Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
150
Finding Security Vulnerabilities in Java Applications with Static Analysis
, 2005
"... This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of securi ..."
Abstract
-
Cited by 169 (3 self)
- Add to MetaCart
specification in the statically analyzed code. Results of our static analysis are presented to the user for assessment in an auditing interface integrated within Eclipse, a popular Java development environment. Our static analysis found 29 security vulnerabilities in nine large, popular open-source applications
Vulnerability Discovery in Multi-Version Software Systems
- 10TH IEEE HIGH ASSURANCE SYSTEMS ENGINEERING SYMPOSIUM
, 2007
"... The vulnerability discovery process for a program describes the rate at which the security vulnerabilities are discovered. Being able to predict the vulnerability discovery process allows developers to adequately plan for resource allocation needed to develop patches for them. It also enables the u ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
among multiversion software systems. Such a modeling approach can be used for assessing security risk both before and after the release of a version. The applicability of the approach is examined using two open source software systems, viz., Apache HTTP Web server and Mysql DataBase Management System
Vulnerability Discovery in Multi-Version Software Systems
"... ¡£¢¥¤§ ¦ ¨�©¥�� ¦ — The vulnerability discovery process for a program describes the rate at which the security vulnerabilities are discovered. Being able to predict the vulnerability discovery process allows developers to adequately plan for resource allocation needed to develop patches for them. I ..."
Abstract
- Add to MetaCart
source code measurements among multiversion software systems. Such a modeling approach can be used for assessing security risk both before and after the release of a version. The applicability of the approach is examined using two open source software systems, viz., Apache HTTP Web server and Mysql DataBase
Indicators for Social and Economic Coping Capacity - Moving Toward a Working Definition of Adaptive Capacity”, Wesleyan-CMU Working Paper.
, 2001
"... Abstract This paper offers a practically motivated method for evaluating systems' abilities to handle external stress. The method is designed to assess the potential contributions of various adaptation options to improving systems' coping capacities by focusing attention directly on the u ..."
Abstract
-
Cited by 109 (14 self)
- Add to MetaCart
be attributed to global climate change and other sources of external stress. As such, it holds the potential of being a point of departure for the construction of practical indices of vulnerability that could sustain comparable analyses of the relative vulnerabilities of different systems located across
WEB SECURITY VULNERABILITY ASSESSMENT AND RECOVERY MACHANISAM
"... Nowadays web applications have critical logical holes (bug) affecting its security, Thus it makes application as vulnerable and easy to attack by hackers and organized crime. In order to prevent these security problems from occurrence of its maximum importance to understand the typical software faul ..."
Abstract
- Add to MetaCart
faults. This paper contributes the knowledge of widely spread two critical web applications by presenting a field study on most of vulnerabilities like SQL Injection and XSS. By analyzing the security patches of source code which are widely used in web applications written in weak and strong typed
GRAPHICAL EXPERT SYSTEM FOR ANALYZING NUCLEAR FACILITY VULNERABILITY
"... Nuclear facilities are a vital part of the nation's infrastructure providing approximately 20 % of the nation's electricity and representing a vast investment of national resources. They also have the potential for serious radiological releases following an incident, which could adversely ..."
Abstract
- Add to MetaCart
be required to defeat operations at a nuclear facility and how serious the collateral consequences of an attack might be. The Oak Ridge National Laboratory (ORNL) is currently developing a novel graphical expert system, the Visual Interactive Site Analysis Code (VISAC), to address both of these needs. For a
Buffer Overflow Vulnerability Detection based on Format-Matching on Source Level
"... Abstract—Buffer overflow has become the most common software vulnerability, which seriously restricts the development of the software industry. It’s very essential t o find out an effective method to detect this kind of software bugs accurately. In this paper, we design an improved buffer overflow d ..."
Abstract
- Add to MetaCart
detection system. At first, our system preprocesses the source code to add some auxiliary detection symbols. Then, it scans the source code by a static detector, which uses the identifier for auxiliary detection and combines with a dynamic detection method to improve the recognition accuracy and detection
Manual vs. Automated Vulnerability Assessment: A Case Study
- In First International Workshop on Managing Insider Security Threats (MIST), West
, 2009
"... Abstract. The dream of every software development team is to assess the security of their software using only a tool. In this paper, we attempt to evaluate and quantify the effectiveness of automated source code analysis tools by comparing such tools to the results of an in-depth manual evaluation o ..."
Abstract
-
Cited by 8 (2 self)
- Add to MetaCart
of the same system. We present our manual vulnerability assessment methodology, and the results of applying this to a major piece of software. We then analyze the same software using two commercial products, Coverity Prevent and Fortify SCA, that perform static source code analysis. These tools found only a
VULNERABILITY OF ESTONIAN ELECTRICITY SYSTEM: ECONOMIC IMPACT ASSESSMENT OF A PARAMILITARY CONFLICT IN IDA-VIRUMAA
"... I have written the Master’s thesis independently. All works and major viewpoints of the other authors, data from other sources of literature and elsewhere used for writing this paper have been referenced.......................................................................... (Signature of the auth ..."
Abstract
- Add to MetaCart
I have written the Master’s thesis independently. All works and major viewpoints of the other authors, data from other sources of literature and elsewhere used for writing this paper have been referenced.......................................................................... (Signature
CloudER: A Framework for Automatic Software Vulnerability Location and Patching in the Cloud
"... In a virtualization-based cloud infrastructure, customers of the cloud deploy virtual machines (VMs) with their own applications and customized runtime environments. The cloud provider supports the execution of these VMs without detailed knowledge of the guest applications and operating systems in t ..."
Abstract
- Add to MetaCart
of the software vulnerability – outside the VMs and without the source code. In this paper, we present CloudER, a cloud “emergency room ” architecture that automatically detect, locate, and patch software vulnerabilities in cloud application binaries at runtime. CloudER leverages an existing taint-based system
Results 1 - 10
of
150
