English
Related papers

Related papers: Deemon: Detecting CSRF with Dynamic Analysis and P…

200 papers

Detection and mitigation of critical web vulnerabilities and attacks like cross-site scripting (XSS), and cross-site request forgery (CSRF) have been a great concern in the field of web security. Such web attacks are evolving and becoming…

Cryptography and Security · Computer Science 2023-05-01 Mahnoor Shahid

Decentralized finance (DeFi) is revolutionizing the traditional centralized finance paradigm with its attractive features such as high availability, transparency, and tamper-proofing. However, attacks targeting DeFi services have severely…

Software Engineering · Computer Science 2024-04-17 Yepeng Ding , Arthur Gervais , Roger Wattenhofer , Hiroyuki Sato

Vulnerability identification constitutes a task of high importance for cyber security. It is quite helpful for locating and fixing vulnerable functions in large applications. However, this task is rather challenging owing to the absence of…

Cryptography and Security · Computer Science 2023-06-09 Ammar Ahmed , Anwar Said , Mudassir Shabbir , Xenofon Koutsoukos

The global rise of online users and online devices has ultimately given rise to the global internet population apart from several cybercrimes and cyberattacks. The combination of emerging new technology and powerful algorithms (of…

Cryptography and Security · Computer Science 2024-02-05 Naresh Kshetri , Dilip Kumar , James Hutson , Navneet Kaur , Omar Faruq Osama

Webshell attacks are becoming more common, requiring robust detection mechanisms to protect web applications. The dissertation clearly states two research directions: scanning web application source code and analyzing HTTP traffic to detect…

Cryptography and Security · Computer Science 2024-12-10 Ha L. Viet , On V. Phung , Hoa N. Nguyen

While attack graphs are useful for identifying major cybersecurity threats affecting a system, they do not provide operational support for determining the likelihood of having a known vulnerability exploited, or that critical system nodes…

Cryptography and Security · Computer Science 2026-04-21 Francesco Vitale , Simone Guarino , Stefano Perone , Massimiliano Rak , Nicola Mazzocca

Server-side request forgery (SSRF) vulnerabilities are inevitable in PHP web applications. Existing static tools in detecting vulnerabilities in PHP web applications neither contain SSRF-related features to enhance detection accuracy nor…

Cryptography and Security · Computer Science 2025-06-02 Yuchen Ji , Ting Dai , Zhichao Zhou , Yutian Tang , Jingzhu He

Vulnerability identification is crucial to protect the software systems from attacks for cyber security. It is especially important to localize the vulnerable functions among the source code to facilitate the fix. However, it is a…

Software Engineering · Computer Science 2019-09-10 Yaqin Zhou , Shangqing Liu , Jingkai Siow , Xiaoning Du , Yang Liu

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis…

Cryptography and Security · Computer Science 2025-05-14 Avihay Cohen

Identifying vulnerable code is a precautionary measure to counter software security breaches. Tedious expert effort has been spent to build static analyzers, yet insecure patterns are barely fully enumerated. This work explores a deep…

Artificial Intelligence · Computer Science 2021-09-09 Yufan Zhuang , Sahil Suneja , Veronika Thost , Giacomo Domeniconi , Alessandro Morari , Jim Laredo

Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding $80 billion. Current tools detect and locate possible…

Cryptography and Security · Computer Science 2025-11-04 Xiaoqi Li , Wenkai Li , Zhiquan Liu , Yuqing Zhang , Yingjie Mao

Cyber security is one of the most significant technical challenges in current times. Detecting adversarial activities, prevention of theft of intellectual properties and customer data is a high priority for corporations and government…

Databases · Computer Science 2015-03-04 Sutanay Choudhury , Lawrence Holder , George Chin , Khushbu Agarwal , John Feo

Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We…

Cryptography and Security · Computer Science 2018-04-04 Mahmoud Mohammadi , Bill Chu , Heather Richter Lipford , Emerson Murphy-Hill

The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript,…

Cryptography and Security · Computer Science 2018-04-06 Mahmoud Mohammadi , Bei-Tseng Chu , Heather Richter Lipford

Android has always been about connectivity and providing great browsing experience. Web-based content can be embedded into the Android application using WebView. It is a User Interface component that displays webpages. It can either display…

Cryptography and Security · Computer Science 2014-11-13 A B Bhavani

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning…

Cryptography and Security · Computer Science 2023-09-14 MD Asibul Hasan , Md. Mijanur Rahman

We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in either web-browser or server and…

Cryptography and Security · Computer Science 2012-05-01 Yossi Gilad , Amir Herzberg

Malicious server (MS) attacks have enabled the scaling of data stealing in federated learning to large batch sizes and secure aggregation, settings previously considered private. However, many concerns regarding the client-side…

Cryptography and Security · Computer Science 2024-04-16 Kostadin Garov , Dimitar I. Dimitrov , Nikola Jovanović , Martin Vechev

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual…

Cryptography and Security · Computer Science 2026-05-04 Ying Yuan , Cristiano Alex Rado , Giovanni Apruzzese , Mauro Conti , Luigi Vincenzo Mancini

The Domain Name System Security Extensions (DNSSEC) are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational…

Cryptography and Security · Computer Science 2025-12-15 Qifan Zhang , Zilin Shen , Imtiaz Karim , Elisa Bertino , Zhou Li
‹ Prev 1 2 3 10 Next ›