• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.125-142
• /
• 2021

Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.10a
• /
• pp.725-728
• /
• 2007

Software security is about making software behave correctly in the presence of a malicious attack, even though software failures usually happen spontaneously in the real world. Standard software testing literature is concerned only with what happens when software fails, regardless of intent. The difference between software safety and software security is therefor the presence of an intelligent adversary bent on breaking the system. Software security for attacking the system is presented in this paper

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.269-281
• /
• 2018

Many organizations are threatened by numerous information security attacks which are resulting in information security incidents. To prevent information security incidents, organizations invest on various information security measures like information security products, monitoring services and security training and educations. However they do not have enough knowledge about measurable utilities of information security investments. Since there is little studies empirically examining the effect of information security investments, this research aims to find out utilities of information security investment. We especially focuse on information security service investments. This study examined the data from the survey on information security for business sector which was conducted by Korean information & security agency. We utilized negative binomial regression model, which is a suitable model for over-dispersed count data. We found out that an investment on information security education and vulnerability testing have direct impact on reducing information security incidents. This research academically contributed to shed light on the utility of information security investments on reducing information security incidents. This research practically contributed to providing information security investment guideline for organizations which want to reduce information security incidents efficiently.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.11
• /
• pp.2459-2464
• /
• 2012

Many companies has led to the damage case being leaked to personal information by taking cyber attack. Also, planned hacking cases continues to increase for the purpose of acquiring monetary gain or causing social disruption induction, etc. Approximately 75% of the Web site attacks exploit the vulnerability of the application. Major security issue is to strengthen the S/W development security according to the legal basis. The members of the project team is the fact that the lack of recognition of application development security. In addition, passive response and security validation/testing, etc. throughout the SDLC to the entire area is insufficient. Therefore, rework due to the belated discovery of a defect has occurs. In this paper, we examine the case of the project step-by-step security activities by performing IT services companies. And, through this, we present security measures that can be applied to the step-wise real-world projects.

• Steel and Composite Structures
• /
• v.47 no.4
• /
• pp.523-537
• /
• 2023

This paper proposed a new self-centering brace (SCB), which consists of four post-tensioned (PT) high strength steel strands and energy absorbing steel plate (EASP) clusters. First, analytical equations were derived to describe the working principle of the SCB. Then, to investigate the hysteretic performance of the SCB, four full-size specimens were manufactured and subjected to the same cyclic loading protocol. One additional specimen using only EASP clusters was also tested to highlight the contribution of PT strands. The test parameters varied in the testing process included the thickness of the EASP and the number of EASP in each cluster. Testing results shown that the SCB exhibited nearly flag-shape hysteresis up to expectation, including excellent recentering capability and satisfactory energy dissipating capacity. For all the specimens, the ratio of the recovered deformation is in the range of 89.6% to 92.1%, and the ratio of the height of the hysteresis loop to the yielding force is in the range of 0.47 to 0.77. Finally, in order to further understand the mechanism of the SCB and provide additional information to the testing results, the high-fidelity finite element (FE) models were established and the numerical results were compared against the experimental data. Good agreement between the experimental, numerical, and analytical results was observed, and the maximum difference is less than 12%. Parametric analysis was also carried out based on the validated FE model to evaluate the effect of some key parameters on the cyclic behavior of the SCB.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.509-517
• /
• 2015

Side Channel Analysis of applying the power-consumption was known as effective method to analyze the key of security device based on chip. The precedential information of power-consumption was measured by the voltage distribution method using by series connection of resistor. This method was dependent on the strength of the voltage. If the voltage cannot be acquired much information which is involved with the key, the information of power-consumption significantly might be influenced by noise. If so, some of the information of power-consumption might be lost and distorted. Then, this loss can reduce the performance of the analysis. For the first time, this paper will be introduced the better way of the improvement with using the method of Current to Voltage Converter with OP-Amp. The suggested method can reduce the effect of the noise which is included in the side channel information. Therefore we can verify the result of our experiments which is provided with the improvement of the performance of side channel analysis.

• Proceedings of the Safety Management and Science Conference
• /
• 2005.05a
• /
• pp.453-459
• /
• 2005

On this research, we show some concrete examples as software design, 2D/3D display, graph display, and gage display to develop a data monitoring system for real time safe fire testing. Developed software which is simulation software for live fire testing, has been designed to display informations about whole test status in a live fire testing, and with this, user can control a live fire testing under the safe environment. Beside, we increase a security by using a authority of user to access on this software. and we develop it based on module designed to apply a requirement of user later on.

• Journal of the Korea Safety Management & Science
• /
• v.7 no.2
• /
• pp.65-72
• /
• 2005

On this research, we show some concrete examples as software design, 2D/3D display, graph display, and gage display to develop a data monitoring system for real time safe fire testing. Developed software which is simulation software for live fire testing, has been designed to display informations about whole test status in a live fire testing, and with this, user can control a live fire testing under the safe environment. Beside, we increase a security by using a authority of user to access on this software. and we develop it based on module designed to apply a requirement of user later on.

• Transactions of the Korean Society of Pressure Vessels and Piping
• /
• v.8 no.3
• /
• pp.1-6
• /
• 2012

The containment Integrated Leakage Rate Testing(ILRT) of nuclear power plants in Korea is performed in accordance with NSSC(Nuclear Safety and Security Commission) code 2012-16 and ANSI/ANS 56.8-1994. Nuclear power plants in Korea and the United States are to apply same test criteria, ANSI/ANS 56.8-1994, except type A testing time. NPPs in Korea apply 24 hours according to NSSC code 2012-16, but NPPs in United States apply 8 hours according to 10CFR50 App. J for type A test. So, there are many difficulties in order to perform ILRT in Korea. In this study, I review the impact on the ILRT results and the effect of ILRT due to type A testing time. The future, we will continue study to enhance the test reliability and improve these problems.

• Smart Structures and Systems
• /
• v.18 no.6
• /
• pp.1169-1188
• /
• 2016

Real-time substructuring techniques are currently an advanced experimental method for testing large size specimens in the laboratory. In dynamic substructuring, the whole tested system is split into two linked parts, the part of particular interest or nonlinearity, which is tested physically, and the remanding part which is tested numerically. To achieve near-perfect synchronization of the interface response between the physical specimen and the numerical model, a good controller is needed to compensate for transfer system dynamics, nonlinearities, uncertainties and time-varying parameters within the physical substructures. This paper presents the substructuring approach and control performance of the linear and the adaptive controllers for testing the dynamic characteristics of soil-structure-interaction system (SSI). This is difficult to emulate as an entire system in the laboratory because of the size and power supply limitations of the experimental facilities. A modified linear substructuring controller (MLSC) is proposed to replace the linear substructuring controller (LSC).The MLSC doesn't require the accurate mathematical model of the physical structure that is required by the LSC. The effects of parameter identification errors of physical structure and the shaking table on the control performance of the MLSC are analysed. An adaptive controller was designed to compensate for the errors from the simplification of the physical model in the MLSC, and from parameter identification errors. Comparative simulation and experimental tests were then performed to evaluate the performance of the MLSC and the adaptive controller.