• ETRI Journal
• /
• v.42 no.3
• /
• pp.433-445
• /
• 2020

A denial-of-service (DoS) attack is a serious attack that targets web applications. According to Imperva, DoS attacks in the application layer comprise 60% of all the DoS attacks. Nowadays, attacks have grown into application- and business-layer attacks, and vulnerability-analysis tools are unable to detect business-layer vulnerabilities (logic-related vulnerabilities). This paper presents the business-layer dynamic application security tester (BLDAST) as a dynamic, black-box vulnerability-analysis approach to identify the business-logic vulnerabilities of a web application against DoS attacks. BLDAST evaluates the resiliency of web applications by detecting vulnerable business processes. The evaluation of six widely used web applications shows that BLDAST can detect the vulnerabilities with 100% accuracy. BLDAST detected 30 vulnerabilities in the selected web applications; more than half of the detected vulnerabilities were new and unknown. Furthermore, the precision of BLDAST for detecting the business processes is shown to be 94%, while the generated user navigation graph is improved by 62.8% because of the detection of similar web pages.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05b
• /
• pp.799-802
• /
• 2003

인터넷의 확산과 컴퓨터 기술의 발전으로, 기존에 인트라넷 환경에서 사용되던 정보 처리 시스템을 인터넷 환경에서 사용할 수 있게 하려는 노력들이 활발히 진행되고 있다. 그리고 그에 따른 수많은 대안들이 나타났으나 이런 대안들의 성능에 대해서는 신뢰성을 갖기에 부족함이 많았다. 본 논문에서는 인터넷으로 확장된 여러 시스템 중 WebLogic-Tuxedo 기반 시스템을 선정하여, 인터넷으로의 통합 시스템을 구현하고 그 성능을 측정하였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.3
• /
• pp.363-369
• /
• 2003

The Web-based project is seriously not efficient area at software engineering. In order to develop a Web-based system, UI(User Interface) designers usually first design display layout and then business logic developers bring to complete the coding of the display layout source. In the case of maintenance, it goes through the same process. This kinds of Web-based software development method were proposed by the various methods same as the tag library of JSP. But there are many problems to apply them and they are low productive comparing to the C/S based software development method. WFS(Web Form System), which is suggested on this thesis, separates UI design from business logic on a Web project and offers the better environment to develop Web-based software. Eventually WFS will improve the productivity to develop Web-based software.

• Journal of Internet Computing and Services
• /
• v.5 no.2
• /
• pp.85-95
• /
• 2004

The web-based project is seriously not efficient area at software engineering. In order to develop a web-based system, UI(User Interface) designers usually first design display layout and then business logic developers bring to complete the coding of the display layout source. In the case of maintenance, it goes through the same process, This kinds of web-based software development method were proposed by the various methods same as the tag library of JSP, But there are many problems to apply them and they are low productive comparing to the CIS based software development method, WFS(Neb Form System), which is suggested on this thesis, separates UI design from business logic on a web project and offers the better environment to develop web based software, Eventually WFS will improve the productivity to develop web based software.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.921-924
• /
• 2005

Embodid Community web application program preservation, damage control and resuability uses EJB component that is high breakup object system than existent model 1 web program. Web programs that is in existing hard to exist on course which UI logic is same with business logic and do maintenance and resuability. But, improved resuability of business separating business logic and UI logic by different machine embodying program to use component. Minimizes Teuranjeksyeon and Paeilobeo and embodied in stabler program than existing by using EJB component.

• Journal of KIISE:Software and Applications
• /
• v.31 no.3
• /
• pp.255-266
• /
• 2004

In the Web-based information systems, separating the business process logic from the data and presentation logic brings about a wide range of advantages. However, this separation is not easily achieved; even the data logic may be not separated from the presentation layer. So, it requires to define an model for business processes, and then to map the model into the user's dynamic interface using the logic separating strategy. This paper presents a stylesheet method to recognize the process by extending XSLT (Extensible Stylesheet Language Transformations), in order to achieve the logic separation. To do this, it provides an specification of the business process, and a scheme that extracts business model factors and their interactions using a Petri-net notation to show the business model into the process point of view. This is an attempt to separate users' interaction from the business process, that is, dynamic components of interaction Web document from the process structure of Web applications. Our architecture consist mainly of an XSLT controller that is extended by a process control component. The XSLT controller is responsible for receiving the user requests and searching the relevant templet rule related to different user requests one by one. Separation of concerns facilities the development of service-oriented Web sites by making if modular. As a result, the development of service-oriented Web sites would be very easy, and can be changed without affecting the other modules, by virtue of the modularization concept. So, it is easy to develop and maintain the Web applications in independent manner.

• Journal of Internet Computing and Services
• /
• v.7 no.6
• /
• pp.11-20
• /
• 2006

One of the most important factor while developing web application is to separate presentation and business logic lowering the maintenance cost. There are various web application development tools mainly categorized as script based such as Servlet, JSP, ASP.NET techniques and dynamic server page development frameworks such as Struts, JSF (Java Server Faces), Spring MVC etc. These tools provide web tier processing solution but not the complete separation of presentation and business logic. In this paper, we developed custom tog component that separate presentation and business logic, to process them we also developed container. In addition, DOM tree is applied to the developed container to manage the presentation effectively.

• International journal of advanced smart convergence
• /
• v.13 no.1
• /
• pp.57-68
• /
• 2024

In this paper, we are interested in how creator economy startups allowing creators to make money from doing that they love. So, we look at European creator economy startups among Web3.0 business model landscape surveyed in 2022, because the US is home of Web2.0 giant platforms like YouTube. Totally seventeen European startups are investigated, and the theoretical logic is the disruptive innovation. We firstly review the survey published in 2022 and utilize the theory of the disruptive innovation to design the research framework including questions with each type of the disruptive innovation. In this paper, we firstly show, Kalao and Gem as NFT ecosystem platforms aim at service convenience. Secondly, Talkbase, Passionfroot, Bildr, Customuse, and Earnr aim at providing creator tools for under-skilled customers. Lastly, when it comes direct monetization with a decentralized business model, CrowdPad, Admix, GOALS, Realm, Dropstar, Pianity, Sonomo, Stage11, Miiji, and ReadyPlayerMe are representative. Despite the relatively small data size, the results are meaningful as they contribute to a more profound comprehension of the Web3.0 business models and offer guidance for future research directions.

• Journal of KIISE:Software and Applications
• /
• v.36 no.9
• /
• pp.706-717
• /
• 2009

A web application is implemented by reusing the library provided by framework and has hierarchical architecture. Also, to deal with the user request from a screen, the web application has an execution flow, called 'Business Logic', which starts with a screen, executes its composed component and comes back to the screen via database. To test web application effectively, it should reflect the characteristics of web application. In this paper we propose to test web applications via user screens with the black-box testing approach and verify its source codes with the web interface white-box test coverage that covers all the business logics of the test target and their corresponding interfaces. We analyze the proposing testing method through its tool: Testopiacov.

• Information Systems Review
• /
• v.3 no.2
• /
• pp.277-288
• /
• 2001

Of critical importance to the success of any e-commerce site are the two factors: rapid application development and quick response time. A three-tier architecture composed of presentation layer, business layer, and data access layer emerges to allow rapid changes in user interface, business logic, and database structures. Too often, such a logical three-tier architecture is considered as requiring a three-tier physical architecture: Web server, application server, and database server running on separate computers. Contrary to the common belief, a Web stress test reveals that the three-tier logical architecture implemented on a two-tier physical platform guarantees a quicker response time due to the reduction in cross-machine communications. This would lead business firms to economize their spending on e-commerce: increasing the number of physical servers to expedite transaction is not necessarily the best solution. Before selecting a particular hardware configuration, a Web stress test needs to be conducted to compare the relative merits of alternative physical architectures. Together with capacity planning, Web stress test emerges as a powerful tool to build robust, yet economical e-commerce sites.