108,869 Hits in 8.9 sec

On the Identification of Required Security Controls Suitable for Converged Web and Mobile Applications

Devotha Nyambo,
2016 International Journal of Computing and Digital Systems  
To achieve this objective, use is made of a Livestock Data Center (LDC) system as a case study for analysis and reasoning. By design, the system can be accessed through web and mobile applications.  ...  The last phase of this process, involved employing the proposed security controls assessment model and the case study to identify the possible security controls suitable for the converged web and mobile  ...  Due to the type of studied applications, no other vulnerability of high impact regarding authentication and authorization was found.  ... 
doi:10.12785/ijcds/050105 fatcat:kgznrsviwndohcux25ghskelsu

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey [article]

Abdelhakim Hannousse and Salima Yahiouche and Mohamed Cherif Nait-Hamoud
2022 arXiv   pre-print
of vulnerability repair mechanisms.  ...  The present review covers 147 high quality published studies since 1999 including early publications of 2022.  ...  For test inputs, a well-established attack grammar is used for the generation of proper inputs. • Database traffic interception: providing a control interface between web applications and their databases  ... 
arXiv:2205.08425v2 fatcat:mz2upyb3d5ekllmw66t7s4rsom

Demystifying Advanced Persistent Threats for Industrial Control Systems

Anastasis Keliris, Michail Maniatakos
2017 Mechanical engineering (New York, N.Y. 1919)  
The use of COTS components facilitates development and reduces commissioning time, but at the same time enables malicious actors to readily port ICT vulnerabilities to ICS environments, rendering ICS prone  ...  to the same vulnerabilities and exploitation techniques that plague ICT.  ...  The authors wish to acknowledge Hossein Salehghaffari, Brian Cairl, Prasanth Krishnamurthi, Farshad Khorrami, and Ramesh Karri for their contributions to the presented work.  ... 
doi:10.1115/1.2017-mar-6 fatcat:chq7iluidfe37duxmdfkm4w26a

Comparison of Security Testing Approaches for Detection of SQL Injection Vulnerabilities

Najla'a Ateeq Mohammed Draib, Abu Bakar Md Sultan, Abdul Azim B Abd Ghani, Hazura Zulzalil
2018 International Journal of Engineering & Technology  
Additionally, it will provide researchers with guidance that could help them make a preliminary decision prior to their proposal of new security testing approaches.  ...  However, there is no up-to-date comparative study of these approaches that could be used to help security practitioners and researchers in selecting an appropriate approach for their needs.In this paper  ...  SQL Injection Attack SQLIV is a security flaw that enables an attacker to compromise underlying databases of web applications resulting in unwanted extraction or insertion of data from or into a database  ... 
doi:10.14419/ijet.v7i4.1.19483 fatcat:xnyppbxsrfh2zebdfqoe44srle

On the Privacy of Private Browsing – A Forensic Approach [chapter]

Kiavash Satvat, Matthew Forshaw, Feng Hao, Ehsan Toreini
2014 Lecture Notes in Computer Science  
We report that all browsers under study suffer from a variety of vulnerabilities, many of which have not been reported or known before.  ...  We report that all browsers under study suffer from a variety of vulnerabilities, many of which have not been reported or known before.  ...  The initial idea of the remote attack based on writing cookies was inspired by a freely available on-line manuscript (http: //  ... 
doi:10.1007/978-3-642-54568-9_25 fatcat:ugustgk5uzfxljgoyqsmh6waui

QSec: Supporting Security Decisions on an IT Infrastructure [chapter]

Fabrizio Baiardi, Federico Tonelli, Fabio Corò, Luca Guidi
2013 Lecture Notes in Computer Science  
A global vulnerability of an IT infrastructure is a set of vulnerabilities in its nodes that enables a sequence of attacks where an agent acquires the privileges that each attack requires as a result of  ...  This paper presents QSec, a tool to support decision on the infrastructure security that queries a database with information on global vulnerabilities and the corresponding attack sequences.  ...  Sect. 3 discusses the correlation of local vulnerabilities and presents the solutions we propose and Sect. 4 describes QSec. Sect. 5 presents a case study to test the proposed approach.  ... 
doi:10.1007/978-3-319-03964-0_10 fatcat:3p4vhowebfa7nkt3uacfkevw74

Evaluation of Black-Box Web Application Security Scanners in Detecting Injection Vulnerabilities

Muzun Althunayyan, Neetesh Saxena, Shancang Li, Prosanta Gope
2022 Electronics  
This study evaluates the detection accuracy of five black-box web application vulnerability scanners against one of the most modern and sophisticated insecure web applications, representing a real-life  ...  We also tested the black-box scanners in four modes to identify their limitations.  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/electronics11132049 fatcat:2ws2opko3fhwheczy7ug5gsr4u

Model-Based Security Testing

Ina Schieferdecker, Juergen Grossmann, Martin Schneider
2012 Electronic Proceedings in Theoretical Computer Science  
Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on  ...  Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and  ...  Testing is one of the most relevant means to do real experiments with a system and thus enables to gain empirical evidence on the existence of vulnerabilities, the applicability and consequences of threat  ... 
doi:10.4204/eptcs.80.1 fatcat:xbgolp2zlzflnast5eg5wqktwe

Modernization Framework to Enhance the Security of Legacy Information Systems

Musawwer Khan, Islam Ali, Wasif Nisar, Muhammad Qaiser Saleem, Ali S. Ahmed, Haysam E. Elamin, Waqar Mehmood, Muhammad Shafiq
2022 Intelligent Automation and Soft Computing  
In this paper, we propose a Security Modernization Framework (SMF) to inject security measures into LIS without modernizing the existing solution.  ...  Fundamentally speaking, SMF is a collection of methods and technologies that enhance the security structure of LIS to protect applications and old data.  ...  Funding Statement: The authors received no specific funding for this study. Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.  ... 
doi:10.32604/iasc.2022.016120 fatcat:vie65bmdnvbndgauxkddhuviu4

So long, and thanks for only using readily available scripts

Hannes Holm, Teodor Sommestad
2017 Information and Computer Security  
There is thus a need to conduct further controlled experiments to reexamine the findings of the present study. Virtualization can impact the success of an exploit.  ...  National Vulnerability Database, NVD 1 ), (ii) vulnerabilities that have public exploits (using Exploit Database, EDB 2 ), (iii) Symantec's threat databases of vulnerabilities that are exploited in the  ... 
doi:10.1108/ics-08-2016-0069 fatcat:mhogxijnyfdxncl5qmg72gsmiq

A Survey Research of Satisfaction Levels on Preventing Data Loss and Preserving Privacy

H. Lakshmi H. Lakshmi
2020 International journal for research in engineering application & management  
In this paper, we first survey the most relevant concepts underlying the notion of database security, types of losses and summarize the menaces to databases and different categories of vulnerabilities  ...  In this respect, over the years the database security community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability[14].  ...  A. Tracing Vulnerabilities Vulnerability repositories and databases can be traced to study trends and find severe vulnerabilities.  ... 
doi:10.35291/2454-9150.2020.0001 fatcat:jy7ggbq7ffbtznsdsstfwfvvoe

Learning from experience: operating system vulnerability trends

S.C. Lee, L.B. Davis
2003 IT Professional Magazine  
security engineer cannot control every enabler-access to a valid local account, for example, is not necessarily controllable.  ...  About 25 percent of all Unix and Linux vulnerabilities are contingent on enablers, and 98 percent of those enablers are under the security engineer's control.  ... 
doi:10.1109/mitp.2003.1176486 fatcat:dzbv3onh3rgr3hmgk5fjwftq3e

Security Analysis And Feasibility of Smart Entrance System in Smart Home Applications

Rizzo Mungka Anak Rechie, Amir Firdaus bin Saib, Lucyantie Mazalan, Yusnani Mohd Yussoff
2021 International Journal of Academic Research in Business and Social Sciences  
Technology advancement, especially in the area of Internet of Things has enabled many highend applications to be developed.  ...  The developed system is designed and implemented to study and validate the vulnerability issues in the IoT applications that utilize HDVA devices.  ...  To enable further studies on smart home vulnerabilities and attacks, a testbed of a smart home system using HDVA is implemented.  ... 
doi:10.6007/ijarbss/v11-i12/12005 fatcat:4uuarig4jrcujk2i2cmqhmytqy

Survey on Web Application Vulnerability

Shradha S. Patni,, Madhav V. Vaidya
2019 Helix  
Web applications have turned into a fundamental piece of our day to day life.  ...  Web Security is a difficult issue and it can't be ignored. Over the most recent couple of years, the world has seen a phenomenal time of technological development.  ...  to ask for the database that controls the database to sit tight for a predefined extent of time before reacting.  ... 
doi:10.29042/2019-4941-4946 fatcat:k6bkr3q5indjpes6lv5driaiym

Control Effectiveness: a Capture-the-Flag Study

Arnau Erola, Louise Axon, Alastair Janse van Rensburg, Ioannis Agrafiotis, Michael Goldsmith, Sadie Creese
2021 The 16th International Conference on Availability, Reliability and Security  
The results indicate that CTFs are a viable path for enriching threat intelligence and examining security controls, enabling us to begin to theorise about the relative effectiveness of certain risk controls  ...  With the aim of enriching internal threat data, in this article we explore a practical exercise in the form of a capture-theflag (CTF) study.  ...  DISCUSSION We believe the CTF results enabled us to reason about the effectiveness of the tested controls and were in line with our expectations: the setup of controls affected the performance of participants  ... 
doi:10.1145/3465481.3470095 fatcat:agmatzxh5ngxjcicglh66ejdhq
« Previous Showing results 1 — 15 out of 108,869 results