• The Journal of Industrial Distribution & Business
• /
• v.9 no.7
• /
• pp.61-70
• /
• 2018

Purpose - The purpose of this research is reflected on the rapid development of online tourism industries. The study was to establish the strategy for Korean tourism enterprises to develop tourist commodities suitable for Chinese tourists and attract them to visit Korea by the empirical analysis of the relation between repurchase intention of tourists and its premise variables (e-service quality, perceived value and satisfaction). Research design, data, and methodology - This research carried out a questionnaire survey on Chinese tourists who visited Korea with experience of using the online travel agency web sites. A total 398 answers were recovered, 41 of them were excluded due to the dishonest answers and 357 of them were finally analyzed. The data was analyzed with IBM SPSS AMOS 22.0. Results - The research results show that in the online travel agency web site e-service quality, convenience, interactivity, information validity, credibility had a positive impacts on perceived value and satisfaction. The perceived value of online travel agency website users has positive impart on satisfaction and repurchase intention. Satisfaction of online travel agency web site users have positive impacts on repurchase intention. But safety has no impact on perceived value while positive impacts on satisfaction was affected. Conclusions - First, in the online travel agency web site e-service quality, safety has no impact on perceived value while it was shown to have positive impacts on satisfaction because the users of online travel agency web sites believe that the protection of personal information, the defense of cracker and the safeguard of payment security are the basic premises of website operation. Although safety does not have impacts on perceived value, users benefits will suffer damage when hacker intrusion and other accidents occur so that online travel agency web sites should not ignore the security concerns. Second, credibility is a major concern for online travel agency web site users. At this time, it is necessary for the web site to establish a system to display both the commodity information and the using experience published on the user's SNS, thus improving the credibility of the website information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.10
• /
• pp.3750-3770
• /
• 2021

This study investigates open-source dynamic XSS filters used as security devices in web applications to account for the effectiveness of filters in protecting against XSS attacks. The experiment involves twelve representative filters, which are examined individually by placing them into the final output function of a custom-built single-input-form web application. To assess the effectiveness of the filters in their tasks of sanitizing XSS payloads and in preserving benign payloads, a black-box testing method is applied using an automated XSS testing framework. The result in working with malicious and benign payloads shows an important trade-off in the filters' tasks. Because the filters that only check for dangerous or safe elements, they seem to neglect to validate their values. As some safe values are mistreated as dangerous elements, their benign payload function is lost in the way. For the filters to be more effective, it is suggested that they should be able to validate the respective values of malicious and benign payloads; thus, minimizing the trade-off. This particular assessment of XSS filters provides important insight regarding the filters that can be used to mitigate threats, including the possible configurations to improve them in handling both malicious and benign payloads.

• Journal of the Korea Society for Simulation
• /
• v.19 no.3
• /
• pp.99-108
• /
• 2010

The main contents of this paper is to develope effective measures for Internet Web service attack, classifying vulnerability of Web Service by network layer and host unit and researching classification method by attack range of type of services. Using this paper, we can accumulate analyzed Web service attack information which is key information of promote Web security strengthening business, and basis of relevant security research for detect and response Web site attack which can contribute to activation information security industry.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.220-223
• /
• 2017

세계적인 웹 어플리케이션 취약점을 다루는 OWASP(The Open Wed Application Security Project) TOP 10 [1]에 따르면 빈도가 높고 영향이 큰 취약점들은 모두 철저한 웹 보안 코드를 작성하면 어느 정도 예방할 수 있다는 결론이 나왔다. 이에 따라 최근 국내에서 일어난 웹 사이트의 취약점 사례를 알아보고 그 대응법에 대하여 분석한 후, 직접 개발한 웹 사이트에 웹 보안 코드를 적용할 수 있도록 하였다. 또한, 소프트웨어 공학자를 위한 java 시큐어코딩 가이드를 숙지하여 웹 개발 시 보안 유지를 강화하였다.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.622-627
• /
• 2003

The existing remote control system have some inherent disadvantage of direct control in the limit range. In some special cases, for example, a power apparatus, an unmanned factory, a nuclear factory, a security management system, the tele-operation is needed to control remote robot without limit space. This field is based on the Internet communication. Because the Internet is constructed all over the world. And it is possible that we control remote mobile robot in the long distance. In this paper, we developed a remote control system. This system is divided into two primary parts. These are local site and remote site. There are the moving robot and web server in the remote site and there is the robot control device in local site. The moving robot is moved by two stepper motors and the robot control device consists of SA-1100 micro controller and embedded Linux. And this controller is an embedded system. Public personal computer which is connected the Internet is used for the web server. The web server provides the mobile robot control interface program to the remote controller and captures the image for feedback information. In the whole system, a robot control device is connected with moving robot and web server through the Internet. So the operator can control the moving robot in the distance through the Internet.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.99-106
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.308-315
• /
• 2016

With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly vital as social Internet services such as blogs, photo sharing, and social networks. With this increased cross-site media sharing, there is a upscale of security implications and hence the need to formulate security protocols and considerations. Recently, OAuth, a new protocol for establishing identity management standards across services, is provided as an alternative way to share the user names and passwords, and expose personal information to attacks against on-line data and identities. Moreover, OwnCloud provides an enterprise file synchronizing and sharing that is hosted on user's data center, on user's servers, using user's storage. We propose a secure Social Networking Site (SSN) access based on OAuth implementation by combining two novel concepts of OAuth and OwnCloud. Security analysis and performance evaluation are given to validate the proposed scheme.

• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.125-142
• /
• 2021

Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2004.04a
• /
• pp.427-433
• /
• 2004

Information is increasing continuously in on-line, it is real condition that inaccurate informations are mass-produced but effort to keep accuracy of these informations is lacking. Already, research about government official of information in World Wide Web is consisting of various method and viewpoint, but problem for the importance of correct information offer and offer of mistake information in World Wide Web about specification target and administration way presentation are no research reward yet and system that can keep accuracy of information is not equiped properly. ss and accuracy whether mistake information in harbor and bay connection web site's administration influences how in authoritativeness security of site and present condition information of harbor and bay and operation information. In this study, we wish to present administration way about mistake informations that is required that recognize problem of mistake information and the administration's importance in on-line in this research, and supply phenomenon information in Web site. We made the right definition about mistake of information through priority literature investigation and virtued research for this, and sorted mistake information in type. And we investigated Pusan port connection information and offered present condition in on-line and research on actual state of mistake information offer and analysis. Reflecting type and special quality of examined mistake informations, We want to make people recognize the importance af freshness and accuracy whether mistake information in harbor and bay connection web site's administration influences how in authoritativeness security of site and present condition information of harbor and bay and operation information.