3,716 Hits in 5.5 sec

Efficient Patch-based Auditing for Web Application Vulnerabilities

Taesoo Kim, Ramesh Chandra, Nickolai Zeldovich
2012 USENIX Symposium on Operating Systems Design and Implementation  
POIROT is a system that, given a patch for a newly discovered security vulnerability in a web application, helps administrators detect past intrusions that exploited the vulnerability.  ...  POIROT's techniques allow it to audit past requests 12-51× faster than the time it took to originally execute the same requests, for patches to code executed by every request, under a realistic Media-Wiki  ...  Acknowledgments We thank David Terei for pointing us at prior work on selfadjusting computation [2] .  ... 
dblp:conf/osdi/KimCZ12 fatcat:kjq5mx4arvaebgdieofjw5oqqi

Analysis of Node.js Vulnerability Detection from NPM: How Efficient these Tools

Vidhya Prasad, Grace Joseph
2022 Zenodo  
— security of an application is not easiest thing to do. Node.js is one of the leading technologies that help developers for web application development. It is designed securely.  ...  Ultimately, all these vulnerabilities are transferred to node.js applications. Security vulnerabilities are not [...]  ...  Web applications have become the primary source of security vulnerabilities scanning tools for node dependencies. The tools under consideration are audit and Snyk. II.  ... 
doi:10.5281/zenodo.6907036 fatcat:4vbi2factrcq5arhledd3dwl3i

Saudi cloud infrastructure: a security analysis

Wahid Rajeh, Hai Jin, Deqing Zou
2017 Science China Information Sciences  
Theory and methodology of research on cloud security SCIENCE CHINA Information Sciences 59, 050105 (2016); Credit-based scheme for security-aware and fairness-aware resource allocation in cloud computing  ...  Some of such critical web and cloud platforms have become constant targets for persistent malicious attacks that attempt to breach security protocol and access user data and information in an unauthorized  ...  In realizing automated target evaluation, the three tools relied upon are as follows. • Acunetix [18] : The Acunetix vulnerability scanner offers a cloud-based solution to web security auditing.  ... 
doi:10.1007/s11432-016-0322-7 fatcat:nefd3jhchbgipcdcrrr2ok2zay

Security Assessment of Web Based Distributed Applications

Catalin BOJA, Mihai DOINEA
2010 Informatică economică  
Based on such standardize models, secure web based distributed applications can be easily audited and many vulnerabilities which can appear due to the lack of access to information can be avoided.  ...  This paper presents an overview about the evaluation of risks and vulnerabilities in a web based distributed application by emphasizing aspects concerning the process of security assessment with regards  ...  This project is co funded by European Social Fund through The Sectorial Operational Programme for Human Resources Development 2007-2013, coordinated by The Bucharest Academy of Economic Studies (project  ... 
doaj:2785854c6eec4a5d8de8656222b431f4 fatcat:vjid3rzmenay5e67wncut4x6li

A study of AJAX vulnerability in Web 2.0 applications

Abdullah Bin Al-Tameem, P. Chittikala, Pit Pichappan
2008 2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)  
The present decade is marked by the increased application of web servers and the use of web 2.0 for many utilities.  ...  The current study has visualized an enhanced architecture to reflect the AJAX vulnerability and the architecture is applied in randomized trails and the results call for increased applications  ...  The enhanced option for effective and efficient security auditing is a vulnerability scanner which automates the crawling of websites to identify weaknesses.  ... 
doi:10.1109/icadiwt.2008.4664319 fatcat:sbaptcatxzd7lpodv6gysesvxe

Patch auditing in infrastructure as a service clouds

Lionel Litty, David Lie
2011 SIGPLAN notices  
In this work, we propose P2, a hypervisor-based patch audit solution.  ...  First, P2 uses efficient information flow tracking to identify the use of unpatched non-binary files in a vulnerable way.  ...  Acknowledgements Support for the work in this paper was provided by the NSERC ISSNet Strategic Network and an Ontario MRI Early Researcher Award.  ... 
doi:10.1145/2007477.1952702 fatcat:bnxsxibqgbelniif43nqgwvjam

Patch auditing in infrastructure as a service clouds

Lionel Litty, David Lie
2011 Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments - VEE '11  
In this work, we propose P2, a hypervisor-based patch audit solution.  ...  First, P2 uses efficient information flow tracking to identify the use of unpatched non-binary files in a vulnerable way.  ...  Acknowledgements Support for the work in this paper was provided by the NSERC ISSNet Strategic Network and an Ontario MRI Early Researcher Award.  ... 
doi:10.1145/1952682.1952702 dblp:conf/vee/LittyL11 fatcat:nwvz5vouizelxdh56i3dqxekxm

Scenario-Based Markovian Modeling of Web-System Availability Considering Attacks on Vulnerabilities

Vyacheslav S. Kharchenko, Yurij Ponochovny, Artem Boyarchuk, Anatoliy Gorbenko
2015 International Conference on Information and Communication Technologies in Education, Research, and Industrial Applications  
These models simulate availability of a multitier web-system considering attacks on DNS vulnerabilities in additional to system failures due to hardware/software (HW/SW) faults.  ...  In the paper we demonstrate how to estimate these parameters using open vulnerability databases (e.g. National Vulnerability Database).  ...  Then we need to select those vulnerabilities of Web-system components (DNS-server, HTTPserver, application server, etc.) affecting system availability.  ... 
dblp:conf/icteri/KharchenkoPBG15 fatcat:22iski2qpjbrlor2cwzfuyxl4m

Cloud Security Architecture and Implementation - A practical approach [article]

Max Farnga
2018 arXiv   pre-print
While cloud computing provides lower Infrastructure cost, higher agility and faster delivery, it also presents higher operational and security risks for business critical assets, but a well-designed solution  ...   Database server running with lower security setup  Operating Systems, middleware and/or applications running with outdated patches or unused ports  Web application database with SQL injection vulnerabilities  ...  Recommendations for operational efficiency and Security Designing for operational efficiency depends on your organization's business needs and how the applications can adapt to the new environment.  ... 
arXiv:1808.03892v2 fatcat:gcc3qb23sfduflau6bm3wwgyxi

Detection of the Security Vulnerabilities in Web Applications

2009 Informatică economică  
The paper highlights the security vulnerabilities in web applications and the processes of their detection.  ...  The audit and evaluation processes are carried out in accordance with the international standards developed for information system security assurance.  ...  Also, the costs to patch and fix vulnerabilities are significantly reduced when the application is deployed [13] .  ... 
doaj:22ef2ab5860845049403a879b97790ec fatcat:i73dkhodj5dmzd72rh55u4pk4i

From Patches to Honey-Patches

Frederico Araujo, Kevin W. Hamlen, Sebastian Biedermann, Stefan Katzenbeisser
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
An implementation for three production-level web servers, including Apache HTTP, demonstrates that honey-patching can be realized for large-scale, performance-critical software applications with minimal  ...  Traditional software security patches often have the unfortunate side-effect of quickly alerting attackers that their attempts to exploit patched vulnerabilities have failed.  ...  Software diversification has also been proposed as an efficient protection against patch-based attacks [15] . Honeypots for Attack Analysis.  ... 
doi:10.1145/2660267.2660329 dblp:conf/ccs/AraujoHBK14 fatcat:3yejqn4vcvcrld2mxtod3g6ene

A Deployment Scenario : A Taxonomy Mapping and Keyword Searching for the Application Relation

Sharipah Setapa, Shahrol Hisham Baharom, Luke Jing Yuan
2019 Jurnal Intelek  
With that, ananalogy can be based on how the application scenario can be established as a model and converted intotaxonomy for troubleshooting when execution is facing an error.  ...  Upgrading and patching is a method to strengthen the host and virtualisation devices from malware.  ...  Shown in Table 2 below are some samples of patch type based on vendor severity. There are different criteria for a patch. A patch can be critical, important or low based on their vendor severity.  ... 
doi:10.24191/ji.v14i2.224 fatcat:3b3idfcnlvfszlsoamydgj6riu

The Importance of Ethical Hacking Tools and Techniques in Software Development Life Cycle

2021 International Journal of Advanced Trends in Computer Science and Engineering  
Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software.  ...  W3af [30] W3af is a platform for web application attacks and auditing.  ...  Netsparker [25] Netsparker is a simple web application security scanner that can detect SQL Injection, XSS, and other vulnerabilities in your web applications automatically.  ... 
doi:10.30534/ijatcse/2021/791032021 fatcat:zncernxtirfezga37autatmsxq

Advanced IT-Based Future Sustainable Computing (2017–2018)

Jong Hyuk Park
2019 Sustainability  
Therefore, this special issue deals with various software and hardware design, novel architectures and frameworks, specific mathematical models, and efficient modeling-simulation for advance IT-based FCS  ...  All accepted articles contribute to the applications and research in the FCS, such as software and information processing, cloud storage organization, smart devices, efficient algorithmic information processing  ...  To support a fast response to the vulnerabilities, the authors proposed various automated vulnerability detection and remediation schemes that detect and patch vulnerabilities automatically.  ... 
doi:10.3390/su11082264 fatcat:664e3ar3fbe57ci2l6ioyxezuq

Identification and Integration of Information Security Topics [chapter]

Justin Brown
2003 Security Education and Critical Infrastructures  
Recent rises in security holes in web technologies has prompted the unit author to identify the critical security concepts that should be taught to web application developers and how such material can  ...  The unit is preparing for an update of the teaching material.  ...  up-to-date with security/application patches.  ... 
doi:10.1007/978-0-387-35694-5_27 fatcat:56tg2jiljfbzpbgnixzsukv3f4
« Previous Showing results 1 — 15 out of 3,716 results