A Study of Web Hacking Response Procedures Model based on Diagnosis Studies for Cross-Site Scripting (XSS)Process

Cross-Site Scripting(XSS) 프로세스 진단을 기반으로 한 웹 해킹 대응절차 모델 연구

  • 노시춘 (남서울대학교 컴퓨터학과)
  • Received : 2013.12.01
  • Accepted : 2013.12.11
  • Published : 2013.12.30

Abstract

When applying web hacking techniques and methods it needs to configure the integrated step-by-step and run an information security. Web hackings rely upon only one way to respond to any security holes that can cause a lot. In this study the diagnostic process of cross-site scripting attacks and web hacking response procedures are designed. Response system is a framework for configuring and running a step-by-step information security. Step response model of the structure of the system design phase, measures, operational step, the steps in the method used. It is designed to secure efficiency of design phase of the system development life cycle, and combines the way in secure coding. In the use user's step, the security implementation tasks to organize the details. The methodology to be applied to the practice field if necessary, a comprehensive approach in the field can be used as a model methodology.

References

  1. David Gourley and Brian Totty, "HTTP: The Definitive Guide", O'Reilly Media, 2002.
  2. Jeom goo Kim . SiChoon Noh,A Study of Step-by-step Countermeasures Model through Analysis of SQL Injection Attacks Code, Mar.2012.
  3. Stepen Cost, An Introduction to SQL Injection Attacks, for Oracle develops, 2007.3
  4. David Gourley and Brian Totty, "HTTP: The Definitive Guide", O'Reilly Media, 2002.
  5. http://www.owasp.org/index.php/Cross-Site _Request_Forgery
  6. OWASP, CSRF Guard, http://www.owasp.org/index.php/CSRF_Guard
  7. J. K. Kwon, S. Park and D. K. Sung, "Log-likelihood ratio(LLR) conversion schemes in orthogonal code hopping multiplexing," IEEE Comm. Letters, vol. 7, no. 3, pp. 104-106, Mar. 2003. https://doi.org/10.1109/LCOMM.2003.809994
  8. N. Jovanovic, E. Kirda, and C. Kruegel, "Preventing Cross Site Request Forgery attacks", In IEEE International Conference on Security and Privacy in Communication Networks (SecureComm), 2006.
  9. Yia-an Huang, Wenke Lee, "A Cooperative Intrusion Detection System for Ad hoc Networks," Proceedings of the 1st ACM Workshop on Security of Ad hoc and Sensor Networks, 2003, pp.135-147.
  10. Sichoon Noh, Dong Chun Lee, and Kuimam J. Kim, "Improved Structure Management of Gateway Firewall Systems for Effective Networks Security", Springer, 2003.
  11. Stephen Marsh and Mark R. Dibben, "Trust, Untrust, Distrust and Mistrust - An Exploration of the Dark(er) side", iTrust 2005, LNCS 3477, pp. 17-33, 2005.