• Title/Summary/Keyword: web security

Search Result 1,097, Processing Time 0.029 seconds

Proposal for Designing and Building a Special Purpose Web Server with Enhanced Security (보안이 강화된 특수목적용 웹서버 설계 및 구축 제안)

  • Hong, Seong-Rak;Jo, In-June
    • The Journal of the Korea Contents Association
    • /
    • v.22 no.2
    • /
    • pp.71-79
    • /
    • 2022
  • Currently, even if control and mock hacking are performed for the security of web servers, vulnerabilities continue to occur and be hacked. To solve this problem, we have developed a secure web server that can control all web communication using sockets between L4 and L5. And when giving HTTP responses, we proposed a method of combining files and headers in advance. As a result, both security and speed could be improved. Therefore, in this paper, we proposed the reason why vulnerabilities occur even if control and mock hacking occur, a solution to it, and a security web server development method that can maintain security up to DB.

A Study on Web Security using NC Cipher System (NC 암호시스템을 이용한 웹 보안에 관한 연구)

  • 서장원;전문석
    • Proceedings of the IEEK Conference
    • /
    • 2000.11c
    • /
    • pp.55-58
    • /
    • 2000
  • EC, which is done the virtual space through Web, has weakly like security problem because anybody can easily access to the system due to open network attribute of Web. Therefore, we need the solutions that protect the Web security for safe and useful EC. One of these solutions is the implementation of a strong cipher system. NC(Nonpolynomial Complete) cipher system proposed in this paper is advantage for the Web security and it overcomes the limit of the 64 bits cipher system using 128 bits key length for input, output, encryption key and 16 rounds. Moreover, it is designed for the increase of time complexity by adapted more complex design for key scheduling regarded as one of the important element effected to encryption.

  • PDF

Design and Implementation of ACM-based Web Security Access Control System for Intranet Security (인트라넷 보안을 위한 ACM기반 웹 보안 접근 제어 시스템의 설계 및 구현)

  • Cho Nam-Deok;Park Hyun-Gun
    • The KIPS Transactions:PartC
    • /
    • v.12C no.5 s.101
    • /
    • pp.643-648
    • /
    • 2005
  • Intranet system for use within an organization, usually a corporation, is to basically pass through user authentication, but information can be leaked, modified, and deleted by malevolent users who disguise an authorized user or due to user's mistakes in using various functions of web browser. Thus, there is a need for measures to protect the information from illegal use, transformation through partial modification, and illegal leakage such as fraudulent use. This paper presents a flexible Web Security Access Control system based ACM which Provide efficient suity Policy to Protect information in intranet. This Web Security Access Control system not only enhances security by Performing encryption/decryption of information in intranet but also, for sharing confidential information among departments, performs effective and useful access control by assigning different authority to the secured web page. And, by controlling the functions of client PC in various ways, information leakage on malicious purpose or by mistake can be prevented.

An RDF Ontology Access Control Model based on Relational Database (관계형 데이타베이스 기반의 RDF 온톨로지 접근 제어 모델)

  • Jeong, Dong-Won
    • Journal of KIISE:Databases
    • /
    • v.35 no.2
    • /
    • pp.155-168
    • /
    • 2008
  • This paper proposes a relational security model-based RDF Web ontology access control model. The Semantic Web is recognized as a next generation Web and RDF is a Web ontology description language to realize the Semantic Web. Much effort has been on the RDF and most research has been focused on the editor, storage, and inference engine. However, little attention has been given to the security issue, which is one of the most important requirements for information systems. Even though several researches on the RDF ontology security have been proposed, they have overhead to load all relevant data to memory and neglect the situation that most ontology storages are being developed based on relational database. This paper proposes a novel RDF Web ontology security model based on relational database to resolve the issues. The proposed security model provides high practicality and usability, and also we can easily make it stable owing to the stability of the relational database security model.

A Study of Web Application Security Quality Architecture Management Process referenced ISO/IEC9000 Model (ISO/IEC9000모델을 참조한 웹 애플리케이션 보안품질 관리체계 설계)

  • Kim, Jeom-Goo;Noh, Si-Choon;Lee, Do-Hyeon
    • Convergence Security Journal
    • /
    • v.12 no.3
    • /
    • pp.11-17
    • /
    • 2012
  • According to ISO/IEC 9000, quality to satisfy users' requirements when using the product or service is defined as the characteristics of the synthesized concept. Secure web application coding information systems with the reliability and quality of service is one of the determining factor. Secure coding in order to achieve the quality based on the model is necessary. The reason is that the security is in quality properties in the range of non-functional requirements that necessitates. Secure coding for the design of quality systems based on the quality of the definition of quality attributes, quality requirements, quality attribute scenarios are defined, and must be set. To this end, referring to IEEE 1061 quality model for web application, quality model structure is developed. Secure web application architecture design is composed of coding quality of the model systems, web applications draw interest to stakeholders, decision drivers secure coding architecture, quality attributes, eliciting quality requirements of the security settings, creating web application architecture descriptions and security framework.

Threat Diagnosis and Security Verification of Services Using Server-Side Browsers (서버 측 브라우저를 활용한 서비스들의 보안 위협 진단 및 안전성 검증)

  • Min-sang Lee;Hyoung-kee Choi
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.693-706
    • /
    • 2024
  • The browser is utilized to render web pages in programs that perform tasks such as data extraction, format conversion, and development testing on web pages. Online services that utilize browsers can cause security issues if browser information is exposed or used in an unsafe manner. This paper presents security requirements for the safe use of browsers and explains the security threats that arise if these requirements are not met. Through evaluation, the security verification of commercial web applications is conducted, and the vulnerabilities that allow browsers to be exploited as attack tools are analyzed.

A Study of Web Application Attack Detection extended ESM Agent (통합보안관리 에이전트를 확장한 웹 어플리케이션 공격 탐지 연구)

  • Kim, Sung-Rak
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.1 s.45
    • /
    • pp.161-168
    • /
    • 2007
  • Web attack uses structural, logical and coding error or web application rather than vulnerability to Web server itself. According to the Open Web Application Security Project (OWASP) published about ten types of the web application vulnerability to show the causes of hacking, the risk of hacking and the severity of damage are well known. The detection ability and response is important to deal with web hacking. Filtering methods like pattern matching and code modification are used for defense but these methods can not detect new types of attacks. Also though the security unit product like IDS or web application firewall can be used, these require a lot of money and efforts to operate and maintain, and security unit product is likely to generate false positive detection. In this research profiling method that attracts the structure of web application and the attributes of input parameters such as types and length is used, and by installing structural database of web application in advance it is possible that the lack of the validation of user input value check and the verification and attack detection is solved through using profiling identifier of database against illegal request. Integral security management system has been used in most institutes. Therefore even if additional unit security product is not applied, attacks against the web application will be able to be detected by showing the model, which the security monitoring log gathering agent of the integral security management system and the function of the detection of web application attack are combined.

  • PDF

A Discovery System of Malicious Javascript URLs hidden in Web Source Code Files

  • Park, Hweerang;Cho, Sang-Il;Park, Jungkyu;Cho, Youngho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.5
    • /
    • pp.27-33
    • /
    • 2019
  • One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

A Method for Tracing Internet Usage in Multi-use Web browser Environment and Non-English Speaking Countries (웹 브라우저 다중 사용 환경과 비영어권 국가에서의 인터넷 사용흔적 조사 방법)

  • Lee, Seung-Bong;Lee, Sang-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.5
    • /
    • pp.125-132
    • /
    • 2010
  • Web browser is essential application for using internet. If suspect use a web browser for crime, evidence related crime is stored in log file. Therefore, we obtain the useful information related crime as investigating web browser log file. In this paper, we look at the related work and tools for web browser log file. And we introduce analysis methodology of web browser log file focus on the digital forensics. In addition, we apply to our tool at real case.

A study on Seamless Security Connection of Web Services for Mobile Environment (모바일 환경을 위한 웹 서비스의 무단절 보안 연결에 관한 연구)

  • Kim, Yong-Tae;Jeong, Yoon-Su;Park, Gil-Cheol
    • Convergence Security Journal
    • /
    • v.8 no.3
    • /
    • pp.41-49
    • /
    • 2008
  • Other server based-application and the need of more complex interaction is required with functional strengthening and variational uses of mobile device. And mobile environments make a problem of continuous of web-service by making a problem of instance cutting between web-server and mobile device which acts as a client because of mobility. Therefore, this paper embodies a framework which keeps security and connectivity between HTTP based web-service and mobile device, and is for connection to web-service of mobile device which uses WAP in a standard protocol based mobile environment of mobile web-service for continuous web-service. This paper is analyzed in the same standard condition to compared functional delay which is based on HTTP and WAP access, and data transmission volume. Also it investigates improvement of execution overhead which is brought by interaction process.

  • PDF