English
Related papers

Related papers: Detection of Wordpress Content Injection Vulnerabi…

200 papers

Background: Despite the widespread use of automated security defect detection tools, software projects still contain many security defects that could result in serious damage. Such tools are largely context-insensitive and may not cover all…

Software Engineering · Computer Science 2023-07-06 Jiaxin Yu , Liming Fu , Peng Liang , Amjed Tahir , Mojtaba Shahin

Supply chain attacks significantly threaten software security with malicious code injections within legitimate projects. Such attacks are very rare but may have a devastating impact. Detecting spurious code injections using automated tools…

Software Engineering · Computer Science 2025-10-28 Maor Reuben , Ido Mendel , Or Feldman , Moshe Kravchik , Mordehai Guri , Rami Puzis

According to the Open Web Application Security Project (OWASP), Cross-Site Scripting (XSS) is a critical security vulnerability. Despite decades of research, XSS remains among the top 10 security vulnerabilities. Researchers have proposed…

Cryptography and Security · Computer Science 2025-05-01 Dennis Miczek , Divyesh Gabbireddy , Suman Saha

Background: Construct validity concerns the use of indicators to measure a concept that is not directly measurable. Aim: This study intends to identify, categorize, assess and quantify discussions of threats to construct validity in…

Software Engineering · Computer Science 2023-06-09 Dag I. K. Sjøberg , Gunnar R. Bergersen

Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android…

Cryptography and Security · Computer Science 2022-08-24 Amirhosein Sayyadabdi , Behrouz Tork Ladani , Bahman Zamani

Computing platforms such as smartphones frequently access Web content using many separate applications rather than a single Web browser application. These applications often deal with sensitive user information such as financial data or…

Cryptography and Security · Computer Science 2014-10-29 Vasant Tendulkar , William Enck

Every organization needs to communicate with its audience, and social media is an attractive and inexpensive way to maintain dialogic communication. About 1/3 of the Internet web pages are powered by WordPress, and about a million companies…

Computers and Society · Computer Science 2020-07-06 Michael Soltys , Katharine Soltys

Modern websites include various types of third-party content such as JavaScript, images, stylesheets, and Flash objects in order to create interactive user interfaces. In addition to explicit inclusion of third-party content by website…

Cryptography and Security · Computer Science 2020-02-17 Sajjad Arshad , Amin Kharraz , William Robertson

Outdated software remains a potent and underappreciated menace in 2025's cybersecurity environment, exposing systems to a broad array of threats, including ransomware, data breaches, and operational outages that can have devastating and…

Cryptography and Security · Computer Science 2025-05-21 Gogulakrishnan Thiyagarajan , Vinay Bist , Prabhudarshi Nayak

Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of their own customers. {\em Shared} hosting, offers a unique perspective since customers operate…

Security is a requirement of utmost importance to produce high-quality software. However, there is still a considerable amount of vulnerabilities being discovered and fixed almost weekly. We hypothesize that developers affect the…

Software Engineering · Computer Science 2021-09-14 Sofia Reis , Rui Abreu , Luis Cruz

A system vulnerability analysis technique (SVAT) for complex mission critical systems (CMCS) was developed in response to the need to be able to conduct penetration testing on large industrial systems which cannot be taken offline or risk…

Cryptography and Security · Computer Science 2023-06-08 Matthew Tassava , Cameron Kolodjski , Jeremy Straub

Improper Input Validation (IIV) is a software vulnerability that occurs when a system does not safely handle input data. Even though IIV is easy to detect and fix, it still commonly happens in practice. In this paper, we study to what…

Software Engineering · Computer Science 2021-02-15 Larissa Braz , Enrico Fregnan , Gül Çalikli , Alberto Bacchelli

Large language models (LLMs) are increasingly embedded in open-source software (OSS) ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it…

Cryptography and Security · Computer Science 2026-04-16 Fariha Tanjim Shifat , Hariswar Baburaj , Ce Zhou , Jaydeb Sarker , Mia Mohammad Imran

The number of cyber-attacks have substantially increased over the past decade resulting in huge organizational financial losses. Indeed, it is no longer a matter of "if" but "when" a security incident will take place. A Security Operations…

Continuous Integration (CI) encompasses a set of widely adopted practices that enhance software development. However, there are indications that developers may not adequately monitor CI practices. Hence, this paper explores developers'…

Software Engineering · Computer Science 2025-06-10 Jadson Santos , Daniel Alencar da Costa , Shane McIntosh , Uirá Kulesza

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis…

Cryptography and Security · Computer Science 2025-05-14 Avihay Cohen

The internet is a major distribution platform for web applications, but there are no effective transparency and audit mechanisms in place for the web. Due to the ephemeral nature of web applications, a client visiting a website has no…

Cryptography and Security · Computer Science 2023-01-13 Ilkan Esiyok , Pascal Berrang , Katriel Cohn-Gordon , Robert Kuennemann

With the increasing usage of open-source software (OSS) components, vulnerabilities embedded within them are propagated to a huge number of underlying applications. In practice, the timely application of security patches in downstream…

Cryptography and Security · Computer Science 2023-01-09 Xinda Wang , Shu Wang , Pengbin Feng , Kun Sun , Sushil Jajodia , Sanae Benchaaboun , Frank Geck

We describe a workflow used to analyze the source code of the {\sc Android OS kernel} and rate for a particular kind of bugginess that exposes a program to hacking. The workflow represents a novel approach for components' vulnerability…

Cryptography and Security · Computer Science 2021-12-22 Joseph R. Barr , Peter Shaw , Tyler Thatcher