The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
An application logic flaw is a type of software vulnerability related to privilege manipulation or transaction control manipulation. They are often difficult to identify using automated scanners. A case study on the eCommerce merchant software Bigcommerce, integrated with PayPal Express as a third party payment collector, was created to teach students about this topic. Case studies provide students...
Web applications are an extremely important and ubiquitous part of today's world. Students must not only know how to develop them from a technical perspective, but in doing so need to understand how to follow the proper principles of software engineering — delivering the project on time, on budget, and in a high quality manner. At the Department of Software Engineering at the Rochester Institute of...
True Random Numbers represents a sensitive research area for cryptographic algorithms and applications. They are mostly used in generating non-reproducible and non-deterministic patterns used in different cryptographic protocols. A True Random Number Generator basically consists of three main components: a noise generator, that is based on a physical incontrollable phenomenon, a randomness extractor...
In this paper, the researchers present a novel framework which derives from the TAM model by testing security and trust effects on the ease of use and on usefulness. A "one shot" case study has been conducted using a new secure email instructional model in order to validate the framework. The study found that security and trust affects the perceived usefulness, and that in turn this leads...
Business critical web applications are the most popular services provided to the client by the financial sector. These applications are bringing handsome revenue for the financial industry every year. These services are also a frequent target of attackers. Poor coding practice leads applications to vulnerability that are exploited by attackers. Information and privileges such as access to databases,...
A security officer must be offensive and defensive. Being attacked by an attacker is not an option. They need to be creative and they may need to think like an attacker. That is why learning the art of penetration testing is crucial in education level. The basic fortress of security is to protect a network with firewall. To possess knowledge in security, early exposure must be nurtured from undergraduate...
With the increased attention on cyber security, more and more people focus on the security and reliability of the software they utilize. Therefore, software vendors, especially operating system suppliers, make great efforts to build more secure and reliable software. The aim of this paper is finding a re-development way building secure and reliable operating system (OS) based on open source software...
Concolic testing is a powerful technique for vulnerability detection. Current concolic testing tools usually randomly select one well-formed concrete input to start their workflow, then employ different path selection methods to explore the execution space. However, experiments have shown that concolic testing tools have different vulnerability detection performance when starting with different well-formed...
In recent yeas a lot of web applications have been released in the world. At the same time, cyber attacks against web application vulnerabilities have also increased. In such a situation, it is necessary to make web applications more secure. However checking all web vulnerabilities by hand is very difficult and time-consuming. Therefore, we need a web application vulnerability scanner. In this work,...
Software vulnerabilities are one of the root causes of network security issues. Software security testing is an essential part of secure software development. Fuzzing has been proven to be an effective dynamic software security testing method. In this paper we present a guided fuzzing approach based on dynamic taint analysis for security testing of network protocol software. This approach identifies...
Cyber security is becoming an important aspect in every industry like in banking sector, power and automation sectors. Servers are critical assets in these industries where business critical sensitive data is stored. These servers often incorporates web servers in them through which any business data and operations are performed remotely. Hence, it is obvious that for a reliable operation, security...
In many problems of design of mechanisms and multi-agent systems, the system designer has control over the information environment. What is the optimal design given the goals of the system designer? We discuss several ways of representing information structures. Each representation simplifies a particular class of optimization problems over information structures; we discuss current and potential...
This paper examines a two-player, non-zero-sum, sequential detection game motivated by problems arising in the cyber-security domain. A defender agent seeks to sequentially detect the presence of an attacker agent via the drift of a stochastic process. The attacker strategically chooses the drift of the observed stochastic process, while his payoff increases in both the drift of the stochastic process...
In cryptography, secret sharing is a technique to share a secret among a group of members, each of which holds a portion of the secret. The secret can only be retrieved when a certain number of members combine their shares together, while any combination with fewer shares has no extra information about the secret. There are many secret sharing schemes, and each one achieves a different level of security...
The intent mechanism is a powerful feature of the Android platform that helps compose existing components together to build a Mobile application. However, hackers can leverage the intent messaging to extract personal data or to call components without credentials by sending malicious intents to components. This paper tackles this issue by proposing a security testing method which aims at detecting...
The boundary devices, such as routers, firewalls, proxies, and domain controllers, etc., are continuously generating logs showing the behaviors of the internal and external users, the working state of the network as well as the devices themselves. To rapidly and efficiently analyze these logs makes great sense in terms of security and reliability. However, it is a challenging task due to the fact...
A service level agreement (SLA) is a negotiated agreement between consumers and service providers in order to guarantee the quality of the negotiated service level. Therefore, many companies used contract to specify the desired service level agreement. SLA may specify the levels of availability, serviceability, performance, operation, security, or other attributes of the service. However, due to the...
Security testing of web applications remains a major problem of software engineering. In order to reveal vulnerabilities, manual and automatic testing approaches use different strategies for detection of certain kinds of inputs that might lead to a security breach. In this paper we compared a state-of-the-art manual testing tool with an automated one that is based on model-based testing. The first...
Recently, some statistically optimal steganalyzers are proposed based on hypothesis testing theory, in which the cover pixels are supposed to be independent. However, the independent assumption is of limited interest since redundancy exists in natural images. In this paper, using a more appropriate image model considering pixel correlation, a new steganaly-sis method for the least significant bit...
Number of security vulnerabilities in web application has grown with the tremendous growth of web application in last two decades. As the domain of Web Applications is maturing, large number of empirical studies has been reported in web applications to address the solution of vulnerable web application. However, before advancing towards finding new approaches of web applications security vulnerability...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.