Related papers: Detection of Wordpress Content Injection Vulnerabi…
Despite the numerous benefits of microservices systems, security has been a critical issue in such systems. Several factors explain this difficulty, including a knowledge gap among microservices practitioners on properly securing a…
We conduct a large-scale measurement of developers' insecure practices leading to mini-app to super-app authentication bypass, among which hard-coding developer secrets for such authentication is a major contributor. We also analyze the…
Supply chain security is extremely important for modern applications running at scale in the cloud. In fact, they involve a large number of heterogeneous microservices that also include third-party software. As a result, security…
Many software products are composed of components integrated from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve supply chain…
This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage.…
Large Language Models (LLMs) are increasingly used for automated software development, making their ability to preserve secure coding practices critical. In practice, however, many security requirements are implicit or underspecified,…
Software vulnerabilities can result in catastrophic cyberattacks that increasingly threaten business operations. Consequently, ensuring the safety of software systems has become a paramount concern for both private and public sectors.…
Software vulnerabilities are a serious and crucial concern. Typically, in a program or function consisting of hundreds or thousands of source code statements, there are only a few statements causing the corresponding vulnerabilities. Most…
PHP is one of the most commonly used languages to develop web sites because of its simplicity, easy to learn and it can be easily embedded with any of the databases. A web developer with his basic knowledge developing an application without…
The surge in website attacks, including Denial of Service (DoS), Cross-Site Scripting (XSS), and Clickjacking, underscores the critical need for robust HTTPS implementation-a practice that, alarmingly, remains inadequately adopted.…
Credential stuffing attacks use stolen passwords to log into victim accounts. To defend against these attacks, recently deployed compromised credential checking (C3) services provide APIs that help users and companies check whether a…
WebAssembly is revolutionizing the approach to developing modern applications. Although this technology was born to create portable and performant modules in web browsers, currently, its capabilities are extensively exploited in multiple…
Web application pentesting is a crucial component in the offensive cybersecurity area, whose aim is to safeguard web applications and web services as the majority of the web applications are mounted in publicly accessible web environments.…
Vulnerability detection is crucial for maintaining software security, and recent research has explored the use of Language Models (LMs) for this task. While LMs have shown promising results, their performance has been inconsistent across…
Integration testing is one the important phase in software testing life cycle (STLC). With the fast growth of internet and web services, web-based applications are also growing rapidly and their importance and complexity is also increasing.…
Recently, advances in deep learning have been observed in various fields, including computer vision, natural language processing, and cybersecurity. Machine learning (ML) has demonstrated its ability as a potential tool for anomaly…
Modern software systems are developed in diverse programming languages and often harbor critical vulnerabilities that attackers can exploit to compromise security. These vulnerabilities have been actively targeted in real-world attacks,…
There is an increase in global malware threats. To address this, an encryption-type ransomware has been introduced on the Android operating system. The challenges associated with malicious threats in phone use have become a pressing issue…
This study systematically analyzes the vulnerability of 36 large language models (LLMs) to various prompt injection attacks, a technique that leverages carefully crafted prompts to elicit malicious LLM behavior. Across 144 prompt injection…
The security of the Internet rests on a small number of open-source cryptographic libraries: a vulnerability in any one of them threatens to compromise a significant percentage of web traffic. Despite this potential for security impact, the…