The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Software-Defined Networking (SDN) controllers are considered as Network Operating Systems (NOSs) and often viewed as a single point of failure. Detecting which SDN controller is managing a target network is a big step for an attacker to launch specific/effective attacks against it. In this paper, we demonstrate the feasibility of fingerpirinting SDN controllers. We propose techniques allowing an attacker...
Security is a worldwide issue. Individuals need their information and frameworks secure from malevolent dangers and assaults. A framework must be secured inside and out from illegal penetration. Security quality affirmation checks if the application is defenseless against assaults, in the event that anybody can hack the framework or login to the application with no approval. It is a procedure to discover...
Android malware scanning services (e.g., VirusTotal) are websites that users submit suspicious Android programs and get an array of malware detection results. With the growing popularity of such websites, we suspect that, these services are not only used by innocent users, but also, malware writers for testing the evasion capability of their malware samples. May this hypothesis be true, it not only...
The vulnerabilities existing in network protocol implementations are difficult to detect. The main reason is that the state space of complex protocol binary software is too large to explore. This paper proposes a novel approach that leverages selective symbolic execution to test network protocol binary software directly, which confines symbolic execution in the secure-sensitive area. This paper also...
Distributed Network Protocol (DNP 3.0) is a reliable and an efficient open standard SCADA communication protocol predominantly used in the Energy Sector in USA. Due to its exhaustive specification and complex implementation it becomes essential to perform vulnerability analysis. The paper highlights attack surface specific to function codes present in Data Link and Application layer of the protocol...
One of the primary concerns that the developers of mobile banking applications should strive to is to ensure the security of user information originating from any of these applications. However, implementing even basic security features, like performing encryption on user data or using HTTPS while connection establishment, on such mobile applications, is often found to be absent either due to the...
Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. The latter phase is known as the security oracle problem. In this work, we present SOFIA, a Security Oracle for SQL-Injection Vulnerabilities. SOFIA is programming-language and source-code independent,...
This article describes the preparation of a Wi-Fi wireless network in production system, with intrusion detection systems Snort and Kismet; for subsequent evaluation under attack. Through Penetration Testing with Backtrack 5 R3 using Fern WiFi Cracker and Ettercap to monitor response reaction of IDSs. Once the attacks are completed, the results are analyzed, in terms of the captured traffic by the...
Applications are generally written assuming a predictable and well-behaved OS. In practice, they experience unpredictable misbehavior at the OS level and across OSes: different OSes can handle network events differently, APIs can behave differently across OSes, and OSes may be compromised or buggy. This unpredictability is challenging because its sources typically manifest during deployment and are...
Multimodal biometric continuous authentication systems allow to improve security, making user identity verification a continuous process rather than a one-time occurrence. Unfortunately, the usability of these systems and their adequacy for working activities are often questioned. This paper presents a usability study for a multimodal biometric continuous authentication system capable of continuously...
Hundreds of vulnerabilities and security defects are disclosed by hackers, developers, and users. The better way to improve software security is to enhance security process into SDLC processes. To keep software secure, security enhancement of the SDLC process involves lots of practices and activities to achieve goal of security. However, how to adopt these activities well to improve software security...
Instant messaging activity plays a major role in our life. With increasing usage of mobile phones and instant messaging users, vulnerabilities against these devices raised exponentially. In this paper, we propose a security analysis testing for secure instant messaging apps in Android which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the...
The Cargo Supply Chain Integrity Technology (CSIT) Research, Development, Test and Evaluation project, jointly managed by the Transportation Security Administration (TSA) and the Department of Homeland Security's (DHS) Science and Technology (S&T) Directorate develops standards and certifies systems to mitigate threats posed by the potential introduction of improvised explosive devices into cargo...
This research will demonstrate hacking techniques on the modern automotive network and describe the design and implementation of a benchtop simulator. In currently-produced vehicles, the primary network is based on the Controller Area Network (CAN) bus described in the ISO 11898 family of protocols. The CAN bus performs well in the electronically noisy environment found in the modern automobile. While...
This presentation entitled "Securing OpenStack Cloud with Bandit" talks about Bandit, a security scanner from OpenStack Security Group. This presentation will cover details on Bandit, and how it can be used to secure OpenStack cloud and advantages of Bandit.
The rapid development in the modern technology and its widespread utilization in number of applications brings in new challenges that need to be addressed. Security is one of such challenges that has grown into a major concern over the years. Periodically new incidents of data and system breaches are reported. For this purpose, usually different side channels in the system are being exploited by the...
Based on a number of inquiries from the industrial community Terasense has developed and started production of a new terahertz imaging system. The system is designed for a conveyor based non-destructive testing and security scanning applications. The imaging kit includes 1×256 pixel THz linear camera and 100 GHz (80 mW) source with a special projection optics. The terahertz imaging system has undergone...
Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of...
Security protection is usually thought to be a separate process in web application development phases but the external security protection mechanisms are not effective to control threats and vulnerabilities in web applications. As a consequence, researchers have realized security development should be an integral part of System Development Lifecycle of web applications. This article presents a universal...
In this paper, we have tested several open source web applications against common security vulnerabilities. These vulnerabilities spans from unnecessary data member declaration to leaving gaps for SQL injection. The static security vulnerabilities testing was done in three categories (1) Dodgy code vulnerabilities (2) Malicious code vulnerabilities (3) Security code vulnerabilities on seven (7) different...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.