• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06b
• /
• pp.226-228
• /
• 2012

최근 HTML5, AJAX(Asynchronous JavaScript XML) 등으로 구현된 웹 애플리케이션이 널리 이용됨에 따라 웹 애플리케이션에 존재하는 취약점을 악용하는 공격 사례가 증가하고 있다. 웹 애플리케이션의 안전한 개발과 유지보수를 위해, 설계/구현 단계에서의 취약점 완화를 통한 예방, 그리고 운영 단계에서의 공격 탐지 및 대응이 필요하다. 더불어, 위험한 취약점들 및 공격 패턴들을 분석하고 우선순위를 부여하여, 웹 애플리케이션 개발 단계 및 운영 단계에서 심각한 취약점과 공격들을 우선 고려해야 한다. 본 논문에서는 OWASP Top 10과 CWE(Common Weakness Enumeration)를 연동시켜 CAPEC(Common Attack Pattern Enumeration and Classification)에서 웹 관련 주요 공격 패턴을 선별하고 순위화하였다. CWE는 취약점 예방에 도움을 주며, 순위화된 공격 패턴은 웹 애플리케이션에서 주요 공격들을 효율적으로 방어할 수 있게 하여 준다.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.127-137
• /
• 2012

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.

• Journal of Applied Biological Chemistry
• /
• v.51 no.1
• /
• pp.7-12
• /
• 2008

The suitability of CPWs, by-products of the juice industry, was investigated as a source for the production of cosmeceuticals. Four kinds of CPWs, CW, CWE, CWER, and CWEA, were examined for their antioxidant potentials in terms of DPPH radical-scavenging ability for anti-wrinkle applications, inhibition of tyrosinase or melanin production for whitening products, and anti-inflammatory effects to treat various skin diseases such as atopic dermatitis and acne as well as for anti-bacterial activity against acne-inducing pathogens. Of the four extracts, CWER was the most potent tyrosinase inhibitor ($IC_{50}$ value: $109\;{\mu}g/mL$), and CWEA ($IC_{50}:\;167\;{\mu}g/mL$) showed good antioxidative effects. CWE and CWEA samples had dose-dependent inhibitory effects on the melanin production. The cytotoxic effects of the four CPWs were determined by colorimetric MTT assays using human keratinocyte HaCaT cells. Most extracts exhibited low cytotoxicity at $100\;{\mu}g/mL$. These results suggest CPWs are attractive candidates for topical applications on the human skin.

• Korean Journal of Pharmacognosy
• /
• v.48 no.3
• /
• pp.187-194
• /
• 2017

Peptidoglycan in inserts and mammals is well known to improve biological functions in the host's immune system. However, it is unclear how Peptidoglycan exerted its anti-inflammatory capacity especially in clam worm (Marphysa sanguinea). In this experiment, the anti-inflammatory and antioxidant effects of clam worm extract treated with (PCWE) peptidoglycan (Micrococcus luteus) in RAW264.7 cells were examined by measuring MDA, catalase, SOD, GSH-Px and inflammatory cytokines (nitric oxide, iNOS, interleukin-$1{\beta}$ and tumor necrosis factor-${\alpha}$). PCWE significantly increased the activities of catalase, SOD and GSH-Px and decreased the level of MDA. Interestingly, PCWE induced activities of SOD and GSH-Px more than clam worm extract without peptidoglycan (CWE). In addition, PCWE decreased NO production, iNOS, COX-2, TNF-${\alpha}$ and IL-$1{\beta}$ better than CWE. Taken together, these results indicate that PCWE has the potential as a natural antioxidant and a therapeutic for inflammation-related diseases.

• Wind and Structures
• /
• v.30 no.1
• /
• pp.69-83
• /
• 2020

Modelling incompressible, neutrally stratified, barotropic, horizontally homogeneous and steady-state atmospheric boundary layer (ABL) is an important aspect in computational wind engineering (CWE) applications. The ABL flow can be viewed as a balance of the horizontal pressure gradient force, the Coriolis force and the turbulent stress divergence. While much research has focused on the increase of the wind velocity with height, the Ekman layer effects, entailing veering - the change of the wind velocity direction with height, are far less concerned in wind engineering. In this paper, a modified k-ε model is introduced for the ABL simulation considering wind veering. The self-sustainable method is discussed in detail including the precursor simulation, main simulation and near-ground physical quantities adjustment. Comparisons are presented among the simulation results, field measurement values and the wind profiles used in the conventional wind tunnel test. The studies show that the modified k-ε model simulation results are consistent with field measurement values. The self-sustainable method is effective to maintain the ABL physical quantities in an empty domain. The wind profiles used in the conventional wind tunnel test have deficiencies in the prediction of upper-level winds. The studies in this paper support future practical super high-rise buildings design in CWE.

• Water for future
• /
• v.16 no.4
• /
• pp.253-257
• /
• 1983

In an attempt to study the frequency and characteristics of typhoons which hit the Korean Peninsula a period of 40 years from 1946 through 1979 was covered to collect necessary data with respect to occurrence of typhoons and their influence Typhoons which occurred between 1959 and 1980 were grouped according to their treking routes and strengths for detailed analyses. The results are summarized as follow; 1. The average annual occurrence of typhoons in the western pacific ocean was found to be 28, only two of which attacked the Korean Peninsula. 2. The annual probabilities of typhoons attacking were 0.925 for one or more, 0.700 for twice or more and 0.323 for there times or moro. 3. The monthly probabilities were found to be 0.228 in July, 0.434 in August and 0.194 in September. 4. An half of the typhoons which hit the Korean Pennisula passed through the western coast and the rest through the southern and eastern coasts in similan proportions. 5. The western coast is hit most frequently in July and less afterwords, visa-vis the southern and the eastern coast. 6. The minimum SLP averaged 983 mb and ordered by the treking routes as S

• KIISE Transactions on Computing Practices
• /
• v.21 no.11
• /
• pp.721-726
• /
• 2015

This paper shows secure coding rules for PHP programs. Programmers should comply with these rules during development of their programs. The rules are crafted to restrain 28 weaknesses that are composed of 22 corresponding to reported CVEs of PHP, the children of CWE-661 for PHP, and the top 5 weaknesses according to OWASP. The rule set consists of 28 detailed rules under 14 categories. This paper also demonstrates through examples that programs complying with these rules can curb weaknesses. The rules can also serve as a guideline in developing analysis tools for security purposes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1407-1417
• /
• 2012

In order to protect a software system from security attacks, it is important to remove the software security weaknesses through the entire life cycle of software development. To remove the software weaknesses more effectively, software weaknesses are prioritized and sorted continuously. In this paper, we introduce the existing scoring systems for software weakness and software vulnerability, and propose a new quantitative standard for the scoring system, which helps evaluate the importance of software weakness objectively. We also demonstrate the practicability of the proposed standard by scoring 2011 CWE/SANS Top 25 list with the proposed standard and comparing it to the original score of MITRE.

• Asian Pacific Journal of Cancer Prevention
• /
• v.16 no.14
• /
• pp.6117-6121
• /
• 2015

Background: Most northeast Thai vegetables may play roles in human health by acting as antioxidant and anticancer agents. Recent study showed that Cratoxylum formosum subsp. pruniflorum (Kurz.) Gogel. (Teawdang) could inhibit growth of liver cancer cell lines. Cervical cancer, which has human papilloma virus as its main cause, is found at high incidence in Thailand. Due to increasing drug resistance, searches for potential anticancer compounds from natural source are required. Therefore, our purpose was to evaluate the cytotoxicity of Teawdang extracts in cervical cancer cell lines. Materials and Methods: Teawdang edible parts, purchased from Khon Kaen market during July-October 2013 was extracted with organic solvent. Phenolic profiles of crude hexane (CHE), ethyl acetate (CEE), methanol (CME) and water (CWE) extracts were performed by high performance liquid chromatographic (HPLC) techniques. Their cytotoxic effects on cervical cancer cells were investigated with HPV-non infected (C-33A) and HPV-infected (HeLa and SiHa) cell lines. Results: HPLC profiles showed that all crude extracts contained caffeine, ferulic acid and resveratrol. CME and CEE had high contents of gallic acid and quercetin. Catechin was found only in CWE. Cytotoxicity test showed that CEE had the lowest IC50 on HeLa ($143.18{\pm}13.35 {\mu}g/mL$) and SiHa cells ($106.45{\pm}15.73{\mu}g/mL$). C-33A cells were inhibited by CWE ($IC50=130.95{\pm}3.83{\mu}g/mL$). Conclusions: There were several phenolic compounds in Teawdang extracts which may have cytotoxic effects on cervical cancer cell lines. Investigation of these bioactive compounds as new sources of anticancer agents is recommended.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.961-974
• /
• 2015

With the advancement of SIEM from ESM, it allows deep correlated analysis using huge amount of data. By collecting software's vulnerabilities from assessment with certain classification measures (e.g., CWE), it can improve detection rate effectively, and respond to software's vulnerabilities by analyzing big data. In the phase of monitoring and vulnerability diagnosis Process, it not only detects predefined threats, but also vulnerabilities of software in each resources could promptly be applied by sharing CCE, CPE, CVE and CVSS information. This abstract proposes a model for effective detection and response of software vulnerabilities and describes effective outcomes of the model application.