The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Reflection, which is widely used in practice and abused by many security exploits, poses a significant obstacle to program analysis. Reflective calls can be analyzed statically or dynamically. Static analysis is more sound but also more imprecise (by introducing many false reflective targets and thus affecting its scalability). Dynamic analysis can be precise but often miss many true reflective targets...
Open source software systems are based on the principle of open collaboration for innovation and production. They highly depend on volunteer developers contributions for their existence and continuity; attracting new volunteer developers is crucial for the OSS community sustainability. However, new developers might be hesitant to join and participate to a project due to many obstacles such as lack...
Although it is well-known that API design has a large and long-term impact on security, the literature contains few substantial guidelines for practitioners on how to design APIs that improve security. Even fewer of those guidelines have been evaluated empirically. Security professionals have proposed that software engineers choose immutable APIs and architectures to enhance security. Unfortunately,...
Today's modern homes are becoming complex live systems in which virtually all functionality, from lighting and heating control to security and occupancy simulation, is mediated by computerized controllers leading to IoT future. The smart nature of these homes raises obvious security concerns and history has shown that a vulnerability in only one component may provide the means to compromise the system...
Database management systems (DBMSs) are one of the most important components in modern large-scale systems. Thus, it is important for developers to write code that can access DBMS correctly and efficiently. Since the behaviour of database access code can sometimes be a blackbox for developers, writing good test cases to capture problems in database access code can be very difficult. In addition to...
Security issues arise permanently in different software products. Making software secure is a challenging endeavour. Static analysis of the source code can help eliminate various security bugs. The better a scanner is, the more bugs can be found and eliminated. The quality of security scanners can be determined by letting them scan code with known vulnerabilities. Thus, it is easy to see how much...
For the purpose of security of the computer systems, organizations now a days plan a lot of things like firewalls, network scanning tools, secure sockets layer (SSL) etc. However security bugs present at the application layer (code level) caused by unawareness or mistakes of the developers are usually ignored. Such security bugs can lead to unauthorized privileges on a computer system. For example...
Security is one of the main issues in all phases of the software life cycle. Since most software vulnerabilities occur in coding phase, so the secure implementation is very important. Semantic Web ontology expresses the concept of a specific area. According to variety of software systems and manufacturing techniques, the Semantic Web can be effective in production of software systems. Anthology helps...
Software configuration tools are becoming popular day by day. In this paper, we describe an open source continuous integration tool: Jenkins, which is on the whole a server-oriented arrangement that runs in a servlet like container (like, Apache Tomcat). It supports various Source Control Management (SCM) tools including, Subversion, Mercurial, Perforce, Clear case and Rational Team Concert (RTC)...
The objective of vulnerability analysis is to find out the unknown security holes in a system. Many software bugs, such as SQL injection, come from careless check of the input string. Finding these bugs out is very difficult without source code inspect. This paper gives a novel method to check the bugs in Java byte code based on points-to dataflow analysis, which is different to the common analysis...
We present results for the "Impact Project Focus Area" on the topic of symbolic execution as used in software testing. Symbolic execution is a program analysis technique introduced in the 70s that has received renewed interest in recent years, due to algorithmic advances and increased availability of computational power and constraint solving technology. We review classical symbolic execution...
Many organizations are investigating the possibility of adopting open source software or migrating their mission critical applications to open platforms. In this context, defining an assurance process for large open source code bases has becomes of paramount importance, and can help in filling the gap with proprietary solutions. In this paper, we discuss how assurance has become a primary requirement...
This position paper proposes a research agenda for the field of security testing. It gives a critical account of the state of the art as seen by a practitioner and identifies questions that research failed to answer so far, or failed to answer in such a way that it would have had an impact in the real world. Three categories of research problems are proposed: theory of vulnerabilities, theory of security...
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.