• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.709-722
• /
• 2022

The recent "Log4j Security Vulnerability Incident" has occurred, and the information system that uses the open source "Log4J" has been exposed to vulnerabilities. The incident brought great vulnerabilities in the information systems of South Korea's major government agencies or companies and global information systems, causing problems with open source vulnerabilities. Despite the advantages of many advantages, the current development paradigm, which is developed using open source, can easily spread software security vulnerabilities, ensuring open source safety and reliability. You need to check the open source. However, open source vulnerability scan tools have various languages and functions. Therefore, the existing software evaluation criteria are ambiguous and it is difficult to evaluate advantages and weaknesses, so this paper has developed a new evaluation criteria for the vulnerability analysis tools of open source

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.4
• /
• pp.785-790
• /
• 2017

Network scanning tools typically use port scans to steal information from network terminals and identify vulnerabilities. In particular, Shodan and Censys use a network scanning tool to gather a wide range of terminal information, store it in their database and provide it to the users. In order to prevent such information gathering, it is required to know the scanning methods of Shodan and Censys. However, the scanning model used by Shodan and Censys is not known exactly. Therefore, this paper estimates scanning models of Shodan and Censys and analyzes the performance of each models.