원문정보
초록
영어
For web application vulnerability diagnosis, from the development stage to the operation stage, it is possible to stably operate the web only when there is a policy that is commonly applied to each task through diagnosis of vulnerabilities, removal of vulnerabilities, and rapid recovery from web page damage. KISA presents 28 evaluation items for technical vulnerability analysis of major information and communication infrastructure. In this paper, we diagnose the vulnerabilities in the automobile goods shopping mall website and suggest security measures according to the vulnerabilities. As a result of diagnosing 28 items, major vulnerabilities were found in three items: cross-site scripting, cross-site request tampering, and insufficient session expiration. Cookie values were exposed on the bulletin board, and personal information was exposed in the parameter values related to passwords when personal information was edited. Also, since the session end time is not set, it was confirmed that session reuse is always possible. By suggesting security measures according to these vulnerabilities, the discovered security threats were eliminated, and it was possible to prevent breaches in web applications and secure the stability of web services.
목차
1. Introduction
2. Related Work
2.1 Web vulnerability analysis evaluation items
2.2 Cross-site scripting
2.3 Cross-site request tampering
2.4 Insufficient session expiration
3. Web Vulnerability Diagnosis
3.1 Cross-site scripting diagnosis
3.2 Diagnosis of cross-site request tampering
3.3 Diagnosis of insufficient session expiration
4. Security Measures for Vulnerability
4.1 Security measures of cross-site scripting
4.2 Security measures of cross-site request tampering
4.3 Security measures of insufficient session expiration
5. Conclusion
REFERENCES