한국전자통신학회논문지 (The Journal of the Korea institute of electronic communication sciences)

한국전자통신학회 (Korea Institute of Electronic Communication Science)
권호 표지
DOI QR코드

DOI QR Code

웹 취약점 분석을 위한 프락시 시스템의 설계 및 구현

Implementation and Design of Proxy System for Web vulnerability Analysis

  • 김광현 (광주대학교 정보통신학과)
  • 투고 : 2014.07.07
  • 심사 : 2014.09.19
  • 발행 : 2014.09.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

웹 사이트를 통한 정보제공이 활성화 되면서 웹 애플리케이션의 취약점을 이용한 웹 해킹 시도가 증가하고 있다. 웹 애플리케이션의 보안을 강화하려면 먼저 웹 애플리케이션의 취약점을 찾아 제거할 필요가 있다. 본 논문은 웹 애플리케이션에 대한 기존의 취약점 해결 방법을 분석하고 보다 발전된 취약점 해결방안을 제시하고자 한다. 웹 애플리케이션 취약점 분석을 통해 현존하는 웹 취약점을 제거한 웹 보안 상태의 안정성을 점검하고 기존 방법의 적합성을 평가하였다. 또한 기존 취약점 해결방안의 미비점을 보완한 방법으로 웹 프락시(Proxy) 시스템을 통한 취약점 분석 툴을 구현하고 최적화 방안을 제시하였다.

Because of the proliferation of web services through web site, web hacking attempts are increasing using vulnerabilities of the web application. In order to improve the security of web applications, we have to find vulnerabilities in web applications and then have to remove. This paper addresses a vulnerability in a web application on existing problems and analyze and propose solutions to the vulnerability. This paper have checked the stability of existing web security solutions and evaluated its suitability through analysis of vulnerability. Also, we have implemented the vulnerability analysis tools for web Proxy system and proposed methods to optimize for resolution of web vulnerabilities.

키워드

참고문헌

  1. I.-Y. Lee, J.-I. Cho, K.-H. Cho, and J.-S. Moon, "A Method for SQL Injection Attack Detection using the Removal of SQL Query Attribute Values," J. of the Korea Institute of information Security & Cryptology, vol. 18, no. 5, 2008, pp. 135-147.
  2. S.-J. Park and J.-H. Park, "Current Status and Analysis of Domestic Security Monitoring Systems," J. of the Korea Institute of Electronic Commu nication Sciences, vol. 9, no. 2, 2014, pp. 261-266. https://doi.org/10.13067/JKIECS.2014.9.2.261
  3. M. O'Neill, P. Hallam-Baker, and S. M. Cann, Web Services Security. New York : McGraw-Hill, 2003.
  4. S. Garfinke, Web Security, Privacy and Commerce, 2nd Edition, Sebastopol, CA : O'Reilly Media, 2002.
  5. C. Kaufman, M. Spiciner, and R. Perlman, Network Security Private Communication in a PUBLIC World, 2nd Edition, Englewood Cliffs, NJ : Prentice Hall, 2002.
  6. D.-Y. Kim, "Vulnerability Analysis for Industrial Control System Cyber Security," J. of the Korea Institute of Electronic Communication Sciences, vol. 9, no. 1, 2014, pp. 137-142. https://doi.org/10.13067/JKIECS.2014.9.1.137
  7. D.-K. Kang, M.-Y. Hyun, and C.-S. Kim, "Cyber trap : Unknown Attack Detection System based on Virtual Honeynet," J. of the Korea Institute of Electronic Communication Sciences, vol. 8, no. 6, 2013, pp. 863-871. https://doi.org/10.13067/JKIECS.2013.8.6.863