• Title/Summary/Keyword: web security

Search Result 1,098, Processing Time 0.032 seconds

A Study on Web Service Security (웹 서비스 보안기술에 관한 연구)

  • 김배현;권문택
    • Convergence Security Journal
    • /
    • v.4 no.2
    • /
    • pp.61-70
    • /
    • 2004
  • Web service technology will be used in various business fields and it will affect business paradigms. But, however, there is no standard so far and we have many problems to be solved in order to insure interoperability and security. Especially we have to solve Web service security for effective utilization of the technology and otherwise, the technology will not be used in the business field. We, therefore, need to develope security technology which fits to the Web service characteristics. This document describes a proposed strategy for addressing security within a Web service environment based on the results of analysis on the Web service security problems.

  • PDF

Security of Web Applications: Threats, Vulnerabilities, and Protection Methods

  • Mohammed, Asma;Alkhathami, Jamilah;Alsuwat, Hatim;Alsuwat, Emad
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.8
    • /
    • pp.167-176
    • /
    • 2021
  • This is the world of computer science and innovations. In this modern era, every day new apps, webs and software are being introduced. As well as new apps and software are being introduced, similarly threats and vulnerable security matters are also increasing. Web apps are software that can be used by customers for numerous useful tasks, and because of the developer experience of good programming standards, web applications that can be used by an attacker also have multiple sides. Web applications Security is expected to protect the content of critical web and to ensure secure data transmission. Application safety must therefore be enforced across all infrastructure, including the web application itself, that supports the web applications. Many organizations currently have a type of web application protection scheme or attempt to build/develop, but the bulk of these schemes are incapable of generating value consistently and effectively, and therefore do not improve developers' attitude in building/designing stable Web applications. This article aims to analyze the attacks on the website and address security scanners of web applications to help us resolve web application security challenges.

Implementation of the Secure Web Server-Client Module Based on Protocol Architecture (프로토콜 기반 웹 클라이언트-서버 보안 모듈 구현)

  • Jang, Seung-Ju;Han, Soo-Whan
    • The KIPS Transactions:PartD
    • /
    • v.9D no.5
    • /
    • pp.931-938
    • /
    • 2002
  • We implement the PBSM (Protocol-Based Security Module) system which guarantees the secure data transmission under web circumstances. There are two modules to implement for the PBSM architecture. One is Web Server Security Module (WSSM) which is working on a web server, the other is the Winsock Client Security Module (WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption part for HTML file and the decryption part for CGI (Common Gateway Interface). We also implement the proposed idea at the web system.

A Study on Security Evaluation for Mobile Web Services Message (모바일 웹서비스 메시지의 보안 평가에 관한 연구)

  • Lee, Seoung-Hyeon;Lee, Jae-Seung
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2007.06a
    • /
    • pp.765-768
    • /
    • 2007
  • In this paper, the security evaluation method about mobile web services message is suggested in the method for improving the safety an reliability about the mobile web services message. In order that the goal of this paper is accomplished, the security threat and the security vulnerability which can be occurred in the mobile web services message are defined. The evaluation method for performing the security evaluation about the mobile web services message is defined. Also, the requirements for the mobile web services message security evaluation are defined. Finally, the evaluation framework for performing the mobile web services message security evaluation is constituted, and the evaluation scenario example is suggested. By using the mobile web services message security evaluation defined in the paper, before the mobile web services is deployed, the security threats and security vulnerability can be verified. Also, the countermeasure for the security threat and security vulnerability discovered in the verification result can be prepared. Therefore, the sorority and reliability about the mobile web services can be improved.

  • PDF

Design and Implementation of the System Supporting Security Communication between a Web Browser and a CGI Program (웹 브라우져와 CGI 프로그램 사이의 보안 통신을 지원하는 시스템 설계 및 구현)

  • Lee, Jun-Seok
    • The Transactions of the Korea Information Processing Society
    • /
    • v.6 no.3
    • /
    • pp.641-653
    • /
    • 1999
  • The paper is design and implementation of the system to support security communication between a Web Browser and a CGI program by a Web Server using PKI(Public Key Infrastructure. This system uses GSS(Generic Security Service)-API to communicate with PKI, offers a Web user a Client Proxy, and offers a CGI developer there library functions related with security. TLS(Transport Layer Security) supports security communication between a Web Browser and a Web Server, but the system supports security communication between a Web Browser and a CGI program as the protected data received from a Client Proxy are sent to a CGI program, and the CGI program decrypts the data using the library functions supported by this system.

  • PDF

Security System using Protocol-Based Security Module for Secure Data Transmission in Web Environment (웹 환경에서 안전한 데이타 전송을 보장하는 프로토콜 기반의 보안 모듈에 근거한 보안 시스템)

  • 장승주;임동훈
    • Journal of KIISE:Information Networking
    • /
    • v.29 no.6
    • /
    • pp.635-644
    • /
    • 2002
  • We propose the PBSM(Protocol-Based Security Module) system which guarantees the secure data transmission under web environments. There are two modules in the PBSM architecture. One is Web Server Security Module(WSSM) which is working on a web server, the other is the Winsock Client Security Module(WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server. The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption function for HTML file and the decryption function for CGI(Common Gateway Interface). The formal analysis methodology is imported from format theory for analyzing the data flow of the PBSM system. The formal analysis methodology is based on the order theory.

A Study on Information Security Management of Hospital Web Sites (의료기관 종별 웹 사이트 정보보안 관리 실태 연구)

  • Kim, Jong-Min;Ryu, Hwang-Gun
    • The Korean Journal of Health Service Management
    • /
    • v.9 no.2
    • /
    • pp.23-32
    • /
    • 2015
  • In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

Vulnerability Analysis using the Web Vulnerability Scanner (Web Vulnerability Scanner를 이용한 취약성 분석)

  • Jang, Hee-Seon
    • Convergence Security Journal
    • /
    • v.12 no.4
    • /
    • pp.71-76
    • /
    • 2012
  • As the use of Mashups, web3.0, JavaScript and AJAX(Asynchronous JavaScript XML) widely increases, the new security threats for web vulnerability also increases when the web application services are provided. In order to previously diagnose the vulnerability and prepare the threats, in this paper, the classification of security threats and requirements are presented, and the web vulnerability is analyzed for the domestic web sites using WVS(Web Vulnerability Scanner) automatic evaluation tool. From the results of vulnerability such as XSS(Cross Site Scripting) and SQL Injection, the total alerts are distributed from 0 to 31,177, mean of 411, and standard deviation of 2,563. The results also show that the web sites of 22.5% for total web sites has web vulnerability, and the previous defenses for the security threats are required.

Construction of Security Evaluation Criteria for Web Application Firewall (웹방화벽의 보안성 평가 기준의 구축)

  • Lee, Ha-Yong;Yang, Hyo-Sik
    • Journal of Digital Convergence
    • /
    • v.15 no.5
    • /
    • pp.197-205
    • /
    • 2017
  • To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.