• Journal of Korea Multimedia Society
• /
• v.7 no.1
• /
• pp.91-97
• /
• 2004

As the electronic commercial transaction is being transacted by contents which can get an illegal intrusion from the outside, we sincerely require security for them. We must consider a protection countermeasure about intrusion from protection of the passive form to protection intrusion of the active one. So the security is required against hackers illegality intrusion into the contents. As soon as the intrusion happens about the contents, the tools providing the monitor of contents are required to minimize the damage to the systems. Modified web contents detection system in this paper prevents the loss of resources and manpower required through individually monitoring on the web. Also, this paper offers rapid support of security that it analyzes the weakness of contents security of the web environment and the cause of the problem with the leakage of information. So this system has the pur pose of protecting the weakness of contents security and the leakage of information.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.83-89
• /
• 2013

When applying web hacking techniques and methods it needs to configure the integrated step-by-step and run an information security. Web hackings rely upon only one way to respond to any security holes that can cause a lot. In this study the diagnostic process of cross-site scripting attacks and web hacking response procedures are designed. Response system is a framework for configuring and running a step-by-step information security. Step response model of the structure of the system design phase, measures, operational step, the steps in the method used. It is designed to secure efficiency of design phase of the system development life cycle, and combines the way in secure coding. In the use user's step, the security implementation tasks to organize the details. The methodology to be applied to the practice field if necessary, a comprehensive approach in the field can be used as a model methodology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1393-1399
• /
• 2018

Companies that use a variety of software use patch management systems provided by security vendor to manage security vulnerabilities of software to improve security. System administrators monitor the vendor sites that provide new patch information to maintain the latest software versions, but it takes a lot of cost and monitoring time to find and collect patch information because the patch cycle is irregular and the structure of web page is different. In order to reduce this, studies to automate patch information collection based on keyword or web service have been conducted, but since the structure to provide patch information in vendor site is not standardized, it was applicable only to specific vendor site. In this paper, we propose a system that automates the collection of patch information by analyzing the structure and characteristics of the vendor site providing patch information and using web crawler to reduce the cost and monitoring time consumed in collecting patch information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.667-677
• /
• 2012

Vulnerable web applications have been the primary method used by the attackers to spread their malware to a large number of victims. Such attacks commonly make use of malicious links to remotely execute a rather advanced malicious code. The attackers often deploy malwares that utilizes unknown vulnerabilities so-called "zero-day vulnerabilities." The existing computer vaccines are mostly signature-based and thus are effective only against known attack patterns, but not capable of detecting zero-days attacks. To mitigate such limitations of the current solutions, there have been a numerous works that takes a behavior-based approach to improve detection against unknown malwares. However, behavior-based solutions arbitrarily introduced a several limitations that made them unsuitable for real-life situations. This paper proposes an advanced web browser based malicious behavior detection system that solves the problems and limitations of the previous approaches.

• Knowledge Management Research
• /
• v.11 no.1
• /
• pp.1-17
• /
• 2010

As information technology had shown tremendous development in late 20th century, various service opportunities appeared in many industries. Also, new types of service are becoming available such as, reservation, teleconsultation, telemedicine. In health care industry, in which, many hospitals are faced operational difficulties and competing impetuously, a web site has become a effective tool to attract patients and transfer tremendous health information to the patients. This study is based on many previous researches on online service quality, try to figure out e-service quality factors of health information sites, and the factors' effect on users' satisfaction on the web site via providing knowledge and trust on the web site. As a result, usability, site aesthetic, responsiveness and security are the 4 factors to measure e-service quality of health information web site. All factors except site aesthetic have significant effects on providing knowledge, security only effects on trust on the web site.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.135-148
• /
• 2008

The expansion of the internet has made web applications become a part of everyday lift. As a result the number of incidents which exploit web application vulnerabilities are increasing. A large percentage of these incidents are SQL Injection attacks which are a serious security threat to databases with potentially sensitive information. Therefore, much research has been done to detect and prevent these attacks and it resulted in a decline of SQL Injection attacks. However, there are still methods to bypass them and these methods are too complex to implement in real web applications. This paper proposes a simple and effective SQL Query attribute value removal method which uses Static and Dynamic Analysis and evaluates the efficiency through various experiments.

• Proceedings of the CALSEC Conference
• /
• 2004.02a
• /
• pp.51-55
• /
• 2004

·Web Service 적용 -비용절감/새로운 Revenue 창출 기회 ·Business 환경 -SOA(서비스기반구조), 온디맨드, 그리드 컴퓨팅의 기반→Web Service로의 이행 가속화 ·IT Challenge -복잡성과 위험 ·관리 솔루션 -전반적인 관리 요구 -인프라 ＆ Web Service 레벨 ·Web Service 관리 기대 효과 -효율성, 일관성 및 안전성 제공 -근본 원인 분석 기반 제공

• International Journal of Internet, Broadcasting and Communication
• /
• v.4 no.2
• /
• pp.17-21
• /
• 2012

As an acronym for Supervisory Control and Data Acquisition, SCADA is a concept that is used to refer to the management and procurement of data that can be used in developing process management criteria. The use of the term SCADA varies, depending on location. Conventionally, SCADA is connected only in a limited private network. In current times, there are also demands of connecting SCADA through the internet. The internet SCADA facility has brought a lot of advantages in terms of control, data generation and viewing. With these advantages, come the security issues regarding web SCADA. In this paper, we discuss web SCADA and its connectivity along with the issues regarding security and suggests a web SCADA security solution using asymmetric-key encryption.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.321-326
• /
• 2003

최근 인터넷의 급속한 발전과 함께 웹 어플리케이션 형태로 서비스를 제공하였던 것이 다양하고 개별적인 웹 어플리케이션들을 효율적으로 통합하는 웹 서비스 방식으로 진화하고 있다 이에 따라, 차세대 플랫폼의 대안으로 웹 서비스(Web Service)가 급부상하고 있다. 이러한 환경에서 서비스의 보안은 필수적인 요소이며, 웹 서비스 보안에 대한 연구개발이 필요하다 본 논문에서는 웹 서비스에 대한 전반적인 사항을 분석하여 문제점을 도출하고 XML 정보보호기술을 기반으로 웹 서비스의 보호 방안을 제시한다. 그리고, XML-Web Service 보안 모델을 검토하고, 기반구조 및 기능을 살펴본다. 최종적으로 제안된 모델은 차세대 웹 서비스 플랫폼의 기반 기술이 될 것으로 기대된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1217-1224
• /
• 2015

Web application security problems are addressed by the web vulnerability analysis which in turn supports companies to understand those problems and to establish their own solutions. Ministry of Science, ICT and Future Planning (MSIP) has released its guidelines for analysis and assessment of the web vulnerability. Although it is possible to distinguish vulnerability items in a manner suggested in the MSIP's guidelines, MSIP's factors and criteria proposed in the guidelines are neither sufficient nor efficient in analyzing specific vulnerability entries' risks. This study discusses analysis of the domestic and international Vulnerability Scoring system and proposes an appropriate evaluating method for web vulnerability analysis.