호텔기업의 홈페이지 보안취약성 평가 연구

The purpose of this study is to evaluate the web vulnerability in the Website for the tourist hotels which wereregistered at the Korean Hotel Association (Special First Class, Special 2nd Class, First Class, Second Class, ThirdClass, Family Hotel, undecided ratings). Through such an evaluation, this study aimed at reinforcing the security ofonline reservation/payment through the Website for a tourist hotel, and to arrange a foundation for revitalizing theever-increasing E-Commerce of tourist industry. In an effort to evaluate the Web vulnerability in the Website for tourist hotels, this study used the tool forchecking Web vulnerability-WVS (Web Vulnerability Scanner), and evaluated Web vulnerability based on OWASP(Open Web Application Security Project)-recommended Top 10 in 2013. It also evaluated the Web vulnerabilityaccording to the risk ratings (Informational – Low Level – Medium Level – High Level) among WVS-offeredweb vulnerability. As a result of inspection, this study discovered only Injection (32.9%), Broken Authentication and SessionManagement (0.2%), Cross-Site Scripting (38.4%) among the OWASP Top 10. Vulnerability of Injection andCross-Site Scripting are especially pronounced in hotels with the first and second highest ratings while it is lesspronounced in the top-ranked hotels. However, inspections considering the OWASP Top 10 reveal that Informationalalerts, Low Level alerts, Medium Level alerts, and High Level alerts are 77.7%, 85.5%, 25.6%, and 63.3%,respectively. Taken together, all these inspections suggest that 90% of the hotel Websites have a certain level ofvulnerability regardless of the hotel ratings.