English
Related papers

Related papers: Vulnerabilities Mapping based on OWASP-SANS: a Sur…

200 papers

With the increasing concern for security in the network, many approaches are laid out that try to protect the network from unauthorised access. New methods have been adopted in order to find the potential discrepancies that may damage the…

Cryptography and Security · Computer Science 2014-03-28 Sheetal Bairwa , Bhawna Mewara , Jyoti Gajrani

We present a second iteration of a machine learning approach to static code analysis and fingerprinting for weaknesses related to security, software engineering, and others using the open-source MARF framework and the MARFCAT application…

Cryptography and Security · Computer Science 2013-05-13 Serguei A. Mokhov , Joey Paquet , Mourad Debbabi , Yankui Sun

Mass assignment is one of the most prominent vulnerabilities in RESTful APIs. This vulnerability originates from a misconfiguration in common web frameworks, such that naming convention and automatic binding can be exploited by an attacker…

Cryptography and Security · Computer Science 2023-01-04 Davide Corradini , Michele Pasqua , Mariano Ceccato

ModSecurity is widely recognized as the standard open-source Web Application Firewall (WAF), maintained by the OWASP Foundation. It detects malicious requests by matching them against the Core Rule Set (CRS), identifying well-known attack…

The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed. The gains obtained from the reuse of community-developed libraries may be offset by the…

Cryptography and Security · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

The Open Source Security Testing Methodology Manual (OSSTMM) provides a "scientific methodology for the accurate characterization of operational security" [Her10, p.13]. It is extensively referenced in writings aimed at security testing…

Cryptography and Security · Computer Science 2020-10-14 Martin R. Albrecht , Rikke Bjerg Jensen

Self-Admitted Technical Debt (SATD) encompasses a wide array of sub-optimal design and implementation choices reported in software artefacts (e.g., code comments and commit messages) by developers themselves. Such reports have been central…

Software Engineering · Computer Science 2024-03-05 Nicolás E. Díaz Ferreyra , Mojtaba Shahin , Mansooreh Zahedi , Sodiq Quadri , Ricardo Scandariato

Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewall (WAF), a technology that is used…

Cryptography and Security · Computer Science 2018-03-16 Gustavo Betarte , Eduardo Giménez , Rodrigo Martínez , Álvaro Pardo

Machine learning-based malware detection dominates current security defense approaches for Android apps. However, due to the evolution of Android platforms and malware, existing such techniques are widely limited by their need for constant…

Cryptography and Security · Computer Science 2021-11-03 Haipeng Cai

This report examines the synergy between Large Language Models (LLMs) and Static Application Security Testing (SAST) to improve vulnerability discovery. Traditional SAST tools, while effective for proactive security, are limited by high…

Cryptography and Security · Computer Science 2025-11-06 Vaibhav Agrawal , Kiarash Ahi

Android is the most used Operating System worldwide for mobile devices, with hundreds of thousands of apps downloaded daily. Although these apps are primarily written in Java and Kotlin, advanced functionalities such as graphics or…

Cryptography and Security · Computer Science 2024-12-03 Silvia Lucia Sanna , Diego Soi , Davide Maiorca , Giorgio Fumera , Giorgio Giacinto

WebAssembly is a new binary instruction format that allows targeted compiled code written in high-level languages to be executed with near-native speed by the browser's JavaScript engine. However, given that WebAssembly binaries can be…

Cryptography and Security · Computer Science 2022-04-28 Tiago Brito , Pedro Lopes , Nuno Santos , José Fragoso Santos

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos

Cybersecurity issues in medical devices threaten patient safety and can cause harm if exploited. Standards and regulations therefore require vendors of such devices to provide an assessment of the cybersecurity risks as well as a…

Cryptography and Security · Computer Science 2024-07-11 Max Fransson , Adam Andersson , Mazen Mohamad , Jan-Philipp Steghöfer

Mobile application marketplaces are responsible for vetting apps to identify and mitigate security risks. Current vetting processes are labor-intensive, relying on manual analysis by security professionals aided by semi-automated tools. To…

Cryptography and Security · Computer Science 2025-08-22 Yu Yang , Zhenyuan Li , Xiandong Ran , Jiahao Liu , Jiahui Wang , Bo Yu , Shouling Ji

This paper presents a demo of our Security Toolbox to detect novel malware in Android apps. This Toolbox is developed through our recent research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) project. The…

Cryptography and Security · Computer Science 2015-04-08 Benjamin Holland , Tom Deering , Suresh Kothari , Jon Mathews , Nikhil Ranade

Large Language Models (LLMs) have emerged as a transformative and disruptive technology, enabling a wide range of applications in natural language processing, machine translation, and beyond. However, this widespread integration of LLMs…

Cryptography and Security · Computer Science 2026-01-27 Mohammad Fasha , Faisal Abul Rub , Nasim Matar , Bilal Sowan , Mohammad Al Khaldy

Safety-critical system's failure or malfunction can cause loss of human lives or damage to the physical environment; therefore, continuous safety assessment is crucial for such systems. In many domains this includes the use of Safety…

Software Engineering · Computer Science 2023-07-17 Ankit Agrawal , Jane Cleland-Huang

Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise…

Software Engineering · Computer Science 2024-03-13 Anna-Katharina Wickert , Michael Schlichtig , Marvin Vogel , Lukas Winter , Mira Mezini , Eric Bodden
‹ Prev 1 3 4 5 6 7 10 Next ›