• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.199-207
• /
• 2008

Web service has many security weekness because it is exposure to outside and connected with various application. Especially, as new technology developed new type of security weakness has occured consistently. In this paper, we construct webserver and honeyweb by using virtual reality on a basis these weakness. So it cannot be influenced by any attack to the hardware of the system. By using honey web, it disigned and embodied web server secutiry system to collect the data about new attack. Through this, it can provide proper secutiry in a web environment of mutual communication.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1466-1469
• /
• 2009

최근 웹 서비스 환경에서 공격자가 자신의 근원지를 은닉하기 위하여 여러 단계의 경유지를 거쳐 공격을 시도하는 사례가 증가하고 있으며, 이에 대한 법률적 증거 확보 및 능동적인 대처를 위하여 웹 어플리케이션에서의 역추적 기술이 필요하다. 현재 자바 애플릿이나 ActiveX, 플러그인, 웹 로그 등을 이용한 응용 계층의 추적 기술이 개발되고 있지만, 웹 클라이언트에 의하여 차단될 가능성이 높고, 플러그인 종류 및 호환되지 않는 운영 환경 등 제약조건으로 인하여 사용에 제한이 있다. 본 논문에서는 액션 스크립트를 이용한 웹 클라이언트 모니터링 시스템을 제안한다. 제안된 시스템은 웹 클라이언트가 실행을 인식하지 못하고 수행되어 웹 클라이언트에 의한 차단을 막을 수 있고, 다양한 운영 환경에서 사용이 가능하다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.261-263
• /
• 2014

The public services without going through the web is now about to become impossible. To solve these kinds of security issues about the web, the government announced that a secure coding for web server is mandatory since 2012. In the domestic market, the web firewall has been promoted and widely sold as one of the best solutions for the existing web problems. In this study, with providing the effective way operator can apply security policies for the web firewall, more stable web services can be presented.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.11b
• /
• pp.715-718
• /
• 2003

웹 페이지와 윈도우 어플리케이션 사이의 데이터 전송하는 과정에서 데이터가 다른 사랑에 의해 유출 되었을 경우 데이터의 보안을 위해 암호 알고리즘을 사용한다. 자료의 기밀이 유지되어야 할 경우 다른 사람이 알 수 없는 형태로 변형하고, 사용할 때는 원문으로 변형하는 방법이 암호 알고리즘이다. 본 논문에서는 암호 알고리즘과 웹과 윈도우 환경에서 전송하고자 하는 데이터에 대해 암호화 및 복호화하는 방법을 제안한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2017.07a
• /
• pp.39-40
• /
• 2017

본 논문에서는 서버의 비동기 입출력(이하 I/O) 모델을 통해 더 많은 접속과 성능을 위한 패턴과 클라이언트 브라우저의 HTML 템플렛팅과 반응성 UI들의 메모리 관리 패턴을 제안한다. 본 연구는 다이어트 현황을 기록하는 저널(Journal) 서비스를 제공하는 웹 어플리케이션이다. 노드.js (Node.js)의 소켓.io (Socket.io)를 통한 비동기 push 패턴을 사용한 효율적인 I/O 성능, html5의 로컬 저장소 (Local Storage), tcp/ip 헤더의 쿠키 (Cookie), 상태를 저장하는 웹 토큰 (Json Web Token)을 통한 무상태 서버 구조로 구성되어 있다. 이로 인하여 서버 확장성 및 동시 처리, 빠른 질의 성능, 기본 네트워크 패킷 보안을 구축한다. 과한 CPU 처리를 요하는 일 중 템플릿팅은 클라이언트 브라우저에게 분담하도록 하고 효율적인 DOM 접근과 메모리 관리를 위한 싱글턴 패턴을 적극 활용하여 빠르고 즉각적인 반응성을 가진 웹 어플리케이션을 운용한다.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.17-25
• /
• 2004

As Internet and Internet users are rapidly increasing and getting popularized in the world the existing firewall has limitations to detect attacks which exploit vulnerability of web server. And these attacks are increasing. Most of all, intrusions using web application's programming error are occupying for the most part. In this paper, we introduced real-time web-server agent which analyze web-server based log and detect web-based attacks after the analysis of the web-application's vulnerability. We propose the method using real-time agent which remove Process ID(pid) and block out attacker's If if it detects the intrusion through the decision stage after judging attack types and patterns.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.1-7
• /
• 2008

The hacking method came to be more complicated, became program ant it was automated. That is hacking trend of recent times. Before, The password crack, catch root authority is trend of hacking which uses the vulnerability of server. Hacker attack network or all of domain not some host. Web application system at hacking technique develops and improve transmitted data through the network shows many vulnerability. The massive data are transmitted through the network without encipherment filtering. It will be able to bring about the neck of a bottle actual condition which is serious in security system because of the network where the user comes to be many it leads and the data which is delivered comes to be many. In this paper, we propose web application system to prevent overload from bottleneck in encipherment system. It can solve security key trust problem in encoding and decoding with public key infrastructure.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.31-37
• /
• 2010

The risks and threats in IT security systems to protect, prevent damage and Risk should be minimized. Context of information security products such as information processing, storage, delivery, and in the process of information system security standards, That is the basic confidentiality, availability, integrity and secondary clarity, potential evidence, detection, warning and defense capabilities, to ensure sufficient and should be. Web services are the most important elements in the security, the web nature of port 80 for the service to keep the door open as a structure, Web applications, web sources and servers, networks, and to hold all the elements are fundamental weaknesses. Accordingly, these elements through a set of Web application development errors and set-up errors and vulnerabilities in Web applications using their own home pages and web servers to prevent hacking and to improve the efficiency of Web services is proposed methodology performs security BMT.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.93-99
• /
• 2012

As the most common application development of software development time, error-free quality, adaptability to frequent maintenance, such as the need for large and complex software challenges have been raised. When developing web applications to respond to software reusability, reliability, scalability, simplicity, these quality issues do not take into account such aspects traditionally. In this situation, the traditional development methodology to solve the same quality because it has limited development of new methodologies is needed. Quality of applications the application logic, data, and architecture in the entire area as a separate methodology can achieve your goals if you do not respond. In this study secure coding, the big issue, web application factors to deal with security vulnerabilities, web application architecture, design procedure is proposed. This proposal is based on a series of ISO/IEC9000, a web application architecture design process.

• The KIPS Transactions:PartD
• /
• v.15D no.5
• /
• pp.699-704
• /
• 2008

By the dependence on Web from popularization of internet and increasing number of users, web services capability and security problem of communication is becoming a great issue. Existing web services technology decrease the capability of web application server by limiting the number of synchronous client, decreasing the processing load and increasing average response time. The encryption process to secure communication and the early expense of handshake decrease transmission speed and server capability by increasing the calculation time for connecting. Accordingly, this paper executes an encryption procedure by elliptical encryption algorithm to satisfy secure demands, improve the overload of server for web services and get reliability and security of web server architecture and proposes an improved mobile web sever which provides better ability and the techniques for deferred processing.