시큐어 코딩을 적용한 웹 자산관리 시스템

Metadata Downloads
Issued Date
Security breaches have recently become a social issue. Although network firewalls and user authentication programs are used to fight the problem resulting from it, most of the breaches occur not from networks or web servers but from application programs that have security vulnerability. Many studies are performed to address such breaches and secure coding is emerging as the most effective measure.
Secure coding, a safe software production technique, removes security weakness of a software source code to prevent security breaches. By doing so, it allows use of safe software that has strengthened security.
In 2002, the US enacted Federal Information Security Management Act (FISMA), making secure coding compulsory. Korea also began to develop the secure coding technique in 2009 and its Ministry of Government Administration and Home Affairs(MOGAHA) announced revision of the guideline on establishment and operation of information system in June 2012 to make secure coding compulsory.
Most companies use asset management system to manage their assets. The asset management system, which is customized for clients' requirements and usage, provides various functions. The asset management system suggested by the paper supports all functions about internal asset management and related works. Any security breach of such asset management system could lead to loss or leak of employee information, work data and other important data. Therefore, the security should be improved.
This thesis analyzed source codes using Sparrow to eliminate security weakness of the asset management system and found 162 security weaknesses. Among them, seven were out of 47 items listed in the software security weakness diagnosis guideline provided by the MOGAHA and three were found from the security weakness items offered by CWE, CERT, OWASP and Sparrow. This thesis eliminated the security weakness by referring to the security weakness elimination techniques that the MOGAHA and Sparrow provided as way to remove the identified security weaknesses and confirmed that all security weaknesses were removed.
Alternative Title
Web Asset Management System using the Secure Coding
Alternative Author(s)
kim, Dong-Un
조선대학교 산업대학원
산업기술융합대학원 소프트웨어융합공학과
Awarded Date
2015. 8
Table Of Contents
제1장 서 론 1
제1절 연구 배경 1
제2절 연구 목적 및 방법 2
제2장 관련연구 4
제1절 시큐어 코딩 4
1. 시큐어 코딩 개념 4
2. 시큐어 코딩 보안 약점 6
제2절 보안 취약점 분석 방법 및 분석 도구 13
1. 보안 취약점 분석 방법 13
2. 분석 도구 14
제3장 시큐어 코딩을 적용한 웹 자산관리 시스템 17
제1절 기존 자산관리 시스템 17
제2절 시큐어 코딩 적용 19
1. 보안 약점 검출 결과 19
2. 보안 약점 제거 22
제4장 연구 결과 37
제 5장 결 론 39
김동운. (2015). 시큐어 코딩을 적용한 웹 자산관리 시스템
Appears in Collections:
Engineering > Theses(Master)(산업기술창업대학원)
Authorize & License
  • AuthorizeOpen
Files in This Item:

Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.