• Title/Summary/Keyword: web vulnerability

Search Result 146, Processing Time 0.037 seconds

A Study on The Vulnerabilities and Problems of Security Program (보안 프로그램의 취약성 및 문제점에 관한 연구)

  • Jeon, Jeong Hoon
    • Convergence Security Journal
    • /
    • v.12 no.6
    • /
    • pp.77-84
    • /
    • 2012
  • Recent Security Programs are widely used to improve the security of Client Systems in the Web authentication. Security Program is provide the function of the Keyboard Security and Certificate Management, Vaccines, Firewall. in particular, This Security Program has been used Financial Institutions and Government Agencies, and some private corporate Home Page. and ActiveX is used to install the Security Program. but Security Programs caused by several security vulnerabilities and problems as they appear, are threat to the stability of the Client System. Therefore, This paper will be analyzed through Case Studies and Experiments to the Vulnerabilities and Problems of Security Program and This Is expected to be utilized to further improve the performance of the Security Program and the building of a new Certification Scheme for material in the future.

Perceptions of the Risk of Cardiovascular Disease in Middle-aged Male Taxi Drivers: Focus Group Interviews (중년남성 택시운전자의 심혈관질환 위험성에 대한 인식: 포커스그룹 인터뷰를 중심으로)

  • Park, Sun-Jung;Ko, Ga-Yeon;Park, Byung-Jun
    • Korean Journal of Occupational Health Nursing
    • /
    • v.29 no.4
    • /
    • pp.288-294
    • /
    • 2020
  • Purpose: This study aimed to comprehensively examine middle-aged male taxi drivers' perceptions of the risk of cardiovascular disease. Methods: A qualitative method was used, with focus group interviews. The participants were middle-aged male taxi drivers who had been driving for more than ten years and for more than six hours daily. Results: The data were analyzed using qualitative thematic analysis. Middle-aged male taxi drivers' perceptions of the risk of cardiovascular disease were categorized into three main themes: "individual perceptions of cardiovascular disease", "possibility of behaviors for cardiovascular disease" and "motivations of behaviors for cardiovascular disease". Six sub-themes were extracted as follows: "perception of vulnerability", "perception of seriousness", "perception of profitability", "perception of disability", "self-awareness" and "advancing toward health care". Conclusion: It is necessary to invigorate support systems through measures including education, counseling, and web-based programs to prevent cardiovascular disease in middle-aged male taxi drivers.

Comparative analysis for security technology to WiBro terminals's vulnerability (모바일 기기의 ERP 인터페이스 방안)

  • Park, Jong-Youel;Chang, Young-Hyun;Yoon, Kyung-Bae;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.05a
    • /
    • pp.281-283
    • /
    • 2013
  • In this paper, we have presented the implementation plan for the Server interface and how to implement the Client GUI interface of a form you can use Android considerations and ERP Interface methods available in mobile devices, with iOS. It provides in the form of Web services using TCP / IP, how to handle the data, communication of Client and Server in mobile devices, coordination of ERP that can be used in mobile devices by presenting how to send in XML format it presented a new method which can be performed more efficiently.

  • PDF

TCP-ROME: A Transport-Layer Parallel Streaming Protocol for Real-Time Online Multimedia Environments

  • Park, Ju-Won;Karrer, Roger P.;Kim, Jong-Won
    • Journal of Communications and Networks
    • /
    • v.13 no.3
    • /
    • pp.277-285
    • /
    • 2011
  • Real-time multimedia streaming over the Internet is rapidly increasing with the popularity of user-created contents, Web 2.0 trends, and P2P (peer-to-peer) delivery support. While many homes today are broadband-enabled, the quality of experience (QoE) of a user is still limited due to frequent interruption of media playout. The vulnerability of TCP (transmission control protocol), the popular transport-layer protocol for streaming in practice, to the packet losses, retransmissions, and timeouts makes it hard to deliver a timely and persistent flow of packets for online multimedia contents. This paper presents TCP-real-time online multimedia environment (ROME), a novel transport-layer framework that allows the establishment and coordination of multiple many-to-one TCP connections. Between one client with multiple home addresses and multiple co-located or distributed servers, TCP-ROME increases the total throughput by aggregating the resources of multiple TCP connections. It also overcomes the bandwidth fluctuations of network bottlenecks by dynamically coordinating the streams of contents from multiple servers and by adapting the streaming rate of all connections to match the bandwidth requirement of the target video.

Security Vulnerabilities of Client-Server Communications of Password Managers (패스워드 매니저의 클라이언트-서버 통신 취약점 분석)

  • Hong, Seunghui;So, Jaewoo;Jeong, Hyera
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.17-27
    • /
    • 2020
  • Many users are using password managers in order to conveniently manage several usernames and passwords needed to access the web sites. The password manager encrypts and stores several passwords on the server, and the user accesses the server to receive the password information. Thus, if an attacker can sniff a message between the password manager and the server and decrypt the message content, or if an attacker can steal the computer's memory and decrypt the message content, then all the passwords will be exposed to the attacker. In this paper, we analyze the client-server communications and encryption process of password mangers and show there is a serious vulnerability in memory attack.

Web-based Automated Network Service Security Vulnerability Analysts & Management System (웹 기반의 자동화된 네트워크 서비스 보안 취약성 분석 및 관리 시스템)

  • Lim, Mun-Hee;Yang, Jin-Suck;Kim, Hyun-Ku;Chang, Beom-Hwan;Chung, Tai-Myung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2002.04b
    • /
    • pp.853-856
    • /
    • 2002
  • 인터넷이라는 거대한 네트워크에 연결되어 있는 시스템의 보안 상태를 주기적으로 점검하여 외부로부터의 공격에 취약한 부분을 보완하여 주는 일은 공격에 대한 방어를 위하여 가장 기본적인 일이다. 그러나 수많은 호스트가 상호 연결된 네트워크 관리 시스템에서 관리자가 각 시스템의 보안상 취약점을 전부 인지하고 이에 대한 보완을 수행하는 것은 상당히 어려운 일이다. 따라서 관리자의 수작업에 의한 취약점 분석 작업보다는 자동화된 관리 도구에 의한 취약점 분석이 효율적이다. 이에 본 논문에서는 네트워크 서비스인 HTTP, SMTP의 취약점을 원격에서 분석하는 시스템을 설계 및 구현하였다. WAVAMS는 에이전트와 독립된 mobile 코드의 이동에 의한 동적 분석 모듈의 추가로 가장 최근의 취약점을 신속하게 분석 할 수 있으며 확장성이 높다. 또한 웹 기반으로 설계되어 관리자가 용이하게 관리할 수 있다.

  • PDF

Exploring Community Structure and Function with Network Analysis: a Case Study of Cheonggye Stream (생태계 네트워크 분석을 이용한 생물 군집의 구조와 기능에 대한 연구: 청계천을 사례로)

  • Lee, Minyoung;Kim, Yongeun;Cho, Kijong
    • Korean Journal of Environmental Biology
    • /
    • v.36 no.3
    • /
    • pp.370-376
    • /
    • 2018
  • It is important to consider interaction between species in understanding structure and function of the biological community. Current ecological issues such as climate change and habitat loss emphasize the significance of the concept of species interaction in that varying species' interaction across environmental gradients may lead to altered ecological function and services. However, most community studies have focused on species diversity through analysis of quantitative indices based on species composition and abundance data without considering species interactions in the community. 'Ecological network analysis' based on network theory enables exploration of structural and functional properties of ecosystems composed of various species and their interactions. In this paper, network analysis of Cheonggye stream as a case study was presented to promote uses of network analysis on ecological studies in Korea. Cheonggye stream has a simple biological structure with link density of 1.48, connectance 0.07, generality 4.43, and vulnerability 1.94. The ecological network analysis can be used to provide ecological interpretations of domestic long-term monitoring data and can contribute to conserving and managing species diversity in ecosystems.

Legal System and Regulation Analysis by S/W Development Security (S/W 개발 보안에 따른 법 제도 및 규정 분석)

  • Shin, Seong-Yoon;Jin, Dong-Soo;Shin, Kwong-Seong;Lee, Hyun-Chang;Lee, Yang-Won
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.10a
    • /
    • pp.201-202
    • /
    • 2014
  • In this paper, we research on domestic or international hacking cases that could damage us mentally or financially. Seventy five percent of Web-site attacks abuses weak points of application programs, or software. We also research on major issues related to software development security with these demerits.

  • PDF

Buffer Overflow Attack and Defense Techniques

  • Alzahrani, Sabah M.
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12
    • /
    • pp.207-212
    • /
    • 2021
  • A buffer overflow attack is carried out to subvert privileged program functions to gain control of the program and thus control the host. Buffer overflow attacks should be prevented by risk managers by eradicating and detecting them before the software is utilized. While calculating the size, correct variables should be chosen by risk managers in situations where fixed-length buffers are being used to avoid placing excess data that leads to the creation of an overflow. Metamorphism can also be used as it is capable of protecting data by attaining a reasonable resistance level [1]. In addition, risk management teams should ensure they access the latest updates for their application server products that support the internet infrastructure and the recent bug reports [2]. Scanners that can detect buffer overflows' flaws in their custom web applications and server products should be used by risk management teams to scan their websites. This paper presents an experiment of buffer overflow vulnerability and attack. The aims to study of a buffer overflow mechanism, types, and countermeasures. In addition, to comprehend the current detection plus prevention approaches that can be executed to prevent future attacks or mitigate the impacts of similar attacks.

Comparative Analysis of Baseflow Separation using Conventional and Deep Learning Techniques

  • Yusuff, Kareem Kola;Shiksa, Bastola;Park, Kidoo;Jung, Younghun
    • Proceedings of the Korea Water Resources Association Conference
    • /
    • 2022.05a
    • /
    • pp.149-149
    • /
    • 2022
  • Accurate quantitative evaluation of baseflow contribution to streamflow is imperative to address seasonal drought vulnerability, flood occurrence and groundwater management concerns for efficient and sustainable water resources management in watersheds. Several baseflow separation algorithms using recursive filters, graphical method and tracer or chemical balance have been developed but resulting baseflow outputs always show wide variations, thereby making it hard to determine best separation technique. Therefore, the current global shift towards implementation of artificial intelligence (AI) in water resources is employed to compare the performance of deep learning models with conventional hydrograph separation techniques to quantify baseflow contribution to streamflow of Piney River watershed, Tennessee from 2001-2021. Streamflow values are obtained from the USGS station 03602500 and modeled to generate values of Baseflow Index (BI) using Web-based Hydrograph Analysis (WHAT) model. Annual and seasonal baseflow outputs from the traditional separation techniques are compared with results of Long Short Term Memory (LSTM) and simple Gated Recurrent Unit (GRU) models. The GRU model gave optimal BFI values during the four seasons with average NSE = 0.98, KGE = 0.97, r = 0.89 and future baseflow volumes are predicted. AI offers easier and more accurate approach to groundwater management and surface runoff modeling to create effective water policy frameworks for disaster management.

  • PDF