• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.618-620
• /
• 1998

Web보안 기능 중에서 가장 기본적이면서 중요한 보안 기능은 데이터의 암호 및 복호이다. 본 과제는 인터넷 web browser(Netscape Communicator 또는 Navigator)기능에 보안 모듈을 이용한 자료 및 문서 암호 기능을 통해서 안심하고 web page를 사용할 수 있는 시스템을 제공한다. 보안 모듈을 사용하지 않는 일반적인 web데이터 전송환경에는 SSL 프로토콜을 이용하여 web데이터 전송을 수행한다. 서버가 보안 모듈을 가지고 있는 경우는 web을 통해서 주고받는 데이터에 대해서 보안 모듈 내에 존재하는 암호 및 복호하는 알고리즘을 사용한다. 이런 방식을 사용할 경우에 일반적으로 많이 사용하는 DES알고리즘의 사용으로 쉽게 구현이 가능하다. 그러나 이러한 보안 모듈이 상호 연동해서 동작되기 때문에 이 모듈이 없이는 웹 상에 원하는 자료에의 접근이 불가능하다. 또한 이 방식은 기존의 방식이 갖는 보안 기능의 공개성 문제점을 극복하면서 안전한 보안 웹 환경을 제공해준다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.765-768
• /
• 2007

In this paper, the security evaluation method about mobile web services message is suggested in the method for improving the safety an reliability about the mobile web services message. In order that the goal of this paper is accomplished, the security threat and the security vulnerability which can be occurred in the mobile web services message are defined. The evaluation method for performing the security evaluation about the mobile web services message is defined. Also, the requirements for the mobile web services message security evaluation are defined. Finally, the evaluation framework for performing the mobile web services message security evaluation is constituted, and the evaluation scenario example is suggested. By using the mobile web services message security evaluation defined in the paper, before the mobile web services is deployed, the security threats and security vulnerability can be verified. Also, the countermeasure for the security threat and security vulnerability discovered in the verification result can be prepared. Therefore, the sorority and reliability about the mobile web services can be improved.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.11-20
• /
• 2003

Now a days the threatenings of using internet web system's vulnerability are rapidly increasing. To protect the threat we introduce the sorts of threats and present the verification method of web application security.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.61-70
• /
• 2004

Web service technology will be used in various business fields and it will affect business paradigms. But, however, there is no standard so far and we have many problems to be solved in order to insure interoperability and security. Especially we have to solve Web service security for effective utilization of the technology and otherwise, the technology will not be used in the business field. We, therefore, need to develope security technology which fits to the Web service characteristics. This document describes a proposed strategy for addressing security within a Web service environment based on the results of analysis on the Web service security problems.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.71-76
• /
• 2012

As the use of Mashups, web3.0, JavaScript and AJAX(Asynchronous JavaScript XML) widely increases, the new security threats for web vulnerability also increases when the web application services are provided. In order to previously diagnose the vulnerability and prepare the threats, in this paper, the classification of security threats and requirements are presented, and the web vulnerability is analyzed for the domestic web sites using WVS(Web Vulnerability Scanner) automatic evaluation tool. From the results of vulnerability such as XSS(Cross Site Scripting) and SQL Injection, the total alerts are distributed from 0 to 31,177, mean of 411, and standard deviation of 2,563. The results also show that the web sites of 22.5% for total web sites has web vulnerability, and the previous defenses for the security threats are required.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.85-92
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• Journal of Digital Convergence
• /
• v.15 no.5
• /
• pp.197-205
• /
• 2017

To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.635-644
• /
• 2002

We propose the PBSM(Protocol-Based Security Module) system which guarantees the secure data transmission under web environments. There are two modules in the PBSM architecture. One is Web Server Security Module(WSSM) which is working on a web server, the other is the Winsock Client Security Module(WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server. The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption function for HTML file and the decryption function for CGI(Common Gateway Interface). The formal analysis methodology is imported from format theory for analyzing the data flow of the PBSM system. The formal analysis methodology is based on the order theory.

• Journal of KIISE:Software and Applications
• /
• v.32 no.12
• /
• pp.1238-1246
• /
• 2005

This thesis is written with web security module for safe data transmission between heterogeneous systems(ex. OS). Web system has allowed users to have great convenience and a lot of information. Though web service business has been progressed much, because of the limitation of it's own system, lots of loss, derived from data spillage which is the weakest point of security, has also followed. Suggested security module is realized by two module. One for server security module for web server, the other is client security module for client. The security structure, suggested on this thesis guarantee safe data transmission by only simple installation of modules in clients and servers. for speed sensitive transmission between web server and browser, Triple-DES, symmetric encryption system suitable for fast encryption communication, is adapted. To solve problems caused from key management, Diffie-Hellman's key exchange algorithm is adapted. By this method, all symmetric encryption troubles from key distribution and management, speed could be work out a solution. And Diffie-Hellman type algorithm secures Authentication for safe data Protection.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.31-37
• /
• 2010

The risks and threats in IT security systems to protect, prevent damage and Risk should be minimized. Context of information security products such as information processing, storage, delivery, and in the process of information system security standards, That is the basic confidentiality, availability, integrity and secondary clarity, potential evidence, detection, warning and defense capabilities, to ensure sufficient and should be. Web services are the most important elements in the security, the web nature of port 80 for the service to keep the door open as a structure, Web applications, web sources and servers, networks, and to hold all the elements are fundamental weaknesses. Accordingly, these elements through a set of Web application development errors and set-up errors and vulnerabilities in Web applications using their own home pages and web servers to prevent hacking and to improve the efficiency of Web services is proposed methodology performs security BMT.