English
Related papers

Related papers: Testing Access-Control Configuration Changes for W…

200 papers

Broken access control is one of the most common security vulnerabilities in web applications. These vulnerabilities are the major cause of many data breach incidents, which result in privacy concern and revenue loss. However, preventing and…

Cryptography and Security · Computer Science 2023-04-24 Li Zhong

Access control mechanisms have been adopted in many real-world systems to control resource sharing for the principals in the system. An error in the access control policy (misconfiguration) can easily cause severe data leakage and system…

Cryptography and Security · Computer Science 2023-04-18 Bingyu Shen

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta

Security has become, nowadays, a major concern for the organizations as the majority of its applications are exposed to Internet, which increases the threats of security considerably. Thus, the solution is to improve tools and mechanisms to…

Cryptography and Security · Computer Science 2013-09-25 Mohammed Ennahbaoui , Said Elhajji

We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and…

Cryptography and Security · Computer Science 2025-09-15 Davide Corradini , Mariano Ceccato , Mohammad Ghafari

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis…

Cryptography and Security · Computer Science 2025-05-14 Avihay Cohen

Harm to the privacy of users through data leakage is not an unknown issue, however, it has not been studied in the context of the crash reporting system. Automatic Crash Reporting Systems (ACRS) are used by applications to report…

Cryptography and Security · Computer Science 2018-08-07 Kiavash Satvat , Nitesh Saxena

This paper proposes configuration testing--evaluating configuration values (to be deployed) by exercising the code that uses the values and assessing the corresponding program behavior. We advocate that configuration values should be…

Software Engineering · Computer Science 2019-07-30 Tianyin Xu , Owolabi Legunsen

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Many techniques were proposed for detecting software misconfigurations in cloud systems and for diagnosing unintended behavior caused by such misconfigurations. Detection and diagnosis are steps in the right direction: misconfigurations…

Software Engineering · Computer Science 2021-02-24 Yuanliang Zhang , Haochen He , Owolabi Legunsen , Shanshan Li , Wei Dong , Tianyin Xu

With the increasing need for inclusive and user-friendly technology, web accessibility is crucial to ensuring equal access to online content for individuals with disabilities, including visual, auditory, cognitive, or motor impairments.…

Human-Computer Interaction · Computer Science 2024-02-13 Calista Huang , Alyssa Ma , Suchir Vyasamudri , Eugenie Puype , Sayem Kamal , Juan Belza Garcia , Salar Cheema , Michael Lutz

Secure by Design has become the mainstream development approach ensuring that software systems are not vulnerable to cyberattacks. Architectural security controls need to be carefully monitored over the software development life cycle to…

Software Engineering · Computer Science 2023-07-13 Ahmet Okutan , Ali Shokri , Viktoria Koscinski , Mohamad Fazelinia , Mehdi Mirakhorli

The complexity of browsers has steadily increased over the years, driven by the continuous introduction and update of Web platform components, such as novel Web APIs and security mechanisms. Their specifications are manually reviewed by…

Cryptography and Security · Computer Science 2022-09-02 Lorenzo Veronese , Benjamin Farinier , Pedro Bernardo , Mauro Tempesta , Marco Squarcina , Matteo Maffei

Recent trends in the software development practices (Agile, DevOps, CI) have shortened the development life-cycle causing the need for efficient security-by-design approaches. In this context, software architectures are analyzed for…

Software Engineering · Computer Science 2019-06-06 Katja Tuma , Danial Hosseini , Kyriakos Malamas , Riccardo Scandariato

Background: Despite the widespread use of automated security defect detection tools, software projects still contain many security defects that could result in serious damage. Such tools are largely context-insensitive and may not cover all…

Software Engineering · Computer Science 2023-07-06 Jiaxin Yu , Liming Fu , Peng Liang , Amjed Tahir , Mojtaba Shahin

Authorization and access control play an essential role in protecting sensitive information from malicious users. The system is based on security policies to determine if an access request is allowed. However, of late, the growing…

Cryptography and Security · Computer Science 2020-05-15 Tran Khanh Dang , Xuan Son Ha , Luong Khiem Tran

This paper tackles the problems of generating concrete test cases for testing whether an application is vulnerable to attacks, and of checking whether security solutions are correctly implemented. The approach proposed in the paper aims at…

Software Engineering · Computer Science 2020-07-08 Sébastien Salva , Loukmen Regainia

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Spring security is tremendously popular among practitioners for its ease of use to secure enterprise applications. In this paper, we study the application framework misconfiguration vulnerabilities in the light of Spring security, which is…

Cryptography and Security · Computer Science 2020-07-29 Mazharul Islam , Sazzadur Rahaman , Na Meng , Behnaz Hassanshahi , Padmanabhan Krishnan , Danfeng , Yao

Increasing number of cyber-attacks demotivate people to use Information and Communication Technology (ICT) for industrial as well as day to day work. A main reason for the increasing number of cyber-attacks is mistakes that programmers make…

Cryptography and Security · Computer Science 2018-10-12 Chamila Wijayarathna , Nalin Asanka Gamagedara Arachchilage
‹ Prev 1 2 3 10 Next ›