Search Results

Unrestricted file upload (UFU) is a class of web security vulnerabilities that can have a severe impact on web applications if uploaded files are not sufficiently validated or securely handled. A review of related work shows an increased interest ...

The security of an application is critical for its success, as breaches cause loss for organizations and individuals. Search-based software security testing (SBSST) is the field that utilizes metaheuristics to generate test cases for the software ...

Policy defense technology is the mainstream XSS defense technology. However, defense mechanisms with fixed policies may hardly cover the attack surface persistently in dynamic environments. Moreover, the undifferentiated policy makes the ...

XSS (Cross-Site Scripting) attacks exploit vulnerabilities in web applications, and many victims have been reported. As a countermeasure for this, existing studies propose methods to detect XSS attacks by combining natural language processing ...

Insecurity Refactoring is a change to the internal structure of software to inject a vulnerability without changing the observable behavior in a normal use case scenario. An implementation of Insecurity Refactoring is formally explained to inject ...

The allure of the metaverse along with Virtual Reality (VR) technologies and speed at which they are deployed may shift focus away from security and privacy fundamentals. In this work we employ classic exploitation techniques against cutting edge ...

The detection of feasible paths helps to minimize the false positive rate. However, the previous works did not consider the feasibility of the program paths during the analysis detection of input validation vulnerabilities, which led ...

Safeguarding websites is of utmost importance nowadays because of a wide variety of attacks being launched against them. Moreover, lack of security awareness and widespread use of traditional security solutions like simple Web Application ...

“Why am I not getting the right answer?" is a question many Knowledge Base users may ask themselves. In particular, novice users can easily make mistakes and find differences between the answer they expected and the answer they got. This problem ...

When querying Knowledge Bases, users are faced with large sets of data, often without knowing their underlying structures. It follows that users may make mistakes when formulating their queries, therefore receiving an unhelpful response. In this ...$\mathtt{}$

In the past, Web applications were mostly static and most of the content was provided by the site itself. Nowadays, they have turned into rich client-side experiences customized for the user where third parties supply a considerable amount of content, ...

Mitigation of Cross-Site Scripting (XSS) with machine learning techniques is the recent interest of researchers. A large amount of research work is reported in this domain. A lack of real-time tools working on the basis of these ...

• Identification of web page features which can indicate maliciousness.
• ...

We present a new approach to protect Java EE web applications against injection attacks, which can handle large commercial systems. We first describe a novel approach to taint analysis for Java EE, which can be characterized by "strings only", "taint ...

With the popularity of web technology, web applications become more increasingly vulnerable and are exposed to malicious attacks. Cross Site Scripting(XSS) is a typical attack in web applications. When a vulnerability is exploited, an attacker may ...

The results of the Cisco 2018 Annual Security Report show that all analyzed web applications have at least one vulnerability. It also shows that web attacks are becoming more frequent, specific and sophisticated. According to this ...

Rule extraction from classifiers treated as black boxes is an important topic in explainable artificial intelligence (XAI). It is concerned with finding rules that describe classifiers and that are understandable to humans, having the form of (I ...

The most dangerous security-related software errors, according to the OWASP Top Ten 2017 list, affect web applications. They are potential injection attacks that exploit user-provided data to execute undesired operations: database access and updates (SQL ...

Internet browsers use cookies and session‐IDs for maintaining HTTP state information which has led to several security vulnerabilities such as cross‐site request forgery (CSRF) and session hijacking. Several works have been carried out in the past to ...

Automated Static Analysis Tool (ASATs) are one of the best ways to search for vulnerabilities in applications, so they are a resource widely used by developers to improve their applications. However, it is well-known that the performance of such tools ...

Cross-site scripting attack (abbreviated as XSS) is an unremitting problem for the Web applications since the early 2000s. It is a code injection attack on the client-side where an attacker injects malicious payload into a vulnerable ...