• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.9 no.4
• /
• pp.109-114
• /
• 2009

Recently, web 2.0 is becoming issue can provide a web based services and the technology is developing rapidly. In addition a variety of platforms on the web and SDK(Software Development Kit) is available from various aspects, web services, a trend that is rapidly growing user. But the development of security systems cannot follow the speed and These weaknesses are provided in the Web service by using illegal methods of information acquisition. Therefore, in this paper, we analyzed information for checking a variety of illegal access on Web services. Also, we designed and implemented Web Service-Hacking Pattern Recognition System for which warns the dangerous fact that as recognized hacking through comparisons the hacking patterns which have classified from the hacking method of existing system.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.19-26
• /
• 2006

Recently, web server hacking is trending toward web application hacking which uses comparatively vulnerable web applications based on open sources. And, it is possible to hack databases using web interfaces because web servers are usually connected databases. Web application attacks use vulnerabilities not in web server itself, but in web application structure, logical error and code error. It is difficult to defend web applications from various attacks by only using pattern matching detection method and code modification. In this paper, we propose a method to secure the web applications based on profiling which can detect and filter out abnormal web application requests.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.3
• /
• pp.111-118
• /
• 2023

Cyber attacks are increasing worldwide, and attacks on personal privacy such as CCTV and IP camera hacking are also increasing. If you search for IP camera hacking methods in spaces such as YouTube, SNS, and the dark web, you can easily get data and hacking programs are also on sale. If you use an IP camera that has vulnerabilities used by hacking programs, you easily get hacked even if you change your password regularly or use a complex password including special characters, uppercase and lowercase letters, and numbers. Although news and media have raised concerns about the security of IP cameras and suggested measures to prevent damage, hacking incidents continue to occur. In order to prevent such hacking damage, it is necessary to identify the cause of the hacking incident and take concrete measures. First, we analyzed weak account settings and web server vulnerabilities of IP cameras, which are the causes of IP camera hacking, and suggested solutions. In addition, as a specific countermeasure against hacking, it is proposed to add a function to receive a notification when an IP camera is connected and a function to save the connection history. If there is such a function, the fact of damage can be recognized immediately, and important data can be left in arresting criminals. Therefore, in this paper, we propose a method to increase the safety from hacking by using the connection notification function and logging function of the IP camera.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.1
• /
• pp.61-71
• /
• 2017

ARP Spoofing is a basic and core hacking technology for almost all sniffing. It makes change the flow of packets by faking the 2nd layer MAC address. In this paper we suggested an efficient hacking technology for sniffing remote servers in the switched network environment. The suggested 'Faked ARP Reply Unicast Spoofing' makes the bidirectional packets sniffing possible between the client and server, and it makes simplify the procedures for ARP sniffing and hacking program. In this paper we researched the network hacking and implementation technologies based on the suggested ARP spoofing. And we researched various types of servers hacking such as Root ID and PW of Telnet/FTP server, Root ID and PW of MySQL DB server, ID and PW of Web Portal Server, and account information and transaction history of Web Banking Server. And also we researched the implementation techniques of core hacking programs for the ARP Spoofing.

• The Journal of the Korea Contents Association
• /
• v.8 no.5
• /
• pp.9-18
• /
• 2008

Web-services have originally been devised to share information as open services. In connection with it, hacking incidents have surged. Currently, Web-log analysis plays a crucial clue role in detecting Web-hacking. A growing number of cases are really related to perceiving and improving the weakness of Web-services based on Web-log analysis. Such as this, Web-log analysis plays a central role in finding out problems that Web has. Hence, Our research thesis suggests Web-DoS-hacking detective technique In the process of detecting such problems through SOM algorithm, the emergence frequency of BMU(Best Matching Unit) was studied, assuming the unit with the highest emergence frequency, as abnormal, and the problem- detection technique was recommended through the comparison of what's called BMU as input data.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.83-89
• /
• 2013

When applying web hacking techniques and methods it needs to configure the integrated step-by-step and run an information security. Web hackings rely upon only one way to respond to any security holes that can cause a lot. In this study the diagnostic process of cross-site scripting attacks and web hacking response procedures are designed. Response system is a framework for configuring and running a step-by-step information security. Step response model of the structure of the system design phase, measures, operational step, the steps in the method used. It is designed to secure efficiency of design phase of the system development life cycle, and combines the way in secure coding. In the use user's step, the security implementation tasks to organize the details. The methodology to be applied to the practice field if necessary, a comprehensive approach in the field can be used as a model methodology.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.9
• /
• pp.1011-1018
• /
• 2014

Because of the proliferation of web services through web site, web hacking attempts are increasing using vulnerabilities of the web application. In order to improve the security of web applications, we have to find vulnerabilities in web applications and then have to remove. This paper addresses a vulnerability in a web application on existing problems and analyze and propose solutions to the vulnerability. This paper have checked the stability of existing web security solutions and evaluated its suitability through analysis of vulnerability. Also, we have implemented the vulnerability analysis tools for web Proxy system and proposed methods to optimize for resolution of web vulnerabilities.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.4 no.3
• /
• pp.33-43
• /
• 2008

As internet is spreaded widely, the number of cyber terror using hacking and virus is increased. Also the hacking to the internet shopping mall go on increasing. If the large shopping mall is attacked by the hacker, a number of user's information are exposed to the hacker. The private information as like a resident registration number, user's real name, the date of user's birth, the mobile phone number, the office phone number / address, the home phone number / address and so on include the information. These information are used in the phishing e-mails / call and spam. And them are selling and buying maliciously. The large internet shopping mall 'auction' was hacked in April, 2008. After the incident, this paper suggested a countermeasures on the hacking for the internet shopping mall. The technical item and political item are included among the countermeasures. The countermeasures can protect the hacking not only the internet shopping mall but also the web sites basically.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.85-92
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• The Journal of the Korea Contents Association
• /
• v.22 no.2
• /
• pp.71-79
• /
• 2022

Currently, even if control and mock hacking are performed for the security of web servers, vulnerabilities continue to occur and be hacked. To solve this problem, we have developed a secure web server that can control all web communication using sockets between L4 and L5. And when giving HTTP responses, we proposed a method of combining files and headers in advance. As a result, both security and speed could be improved. Therefore, in this paper, we proposed the reason why vulnerabilities occur even if control and mock hacking occur, a solution to it, and a security web server development method that can maintain security up to DB.