Analysis of Vulnerabilities in College Web-Based System

Younsu Nam; Sunoh Choi

doi:10.3390/electronics13122261

Analysis of Vulnerabilities in College Web-Based System

Younsu Nam
, Sunoh Choi^*

^*Corresponding author for this work

Jeonbuk National University

Research output: Contribution to journal › Journal article › peer-review

1 Scopus citations

Abstract

Web-based systems are used extensively in Korea because web standards have been adapted by the law (e.g., Electronic Government Act). Users can easily access web-based systems if they are connected to the Internet. However, distinguishing between malicious and benign access is very difficult and many potential vulnerabilities exist. In this study, we attempt to leak the information of other users without permission using a non-encrypted API and web source code analysis in a college web-based system. An experiment demonstrates that the information (e.g., other students’ course grades) can be leaked and abnormal data can be embedded in the request. In addition, we discuss methods for preventing such vulnerability attacks.

Original language	English
Article number	2261
Journal	Electronics (Switzerland)
Volume	13
Issue number	12
DOIs	https://doi.org/10.3390/electronics13122261
State	Published - 2024.06

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 16 Peace, Justice and Strong Institutions

Keywords

API
attack
source code
vulnerability analysis
web-based system

Quacquarelli Symonds(QS) Subject Topics

Computer Science & Information Systems
Engineering - Electrical & Electronic
Engineering - Petroleum
Data Science

Access to Document

10.3390/electronics13122261

Cite this

@article{fa95ec63f2b447d49f1094e0c03efbb1,

title = "Analysis of Vulnerabilities in College Web-Based System",

abstract = "Web-based systems are used extensively in Korea because web standards have been adapted by the law (e.g., Electronic Government Act). Users can easily access web-based systems if they are connected to the Internet. However, distinguishing between malicious and benign access is very difficult and many potential vulnerabilities exist. In this study, we attempt to leak the information of other users without permission using a non-encrypted API and web source code analysis in a college web-based system. An experiment demonstrates that the information (e.g., other students{\textquoteright} course grades) can be leaked and abnormal data can be embedded in the request. In addition, we discuss methods for preventing such vulnerability attacks.",

keywords = "API, attack, source code, vulnerability analysis, web-based system",

author = "Younsu Nam and Sunoh Choi",

note = "Publisher Copyright: {\textcopyright} 2024 by the authors.",

year = "2024",

month = jun,

doi = "10.3390/electronics13122261",

language = "English",

volume = "13",

journal = "Electronics (Switzerland)",

issn = "2079-9292",

number = "12",

}

TY - JOUR

T1 - Analysis of Vulnerabilities in College Web-Based System

AU - Nam, Younsu

AU - Choi, Sunoh

PY - 2024/6

Y1 - 2024/6

N2 - Web-based systems are used extensively in Korea because web standards have been adapted by the law (e.g., Electronic Government Act). Users can easily access web-based systems if they are connected to the Internet. However, distinguishing between malicious and benign access is very difficult and many potential vulnerabilities exist. In this study, we attempt to leak the information of other users without permission using a non-encrypted API and web source code analysis in a college web-based system. An experiment demonstrates that the information (e.g., other students’ course grades) can be leaked and abnormal data can be embedded in the request. In addition, we discuss methods for preventing such vulnerability attacks.

AB - Web-based systems are used extensively in Korea because web standards have been adapted by the law (e.g., Electronic Government Act). Users can easily access web-based systems if they are connected to the Internet. However, distinguishing between malicious and benign access is very difficult and many potential vulnerabilities exist. In this study, we attempt to leak the information of other users without permission using a non-encrypted API and web source code analysis in a college web-based system. An experiment demonstrates that the information (e.g., other students’ course grades) can be leaked and abnormal data can be embedded in the request. In addition, we discuss methods for preventing such vulnerability attacks.

KW - API

KW - attack

KW - source code

KW - vulnerability analysis

KW - web-based system

UR - https://www.scopus.com/pages/publications/85197218200

U2 - 10.3390/electronics13122261

DO - 10.3390/electronics13122261

M3 - Journal article

AN - SCOPUS:85197218200

SN - 2079-9292

VL - 13

JO - Electronics (Switzerland)

JF - Electronics (Switzerland)

IS - 12

M1 - 2261

ER -

Analysis of Vulnerabilities in College Web-Based System

Abstract

UN SDGs

Keywords

Quacquarelli Symonds(QS) Subject Topics

Access to Document

Other files and links

Fingerprint

Studies from Jeonbuk National University Further Understanding of Electronics (Analysis of Vulnerabilities in College Web-Based System)

Cite this

Analysis of Vulnerabilities in College Web-Based System

Abstract

UN SDGs

Keywords

Quacquarelli Symonds(QS) Subject Topics

Access to Document

Other files and links

Fingerprint

Press/Media

Studies from Jeonbuk National University Further Understanding of Electronics (Analysis of Vulnerabilities in College Web-Based System)

Cite this