• 한국소프트웨어감정평가학회 논문지
• /
• 제17권2호
• /
• pp.125-142
• /
• 2021

Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.

• Nuclear Engineering and Technology
• /
• 제47권2호
• /
• pp.212-218
• /
• 2015

We describe a comparative analysis of different tools used to assess safety-critical software used in nuclear power plants. To enhance the credibility of safety assessments and to optimize safety justification costs, $Electricit{\acute{e}}$ de France (EDF) investigates the use of methods and tools for source code semantic analysis, to obtain indisputable evidence and help assessors focus on the most critical issues. EDF has been using the PolySpace tool for more than 10 years. Currently, new industrial tools based on the same formal approach, Abstract Interpretation, are available. Practical experimentation with these new tools shows that the precision obtained on one of our shutdown systems software packages is substantially improved. In the first part of this article, we present the analysis principles of the tools used in our experimentation. In the second part, we present the main characteristics of protection-system software, and why these characteristics are well adapted for the new analysis tools. In the last part, we present an overview of the results and the limitations of the tools.

• 경영과정보연구
• /
• 제2권
• /
• pp.23-46
• /
• 1998

In this paper, comparative and analysis of multimedia author tools for to proper compatible multimedia author tools on multimedia author tools function and usage, and which breach of contract each author tools specific property prepare to forecast future multimedia expansion trend on information technology expansion. Multimedia essential element is hardware(storage, digital video, CD), software, sound, hypertext and hypermedia etc. Analysis criteria of multimedia author tools is programming environment, which are card, script, icon, time method.

• 정보기술과데이타베이스저널
• /
• 제7권2호
• /
• pp.101-115
• /
• 2000

Since web has been used as the front-end of database, many web database connectivity tools have been developed and being developed now. For web developers and educators, it has been a difficult problem to select one tool out of so many alternatives. This paper compares web database connectivity tools available on PC Windows environment in the viewpoint of developers and educators. This comparative analysis focuses on the functions and programming techniques provided by these tools through implementing a simple case study using these software solutions. The performance analysis of these tools was not done in this reason.

• 한국컴퓨터정보학회논문지
• /
• 제9권1호
• /
• pp.17-23
• /
• 2004

소프트웨어 자동 테스팅 도구를 이용하여 테스트 프로세스의 전부 또는 일부를 자동화함으로써 테스트시간의 단축과 테스트 비용을 줄일 수 있다 그러나 하나의 테스팅 도구를 이용하여 이질적인 컴퓨팅 환경에서 다양한 종류의 테스트 요구 사항을 모두 충족시킨다는 것은 현실적으로 불가능하다 본 논문에서는 소프트웨어 자동 테스팅 도구의 분류 기준을 제시하고, 이를 기반으로 상용화된 테스팅 도구들의 특성을 조사, 분석하여 테스팅 도구의 발전 로드맵을 제시함으로써 테스팅 도구들 상호간의 관계성 이해와 향후 테스팅 도구들의 발전 방향을 모색하고자 한다.

• 한국정밀공학회지
• /
• 제20권1호
• /
• pp.229-239
• /
• 2003

The design process of machine tools is regarded as a sequential, discrete, and inefficient works as it requires various kinds of design tools and many working hours. This paper describes an integrated design system embedding a design methodology that can support efficiently and systematically the conceptual structural design of machine tools. The system is a knowledge-based design system and has four machine-tool-specific functional modules including configuration design, configuration analysis, structure design, and structural analysis support module. Through the configuration design and analysis module, a machine configuration appropriate for design requirements is selected, and then the arrangement of ribs fer each structural part is decided in the structure design module. Also, the structural analysis support module is used to evaluate design result by utilizing structural analysis software, ANSYS. The system is applied to design of a tapping machine, and shows that the machine structure can be designed fast and conveniently by processing each design step interactively.

• 품질경영학회지
• /
• 제32권1호
• /
• pp.1-20
• /
• 2004

Six sigma has been the most influential management innovation program since 1996 in Korea. As a result of successful implementation of 6 sigma, there have been a number of dramatic quality improvement cases. However, no empirical study of 6 sigma implementation study has done especially in the service industry of Korea. This article reviews status of finance companies which implemented 6 sigma programs in Korea and then demonstrates the relationship between 6 sigma problem solving tools such as analysis of variance and graph techniques, etc and project success and operational performance. Customer survey tools, process analysis, and documentation tool are identified as influential tools on project success. Tools of measure steps, customer survey tools, and documentation tool are found as influential tools on operational performance.

• 한국생활과학회지
• /
• 제17권1호
• /
• pp.35-43
• /
• 2008

The purpose of this study is to develop evaluation tools for young children's mathematical ability based on the content standards of NCTM and to verify the suitability of the tools. The tools consist of 5 sub-tests with 90 items, including number and operation, algebra, geometry, measurement, data analysis and probability. The tool analysis was examined with 300 three-to five-years-old children and 31 math education professionals. The results of this research are as follows : First, in order of age the passing rate increased. The gap between high and low score group reveals a statistically meaningful difference. Second, the internal consistency reliability coefficient, Cronbach ${\alpha}$, is .96. Test-retest reliability is around .90. The concurrent validity correlation between this tools and Choi Hye-Jin's test(2003) is .85. The analysis of the content validity was proved appropriately by math education professionals.

• Architectural research
• /
• 제16권4호
• /
• pp.131-137
• /
• 2014

Recently, the development of sustainable building assessment tools as means to invigorate the dissemination of sustainable buildings has been actively progressed. However, many assessment tools involve various problems in terms of assessment method and system framework, which greatly impede their credibility and applicability. If these problems persist over time, the role of sustainable building assessment tools as decision making measures during the design stage will be greatly limited. The objective of the study is to suggest a systematic model for sus- tainable building assessment tools by establishing a logical system of performance assessment framework. For this purpose, the Environmen- tal Impact Assessment(EIA) framework used in selected and modified to fit the building performance assessment. The analysis of performance assessment tools for sustainable buildings was conducted using the EIA framework. Based on the results of the analysis, a framework for the performance assessment of sustainable buildings was established.

• 한국컴퓨터정보학회논문지
• /
• 제24권9호
• /
• pp.51-58
• /
• 2019

Temporal analysis is very useful and important for digital forensics for reconstructing the timeline of digital events. Forgery of a file's timestamp can lead to inconsistencies in the overall temporal relationship, making it difficult to analyze the timeline in reconstructing actions or events and the results of the analysis might not be reliable. The purpose of the timestamp change is to hide the data in a steganographic way, and the other purpose is for anti-forensics. In both cases, the time stamp change tools are requested to use. In this paper, we propose a classification method based on the behavior of the timestamp change tools. The timestamp change tools are categorized three types according to patterns of the changed timestamps after using the tools. By analyzing the changed timestamps, it can be decided what kind of tool is used. And we show that the three types of the patterns are closely related to API functions which are used to develop the tools.