The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Cross Site Scripting (XSS) vulnerability acts as one of the chief widespread security issues in web applications. By reviewing the literature pertaining to XSS vulnerability, it has been found that many investigations have directed their energy only on XSS vulnerability detection, but not many studies have concentrated on removing XSS vulnerability. This paper embed the removal stage of XSS vulnerability...
This demonstration is a proof of concept for the design of secure IoT frameworks using Secure Elements as trusted TLS/DTLS stack. It presents a connected plug built over a cheap Raspberry Pi board, whose data exchanges over TCP/IP are controlled by a javacard providing TLS server services. In a smart grid context it could be used by energy operators in order to authorize/monitor battery charging.
Cross site scripting (XSS) is a type of scripting attack on web pages and account as one of the unsafe vulnerability existed in web applications. Once the vulnerability is oppressed, an intruder advances intended access of the authenticate user's web-browser and may perform session-hijacking, cookie-stealing, malicious redirection and malware-spreading. As prevention against such attacks, it is essential...
Most common approach to detect security vulnerabilities is to scan code using vulnerability scanning software. This is either static analysis or dynamic analysis. Both approaches, when performed independently, have their own pros and cons. In order to protect software from attackers, vulnerabilities should be removed as early as possible. Detection of vulnerabilities in an application before its deployment...
This paper discusses the problems and disadvantages users have to deal with when they attempt to use the Single Sign On mechanism, in conjunction with the Kerberos V5 protocol as a means of authenticating users on Linux based environments. Some known incompatibilities and Security problems are exposed for which, today, native Single Sign On in Kerberos is not a standard in Linux. Finally, the future...
Software configuration tools are becoming popular day by day. In this paper, we describe an open source continuous integration tool: Jenkins, which is on the whole a server-oriented arrangement that runs in a servlet like container (like, Apache Tomcat). It supports various Source Control Management (SCM) tools including, Subversion, Mercurial, Perforce, Clear case and Rational Team Concert (RTC)...
Security domains partition military Communications and Information Systems (CIS) to enable the handling of data payloads at different confidentiality levels. Information exchange between security domains is in most cases extremely restrictive or even entirely prohibited. While this protection principle holds for user traffic, it significantly hinders the unified management of networks and IT systems...
The presented OptInv software system provides support for inventory and sales optimization. Generally, small and medium enterprises cannot afford expensive Enterprise Resource Planning (ERP) systems, with effective supply management modules. Supplies are often managed based only on former experience. Inconvenient situations can occur when an order cannot be accomplished because the needed product...
This paper present some of the systems (main of them) for automated software creation/generation or the stages of its development, so and its documentation.
Data concentrators in advanced metering infrastructures (AMI) are central for collecting electricity meter data. Due to their position at the transformer substation in the distribution grid, concentrators offer an opportunity for value added services to be introduced by the distribution system operator. However, these services must be deployed without jeopardizing robustness and security of the electricity...
Security requirements are properties that have to be guaranteed for an application. Such guarantees can be given using verification. But there is a huge gap between security requirements expressed with human language and formal security properties that can be verified. This paper presents the use of OCL to formalize security requirements in a model-driven approach for security-critical applications...
Developers often rely on penetration testing tools to detect vulnerabilities in web services, although frequently without really knowing their effectiveness. In fact, the lack of information on the internal state of the tested services and the complexity and variability of the responses analyzed, limits the effectiveness of such technique, highlighting the importance of evaluating and improving existing...
There are no adequate and proactive mechanisms for securing E-mail systems. E-mail date and time spoofing is one of the major problems of E-mail security. The effects of E-mail spoofing can be limited by the appropriate configuration of E-mail servers and improved user awareness of the problem. The only real countermeasure is the use of digitally signed messages that allow a recipient to authenticate...
Safe deployment of web interfaces for remote instrumentation requires that the laboratory system be protected from harmful manipulation by end users or attacks from malicious software over the internet. Industrial control systems, although highly relevant to contemporary engineering education and an essential component of many remote experiments, are typically only designed to run in a secured local...
Increasing amount of data and demand to process and analyze them induces enterprises to employ alternative computing paradigms to overcome computing capacity shortages. Cloud Computing is a new emerged computing approach that promises scalability of resources, on-demand availability and pay-as-you-go economic model instead of heavy investment on IT resources. However, to decide on choosing Cloud as...
With the development of the economic, security is becoming the priority of the society. Because of the blindness, passiveness, randomness and other kinds of disadvantages of the traditional method of patrol, this paper designed and presented the Intelligent Patrol Management System based on RFID. This system could make the work of security more scientific, and make the patrol more ordered and more...
This paper presents JavaSPI, a "model-driven" development framework that allows the user to reliably develop security protocol implementations in Java, starting from abstract models that can be verified formally. The main novelty of this approach stands in the use of Java as both a modeling language and the implementation language. By using the SSL handshake protocol as a reference example,...
In this paper, we introduce a Hadoop cloud computing together with access security by using the fingerprint identification and face recognition. Hadoop cloud computing is connected to serve plenty of mobile devices or thin clients by the wired or wireless network. In fact a controller (master) may be linked to several nodes (slavers) to form a Hadoop cloud computing, where the cloud computing initiates...
Due to the benefits of cloud computing, many desktop applications have been migrated into the cloud. In order to program in the cloud, lots of IDEs are also moved into the cloud at recent years. Although online IDE can bring developers a lot of convenience for their developing process, some tough problems are still less touched. This paper summarized three main kinds of actual problems from three...
JSF is a true MVC pattern, its key point is the Web presentation layer. It not only provides a wealth of web page controls but also supports the development for controls, so its use is convenient and flexible. It allows programmer design Web program through dragging controls to the Web page, its using is very simple while the designed page is beautiful, it overcame the shortcomings of non-visualization...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.