Á¤º¸°úÇÐȸ ÄÄÇ»ÆÃÀÇ ½ÇÁ¦ ³í¹®Áö (KIISE Transactions on Computing Practices)
| ÇѱÛÁ¦¸ñ(Korean Title) |
PHP º¸¾È Ãë¾àÁ¡ ºÐ¼®°ú ½ÃÅ¥¾î ÄÚµù ±ÔÄ¢ °³¹ß |
| ¿µ¹®Á¦¸ñ(English Title) |
Vulnerability Analysis and Development of Secure Coding Rules for PHP |
| ÀúÀÚ(Author) |
ÇÑ°æ¼÷
¹Ú¿ì¿
¾çÀϱÇ
¼Õâȯ
ǥâ¿ì
KyungSook Han
Wooyeol Park
Ilgwon Yang
Changhwan Son
Changwoo Pyo
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 21 NO. 11 PP. 0721 ~ 0726 (2015. 11) |
Çѱ۳»¿ë
(Korean Abstract) |
ÀÌ ³í¹®Àº PHP ÇÁ·Î±×·¥ÀÇ ½ÃÅ¥¾î ÄÚµù ±ÔÄ¢À» º¸ÀÌ°í ÀÖ´Ù. ÀÌ ÄÚµù ±ÔÄ¢µéÀº PHP¿Í °ü·ÃµÈ 28°³ º¸¾È¾àÁ¡ÀÇ ¹ß»ýÀ» ¾ïÁ¦Çϱâ À§ÇÏ¿© ÇÁ·Î±×·¥ °³¹ß ´Ü°è¿¡¼ ÁؼöÇϵµ·Ï ±ÔÁ¤ÇÑ °ÍÀÌ´Ù. 28°³ º¸¾È¾àÁ¡Àº CVE¿¡ º¸°íµÈ ½ÇÁ¦ Ãë¾àÁ¡ »ç·Ê¿¡¼ ºÐ·ùµÈ 22°³ º¸¾È¾àÁ¡°ú PHP ¾ð¾î·Î ÀÛ¼ºµÈ ÇÁ·Î±×·¥ÀÇ º¸¾È¾àÁ¡(CWE-661)ÀÇ ÇÏÀ§ º¸¾È¾àÁ¡µé, OWASPÀÇ PHP Top5 º¸¾È¾àÁ¡µé¿¡¼ ¼±º°ÇÏ¿´´Ù. À̸¦ ±â¹ÝÀ¸·Î ÇÏ¿© 14°³ ½ÃÅ¥¾î ÄÚµù ±ÔÄ¢ ¹üÁÖ¿¡ °ÉÃÄ 28°³ ¼¼ºÎ±ÔÄ¢À» °³¹ßÇÏ¿´´Ù. ÀÌ ³í¹®Àº ¶ÇÇÑ Àû¿ë »ç·Ê¸¦ ÅëÇØ ±ÔÄ¢ Àû¿ëÀÌ º¸¾È¾àÁ¡ ¾ïÁ¦ È¿°ú°¡ ÀÖÀ½À» º¸ÀÌ°í ÀÖ´Ù. °³¹ßµÈ ±ÔÄ¢Àº PHP ÇÁ·Î±×·¥ÀÇ º¸¾È ¸ñÀûÀÇ ºÐ¼® µµ±¸ °³¹ßÀÇ ±âÁØÀ¸·Î È°¿ëµÉ ¼ö ÀÖ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
This paper shows secure coding rules for PHP programs. Programmers should comply with these rules during development of their programs. The rules are crafted to restrain 28 weaknesses that are composed of 22 corresponding to reported CVEs of PHP, the children of CWE-661 for PHP, and the top 5 weaknesses according to OWASP. The rule set consists of 28 detailed rules under 14 categories. This paper also demonstrates through examples that programs complying with these rules can curb weaknesses. The rules can also serve as a guideline in developing analysis tools for security purposes.
|
| Å°¿öµå(Keyword) |
½ÃÅ¥¾î ÄÚµù
º¸¾È¾àÁ¡
Ãë¾àÁ¡
ÄÚµù ±ÔÄ¢
PHP
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
