• Title/Summary/Keyword: Web Hacking

Search Result 78, Processing Time 0.023 seconds

A Study on the Web Service-Hacking Pattern Recognition System (웹서비스-해킹패턴 인지시스템에 관한 연구)

  • Lim, Chae-Gyun;Ahn, Da-Seon;Kim, Kyu-Ho;Lee, Ki-Young
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.9 no.4
    • /
    • pp.109-114
    • /
    • 2009
  • Recently, web 2.0 is becoming issue can provide a web based services and the technology is developing rapidly. In addition a variety of platforms on the web and SDK(Software Development Kit) is available from various aspects, web services, a trend that is rapidly growing user. But the development of security systems cannot follow the speed and These weaknesses are provided in the Web service by using illegal methods of information acquisition. Therefore, in this paper, we analyzed information for checking a variety of illegal access on Web services. Also, we designed and implemented Web Service-Hacking Pattern Recognition System for which warns the dangerous fact that as recognized hacking through comparisons the hacking patterns which have classified from the hacking method of existing system.

  • PDF

Profile based Web Application Attack Detection and Filtering Method (프로파일기반 웹 어플리케이션 공격탐지 및 필터링 기법)

  • Yun Young-Tae;Ryou Jae-Cheol;Park Sang-Seo;Park Jong-Wook
    • The KIPS Transactions:PartC
    • /
    • v.13C no.1 s.104
    • /
    • pp.19-26
    • /
    • 2006
  • Recently, web server hacking is trending toward web application hacking which uses comparatively vulnerable web applications based on open sources. And, it is possible to hack databases using web interfaces because web servers are usually connected databases. Web application attacks use vulnerabilities not in web server itself, but in web application structure, logical error and code error. It is difficult to defend web applications from various attacks by only using pattern matching detection method and code modification. In this paper, we propose a method to secure the web applications based on profiling which can detect and filter out abnormal web application requests.

A Study on IP Camera Security Issues and Mitigation Strategies (IP 카메라 보안의 문제점 분석 및 보완 방안 연구)

  • Seungjin Shin;Jungheum Park;Sangjin Lee
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.12 no.3
    • /
    • pp.111-118
    • /
    • 2023
  • Cyber attacks are increasing worldwide, and attacks on personal privacy such as CCTV and IP camera hacking are also increasing. If you search for IP camera hacking methods in spaces such as YouTube, SNS, and the dark web, you can easily get data and hacking programs are also on sale. If you use an IP camera that has vulnerabilities used by hacking programs, you easily get hacked even if you change your password regularly or use a complex password including special characters, uppercase and lowercase letters, and numbers. Although news and media have raised concerns about the security of IP cameras and suggested measures to prevent damage, hacking incidents continue to occur. In order to prevent such hacking damage, it is necessary to identify the cause of the hacking incident and take concrete measures. First, we analyzed weak account settings and web server vulnerabilities of IP cameras, which are the causes of IP camera hacking, and suggested solutions. In addition, as a specific countermeasure against hacking, it is proposed to add a function to receive a notification when an IP camera is connected and a function to save the connection history. If there is such a function, the fact of damage can be recognized immediately, and important data can be left in arresting criminals. Therefore, in this paper, we propose a method to increase the safety from hacking by using the connection notification function and logging function of the IP camera.

Network Hacking and Implementation Techniques using Faked ARP Reply Unicast Spoofing according to various Server Types (위조 ARP 응답 유니캐스트 스푸핑을 이용한 서버 유형별 네트워크 해킹 및 구현기술 연구)

  • Choi, Jae-Won
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.1
    • /
    • pp.61-71
    • /
    • 2017
  • ARP Spoofing is a basic and core hacking technology for almost all sniffing. It makes change the flow of packets by faking the 2nd layer MAC address. In this paper we suggested an efficient hacking technology for sniffing remote servers in the switched network environment. The suggested 'Faked ARP Reply Unicast Spoofing' makes the bidirectional packets sniffing possible between the client and server, and it makes simplify the procedures for ARP sniffing and hacking program. In this paper we researched the network hacking and implementation technologies based on the suggested ARP spoofing. And we researched various types of servers hacking such as Root ID and PW of Telnet/FTP server, Root ID and PW of MySQL DB server, ID and PW of Web Portal Server, and account information and transaction history of Web Banking Server. And also we researched the implementation techniques of core hacking programs for the ARP Spoofing.

Detection Mechanism of Attacking Web Service DoS using Self-Organizing Map (SOM(Self-Organizing Map)을 이용한 대용량 웹 서비스 DoS 공격 탐지 기법)

  • Lee, Hyung-Woo;Seo, Jong-Won
    • The Journal of the Korea Contents Association
    • /
    • v.8 no.5
    • /
    • pp.9-18
    • /
    • 2008
  • Web-services have originally been devised to share information as open services. In connection with it, hacking incidents have surged. Currently, Web-log analysis plays a crucial clue role in detecting Web-hacking. A growing number of cases are really related to perceiving and improving the weakness of Web-services based on Web-log analysis. Such as this, Web-log analysis plays a central role in finding out problems that Web has. Hence, Our research thesis suggests Web-DoS-hacking detective technique In the process of detecting such problems through SOM algorithm, the emergence frequency of BMU(Best Matching Unit) was studied, assuming the unit with the highest emergence frequency, as abnormal, and the problem- detection technique was recommended through the comparison of what's called BMU as input data.

A Study of Web Hacking Response Procedures Model based on Diagnosis Studies for Cross-Site Scripting (XSS)Process (Cross-Site Scripting(XSS) 프로세스 진단을 기반으로 한 웹 해킹 대응절차 모델 연구)

  • Noh, SiChoon
    • Convergence Security Journal
    • /
    • v.13 no.6
    • /
    • pp.83-89
    • /
    • 2013
  • When applying web hacking techniques and methods it needs to configure the integrated step-by-step and run an information security. Web hackings rely upon only one way to respond to any security holes that can cause a lot. In this study the diagnostic process of cross-site scripting attacks and web hacking response procedures are designed. Response system is a framework for configuring and running a step-by-step information security. Step response model of the structure of the system design phase, measures, operational step, the steps in the method used. It is designed to secure efficiency of design phase of the system development life cycle, and combines the way in secure coding. In the use user's step, the security implementation tasks to organize the details. The methodology to be applied to the practice field if necessary, a comprehensive approach in the field can be used as a model methodology.

Implementation and Design of Proxy System for Web vulnerability Analysis (웹 취약점 분석을 위한 프락시 시스템의 설계 및 구현)

  • Kim, Gwang-Hyun
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.9 no.9
    • /
    • pp.1011-1018
    • /
    • 2014
  • Because of the proliferation of web services through web site, web hacking attempts are increasing using vulnerabilities of the web application. In order to improve the security of web applications, we have to find vulnerabilities in web applications and then have to remove. This paper addresses a vulnerability in a web application on existing problems and analyze and propose solutions to the vulnerability. This paper have checked the stability of existing web security solutions and evaluated its suitability through analysis of vulnerability. Also, we have implemented the vulnerability analysis tools for web Proxy system and proposed methods to optimize for resolution of web vulnerabilities.

A Countermeasures on the Hacking for the Internet Shopping Mall (인터넷 쇼핑몰의 해킹 사고에 대한 대응방법)

  • Lee, Young Gyo
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.4 no.3
    • /
    • pp.33-43
    • /
    • 2008
  • As internet is spreaded widely, the number of cyber terror using hacking and virus is increased. Also the hacking to the internet shopping mall go on increasing. If the large shopping mall is attacked by the hacker, a number of user's information are exposed to the hacker. The private information as like a resident registration number, user's real name, the date of user's birth, the mobile phone number, the office phone number / address, the home phone number / address and so on include the information. These information are used in the phishing e-mails / call and spam. And them are selling and buying maliciously. The large internet shopping mall 'auction' was hacked in April, 2008. After the incident, this paper suggested a countermeasures on the hacking for the internet shopping mall. The technical item and political item are included among the countermeasures. The countermeasures can protect the hacking not only the internet shopping mall but also the web sites basically.

Tools for Web-Based Security Management Level Analysis (웹기반 보안 관리 수준 분석 도구)

  • Kim, Jeom-Goo;Choi, Kyong-Ho;Noh, Si-Choon;Lee, Do-Hyeon
    • Convergence Security Journal
    • /
    • v.12 no.3
    • /
    • pp.85-92
    • /
    • 2012
  • Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

Proposal for Designing and Building a Special Purpose Web Server with Enhanced Security (보안이 강화된 특수목적용 웹서버 설계 및 구축 제안)

  • Hong, Seong-Rak;Jo, In-June
    • The Journal of the Korea Contents Association
    • /
    • v.22 no.2
    • /
    • pp.71-79
    • /
    • 2022
  • Currently, even if control and mock hacking are performed for the security of web servers, vulnerabilities continue to occur and be hacked. To solve this problem, we have developed a secure web server that can control all web communication using sockets between L4 and L5. And when giving HTTP responses, we proposed a method of combining files and headers in advance. As a result, both security and speed could be improved. Therefore, in this paper, we proposed the reason why vulnerabilities occur even if control and mock hacking occur, a solution to it, and a security web server development method that can maintain security up to DB.