• Journal of Internet Computing and Services
    ISSN 2287 - 1136 (Online) / ISSN 1598 - 0170 (Print)
    https://jics.or.kr/

OTACUS: Parameter-Tampering Prevention Techniques using Clean URL


Guiseok Kim, Seungjoo Kim, Journal of Internet Computing and Services, Vol. 15, No. 6, pp. 55-64, Dec. 2014
10.7472/jksii.2014.15.6.55, Full Text:
Keywords: Web service Security, URL Parameter, OWASP

Abstract

In a Web application, you can pass without restrictions special network security devices such as IPS and F/W, URL parameter, which is an important element of communication between the client and the server, is forwarded to the Web server. Parameters are modulated by an attacker requests a URL, disclose confidential information or through e-commerce, can take financial gain. Vulnerability parameter manipulation thereof cannot be able to determine whether to operate in only determined logical application, blocked with Web Application Firewall. In this paper, I will present a technique OTACUS(One-Time Access Control URL System) to complement the shortcomings of the measures existing approaches. OTACUS can be effectively blocked the modulation of the POST or GET method parameters passed to the server by preventing the exposure of the URL to the attacker by using clean URL technique simplifies complex URL that contains the parameter. Performance test results of the actual implementation OTACUS proves that it is possible to show a stable operation of less than 3% increase in the load.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Kim, G. & Kim, S. (2014). OTACUS: Parameter-Tampering Prevention Techniques using Clean URL. Journal of Internet Computing and Services, 15(6), 55-64. DOI: 10.7472/jksii.2014.15.6.55.

[IEEE Style]
G. Kim and S. Kim, "OTACUS: Parameter-Tampering Prevention Techniques using Clean URL," Journal of Internet Computing and Services, vol. 15, no. 6, pp. 55-64, 2014. DOI: 10.7472/jksii.2014.15.6.55.

[ACM Style]
Guiseok Kim and Seungjoo Kim. 2014. OTACUS: Parameter-Tampering Prevention Techniques using Clean URL. Journal of Internet Computing and Services, 15, 6, (2014), 55-64. DOI: 10.7472/jksii.2014.15.6.55.