English
Related papers

Related papers: Vulnerabilities Mapping based on OWASP-SANS: a Sur…

200 papers

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly…

Cryptography and Security · Computer Science 2026-01-27 Duc-Ly Vu , Thanh-Cong Nguyen , Minh-Khanh Vu , Ngoc-Thanh Nguyen , Kim-Anh Do Thi

Formal verification and testing are complementary approaches which are used in the development process to verify the functional correctness of software. However, the correctness of software cannot ensure the safe operation of…

Software Engineering · Computer Science 2016-12-12 Asim Abdulkhaleq , Stefan Wagner , Nancy Leveson

Static Application Security Testing (SAST) tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis…

Security testing verifies that the data and the resources of software systems are protected from attackers. Unfortunately, it suffers from the oracle problem, which refers to the challenge, given an input for a system, of distinguishing…

Software Engineering · Computer Science 2019-12-12 Phu X. Mai , Fabrizio Pastore , Arda Goknil , Lionel Briand

Spring security is tremendously popular among practitioners for its ease of use to secure enterprise applications. In this paper, we study the application framework misconfiguration vulnerabilities in the light of Spring security, which is…

Cryptography and Security · Computer Science 2020-07-29 Mazharul Islam , Sazzadur Rahaman , Na Meng , Behnaz Hassanshahi , Padmanabhan Krishnan , Danfeng , Yao

Scenario testing is an important technique for detecting errors in web systems. Testers draft test scenarios and convert them into test scripts for execution. Early methods relied on testers to convert test scenarios into test scripts.…

Software Engineering · Computer Science 2026-04-16 Zhenyu Wan , Gong Chen , Qing Huang , Xiaoyuan Xie

We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive…

Cryptography and Security · Computer Science 2018-06-26 Stefano Calzavara , Riccardo Focardi , Matteo Maffei , Clara Schneidewind , Marco Squarcina , Mauro Tempesta

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

This demo paper presents the technical details and usage scenarios of $\mu$SE: a mutation-based tool for evaluating security-focused static analysis tools for Android. Mutation testing is generally used by software practitioners to assess…

Software Engineering · Computer Science 2021-07-16 Amit Seal Ami , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

WebAssembly (Wasm) is a binary instruction format designed for secure and efficient execution within sandboxed environments -- predominantly web apps and browsers -- to facilitate performance, security, and flexibility of web programming…

Software Engineering · Computer Science 2024-04-10 Muhammad Waseem , Teerath Das , Aakash Ahmad , Peng Liang , Tommi Mikkonen

Embedded software is used in safety-critical systems such as medical devices and autonomous vehicles, where software defects, including security vulnerabilities, have severe consequences. Most embedded codebases are developed in unsafe…

Cryptography and Security · Computer Science 2024-09-06 Ayushi Sharma , Shashank Sharma , Santiago Torres-Arias , Aravind Machiry

Security practitioners face growing challenges in exploit assessment, as public vulnerability repositories are increasingly populated with inconsistent and low-quality exploit artifacts. Existing scoring systems, such as CVSS and EPSS,…

Cryptography and Security · Computer Science 2025-09-23 Xiangmin Shen , Wenyuan Cheng , Yan Chen , Zhenyuan Li , Yuqiao Gu , Lingzhi Wang , Wencheng Zhao , Dawei Sun , Jiashui Wang

Since the first publication of the "OWASP Top 10" (2004), cross-site scripting (XSS) vulnerabilities have always been among the top 5 web application security bugs. Black-box vulnerability scanners are widely used in the industry to…

Cryptography and Security · Computer Science 2014-10-17 Enrico Bazzoli , Claudio Criscione , Federico Maggi , Stefano Zanero

Malware represents a significant security concern in today's digital landscape, as it can destroy or disable operating systems, steal sensitive user information, and occupy valuable disk space. However, current malware detection methods,…

Cryptography and Security · Computer Science 2023-12-21 Chenzhong Yin , Hantang Zhang , Mingxi Cheng , Xiongye Xiao , Xinghe Chen , Xin Ren , Paul Bogdan

WebAssembly (WASM) is an immensely versatile and increasingly popular compilation target. It executes applications written in several languages (e.g., C/C++) with near-native performance in various domains (e.g., mobile, edge, cloud).…

Programming Languages · Computer Science 2024-12-20 Martin Fink , Dimitrios Stavrakakis , Dennis Sprokholt , Soham Chakraborty , Jan-Erik Ekberg , Pramod Bhatotia

This article puts forward the use of mutual information values to replicate the expertise of security professionals in selecting features for detecting web attacks. The goal is to enhance the effectiveness of web application firewalls…

Cryptography and Security · Computer Science 2024-07-29 Amanda Riverol , Gustavo Betarte , Rodrigo Martínez , Álvaro Pardo

The open radio access network (O-RAN) enables modular, intelligent, and programmable 5G network architectures through the adoption of software-defined networking (SDN), network function virtualization (NFV), and implementation of…

Networking and Internet Architecture · Computer Science 2025-11-25 Md Habibur Rahman , Md Sharif Hossen , Nathan H. Stephenson , Vijay K. Shah , Aloizio Da Silva

Fine-tuning large language models often undermines their safety alignment, a problem further amplified by harmful fine-tuning attacks in which adversarial data removes safeguards and induces unsafe behaviors. We propose SPARD, a defense…

Machine Learning · Computer Science 2026-05-28 Shuhao Chen , Weisen Jiang , Yeqi Gong , Shengda Luo , Chengxiang Zhuo , Zang Li , James T. Kwok , Yu Zhang

The rapid evolution of web and mobile applications has necessitated robust mechanisms for managing application state to ensure consistency, performance, and user-friendliness. This comprehensive review examines the most effective…

Software Engineering · Computer Science 2024-12-17 Anujkumarsinh Donvir , Apeksha Jain , Pradeep Kumar Saraswathi

The malware analysis and detection research community relies on the online platform VirusTotal to label Android apps based on the scan results of around 60 antiviral scanners. Unfortunately, there are no standards on how to best interpret…

Cryptography and Security · Computer Science 2020-07-02 Aleieldin Salem , Sebastian Banescu , Alexander Pretschner
‹ Prev 1 4 5 6 7 8 10 Next ›