• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

• The Journal of Korean Academic Society of Nursing Education
• /
• v.2
• /
• pp.75-94
• /
• 1996

This survey study was aimed at identifying the degree of educational need of the KNOU(Korea National Open University) nursing students defined as admission purposes, satisfaction of distance learning education, learning methods, and courses after graduation. Among randomly assigned 1000 students, 320 KNOU nursing students who allowed to participate in the study completed the questionnaires. The data were analyzed using descriptive statistics, chi-square test, and t-test, Results of this study were as follows : 1. The admission purposes of the KNOU nursing students were 'in order to get a bachelor's degree(83.8%)', 'to acquire knowledge for task(61.3%)', or 'to be admitted for the graduate school (53.1%)' etc. Comparing the admission purposes by age, tow items- 'to explore new possibilities for myself' and 'excellent curriculum' showed statistically significant differences. These two items were also found to show significant differences by marital status. 2. For the media maintenance, the results showed that students use their own cassett radios(96.3%), VTR(49.4%), TV only for the study (44.1%), personal computer (3.31%), or joining Hitel (6.3%). 3. Listening rates of the radio lecture were 'over 80%(9.1%)', '50-80%(9.1%)', '20-50%(18.1%)', 'below 20%(30%)' and 'never(33.1%)', And record lecture showed listening rates as follows : 'over80%(17.2%)', '50-80%(15.9%)', '20-50%(24.4%)', 'below 20%(27,2%)' and 'never(14.4%)'. 4. The difficulties with KNOU life were 'listening radio lectures(38.8%)', studying by following teaching schedules (37.8%)', 'isolated self-study(10.3%)', and 'appearance in the attending classes(8.1%)'. 5. As for satisfaction with teaching methods, the data showed that 81.2% of the respondents were satisfied (or very satisfied) with 'attending classes' and 75%, with 'paper lectures'. On the other hand some of respondents were very dissatisfied with 'recorded lecture(12.8%)' and 'radio lecture(10.9%)' 6. The results also showed that the students want to have 'video conferencing lecture(77.2%)', 'cable TV(64.1%)' and 'CD ROM program' to improve learning effects. 7. Concerning learning attitudes, 48.8% of the students reported 'study mainly for examnination', and only 4.1% answered 'study every day with plan'. The learning attitude showed significant differences by marital status and age. The students also evaluated themelves as 'study very hard(5.9%)', 'study hard in general(41.6%)', 'study a little(40.3%)' and 'study little(11.9%)'. 8. The students responded the most effective learning material was the 'textbook (92.2%)'. 9. For the purposes of using the local center, the results showed 'for the attending classes(76.3%)', 'for the use of references(14.7%)', and 'for the study group(66.7%)'. 10. The results revealed that 20.3% of the respondents had ever experienced unregistration or temporary withdrawal, and 53.4% among them did not register more than one time. The most common reason for the unregistration was 'due to family affairs or their job (70.8%)'. 11. 88.1% of the respondents answered 'they will graduate without fail'. 12. Regarding the benefits from the KNOU graduation, respondents indicated 'graduate school admission(38.1%)', 'self-confidence in social life(17.5%)', and understanding social problems (10.9%)'. 13. 64.4% of the students showed that they have intention to enter the graduate school. The item 'changing work place' showed statistically significant differences by marital status and age.

• Journal of The Korean Association For Science Education
• /
• v.38 no.4
• /
• pp.541-553
• /
• 2018

The purpose of this study is to explore the relationship between epistemic goals, epistemic considerations and complexity of reasoning of science high school students in an open inquiry and to explore the context on how open inquiry compares with the characteristics of an authentic scientific inquiry. Two teams were selected as focus groups and a case study was conducted. The findings are as follows: First, the contexts, such as 'sharing the value for the phenomenon understanding, reflection on the value of the research, task characteristics that require collaboration and consensus, and sufficient communication opportunities,' promote epistemic goals and considerations. On the other hand, contexts such as 'lack of opportunity for critical review of related literature and environmental constraints' lowered epistemic sides. Second, epistemic goals and considerations influenced the reasoning complexity. The goal of 'scientific sense making' led to reasoning that pose testable hypotheses based on students' own questions. The high justification considerations led to purposely focusing attention to the control designs and developing creative experimental know-how. The high audience considerations led to defending their findings through argumentation and suggesting future research. On the other hand, the goal of 'doing the lesson' and the low justification considerations led to reasoning that did not interpret the meaning of the data and did not control the limit of experiment. The low audience considerations led to reasoning that did not actively defend their findings and not suggest future research. The results of this study suggest that guidance should provide communication and critical review opportunities.

• Journal of Korea Entertainment Industry Association
• /
• v.13 no.7
• /
• pp.361-373
• /
• 2019

Falls are a threat to the physical health of the elderly as well as to their overall quality of life. The purpose of this study was to identify which type of exercise is effective for improving the balance of the elderly, and to obtain the basic data for developing the falls prevention exercise intervention program for the elderly. We compared to the differential effects between rhythmic step exercise and core muscle strengthening exercise in terms of functional balance test and self-reported balance test. Women older than 65 years and under 80 years of age were assigned to one of the step exercise group(21), core muscle exercise group(20), and control group(21), and for 8 weeks, twice per week, 20-30 minutes of exercise were treated. All participants performed one foot static balance test with open and closed eyes. And they responded to self-reported balance test, such as Fall Efficacy Scale(FES) and Activities-specific Balance Confidence(ABC) Scale. The results of statistical analysis are summarized as follows. First, rhythmic stepping exercise was more effective in improving functional balance than core muscle strengthening exercise. In particular, the effect of step exercise was obvious in the one-foot static balance test with open eyes. Second, the self-reported balance test showed better step exercise than core muscle exercise. Specifically, rhythmic step exercise was more effective in enhancing fall efficacy than core muscle exercise. In conclusion, the rhythmic step exercise was more effective in improving the balance ability of the elderly than the core muscle exercise. The rhythmic step exercise is more related to the lower extremity muscles, and especially since the rhythmic step exercise is performed in various ground changes, it seems to have a high similarity to the fall occurrence situation. For future research, we recommended the development of task-oriented ankle proprioceptive exercise intervention program and exercise equipment based on the specific motion situation in which the fall accident occurs in the elderly.

• Asia pacific journal of information systems
• /
• v.19 no.3
• /
• pp.99-124
• /
• 2009

Many firms in Korea have adopted and used advanced information technology in an effort to boost efficiency. The process of adapting to the new technology, at the same time, can vary from one firm to another. As such, this research focuses on several relevant factors, especially the roles of social interaction as a key variable that influences the technology adaptation process and the outcomes. Thus far, how a firm goes through the adaptation process to the new technology has not been yet fully explored. Previous studies on changes undergone by a firm or an organization due to information technology have been pursued from various theoretical points of views, evolved from technological and institutional views to an integrated social technology views. The technology adaptation process has been understood to be something that evolves over time and has been regarded as cycles between misalignments and alignments, gradually approaching the stable aligned state. The adaptation process of the new technology was defined as "appropriation" process according to Poole and DeSanctis (1994). They suggested that this process is not automatically determined by the technology design itself. Rather, people actively select how technology structures should be used; accordingly, adoption practices vary. But concepts of the appropriation process in these studies are not accurate while suggested propositions are not clear enough to apply in practice. Furthermore, these studies do not substantially suggest which factors are changed during the appropriation process and what should be done to bring about effective outcomes. Therefore, research objectives of this study lie in finding causes for the difference in ways in which advanced information technology has been used and adopted among organizations. The study also aims to explore how a firm's interaction with social as well as technological factors affects differently in resulting organizational changes. Detail objectives of this study are as follows. First, this paper primarily focuses on the appropriation process of advanced information technology in the long run, and we look into reasons for the diverse types of the usage. Second, this study is to categorize each phases in the appropriation process and make clear what changes occur and how they are evolved during each phase. Third, this study is to suggest the guidelines to determine which strategies are needed in an individual, group and organizational level. For this, a substantially grounded theory that can be applied to organizational practice has been developed from a longitudinal comparative case study. For these objectives, the technology appropriation process was explored based on Structuration Theory by Giddens (1984), Orlikoski and Robey (1991) and Adaptive Structuration Theory by Poole and DeSanctis (1994), which are examples of social technology views on organizational change by technology. Data have been obtained from interviews, observations of medical treatment task, and questionnaires administered to group members who use the technology. Data coding was executed in three steps following the grounded theory approach. First of all, concepts and categories were developed from interviews and observation data in open coding. Next, in axial coding, we related categories to subcategorize along the lines of their properties and dimensions through the paradigm model. Finally, the grounded theory about the appropriation process was developed through the conditional/consequential matrix in selective coding. In this study eight hypotheses about the adaptation process have been clearly articulated. Also, we found that the appropriation process involves through three phases, namely, "direct appropriation," "cooperate with related structures," and "interpret and make judgments." The higher phases of appropriation move, the more users represent various types of instrumental use and attitude. Moreover, the previous structures like "knowledge and experience," "belief that other members know and accept the use of technology," "horizontal communication," and "embodiment of opinion collection process" are evolved to higher degrees in their dimensions of property. Furthermore, users continuously create new spirits and structures, while removing some of the previous ones at the same time. Thus, from longitudinal view, faithful and unfaithful appropriation methods appear recursively, but gradually faithful appropriation takes over the other. In other words, the concept of spirits and structures has been changed in the adaptation process over time for the purpose of alignment between the task and other structures. These findings call for a revised or extended model of structural adaptation in IS (Information Systems) literature now that the vague adaptation process in previous studies has been clarified through the in-depth qualitative study, identifying each phrase with accuracy. In addition, based on these results some guidelines can be set up to help determine which strategies are needed in an individual, group, and organizational level for the purpose of effective technology appropriation. In practice, managers can focus on the changes of spirits and elevation of the structural dimension to achieve effective technology use.

• Korean Journal of Applied Biomechanics
• /
• v.26 no.2
• /
• pp.229-236
• /
• 2016

Objective: This study aimed, first, to develop core strength training equipment with elderly-friendly, easy-to-use features and, second, to investigate the effect of core strength training using the equipment on the performance and stability of the elderly in activities of daily living. Method: In this study, we developed training equipment with a stability ball that can be used for performing core strength exercises in the elderly. Twenty-three elderly subjects (age: $77.87{\pm}6.95years$, height: $149.78{\pm}6.95cm$, and weight: $60.57{\pm}7.21kg$) participated in this study. The subjects performed the core strength training exercise with 16 repetitions for 8 weeks (2 repetitions per week). Performance in activities of daily living was assessed by using the Short Physical Performance Battery (SPPB), a test of going up and down 4 stairs, and one-leg static balance test. Stability was quantified as changes in the center of pressure (COP) and C90 area. Results: With the core strength equipment, trunk core strength exercise could be performed by pulling or pushing a rope with 2 hands on the stability ball. During the task, the tension in the rope was manipulated by a motor connected to the rope and the COP of the subject was measured by 4 load cells mounted in the equipment. Our results showed that the SPPB score was significantly higher (p < .05), the time to complete the "going up and down 4 stairs" test was significantly shorter (p < .05), and one-leg static balance statistically improved under an eyes-open condition (p < .05) after as compared with before the core strength training. The changes in the COP in the anteroposterior and mediolateral directions, and C90 area were significantly lower in the posttest (p <. 05) than in the pretest. Conclusion: The core strength training exercise using the equipment developed in the present study improved the performance and stability of the elderly in activities of daily living.

• Journal of the Korean School Mathematics Society
• /
• v.17 no.1
• /
• pp.73-92
• /
• 2014

This study was performed in part with the task to find measures to improve the defining characteristics of feelings, value, interest, self-efficacy, and others aspects in regards to learning math among elementary and middle school students. For this study, it was essential to understand the appropriate questions that are needed to be asked during a consultation at a math clinic, for students that are having a hard time learning math. As a method for performing this study, the content of scheduled counseling over 2 years from a math clinic were collected and the questions that were given and taken were analyzed in order to figure out the types of questions needed in order to effectively examine students that are facing difficulty with learning math. The analysis was performed using Grounded theory analysis by Strauss & Corbin(1998) and went through the process of open coding, axial coding, and selective coding. For the paradigm in the categorical analysis stage, 'attitude towards learning math' was set as the casual condition, 'feelings towards learning math' was set as the contextual condition, 'confidence in one's ability to learn math' was set as the phenomenon, 'individual tendencies when learning math' was set as the intervening condition, 'self-management of learning math' was set as the action/interaction strategy, and 'method of learning' was set as the consequence. Through this, the questions that appeared during counseling were linked into categories and subcategories. Through this process, 81 concepts were deducted, which were grouped into 31 categories. I believe that this data can be used as grounded theory for standardization of consultation in clinics.

• Korean Security Journal
• /
• no.35
• /
• pp.7-36
• /
• 2013

Collecting international terrorism database is a challenging task not only for criminal justice personnel but also for criminologists in comparison to the case of common types of crime database. Yet, there has been growing interests and efforts in establishing a comprehensive terrorist events data base in the world. This current study has a goal to introduce an example world terrorism database case developed by START center in the United States. The START center developed the Global Terrorism Database (GTD) on the basis of by the Pinkerton Global Intelligence Service data (PGIS) originally collected by the Pinkerton. Furthermore, The START expended the GTD by collecting data from open source terrorist event data via internet and other resources. In this study, specifically, it describes the development and the nature of the GTD in general and the data collection efforts made by the STATA until today. Finally, this study provides a sketchy of the nature of the GTD data by showing the descriptive statistical analyses and time-series analyses result illustrating distribution of the world terrorism events. The limitation, policy implications and contribution of this study discussed in this paper.

• KIPS Transactions on Software and Data Engineering
• /
• v.3 no.12
• /
• pp.511-522
• /
• 2014

During the development of the software, a variety of bugs are reported. Several bug tracking systems, such as, Bugzilla, MantisBT, Trac, JIRA, are used to deal with reported bug information in many open source development projects. Bug reports in bug tracking system would be triaged to manage bugs and determine developer who is responsible for resolving the bug report. As the size of the software is increasingly growing and bug reports tend to be duplicated, bug triage becomes more and more complex and difficult. In this paper, we present an approach to assign bug reports to appropriate developers, which is a main part of bug triage task. At first, words which have been included the resolved bug reports are classified according to each developer. Second, words in newly bug reports are selected. After first and second steps, vectors whose items are the selected words are generated. At the third step, TF-IDF(Term frequency - Inverse document frequency) of the each selected words are computed, which is the weight value of each vector item. Finally, the developers are recommended based on the similarity between the developer's word vector and the vector of new bug report. We conducted an experiment on Eclipse JDT and CDT project to show the applicability of the proposed approach. We also compared the proposed approach with an existing study which is based on machine learning. The experimental results show that the proposed approach is superior to existing method.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.1
• /
• pp.726-734
• /
• 2015

Relational databases used by structuralizing data are the most widely used in data management at present. However, in relational databases, service becomes slower as the amount of data increases because of constraints in the reading and writing operations to save or query data. Furthermore, when a new task is added, the database grows and, consequently, requires additional infrastructure, such as parallel configuration of hardware, CPU, memory, and network, to support smooth operation. In this paper, in order to improve the web information services that are slowing down due to increase of data in the relational databases, we implemented a model to extract a large amount of data quickly and safely for users by processing Hadoop Distributed File System (HDFS) files after sending data to HDFSs and unifying and reconstructing the data. We implemented our model in a Web-based civil affairs system that stores image files, which is irregular data processing. Our proposed system's data processing was found to be 0.4 sec faster than that of a relational database system. Thus, we found that it is possible to support Web information services with a Hadoop-based big data processing technique in order to process a large amount of data, as in conventional relational databases. Furthermore, since Hadoop is open source, our model has the advantage of reducing software costs. The proposed system is expected to be used as a model for Web services that provide fast information processing for organizations that require efficient processing of big data because of the increase in the size of conventional relational databases.