• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.3-12
• /
• 2005

To provide visitors with the various services, Many web sites distribute many ActiveX controls to them because ActiveX controls can overcome limits of HTML documents and script languages. However, PC can become dangerous if it has unsecure ActiveX controls, because they can be executed in HTML documents. Nevertheless, many web sites provide visitors with ActiveX controls whose security are not verified. Therefore, the verification is needed by third party to remove vulnerabilities in ActiveX controls. In this paper, we introduce the process and the technique to fad vulnerabilities. The existing proof codes are not valid because ActiveX controls are different from normal application and domestic environments are different from foreign environments. In this paper, we introduce the technique to prove vulnerabilities in ActiveX control.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.225-234
• /
• 2015

With the growing number of people that use web services, the perception of the importance of securing web applications is also increasing. There are many different types of attacks that target web applications. In the rapidly-changing knowledge and information society, which came into being with the advancements made in information and communication technology, there is currently an urgent need for building web sites for the purposes of developing one's creativity and character. In this paper, attack schemes that use SQL injections and XSS and target educational digital curation systems which provide educational contents with the aim of developing of one's creativity and character are analyze, in terms of how the attacks are carried out and their vulnerabilities. Furthermore, it suggests ways of dealing appropriately with these web-based attacks that use SQL injections and XSS.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.238-240
• /
• 2016

Web 환경이 급격히 변화함에 따라 HTTP 프로토콜의 변화도 요구되었다. 이를 보완하기 위한 비동기 메커니즘, Ajax 등이 제시되었고 최근 사물인터넷, 클라우드 등을 활용한 웹 어플리케이션이 주목 받고 있다. 이러한 패러다임의 변화로 웹은 여러 가지 기능이 필요하게 되었으며 HTTP/1의 단점을 보완한 HTTP/2가 개발되었다. HTTP/2는 웹 어플리케이션 및 Hypertext page 변화를 위해 복합적인 기능들이 추가 되었으나 이러한 추가적인 요소에 대해 또 다른 보안 취약점이 나타났다. 웹 어플리케이션은 사용자의 서비스에 직접적인 영향을 미치기 때문에 보안 위협 및 그 피해가 매우 치명적일 수 밖에 없다. 따라서 이러한 보안 취약점에 대한 보안 대책이 시급하다. 본 논문에서는 HTTP/2의 주요 취약점에 대해 분석하고 네 가지 보안 위협에 대해 기술하여 앞으로의 HTTP/2에서의 웹 보안 대책 및 연구에 기여하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.776-779
• /
• 2005

The Program language for web, such as PHP, JSP, ASP and so on, make it possible to offer more user interactive page by using with HTML. These language and program have been developed with great speed, but security part could not catch up with this development. As a result, it has brought a problem which is expose many server systems to the outside. In this research, we implement Web and SQL analysis program which can analysis hacking causing factor. With this analysis program, we will show you how much efficient it has compared with security patch for server system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.149-153
• /
• 2007

One common type of web-application vulnerabilities is injection flaw, where an attacker exploits faulty application code instead of normal input. In order to be free from injection flaw, an application program should be written in such a way that every potentially bad input character is filtered out. This paper proposes a precise analysis that statically checks whether or not an input string variable may have the given set of characters at hotspot. The precision is accomplished by taking the semantics of condition into account in the analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.113-119
• /
• 2009

In recent years, to provide visitors with the various and dynamic services, many ActiveX Controls are developed and distributed in most of the web sites such as e-Government Internet banking Portal in Korea. However, unsecure ActiveX Controls may be critical security threats on Internet User. Although hacking incidents increase sharply for these vulnerable ActiveX Controls, there are not enough national security actions or policies. Thus, in this paper we propose the technical method to design 'Security model for ActiveX Control Managemnet through Security Authentication' to be able safe and useful security management in three aspects of development distribution using.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1047-1057
• /
• 2018

As the number of services offered on the Internet exponentially increases, password managers are increasing popular applications that store several passwords in an encrypted database (or password vault). Browser-integrated password managers or locally-installed password managers store the password vault on the user's device. Although a web-based password manager stores the password vault on the cloud server, a user can store the master password used to sign in the cloud server on her device. An attacker that steals a user's encrypted vault stored in the victim's device can make an offline attack and, if successful, all the passwords in the vault will be exposed to the attacker. This paper investigates the vulnerability of the password vault stored in the device and develops attack programs to verify the vulnerability of the password vault.

• Journal of The Korean Association of Information Education
• /
• v.8 no.2
• /
• pp.177-187
• /
• 2004

It soaks but from 2003 the gifted child whom it is propelling as the enterprise of real national dimension oneself will know and it will do well the case which with the thought which goes wrong it lets to let alone is many but about lower social unsuitable Eung and melancholia, nervous characteristic anorexia cung with the back the same multi branch problem point occurs with emotional vulnerability of the gifted person. From the gifted people it grasps the emotional vulnerability which occurs from the dissertation which it sees consequently and the gifted person cyber counseling system which does the hazard web which solves a problem point in base plan and it embodies. One side, it applied the gifted child and the parents who are participating to an Dae-jeon 6th area joint the gifted person class in the gifted person cyber counseling system which it develops the result and it analyzed. Emotional vulnerability of the analysis result the gifted child considerable portion there is a possibility the fact that it overcomes, if facing each other it will be able to complement the portion which is insufficient from consultation.

• Journal of Convergence for Information Technology
• /
• v.9 no.2
• /
• pp.17-22
• /
• 2019

Cache is a technique that improves the client's response time, thereby reducing the bandwidth and showing an effective side. However, there are vulnerabilities in the cache technique as well as in some techniques. Web caching is convenient, but it can be exploited by hacking and cause problems. Web cache problems are mainly caused by cache misses and excessive cache line fetch. If the cache miss is high and excessive, the cache will become a vulnerability, causing errors such as transforming the secure data and causing problems for both the client and the system of the user. If the user is aware of the cache infection and the countermeasure against the error, the user will no longer feel the cache error or the problem of the infection occurrence. Therefore, this study proposed countermeasures against four kinds of cache infections and errors, and suggested countermeasures against web cache infections.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.667-677
• /
• 2012

Vulnerable web applications have been the primary method used by the attackers to spread their malware to a large number of victims. Such attacks commonly make use of malicious links to remotely execute a rather advanced malicious code. The attackers often deploy malwares that utilizes unknown vulnerabilities so-called "zero-day vulnerabilities." The existing computer vaccines are mostly signature-based and thus are effective only against known attack patterns, but not capable of detecting zero-days attacks. To mitigate such limitations of the current solutions, there have been a numerous works that takes a behavior-based approach to improve detection against unknown malwares. However, behavior-based solutions arbitrarily introduced a several limitations that made them unsuitable for real-life situations. This paper proposes an advanced web browser based malicious behavior detection system that solves the problems and limitations of the previous approaches.