발간년도 : [2017]
논문정보 |
|
논문명(한글) |
[Vol.12, No.5] Improvement of Dynamic Web Vulnerability Inspection Method and Procedure by Website Structuring and Calculating Each Page's Action Size |
|
논문투고자 |
Jae-Ho Lee, Sang-Joon Lee |
|
논문내용 |
As the Web evolves, various web vulnerabilities are being discovered. Many companies and organizations are working to eliminate Web vulnerabilities, but they are not shrinking. Due to the nature of web vulnerability checks, dynamic checks are essential, and manual checks are preferred for accurate
checking. In the case of a dynamic inspection performed manually, there are various problems such as false negative, missing inspection target and deflection due to inspectors. In this paper, we propose inspection methods and procedures to prevent a false negative, missing inspection target and deflection due to inspectors. In the proposed method, the web site is structured by Information Architecture(IA), and the detailed pages are classified into seven operation functions. The detailed pages are obtained by using the number of parameters, and the size of the entire website is calculated by adding the sizes of the detailed pages. Based on the number of Web vulnerability items to be used for the check, calculate
the size of the page that can be checked in one day, and calculate the total inspection schedule. We verified the validity of the proposed method by comparing the number of vulnerabilities detected by the proposed method and the current method, and by analyzing the results of questionnaires for the related field workers. The proposed method can be applied not only to dynamic inspection but also to static inspection. |
|
첨부논문 |
|
|
|
|
|