comparing the WebSiteGen2 to the other commercial Web application generators.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.3 no.3
• /
• pp.69-76
• /
• 2000

This study deals with development GIS application using web-based CAD, this application serves to user, designer, manager that more convenient and various functions. Development to this application, collect attribute data from fieldwork and geographic data from cadastral map and aerial survey map and then development to user interface using HTML, JavaScript, ASP, Whip ActiveX control. This application's characters are as follows ; First, system designer designed that anyone who have basic knowledge about web and CAD can develop this application. A system structure simplification by 2-Tier. Geographic information use DWF(drawing web format) file and attribute information use DBMS in consideration of extension. Second, system manager can service independently GIS in Web need not high priced GIS engine, so more economical. Third, internet user get service GIS information and function that search of information, zoom in/out, pan, print etc., if you need more functions, add function without difficultly. Developed application as above, not only save volume but fast of speed as use vector data exclude character and image data. Also, this application can used by means of commercial and travel information service but also various GIS service of public institution and private in web.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.686-690
• /
• 2003

웹 응용프로그램에 대한 위협이 점차 확산되면서 오늘날 많은 Web Application Firewall들이 등장하고 있다. 하지만, 대부분의 기관에서 웹 서버 자체의 변조는 기관의 미지 실추를 제외하면 업무상 큰 문제를 유발하지 않는다. 웹 서버에 대한 보안을 고려하는 이유는 웹 서버가 침입을 당할 경우 DB 서버의 내용에 손상이 가해질 수 있기 때문이다. 본 고에서는 Web Application Firewall과 연동하여 허용되는 SQL 질의패턴을 자동으로 생성하여 불법적인 SQL 질의를 차단하는 DB Application Firewall을 제안한다. 이를 통해 웹 응용프로그램의 취약점으로 인해 SQL 질의가 변조되더라도 DB 서버에 해당SQL질의가 전달되는 것을 차단할 수 있다.

• Journal of KIISE:Software and Applications
• /
• v.36 no.9
• /
• pp.706-717
• /
• 2009

A web application is implemented by reusing the library provided by framework and has hierarchical architecture. Also, to deal with the user request from a screen, the web application has an execution flow, called 'Business Logic', which starts with a screen, executes its composed component and comes back to the screen via database. To test web application effectively, it should reflect the characteristics of web application. In this paper we propose to test web applications via user screens with the black-box testing approach and verify its source codes with the web interface white-box test coverage that covers all the business logics of the test target and their corresponding interfaces. We analyze the proposing testing method through its tool: Testopiacov.

• Journal of KIISE:Software and Applications
• /
• v.30 no.12
• /
• pp.1193-1207
• /
• 2003

Various web applications are developed as the Internet is popularized in many fields. However, in most cases of web application development, systematic analysis is omitted and developers jump into the implementation. Therefore developers have difficulties with applying the development methods for a large scale project. The approach of creating an analysis models of a web application from a business model is proposed for the rapid and efficient development. The analysis process, tasks and techniques are proposed for this approach. The use case diagram and web page list are created from business modes that is depicted using the notation of UML activity diagram. The page diagram and logical / physical database models are created using the use case diagram and the web page list. These analysis models are refined during the detailed design phase. The efficiency of proposed method has been shown using a practical case study which reflects the development project of the web application for supporting the association of auto repair shops.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.241-243
• /
• 2005

Web services (WS) present a new promising software technology, which provides application-to-application interaction. They are built on the top of existing web protocol and based on open XML standards. Web services are described using WSDL, and the UDDI is a integration directory provide registry of Web Services descriptions. WSDL provides information of Web Services but it is getting more and more important to know more than those provided by WSDL. From WSDL we can not get the information like usage of WS, performance of WS, complexity of WS, usability of WS with other web service. In this paper, we proposed a new method for Web Services so called Public Web Services Analyzer (PWSA). This technique is based on analyzing various public UDDI registries in order to get various kinds of statistics of web services. Those statistics will be used by both web services developers and consumers for finding them suitable services for their needs. PWSA guarantees that it can provide enough information to find right web services for both Web Services Consumers and Web Service Developers.

• Journal of the Korean Society for information Management
• /
• v.24 no.3
• /
• pp.119-147
• /
• 2007

Actually a diffusion of a semantic web application and utilization are situations insufficient extremely. Technology most important in semantic web application is construction of the ontology which contents itself with characteristics of semantic web. Proposed a suitable a method of building web ontology for characteristics or semantic web and web ontology as we compared the existing ontology construction ana ontology construction techniques proposed for web ontology construction, and we analyzed. And modeling old ontology to bases to description logic and the any axiom rule that used an expression way of SWRL, and established inference-based web ontology according to proposed ways. Verified performance of ontology established through ontology inference experiment. Also established an web ontology-based intelligence image retrieval system, to experiment systems for performance evaluation of established web ontology, and present an example of implementation of a semantic web application and utilization. Demonstrated excellence of a semantic web application to be based on ontology through inference experiment of an experiment system.