The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Three approaches exist for a company to migrate its services in the cloud. The first is select the most appropriate commercial cloud provider, such as Microsoft, Amazon, Google or SalesForce, and to rent their resources and deploy its services. These cloud service providers The second approach is to build a private cloud with some of the open source cloud frameworks like Eucalyptus, OpenStack, OpenNebula...
This experience report analyses security problems of modern computer systems caused by vulnerabilities in their operating systems. An aggregated vulnerability database has been developed by joining vulnerability records from two publicly available vulnerability databases: the Common Vulnerabilities and Exposures system (CVE) and the National Vulnerabilities database (NVD). The aggregated data allow...
Since the Information Networks are added to the current electricity networks, the security and privacy of individuals is challenged. This combination of technologies creates vulnerabilities in the context of smart grid power which disrupt the consumer energy supply. Methods based on encryption are against the countermeasures attacks that have targeted the integrity and confidentiality factors. Although...
Online social networks (OSNs) provide a new dimension to people's lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale. We describe a category...
In this paper we propose to consider a study aimed at improving the Honeypot system performance. There is observed architecture of the designed service of collecting and updating common database of exploits, which is necessary for this study, necessary for building and further Honeypot system maintenance. The data obtained using this service are analyzed in order to determine the free server software...
Web applications are one of the most useful platforms for the delivery of the information and service over the internet today. Day-to-Day the popularity of web application usage is increasing. Hence the web apps has to be designed for secure transformation of information from web client to web server and to mitigate the vulnerabilities. This paper presents a research survey report on constructing...
The use of the Smartphones is increasing day by day and also used as an essential tool for everyday tasks. Most of the smartphone applications are used to fetch the data from the servers and transmit the sensitive user information to the server. This communication is carried on a wireless network, which is more vulnerable than the wired network. This insecure communication channel needs to be protected...
Computer networks consist of several assets such as hardware, software, and data sources. These assets have often some vulnerabilities which can be exploited by attackers that violate security policies in the network. Considering the limited budget, the network administrator should analyze and prioritize these vulnerabilities to be able to efficiently protect a network by mitigating the most risky...
Cross site scripting (XSS) is a type of scripting attack on web pages and account as one of the unsafe vulnerability existed in web applications. Once the vulnerability is oppressed, an intruder advances intended access of the authenticate user's web-browser and may perform session-hijacking, cookie-stealing, malicious redirection and malware-spreading. As prevention against such attacks, it is essential...
As nuclear facilities are introducing digital equipment, the cyber security issue becomes emerging topic to be resolved. It is difficult for a nuclear power plant utility to resolve this topic and get a technical solution in particular for operating nuclear power plants because a vulnerability test can give adverse effects to the plants. This is the reason why a test-bed should be needed. This paper...
Mitigating security threats is a big challenge for network administrator, because threats can be exploited by attackers and lead to a cyber-attack. Therefore, network administrator should spend budget to eliminate vulnerabilities and prevent attacks. Removing all the vulnerabilities is not cost-effective and in some cases impractical. The primary goal of this paper is to prioritize network nodes based...
The internet is growing rapidly and interconnected different wired and wireless networks with each other. By using a client server architecture computing devices which are located at different geographical locations all around the world connect to the World Wide Web. Client can access information from the web server through the web browser. Web server fetches data from the database server. Malicious...
Domain Name System (DNS) is one of the most crucial components of the Internet. However, due to the vulnerability of DNS, its security has been continuously challenged in recent years. In order to thoroughly understand the root cause of the security risks in the DNS, researches in DNS security are surveyed, and vulnerabilities in DNS and corresponding countermeasures are summarized. First, based on...
Penetration Testing is a security research and study of exploitation methods with counter measures to protect web applications from attacks and intruders. It is the art of exploiting the weakness that has been identified in the system under test. Identifying the insecure areas is the major task; the goal is to protect sensitive and the valuable data. All the safety vulnerabilities which are present...
Industrial espionage through complex cyber attacks such as Advanced Persistent Threats (APT) is an increasing risk in any business segment. Combining any available attack vector professional attackers infiltrate their targets progressively, e.g. through combining social engineering with technical hacking. The most relevant targets of APT are internal enterprise and production networks providing access...
SQL injection attack (SQLIA) is one of the most severe attacks that can be used against web database driving applications. Attackers' use SQLIA to get unauthorized access to and perform unauthorized data modification. To mitigate the devastating problem of SQLIA, different researchers proposed variety of web penetration testing tools that automation of SQLI vulnerability assessment that result in...
Most common approach to detect security vulnerabilities is to scan code using vulnerability scanning software. This is either static analysis or dynamic analysis. Both approaches, when performed independently, have their own pros and cons. In order to protect software from attackers, vulnerabilities should be removed as early as possible. Detection of vulnerabilities in an application before its deployment...
Websites of universities are considered the most important gateways to those Universities. They are heavily used by faculty members, employees, past, current and future students. They have a significant impact on University popularity and ranking. From a security perspective, those websites can be targets for a large number of possible security attacks such as: Flooding, denial of service (DoS), web...
Measuring the attack damage cost and monitoring the sequence of privilege escalations play a critical role in choosing the right countermeasure by Intrusion Response System (IRS). The existing attack damage cost evaluation approaches inherit some limitations, such as neglecting the dependencies between system assets, ignoring the backward damage of exploited non-goal services, or omitting the potential...
For all sound reasons, more and more organizations are deploying their databases to the cloud as a viable option as part of their nowadays system architecture. Since we cannot be sure that our database access would never be compromised, data encryptions of various forms and levels have become the utmost techniques used to prevent malicious parties, internal or external, from inspecting an organization's...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.