• 한국HCI학회:학술대회논문집
• /
• 2009.02a
• /
• pp.654-659
• /
• 2009

As web based software has developed recently, service via web has increased gradually. For this, many research organizations and reports call web is the platform of software. While web based technologies have developed, middleware of WSN and its application service has been developed from desktop based operation system. So WSN's technology reached uppermost limit of desktop application. There's difficulty in integrating, distributing and maintaining & repairing for WSN due to a tightly-coupled structure which's related closely to the hardware of sensor nod. Unlike this, web has a loosely-coupled structure and an opened system, so web service or Rich internet application (RIA) is helpful to solve the above limits. Especially, RIA is web application but can be the platform of WSN' application because it gives us various methods to communicate with user interface similar to desktop application. In this study, I suggest Message System for WSN Using RIA, expanding WSN's interconnectedness and accessibility to internet.

• Journal of Advanced Navigation Technology
• /
• v.22 no.5
• /
• pp.456-461
• /
• 2018

Until the 4th Industrial Revolution fused the Web with diverse technologies, the only factor in evaluating the performance of a Web application was the loading speed of the Web application. Therefore, most existing Web application performance analysis tools focus on the speed at which Web applications run in a Web browser. However, the web is now being used not only in a simple web browser but also in a variety of services. So, in addition to simple speed, there are more elements to be checked to evaluate web applications. Therefore, in this paper, we design a server to perform web application performance analysis considering progressive web app, accessibility, best practice, and search engine optimization as well as the above mentioned speed. Also, we realize a REST API based server that can provide web application performance services without being affected by user's devices or environment.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.19-26
• /
• 2006

Recently, web server hacking is trending toward web application hacking which uses comparatively vulnerable web applications based on open sources. And, it is possible to hack databases using web interfaces because web servers are usually connected databases. Web application attacks use vulnerabilities not in web server itself, but in web application structure, logical error and code error. It is difficult to defend web applications from various attacks by only using pattern matching detection method and code modification. In this paper, we propose a method to secure the web applications based on profiling which can detect and filter out abnormal web application requests.

• The Journal of Society for e-Business Studies
• /
• v.6 no.3
• /
• pp.209-225
• /
• 2001

This paper Proposes the individual roles for developing small web application systems based on the Client/Server architecture with the activities and artifacts of each role and cooperation. The roles of Web Server part (i.e. User Interface Designer, Web Designer, HTML Writer), the roles of Application Server part (i.e. Domain Expert, Application Developer, Tester) and the roles of DB Server part (i.e. Database Administrator, Data Designer) are described. Furthermore, the role of the Development Leader that participates in development and manages all works in project and finds the solutions of problems in project, is also discussed. The Domain Expert analyzes the domain of the application in order to send the artifacts to the Application Developer. Then the Application Developer analyzes, designs and implements the application based on the artifacts of the Domain Expert and integrates the implemented program modules. Roles are related each other in this way, and cooperate until the application development is completed. Finally, we analyzed and compared these roles with the roles of RUP(Rational Unified process) and web wave. Suggested roles in this paper turned out to be efficient compared to the roles of the existing large-scale methodology.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.11-20
• /
• 2003

Now a days the threatenings of using internet web system's vulnerability are rapidly increasing. To protect the threat we introduce the sorts of threats and present the verification method of web application security.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.6
• /
• pp.153-161
• /
• 2012

In this empirical study at the Web environment based on the frequency distribution of the cyclomatic complexity number of the application, the relevance of the threshold has been analyzed with the next two assumptions. The upper bound established by McCabe in the procedural programming equals 10 and the upper bound established by Lopez in the Java programming equals 5. Which numerical value can be adapted to Web application contexts? In order to answer this 10 web site projects have been collected and a sample of more than 4,000 ASP files has been measured. After analyzing the frequency distribution of the cyclomatic complexity of the Web application, experiment result is that more than 90% of Web application have a complexity less than 50 and also 50 is proposed as threshold of Web application. Web application has the complex architecture with Server, Client and HTML, and the HTML side has the high complexity 35~40. The reason of high complexity is that HTML program is usually made of menu type for home page or site map, and the relevance of that has been explained. In the near future we need to find out if there exist some hidden properties of the Web application architecture related to complexity.

• The KIPS Transactions:PartD
• /
• v.9D no.3
• /
• pp.447-456
• /
• 2002

Web applications haute different structural characteristics from conventional applications. A web application typically consists of server-side script elements which run on web sowers, client-side script elements which run on the client web-browser, link elements that the user clicks, and event elements that connect user-triggered request to the client script elements. These four elements are combined to form a web application. In such environments, direct application of conventional methods for measuring application complexity may not be possible, because they are primarily designed to measure complexity of modules and classes. In this paper, therefore, we propose metrics of Cyclomatic Complexity for Web Application (CCWA). We developed a tool to measure such metrics and applied it to the real-world examples. We found that the proposed CCWA metrics can be used for measuring complexity of highly complex web applications, which is not possible with conventional module and class based measurement techniques.

• ETRI Journal
• /
• v.42 no.3
• /
• pp.433-445
• /
• 2020

A denial-of-service (DoS) attack is a serious attack that targets web applications. According to Imperva, DoS attacks in the application layer comprise 60% of all the DoS attacks. Nowadays, attacks have grown into application- and business-layer attacks, and vulnerability-analysis tools are unable to detect business-layer vulnerabilities (logic-related vulnerabilities). This paper presents the business-layer dynamic application security tester (BLDAST) as a dynamic, black-box vulnerability-analysis approach to identify the business-logic vulnerabilities of a web application against DoS attacks. BLDAST evaluates the resiliency of web applications by detecting vulnerable business processes. The evaluation of six widely used web applications shows that BLDAST can detect the vulnerabilities with 100% accuracy. BLDAST detected 30 vulnerabilities in the selected web applications; more than half of the detected vulnerabilities were new and unknown. Furthermore, the precision of BLDAST for detecting the business processes is shown to be 94%, while the generated user navigation graph is improved by 62.8% because of the detection of similar web pages.

• The Transactions of the Korean Institute of Electrical Engineers A
• /
• v.53 no.6
• /
• pp.324-333
• /
• 2004

This paper discusses the development of an educational web-based power flow program for undergraduate students. The interaction between lectures and users can be much enhanced via the web-based programs which result in the student's learning effectiveness on the power flow problem. However the difficulties for developing web-based application programs are that there can be the numerous unspecified users to access the application programs. To overcome the aforementioned multi-users problem and to develope the educational web-based power flow program, we have revised the system architecture, the modeling of application programs, and database which efficiently and effectively manages the complex data sets related to the power flow analysis program. The developed application program is composed of the physical three tiers where the middle tier is logically divided into two kinds of application programs. The divided application programs are interconnected by using the Web-service based on XML (Extended Markup Technology) and HTTP (Hyper Text Transfer Protocol) which make it possible the distributed computing technology Also, this paper describes the method of database modeling to handle effectively when the numerous users change the parameters of the power system to compare the results of the base case.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.97-116
• /
• 2003

Frequency of attacks on web services and the resulting damage continue to grow as web services become popular. Techniques used in web service attacks are usually different from traditional network intrusion techniques, and techniques to protect web services are badly needed. Unfortunately, conventional intrusion detection systems (IDS), especially those based on known attack signatures, are inadequate in providing reasonable degree of security to web services. An application-level IDS, tailored to web services, is needed to overcome such limitations. The first step in developing web application IDS is to analyze known attacks on web services and characterize them so that anomaly-based intrusion defection becomes possible. In this paper, we classified known attack techniques to web services by analyzing causes, locations where such attack can be easily detected, and the potential risks.