CINXE.COM

Search results for: web vulnerabilities

<!DOCTYPE html> <html lang="en" dir="ltr"> <head> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-P63WKM1TM1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-P63WKM1TM1'); </script> <!-- Yandex.Metrika counter --> <script type="text/javascript" > (function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)}; m[i].l=1*new Date(); for (var j = 0; j < document.scripts.length; j++) {if (document.scripts[j].src === r) { return; }} k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(55165297, "init", { clickmap:false, trackLinks:true, accurateTrackBounce:true, webvisor:false }); </script> <noscript><div><img src="https://mc.yandex.ru/watch/55165297" style="position:absolute; left:-9999px;" alt="" /></div></noscript> <!-- /Yandex.Metrika counter --> <!-- Matomo --> <!-- End Matomo Code --> <title>Search results for: web vulnerabilities</title> <meta name="description" content="Search results for: web vulnerabilities"> <meta name="keywords" content="web vulnerabilities"> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <link href="https://cdn.waset.org/favicon.ico" type="image/x-icon" rel="shortcut icon"> <link href="https://cdn.waset.org/static/plugins/bootstrap-4.2.1/css/bootstrap.min.css" rel="stylesheet"> <link href="https://cdn.waset.org/static/plugins/fontawesome/css/all.min.css" rel="stylesheet"> <link href="https://cdn.waset.org/static/css/site.css?v=150220211555" rel="stylesheet"> </head> <body> <header> <div class="container"> <nav class="navbar navbar-expand-lg navbar-light"> <a class="navbar-brand" href="https://waset.org"> <img src="https://cdn.waset.org/static/images/wasetc.png" alt="Open Science Research Excellence" title="Open Science Research Excellence" /> </a> <button class="d-block d-lg-none navbar-toggler ml-auto" type="button" data-toggle="collapse" data-target="#navbarMenu" aria-controls="navbarMenu" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="w-100"> <div class="d-none d-lg-flex flex-row-reverse"> <form method="get" action="https://waset.org/search" class="form-inline my-2 my-lg-0"> <input class="form-control mr-sm-2" type="search" placeholder="Search Conferences" value="web vulnerabilities" name="q" aria-label="Search"> <button class="btn btn-light my-2 my-sm-0" type="submit"><i class="fas fa-search"></i></button> </form> </div> <div class="collapse navbar-collapse mt-1" id="navbarMenu"> <ul class="navbar-nav ml-auto align-items-center" id="mainNavMenu"> <li class="nav-item"> <a class="nav-link" href="https://waset.org/conferences" title="Conferences in 2024/2025/2026">Conferences</a> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/disciplines" title="Disciplines">Disciplines</a> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/committees" rel="nofollow">Committees</a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdownPublications" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> Publications </a> <div class="dropdown-menu" aria-labelledby="navbarDropdownPublications"> <a class="dropdown-item" href="https://publications.waset.org/abstracts">Abstracts</a> <a class="dropdown-item" href="https://publications.waset.org">Periodicals</a> <a class="dropdown-item" href="https://publications.waset.org/archive">Archive</a> </div> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/page/support" title="Support">Support</a> </li> </ul> </div> </div> </nav> </div> </header> <main> <div class="container mt-4"> <div class="row"> <div class="col-md-9 mx-auto"> <form method="get" action="https://publications.waset.org/abstracts/search"> <div id="custom-search-input"> <div class="input-group"> <i class="fas fa-search"></i> <input type="text" class="search-query" name="q" placeholder="Author, Title, Abstract, Keywords" value="web vulnerabilities"> <input type="submit" class="btn_search" value="Search"> </div> </div> </form> </div> </div> <div class="row mt-3"> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Commenced</strong> in January 2007</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Frequency:</strong> Monthly</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Edition:</strong> International</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Paper Count:</strong> 227</div> </div> </div> </div> <h1 class="mt-3 mb-3 text-center" style="font-size:1.6rem;">Search results for: web vulnerabilities</h1> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">227</span> A Review Paper for Detecting Zero-Day Vulnerabilities</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Tshegofatso%20Rambau">Tshegofatso Rambau</a>, <a href="https://publications.waset.org/abstracts/search?q=Tonderai%20Muchenje"> Tonderai Muchenje</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Zero-day attacks (ZDA) are increasing day by day; there are many vulnerabilities in systems and software that date back decades. Companies keep discovering vulnerabilities in their systems and software and work to release patches and updates. A zero-day vulnerability is a software fault that is not widely known and is unknown to the vendor; attackers work very quickly to exploit these vulnerabilities. These are major security threats with a high success rate because businesses lack the essential safeguards to detect and prevent them. This study focuses on the factors and techniques that can help us detect zero-day attacks. There are various methods and techniques for detecting vulnerabilities. Various companies like edges can offer penetration testing and smart vulnerability management solutions. We will undertake literature studies on zero-day attacks and detection methods, as well as modeling approaches and simulations, as part of the study process. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=zero-day%20attacks" title="zero-day attacks">zero-day attacks</a>, <a href="https://publications.waset.org/abstracts/search?q=exploitation" title=" exploitation"> exploitation</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerabilities" title=" vulnerabilities"> vulnerabilities</a> </p> <a href="https://publications.waset.org/abstracts/154312/a-review-paper-for-detecting-zero-day-vulnerabilities" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/154312.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">102</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">226</span> Analysis of Security Vulnerabilities for Mobile Health Applications</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Yuli%20Paola%20Cifuentes%20Sanabria">Yuli Paola Cifuentes Sanabria</a>, <a href="https://publications.waset.org/abstracts/search?q=Lina%20Paola%20Beltr%C3%A1n%20Beltr%C3%A1n"> Lina Paola Beltrán Beltrán</a>, <a href="https://publications.waset.org/abstracts/search?q=Leonardo%20Juan%20Ram%C3%ADrez%20L%C3%B3pez"> Leonardo Juan Ramírez López</a> </p> <p class="card-text"><strong>Abstract:</strong></p> The availability to deploy mobile applications for healthcare is increasing daily thru different mobile app stores. But within these capabilities the number of hacking attacks has also increased, in particular into medical mobile applications. The security vulnerabilities in medical mobile apps can be triggered by errors in code, incorrect logic, poor design, among other parameters. This is usually used by malicious attackers to steal or modify the users’ information. The aim of this research is to analyze the vulnerabilities detected in mobile medical apps according to risk factor standards defined by OWASP in 2014. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=mHealth%20apps" title="mHealth apps">mHealth apps</a>, <a href="https://publications.waset.org/abstracts/search?q=OWASP" title=" OWASP"> OWASP</a>, <a href="https://publications.waset.org/abstracts/search?q=protocols" title=" protocols"> protocols</a>, <a href="https://publications.waset.org/abstracts/search?q=security%20vulnerabilities" title=" security vulnerabilities"> security vulnerabilities</a>, <a href="https://publications.waset.org/abstracts/search?q=risk%20factors" title=" risk factors"> risk factors</a> </p> <a href="https://publications.waset.org/abstracts/38169/analysis-of-security-vulnerabilities-for-mobile-health-applications" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/38169.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">517</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">225</span> Addressing Coastal Community Vulnerabilities with Alternative Marine Energy Projects</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Danielle%20Preziuso">Danielle Preziuso</a>, <a href="https://publications.waset.org/abstracts/search?q=Kamila%20Kazimierczuk"> Kamila Kazimierczuk</a>, <a href="https://publications.waset.org/abstracts/search?q=Annalise%20Stein"> Annalise Stein</a>, <a href="https://publications.waset.org/abstracts/search?q=Bethel%20Tarekegne"> Bethel Tarekegne</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Coastal communities experience a variety of distinct socioeconomic, technical, and environmental vulnerabilities, all of which accrue heightened risk with increasingly frequent and severe climate change impacts. Marine renewable energy (MRE) offers a potential solution for mitigating coastal community vulnerabilities, especially water-energy dependencies while delivering promising co-benefits such as increased resilience and more sustainable energy outcomes. This paper explores coastal community vulnerabilities and service dependencies based on the local drivers that create them, with attention to climate change impacts and how they catalyze water-energy unmet needs in these communities. We examine the vulnerabilities through the lens of coastal Tribal communities (i.e., the Makah Tribe, the Kenaitze Tribe, Quinault Nation), as indigenous communities often face compounded impacts of technical, economic, and environmental vulnerabilities due to their underlying socio-demographic inequalities. We offer an environmental and energy justice indicators framework to understand how these vulnerabilities disproportionately manifest and impact the most vulnerable community members, and we subsequently utilize the framework to inform a weighted decision matrix tool that compares the viability of MRE-based alternative energy futures in addressing these vulnerabilities. The framework and complementary tool highlight opportunities for future MRE research and pilot demonstrations that directly respond to the vulnerabilities of coastal communities. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=coastal%20communities" title="coastal communities">coastal communities</a>, <a href="https://publications.waset.org/abstracts/search?q=decision%20matrix" title=" decision matrix"> decision matrix</a>, <a href="https://publications.waset.org/abstracts/search?q=energy%20equity" title=" energy equity"> energy equity</a>, <a href="https://publications.waset.org/abstracts/search?q=energy%20vulnerability" title=" energy vulnerability"> energy vulnerability</a>, <a href="https://publications.waset.org/abstracts/search?q=marine%20energy" title=" marine energy"> marine energy</a>, <a href="https://publications.waset.org/abstracts/search?q=service%20dependency" title=" service dependency"> service dependency</a> </p> <a href="https://publications.waset.org/abstracts/162679/addressing-coastal-community-vulnerabilities-with-alternative-marine-energy-projects" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/162679.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">78</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">224</span> Taxonomy of Threats and Vulnerabilities in Smart Grid Networks</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Faisal%20Al%20Yahmadi">Faisal Al Yahmadi</a>, <a href="https://publications.waset.org/abstracts/search?q=Muhammad%20R.%20Ahmed"> Muhammad R. Ahmed</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Electric power is a fundamental necessity in the 21<sup>st</sup> century. Consequently, any break in electric power is probably going to affect the general activity. To make the power supply smooth and efficient, a smart grid network is introduced which uses communication technology. In any communication network, security is essential. It has been observed from several recent incidents that adversary causes an interruption to the operation of networks. In order to resolve the issues, it is vital to understand the threats and vulnerabilities associated with the smart grid networks. In this paper, we have investigated the threats and vulnerabilities in Smart Grid Networks (SGN) and the few solutions in the literature. Proposed solutions showed developments in electricity theft countermeasures, Denial of services attacks (DoS) and malicious injection attacks detection model, as well as malicious nodes detection using watchdog like techniques and other solutions. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=smart%20grid%20network" title="smart grid network">smart grid network</a>, <a href="https://publications.waset.org/abstracts/search?q=security" title=" security"> security</a>, <a href="https://publications.waset.org/abstracts/search?q=threats" title=" threats"> threats</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerabilities" title=" vulnerabilities"> vulnerabilities</a> </p> <a href="https://publications.waset.org/abstracts/135866/taxonomy-of-threats-and-vulnerabilities-in-smart-grid-networks" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/135866.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">139</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">223</span> An Analytical Approach to Assess and Compare the Vulnerability Risk of Operating Systems</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Pubudu%20K.%20Hitigala%20Kaluarachchilage">Pubudu K. Hitigala Kaluarachchilage</a>, <a href="https://publications.waset.org/abstracts/search?q=Champike%20Attanayake"> Champike Attanayake</a>, <a href="https://publications.waset.org/abstracts/search?q=Sasith%20Rajasooriya"> Sasith Rajasooriya</a>, <a href="https://publications.waset.org/abstracts/search?q=Chris%20P.%20Tsokos"> Chris P. Tsokos</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Operating system (OS) security is a key component of computer security. Assessing and improving OSs strength to resist against vulnerabilities and attacks is a mandatory requirement given the rate of new vulnerabilities discovered and attacks occurring. Frequency and the number of different kinds of vulnerabilities found in an OS can be considered an index of its information security level. In the present study five mostly used OSs, Microsoft Windows (windows 7, windows 8 and windows 10), Apple’s Mac and Linux are assessed for their discovered vulnerabilities and the risk associated with each. Each discovered and reported vulnerability has an exploitability score assigned in CVSS score of the national vulnerability database. In this study the risk from vulnerabilities in each of the five Operating Systems is compared. Risk Indexes used are developed based on the Markov model to evaluate the risk of each vulnerability. Statistical methodology and underlying mathematical approach is described. Initially, parametric procedures are conducted and measured. There were, however, violations of some statistical assumptions observed. Therefore the need for non-parametric approaches was recognized. 6838 vulnerabilities recorded were considered in the analysis. According to the risk associated with all the vulnerabilities considered, it was found that there is a statistically significant difference among average risk levels for some operating systems, indicating that according to our method some operating systems have been more risk vulnerable than others given the assumptions and limitations. Relevant test results revealing a statistically significant difference in the Risk levels of different OSs are presented. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=cybersecurity" title="cybersecurity">cybersecurity</a>, <a href="https://publications.waset.org/abstracts/search?q=Markov%20chain" title=" Markov chain"> Markov chain</a>, <a href="https://publications.waset.org/abstracts/search?q=non-parametric%20analysis" title=" non-parametric analysis"> non-parametric analysis</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerability" title=" vulnerability"> vulnerability</a>, <a href="https://publications.waset.org/abstracts/search?q=operating%20system" title=" operating system"> operating system</a> </p> <a href="https://publications.waset.org/abstracts/141343/an-analytical-approach-to-assess-and-compare-the-vulnerability-risk-of-operating-systems" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/141343.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">183</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">222</span> A Model of Human Security: A Comparison of Vulnerabilities and Timespace</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Anders%20Troedsson">Anders Troedsson</a> </p> <p class="card-text"><strong>Abstract:</strong></p> For us humans, risks are intimately linked to human vulnerabilities - where there is vulnerability, there is potentially insecurity, and risk. Reducing vulnerability through compensatory measures means increasing security and decreasing risk. The paper suggests that a meaningful way to approach the study of risks (including threats, assaults, crisis etc.), is to understand the vulnerabilities these external phenomena evoke in humans. As is argued, the basis of risk evaluation, as well as responses, is the more or less subjective perception by the individual person, or a group of persons, exposed to the external event or phenomena in question. This will be determined primarily by the vulnerability or vulnerabilities that the external factor are perceived to evoke. In this way, risk perception is primarily an inward dynamic, rather than an outward one. Therefore, a route towards an understanding of the perception of risks, is a closer scrutiny of the vulnerabilities which they can evoke, thereby approaching an understanding of what in the paper is called the essence of risk (including threat, assault etc.), or that which a certain perceived risk means to an individual or group of individuals. As a necessary basis for gauging the wide spectrum of potential risks and their meaning, the paper proposes a model of human vulnerabilities, drawing from i.a. a long tradition of needs theory. In order to account for the subjectivity factor, which mediates between the innate vulnerabilities on the one hand, and the event or phenomenon out there on the other hand, an ensuing ontological discussion about the timespace characteristics of risk/threat/assault as perceived by humans leads to the positing of two dimensions. These two dimensions are applied on the vulnerabilities, resulting in a modelling effort featuring four realms of vulnerabilities which are related to each other and together represent a dynamic whole. In approaching the problem of risk perception, the paper thus defines the relevant realms of vulnerabilities, depicting them as a dynamic whole. With reference to a substantial body of literature and a growing international policy trend since the 1990s, this model is put in the language of human security - a concept relevant not only for international security studies and policy, but also for other academic disciplines and spheres of human endeavor. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=human%20security" title="human security">human security</a>, <a href="https://publications.waset.org/abstracts/search?q=timespace" title=" timespace"> timespace</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerabilities" title=" vulnerabilities"> vulnerabilities</a>, <a href="https://publications.waset.org/abstracts/search?q=risk%20perception" title=" risk perception"> risk perception</a> </p> <a href="https://publications.waset.org/abstracts/49883/a-model-of-human-security-a-comparison-of-vulnerabilities-and-timespace" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/49883.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">336</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">221</span> A Framework for Blockchain Vulnerability Detection and Cybersecurity Education</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Hongmei%20Chi">Hongmei Chi</a> </p> <p class="card-text"><strong>Abstract:</strong></p> The Blockchain has become a necessity for many different societal industries and ordinary lives including cryptocurrency technology, supply chain, health care, public safety, education, etc. Therefore, training our future blockchain developers to know blockchain programming vulnerability and I.T. students' cyber security is in high demand. In this work, we propose a framework including learning modules and hands-on labs to guide future I.T. professionals towards developing secure blockchain programming habits and mitigating source code vulnerabilities at the early stages of the software development lifecycle following the concept of Secure Software Development Life Cycle (SSDLC). In this research, our goal is to make blockchain programmers and I.T. students aware of the vulnerabilities of blockchains. In summary, we develop a framework that will (1) improve students' skills and awareness of blockchain source code vulnerabilities, detection tools, and mitigation techniques (2) integrate concepts of blockchain vulnerabilities for IT students, (3) improve future IT workers’ ability to master the concepts of blockchain attacks. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=software%20vulnerability%20detection" title="software vulnerability detection">software vulnerability detection</a>, <a href="https://publications.waset.org/abstracts/search?q=hands-on%20lab" title=" hands-on lab"> hands-on lab</a>, <a href="https://publications.waset.org/abstracts/search?q=static%20analysis%20tools" title=" static analysis tools"> static analysis tools</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerabilities" title=" vulnerabilities"> vulnerabilities</a>, <a href="https://publications.waset.org/abstracts/search?q=blockchain" title=" blockchain"> blockchain</a>, <a href="https://publications.waset.org/abstracts/search?q=active%20learning" title=" active learning"> active learning</a> </p> <a href="https://publications.waset.org/abstracts/167019/a-framework-for-blockchain-vulnerability-detection-and-cybersecurity-education" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/167019.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">99</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">220</span> Static Analysis of Security Issues of the Python Packages Ecosystem</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Adam%20Gorine">Adam Gorine</a>, <a href="https://publications.waset.org/abstracts/search?q=Faten%20Spondon"> Faten Spondon</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Python is considered the most popular programming language and offers its own ecosystem for archiving and maintaining open-source software packages. This system is called the python package index (PyPI), the repository of this programming language. Unfortunately, one-third of these software packages have vulnerabilities that allow attackers to execute code automatically when a vulnerable or malicious package is installed. This paper contributes to large-scale empirical studies investigating security issues in the python ecosystem by evaluating package vulnerabilities. These provide a series of implications that can help the security of software ecosystems by improving the process of discovering, fixing, and managing package vulnerabilities. The vulnerable dataset is generated using the NVD, the national vulnerability database, and the Snyk vulnerability dataset. In addition, we evaluated 807 vulnerability reports in the NVD and 3900 publicly known security vulnerabilities in Python Package Manager (pip) from the Snyk database from 2002 to 2022. As a result, many Python vulnerabilities appear in high severity, followed by medium severity. The most problematic areas have been improper input validation and denial of service attacks. A hybrid scanning tool that combines the three scanners bandit, snyk and dlint, which provide a clear report of the code vulnerability, is also described. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=Python%20vulnerabilities" title="Python vulnerabilities">Python vulnerabilities</a>, <a href="https://publications.waset.org/abstracts/search?q=bandit" title=" bandit"> bandit</a>, <a href="https://publications.waset.org/abstracts/search?q=Snyk" title=" Snyk"> Snyk</a>, <a href="https://publications.waset.org/abstracts/search?q=Dlint" title=" Dlint"> Dlint</a>, <a href="https://publications.waset.org/abstracts/search?q=Python%20package%20index" title=" Python package index"> Python package index</a>, <a href="https://publications.waset.org/abstracts/search?q=ecosystem" title=" ecosystem"> ecosystem</a>, <a href="https://publications.waset.org/abstracts/search?q=static%20analysis" title=" static analysis"> static analysis</a>, <a href="https://publications.waset.org/abstracts/search?q=malicious%20attacks" title=" malicious attacks"> malicious attacks</a> </p> <a href="https://publications.waset.org/abstracts/161094/static-analysis-of-security-issues-of-the-python-packages-ecosystem" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/161094.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">140</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">219</span> From Risk/Security Analysis via Timespace to a Model of Human Vulnerability and Human Security</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Anders%20Troedsson">Anders Troedsson</a> </p> <p class="card-text"><strong>Abstract:</strong></p> For us humans, risk and insecurity are intimately linked to vulnerabilities - where there is vulnerability, there is potentially risk and insecurity. Reducing vulnerability through compensatory measures means decreasing the likelihood of a certain external event be qualified as a risk/threat/assault, and thus also means increasing the individual&rsquo;s sense of security. The paper suggests that a meaningful way to approach the study of risk/ insecurity is to organize thinking about the vulnerabilities that external phenomena evoke in humans as perceived by them. Such phenomena are, through a set of given vulnerabilities, potentially translated into perceptions of &quot;insecurity.&quot; An ontological discussion about salient timespace characteristics of external phenomena as perceived by humans, including such which potentially can be qualified as risk/threat/assault, leads to the positing of two dimensions which are central for describing what in the paper is called the essence of risk/threat/assault. As is argued, such modeling helps analysis steer free of the subjective factor which is intimately connected to human perception and which mediates between phenomena &ldquo;out there&rdquo; potentially identified as risk/threat/assault, and their translation into an experience of security or insecurity. A proposed set of universally given vulnerabilities are scrutinized with the help of the two dimensions, resulting in a modeling effort featuring four realms of vulnerabilities which together represent a dynamic whole. This model in turn informs modeling on human security. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=human%20vulnerabilities" title="human vulnerabilities">human vulnerabilities</a>, <a href="https://publications.waset.org/abstracts/search?q=human%20security" title=" human security"> human security</a>, <a href="https://publications.waset.org/abstracts/search?q=immediate-inert" title=" immediate-inert"> immediate-inert</a>, <a href="https://publications.waset.org/abstracts/search?q=material-immaterial" title=" material-immaterial"> material-immaterial</a>, <a href="https://publications.waset.org/abstracts/search?q=timespace" title=" timespace"> timespace</a> </p> <a href="https://publications.waset.org/abstracts/52906/from-risksecurity-analysis-via-timespace-to-a-model-of-human-vulnerability-and-human-security" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/52906.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">297</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">218</span> A Biometric Template Security Approach to Fingerprints Based on Polynomial Transformations</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Ramon%20Santana">Ramon Santana</a> </p> <p class="card-text"><strong>Abstract:</strong></p> The use of biometric identifiers in the field of information security, access control to resources, authentication in ATMs and banking among others, are of great concern because of the safety of biometric data. In the general architecture of a biometric system have been detected eight vulnerabilities, six of them allow obtaining minutiae template in plain text. The main consequence of obtaining minutia templates is the loss of biometric identifier for life. To mitigate these vulnerabilities several models to protect minutiae templates have been proposed. Several vulnerabilities in the cryptographic security of these models allow to obtain biometric data in plain text. In order to increase the cryptographic security and ease of reversibility, a minutiae templates protection model is proposed. The model aims to make the cryptographic protection and facilitate the reversibility of data using two levels of security. The first level of security is the data transformation level. In this level generates invariant data to rotation and translation, further transformation is irreversible. The second level of security is the evaluation level, where the encryption key is generated and data is evaluated using a defined evaluation function. The model is aimed at mitigating known vulnerabilities of the proposed models, basing its security on the impossibility of the polynomial reconstruction. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=fingerprint" title="fingerprint">fingerprint</a>, <a href="https://publications.waset.org/abstracts/search?q=template%20protection" title=" template protection"> template protection</a>, <a href="https://publications.waset.org/abstracts/search?q=bio-cryptography" title=" bio-cryptography"> bio-cryptography</a>, <a href="https://publications.waset.org/abstracts/search?q=minutiae%20protection" title=" minutiae protection"> minutiae protection</a> </p> <a href="https://publications.waset.org/abstracts/95139/a-biometric-template-security-approach-to-fingerprints-based-on-polynomial-transformations" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/95139.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">170</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">217</span> An Efficient Mitigation Plan to Encounter Various Vulnerabilities in Internet of Things Enterprises</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Umesh%20Kumar%20Singh">Umesh Kumar Singh</a>, <a href="https://publications.waset.org/abstracts/search?q=Abhishek%20Raghuvanshi"> Abhishek Raghuvanshi</a>, <a href="https://publications.waset.org/abstracts/search?q=Suyash%20Kumar%20Singh"> Suyash Kumar Singh</a> </p> <p class="card-text"><strong>Abstract:</strong></p> As IoT networks gain popularity, they are more susceptible to security breaches. As a result, it is crucial to analyze the IoT platform as a whole from the standpoint of core security concepts. The Internet of Things relies heavily on wireless networks, which are well-known for being susceptible to a wide variety of attacks. This article provides an analysis of many techniques that may be used to identify vulnerabilities in the software and hardware associated with the Internet of Things (IoT). In the current investigation, an experimental setup is built with the assistance of server computers, client PCs, Internet of Things development boards, sensors, and cloud subscriptions. Through the use of network host scanning methods and vulnerability scanning tools, raw data relating to IoT-based applications and devices may be collected. Shodan is a tool that is used for scanning, and it is also used for effective vulnerability discovery in IoT devices as well as penetration testing. This article presents an efficient mitigation plan for encountering vulnerabilities in the Internet of Things. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=internet%20of%20things" title="internet of things">internet of things</a>, <a href="https://publications.waset.org/abstracts/search?q=security" title=" security"> security</a>, <a href="https://publications.waset.org/abstracts/search?q=privacy" title=" privacy"> privacy</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerability%20identification" title=" vulnerability identification"> vulnerability identification</a>, <a href="https://publications.waset.org/abstracts/search?q=mitigation%20plan" title=" mitigation plan"> mitigation plan</a> </p> <a href="https://publications.waset.org/abstracts/185503/an-efficient-mitigation-plan-to-encounter-various-vulnerabilities-in-internet-of-things-enterprises" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/185503.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">40</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">216</span> Enhancing Code Security with AI-Powered Vulnerability Detection</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Zzibu%20Mark%20Brian">Zzibu Mark Brian</a> </p> <p class="card-text"><strong>Abstract:</strong></p> As software systems become increasingly complex, ensuring code security is a growing concern. Traditional vulnerability detection methods often rely on manual code reviews or static analysis tools, which can be time-consuming and prone to errors. This paper presents a distinct approach to enhancing code security by leveraging artificial intelligence (AI) and machine learning (ML) techniques. Our proposed system utilizes a combination of natural language processing (NLP) and deep learning algorithms to identify and classify vulnerabilities in real-world codebases. By analyzing vast amounts of open-source code data, our AI-powered tool learns to recognize patterns and anomalies indicative of security weaknesses. We evaluated our system on a dataset of over 10,000 open-source projects, achieving an accuracy rate of 92% in detecting known vulnerabilities. Furthermore, our tool identified previously unknown vulnerabilities in popular libraries and frameworks, demonstrating its potential for improving software security. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=AI" title="AI">AI</a>, <a href="https://publications.waset.org/abstracts/search?q=machine%20language" title=" machine language"> machine language</a>, <a href="https://publications.waset.org/abstracts/search?q=cord%20security" title=" cord security"> cord security</a>, <a href="https://publications.waset.org/abstracts/search?q=machine%20leaning" title=" machine leaning"> machine leaning</a> </p> <a href="https://publications.waset.org/abstracts/189193/enhancing-code-security-with-ai-powered-vulnerability-detection" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/189193.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">36</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">215</span> Benchmarking of Pentesting Tools</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Esteban%20Alejandro%20Armas%20Vega">Esteban Alejandro Armas Vega</a>, <a href="https://publications.waset.org/abstracts/search?q=Ana%20Lucila%20Sandoval%20Orozco"> Ana Lucila Sandoval Orozco</a>, <a href="https://publications.waset.org/abstracts/search?q=Luis%20Javier%20Garc%C3%ADa%20Villalba"> Luis Javier García Villalba</a> </p> <p class="card-text"><strong>Abstract:</strong></p> The benchmarking of tools for dynamic analysis of vulnerabilities in web applications is something that is done periodically, because these tools from time to time update their knowledge base and search algorithms, in order to improve their accuracy. Unfortunately, the vast majority of these evaluations are made by software enthusiasts who publish their results on blogs or on non-academic websites and always with the same evaluation methodology. Similarly, academics who have carried out this type of analysis from a scientific approach, the majority, make their analysis within the same methodology as well the empirical authors. This paper is based on the interest of finding answers to questions that many users of this type of tools have been asking over the years, such as, to know if the tool truly test and evaluate every vulnerability that it ensures do, or if the tool, really, deliver a real report of all the vulnerabilities tested and exploited. This kind of questions have also motivated previous work but without real answers. The aim of this paper is to show results that truly answer, at least on the tested tools, all those unanswered questions. All the results have been obtained by changing the common model of benchmarking used for all those previous works. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=cybersecurity" title="cybersecurity">cybersecurity</a>, <a href="https://publications.waset.org/abstracts/search?q=IDS" title=" IDS"> IDS</a>, <a href="https://publications.waset.org/abstracts/search?q=security" title=" security"> security</a>, <a href="https://publications.waset.org/abstracts/search?q=web%20scanners" title=" web scanners"> web scanners</a>, <a href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities" title=" web vulnerabilities"> web vulnerabilities</a> </p> <a href="https://publications.waset.org/abstracts/70338/benchmarking-of-pentesting-tools" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/70338.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">319</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">214</span> Exploring the Risks and Vulnerabilities of Child Trafficking in West Java, Indonesia</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=B.%20Rusyidi">B. Rusyidi</a>, <a href="https://publications.waset.org/abstracts/search?q=D.%20Mariana"> D. Mariana</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Although reforms in trafficking regulations have taken place since 2007, Indonesia is still struggling to fight child trafficking. This study aimed to identify and assess risk factors and vulnerabilities in the life of trafficked children prior to, during, and after being trafficked in order to inform the child protection system and its policies. The study was qualitative and utilized in-depth interviews to collect data. Data were gathered in 2014 and 2015 from 15 trafficked and sexually exploited girls aged 14 to 17 years originating from West Java. Social workers, safe home personnel and parents were also included as informants. Data analysis was guided by the ecological perspective and theme analyses. The study found that risks and vulnerabilities of the victims were associated with conditions at various levels of the environment. At the micro level, risk factors and vulnerabilities included young age, family conflict/violence, involvement with the “wrong” circle of friends/peers, family poverty, lack of social and economic support for the victim’s family, and psychological damages due to trafficking experiences. At the mezzo level, the lack of structured activities after school, economic inequality, stigma towards victims, lack of services for victims, and minimum public education on human trafficking were among the community hazards that increased the vulnerability and risks. Gender inequality, consumerism, the view of children as assets, corruption, weak law enforcement, the lack of institutional support, and community-wide ignorance regarding trafficking were found as factors that increased risks and vulnerabilities at the macro level. The findings from the study underline the necessity to reduce risk factors and promote protective factors at the individual, family, community and societal levels. Shifting the current focus from tertiary to primary/prevention policies and improving institutional efforts are pressing needs in the context of reducing child trafficking in Indonesia. The roles of human service providers including social work also should be promoted. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=child%20trafficking" title="child trafficking">child trafficking</a>, <a href="https://publications.waset.org/abstracts/search?q=child%20sexual%20exploitation" title=" child sexual exploitation"> child sexual exploitation</a>, <a href="https://publications.waset.org/abstracts/search?q=ecological%20perspective" title=" ecological perspective"> ecological perspective</a>, <a href="https://publications.waset.org/abstracts/search?q=risks%20and%20vulnerabilities" title=" risks and vulnerabilities"> risks and vulnerabilities</a> </p> <a href="https://publications.waset.org/abstracts/61045/exploring-the-risks-and-vulnerabilities-of-child-trafficking-in-west-java-indonesia" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/61045.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">277</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">213</span> A Proposal for Systematic Mapping Study of Software Security Testing, Verification and Validation</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Adriano%20Bessa%20Albuquerque">Adriano Bessa Albuquerque</a>, <a href="https://publications.waset.org/abstracts/search?q=Francisco%20Jose%20Barreto%20Nunes"> Francisco Jose Barreto Nunes</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Software vulnerabilities are increasing and not only impact services and processes availability as well as information confidentiality, integrity and privacy, but also cause changes that interfere in the development process. Security test could be a solution to reduce vulnerabilities. However, the variety of test techniques with the lack of real case studies of applying tests focusing on software development life cycle compromise its effective use. This paper offers an overview of how a Systematic Mapping Study (MS) about security verification, validation and test (VVT) was performed, besides presenting general results about this study. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=software%20test" title="software test">software test</a>, <a href="https://publications.waset.org/abstracts/search?q=software%20security%20verification%20validation%20and%20test" title=" software security verification validation and test"> software security verification validation and test</a>, <a href="https://publications.waset.org/abstracts/search?q=security%20test%20institutionalization" title=" security test institutionalization"> security test institutionalization</a>, <a href="https://publications.waset.org/abstracts/search?q=systematic%20mapping%20study" title=" systematic mapping study"> systematic mapping study</a> </p> <a href="https://publications.waset.org/abstracts/43751/a-proposal-for-systematic-mapping-study-of-software-security-testing-verification-and-validation" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/43751.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">409</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">212</span> Navigating Cyber Attacks with Quantum Computing: Leveraging Vulnerabilities and Forensics for Advanced Penetration Testing in Cybersecurity</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Sayor%20Ajfar%20Aaron">Sayor Ajfar Aaron</a>, <a href="https://publications.waset.org/abstracts/search?q=Ashif%20Newaz"> Ashif Newaz</a>, <a href="https://publications.waset.org/abstracts/search?q=Sajjat%20Hossain%20Abir"> Sajjat Hossain Abir</a>, <a href="https://publications.waset.org/abstracts/search?q=Mushfiqur%20Rahman"> Mushfiqur Rahman</a> </p> <p class="card-text"><strong>Abstract:</strong></p> This paper examines the transformative potential of quantum computing in the field of cybersecurity, with a focus on advanced penetration testing and forensics. It explores how quantum technologies can be leveraged to identify and exploit vulnerabilities more efficiently than traditional methods and how they can enhance the forensic analysis of cyber-attacks. Through theoretical analysis and practical simulations, this study highlights the enhanced capabilities of quantum algorithms in detecting and responding to sophisticated cyber threats, providing a pathway for developing more resilient cybersecurity infrastructures. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=cybersecurity" title="cybersecurity">cybersecurity</a>, <a href="https://publications.waset.org/abstracts/search?q=cyber%20forensics" title=" cyber forensics"> cyber forensics</a>, <a href="https://publications.waset.org/abstracts/search?q=penetration%20testing" title=" penetration testing"> penetration testing</a>, <a href="https://publications.waset.org/abstracts/search?q=quantum%20computing" title=" quantum computing"> quantum computing</a> </p> <a href="https://publications.waset.org/abstracts/185867/navigating-cyber-attacks-with-quantum-computing-leveraging-vulnerabilities-and-forensics-for-advanced-penetration-testing-in-cybersecurity" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/185867.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">67</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">211</span> Reforms in China&#039;s Vaccine Administration: Vulnerabilities, Legislative Progresses and the Systemic View of Vaccine Administration Law</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Lin%20Tang">Lin Tang</a>, <a href="https://publications.waset.org/abstracts/search?q=Xiaoxia%20Guo"> Xiaoxia Guo</a>, <a href="https://publications.waset.org/abstracts/search?q=Lingling%20Zhang"> Lingling Zhang</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Recent vaccine scandals overshadowed China’s accomplishment of public health, triggering discussions on the causes of vaccine incidents. Through legal interpretation of selected vaccine incidents and analysis of systemic vulnerabilities in vaccine circulation and lot release, a panoramic review of legislative progresses in the vaccine administration sheds the light on this debate. In essence, it is the combination of the lagging legal system and the absence of information technology infrastructure in the process of vaccine administration reform that has led to the recurrence of vaccine incidents. These findings have significant implications for further improvement of vaccine administration and China’s participation in global healthcare. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=legislation" title="legislation">legislation</a>, <a href="https://publications.waset.org/abstracts/search?q=lot%20release" title=" lot release"> lot release</a>, <a href="https://publications.waset.org/abstracts/search?q=public%20health" title=" public health"> public health</a>, <a href="https://publications.waset.org/abstracts/search?q=reform" title=" reform"> reform</a>, <a href="https://publications.waset.org/abstracts/search?q=vaccine%20administration" title=" vaccine administration"> vaccine administration</a>, <a href="https://publications.waset.org/abstracts/search?q=vaccine%20circulation" title=" vaccine circulation"> vaccine circulation</a> </p> <a href="https://publications.waset.org/abstracts/143772/reforms-in-chinas-vaccine-administration-vulnerabilities-legislative-progresses-and-the-systemic-view-of-vaccine-administration-law" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/143772.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">152</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">210</span> Profiling Risky Code Using Machine Learning</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Zunaira%20Zaman">Zunaira Zaman</a>, <a href="https://publications.waset.org/abstracts/search?q=David%20Bohannon"> David Bohannon</a> </p> <p class="card-text"><strong>Abstract:</strong></p> This study explores the application of machine learning (ML) for detecting security vulnerabilities in source code. The research aims to assist organizations with large application portfolios and limited security testing capabilities in prioritizing security activities. ML-based approaches offer benefits such as increased confidence scores, false positives and negatives tuning, and automated feedback. The initial approach using natural language processing techniques to extract features achieved 86% accuracy during the training phase but suffered from overfitting and performed poorly on unseen datasets during testing. To address these issues, the study proposes using the abstract syntax tree (AST) for Java and C++ codebases to capture code semantics and structure and generate path-context representations for each function. The Code2Vec model architecture is used to learn distributed representations of source code snippets for training a machine-learning classifier for vulnerability prediction. The study evaluates the performance of the proposed methodology using two datasets and compares the results with existing approaches. The Devign dataset yielded 60% accuracy in predicting vulnerable code snippets and helped resist overfitting, while the Juliet Test Suite predicted specific vulnerabilities such as OS-Command Injection, Cryptographic, and Cross-Site Scripting vulnerabilities. The Code2Vec model achieved 75% accuracy and a 98% recall rate in predicting OS-Command Injection vulnerabilities. The study concludes that even partial AST representations of source code can be useful for vulnerability prediction. The approach has the potential for automated intelligent analysis of source code, including vulnerability prediction on unseen source code. State-of-the-art models using natural language processing techniques and CNN models with ensemble modelling techniques did not generalize well on unseen data and faced overfitting issues. However, predicting vulnerabilities in source code using machine learning poses challenges such as high dimensionality and complexity of source code, imbalanced datasets, and identifying specific types of vulnerabilities. Future work will address these challenges and expand the scope of the research. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=code%20embeddings" title="code embeddings">code embeddings</a>, <a href="https://publications.waset.org/abstracts/search?q=neural%20networks" title=" neural networks"> neural networks</a>, <a href="https://publications.waset.org/abstracts/search?q=natural%20language%20processing" title=" natural language processing"> natural language processing</a>, <a href="https://publications.waset.org/abstracts/search?q=OS%20command%20injection" title=" OS command injection"> OS command injection</a>, <a href="https://publications.waset.org/abstracts/search?q=software%20security" title=" software security"> software security</a>, <a href="https://publications.waset.org/abstracts/search?q=code%20properties" title=" code properties"> code properties</a> </p> <a href="https://publications.waset.org/abstracts/164014/profiling-risky-code-using-machine-learning" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/164014.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">107</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">209</span> A Tutorial on Network Security: Attacks and Controls</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Belbahi%20Ahlam">Belbahi Ahlam</a> </p> <p class="card-text"><strong>Abstract:</strong></p> With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=network%20security" title="network security">network security</a>, <a href="https://publications.waset.org/abstracts/search?q=attacks%20and%20controls" title=" attacks and controls"> attacks and controls</a>, <a href="https://publications.waset.org/abstracts/search?q=computer%20and%20information" title=" computer and information"> computer and information</a>, <a href="https://publications.waset.org/abstracts/search?q=solutions" title=" solutions"> solutions</a> </p> <a href="https://publications.waset.org/abstracts/47725/a-tutorial-on-network-security-attacks-and-controls" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/47725.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">455</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">208</span> BodeACD: Buffer Overflow Vulnerabilities Detecting Based on Abstract Syntax Tree, Control Flow Graph, and Data Dependency Graph</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Xinghang%20Lv">Xinghang Lv</a>, <a href="https://publications.waset.org/abstracts/search?q=Tao%20Peng"> Tao Peng</a>, <a href="https://publications.waset.org/abstracts/search?q=Jia%20Chen"> Jia Chen</a>, <a href="https://publications.waset.org/abstracts/search?q=Junping%20Liu"> Junping Liu</a>, <a href="https://publications.waset.org/abstracts/search?q=Xinrong%20Hu"> Xinrong Hu</a>, <a href="https://publications.waset.org/abstracts/search?q=Ruhan%20He"> Ruhan He</a>, <a href="https://publications.waset.org/abstracts/search?q=Minghua%20Jiang"> Minghua Jiang</a>, <a href="https://publications.waset.org/abstracts/search?q=Wenli%20Cao"> Wenli Cao</a> </p> <p class="card-text"><strong>Abstract:</strong></p> As one of the most dangerous vulnerabilities, effective detection of buffer overflow vulnerabilities is extremely necessary. Traditional detection methods are not accurate enough and consume more resources to meet complex and enormous code environment at present. In order to resolve the above problems, we propose the method for Buffer overflow detection based on Abstract syntax tree, Control flow graph, and Data dependency graph (BodeACD) in C/C++ programs with source code. Firstly, BodeACD constructs the function samples of buffer overflow that are available on Github, then represents them as code representation sequences, which fuse control flow, data dependency, and syntax structure of source code to reduce information loss during code representation. Finally, BodeACD learns vulnerability patterns for vulnerability detection through deep learning. The results of the experiments show that BodeACD has increased the precision and recall by 6.3% and 8.5% respectively compared with the latest methods, which can effectively improve vulnerability detection and reduce False-positive rate and False-negative rate. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=vulnerability%20detection" title="vulnerability detection">vulnerability detection</a>, <a href="https://publications.waset.org/abstracts/search?q=abstract%20syntax%20tree" title=" abstract syntax tree"> abstract syntax tree</a>, <a href="https://publications.waset.org/abstracts/search?q=control%20flow%20graph" title=" control flow graph"> control flow graph</a>, <a href="https://publications.waset.org/abstracts/search?q=data%20dependency%20graph" title=" data dependency graph"> data dependency graph</a>, <a href="https://publications.waset.org/abstracts/search?q=code%20representation" title=" code representation"> code representation</a>, <a href="https://publications.waset.org/abstracts/search?q=deep%20learning" title=" deep learning"> deep learning</a> </p> <a href="https://publications.waset.org/abstracts/148239/bodeacd-buffer-overflow-vulnerabilities-detecting-based-on-abstract-syntax-tree-control-flow-graph-and-data-dependency-graph" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/148239.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">170</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">207</span> Risk and Uncertainty in Aviation: A Thorough Analysis of System Vulnerabilities</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=C.%20V.%20Pietreanu">C. V. Pietreanu</a>, <a href="https://publications.waset.org/abstracts/search?q=S.%20E.%20Zaharia"> S. E. Zaharia</a>, <a href="https://publications.waset.org/abstracts/search?q=C.%20Dinu"> C. Dinu</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Hazard assessment and risks quantification are key components for estimating the impact of existing regulations. But since regulatory compliance cannot cover all risks in aviation, the authors point out that by studying causal factors and eliminating uncertainty, an accurate analysis can be outlined. The research debuts by making delimitations on notions, as confusion on the terms over time has reflected in less rigorous analysis. Throughout this paper, it will be emphasized the fact that the variation in human performance and organizational factors represent the biggest threat from an operational perspective. Therefore, advanced risk assessment methods analyzed by the authors aim to understand vulnerabilities of the system given by a nonlinear behavior. Ultimately, the mathematical modeling of existing hazards and risks by eliminating uncertainty implies establishing an optimal solution (i.e. risk minimization). <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=control" title="control">control</a>, <a href="https://publications.waset.org/abstracts/search?q=human%20factor" title=" human factor"> human factor</a>, <a href="https://publications.waset.org/abstracts/search?q=optimization" title=" optimization"> optimization</a>, <a href="https://publications.waset.org/abstracts/search?q=risk%20management" title=" risk management"> risk management</a>, <a href="https://publications.waset.org/abstracts/search?q=uncertainty" title=" uncertainty"> uncertainty</a> </p> <a href="https://publications.waset.org/abstracts/86629/risk-and-uncertainty-in-aviation-a-thorough-analysis-of-system-vulnerabilities" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/86629.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">249</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">206</span> Software Vulnerability Markets: Discoverers and Buyers</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Abdullah%20M.%20Algarni">Abdullah M. Algarni</a>, <a href="https://publications.waset.org/abstracts/search?q=Yashwant%20K.%20Malaiya"> Yashwant K. Malaiya</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Some of the key aspects of vulnerability-discovery, dissemination, and disclosure-have received some attention recently. However, the role of interaction among the vulnerability discoverers and vulnerability acquirers has not yet been adequately addressed. Our study suggests that a major percentage of discoverers, a majority in some cases, are unaffiliated with the software developers and thus are free to disseminate the vulnerabilities they discover in any way they like. As a result, multiple vulnerability markets have emerged. In some of these markets, the exchange is regulated, but in others, there is little or no regulation. In recent vulnerability discovery literature, the vulnerability discoverers have remained anonymous individuals. Although there has been an attempt to model the level of their efforts, information regarding their identities, modes of operation, and what they are doing with the discovered vulnerabilities has not been explored. Reports of buying and selling of the vulnerabilities are now appearing in the press; however, the existence of such markets requires validation, and the natures of the markets need to be analysed. To address this need, we have attempted to collect detailed information. We have identified the most prolific vulnerability discoverers throughout the past decade and examined their motivation and methods. A large percentage of these discoverers are located in Eastern and Western Europe and in the Far East. We have contacted several of them in order to collect first-hand information regarding their techniques, motivations, and involvement in the vulnerability markets. We examine why many of the discoverers appear to retire after a highly successful vulnerability-finding career. The paper identifies the actual vulnerability markets, rather than the hypothetical ideal markets that are often examined. The emergence of worldwide government agencies as vulnerability buyers has significant implications. We discuss potential factors that can impact the risk to society and the need for detailed exploration. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=risk%20management" title="risk management">risk management</a>, <a href="https://publications.waset.org/abstracts/search?q=software%20security" title=" software security"> software security</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerability%20discoverers" title=" vulnerability discoverers"> vulnerability discoverers</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerability%20markets" title=" vulnerability markets"> vulnerability markets</a> </p> <a href="https://publications.waset.org/abstracts/6548/software-vulnerability-markets-discoverers-and-buyers" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/6548.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">253</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">205</span> Mapping Vulnerabilities: A Social and Political Study of Disasters in Eastern Himalayas, Region of Darjeeling</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Shailendra%20M.%20Pradhan">Shailendra M. Pradhan</a>, <a href="https://publications.waset.org/abstracts/search?q=Upendra%20M.%20Pradhan"> Upendra M. Pradhan</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Disasters are perennial features of human civilization. The recurring earthquakes, floods, cyclones, among others, that result in massive loss of lives and devastation, is a grim reminder of the fact that, despite all our success stories of development, and progress in science and technology, human society is perennially at risk to disasters. The apparent threat of climate change and global warming only severe our disaster risks. Darjeeling hills, situated along Eastern Himalayan region of India, and famous for its three Ts – tea, tourism and toy-train – is also equally notorious for its disasters. The recurring landslides and earthquakes, the cyclone Aila, and the Ambootia landslides, considered as the largest landslide in Asia, are strong evidence of the vulnerability of Darjeeling hills to natural disasters. Given its geographical location along the Hindu-Kush Himalayas, the region is marked by rugged topography, geo-physically unstable structure, high-seismicity, and fragile landscape, making it prone to disasters of different kinds and magnitudes. Most of the studies on disasters in Darjeeling hills are, however, scientific and geographical in orientation that focuses on the underlying geological and physical processes to the neglect of social and political conditions. This has created a tendency among the researchers and policy-makers to endorse and promote a particular type of discourse that does not consider the social and political aspects of disasters in Darjeeling hills. Disaster, this paper argues, is a complex phenomenon, and a result of diverse factors, both physical and human. The hazards caused by the physical and geological agents, and the vulnerabilities produced and rooted in political, economic, social and cultural structures of a society, together result in disasters. In this sense, disasters are as much a result of political and economic conditions as it is of physical environment. The human aspect of disasters, therefore, compels us to address intricating social and political challenges that ultimately determine our resilience and vulnerability to disasters. Set within the above milieu, the aims of the paper are twofold: a) to provide a political and sociological account of disasters in Darjeeling hills; and, b) to identify and address the root causes of its vulnerabilities to disasters. In situating disasters in Darjeeling Hills, the paper adopts the Pressure and Release Model (PAR) that provides a theoretical insight into the study of social and political aspects of disasters, and to examine myriads of other related issues therein. The PAR model conceptualises risk as a complex combination of vulnerabilities, on the one hand, and hazards, on the other. Disasters, within the PAR framework, occur when hazards interact with vulnerabilities. The root causes of vulnerability, in turn, could be traced to social and political structures such as legal definitions of rights, gender relations, and other ideological structures and processes. In this way, the PAR model helps the present study to identify and unpack the root causes of vulnerabilities and disasters in Darjeeling hills that have largely remained neglected in dominant discourses, thereby providing a more nuanced and sociologically sensitive understanding of disasters. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=Darjeeling" title="Darjeeling">Darjeeling</a>, <a href="https://publications.waset.org/abstracts/search?q=disasters" title=" disasters"> disasters</a>, <a href="https://publications.waset.org/abstracts/search?q=PAR" title=" PAR"> PAR</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerabilities" title=" vulnerabilities"> vulnerabilities</a> </p> <a href="https://publications.waset.org/abstracts/44521/mapping-vulnerabilities-a-social-and-political-study-of-disasters-in-eastern-himalayas-region-of-darjeeling" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/44521.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">273</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">204</span> A Medical Vulnerability Scoring System Incorporating Health and Data Sensitivity Metrics</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Nadir%20A.%20Carreon">Nadir A. Carreon</a>, <a href="https://publications.waset.org/abstracts/search?q=Christa%20Sonderer"> Christa Sonderer</a>, <a href="https://publications.waset.org/abstracts/search?q=Aakarsh%20Rao"> Aakarsh Rao</a>, <a href="https://publications.waset.org/abstracts/search?q=Roman%20Lysecky"> Roman Lysecky</a> </p> <p class="card-text"><strong>Abstract:</strong></p> With the advent of complex software and increased connectivity, the security of life-critical medical devices is becoming an increasing concern, particularly with their direct impact on human safety. Security is essential, but it is impossible to develop completely secure and impenetrable systems at design time. Therefore, it is important to assess the potential impact on the security and safety of exploiting a vulnerability in such critical medical systems. The common vulnerability scoring system (CVSS) calculates the severity of exploitable vulnerabilities. However, for medical devices it does not consider the unique challenges of impacts to human health and privacy. Thus, the scoring of a medical device on which human life depends (e.g., pacemakers, insulin pumps) can score very low, while a system on which human life does not depend (e.g., hospital archiving systems) might score very high. In this paper, we propose a medical vulnerability scoring system (MVSS) that extends CVSS to address the health and privacy concerns of medical devices. We propose incorporating two new parameters, namely health impact, and sensitivity impact. Sensitivity refers to the type of information that can be stolen from the device, and health represents the impact on the safety of the patient if the vulnerability is exploited (e.g., potential harm, life-threatening). We evaluate fifteen different known vulnerabilities in medical devices and compare MVSS against two state-of-the-art medical device-oriented vulnerability scoring systems and the foundational CVSS. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=common%20vulnerability%20system" title="common vulnerability system">common vulnerability system</a>, <a href="https://publications.waset.org/abstracts/search?q=medical%20devices" title=" medical devices"> medical devices</a>, <a href="https://publications.waset.org/abstracts/search?q=medical%20device%20security" title=" medical device security"> medical device security</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerabilities" title=" vulnerabilities"> vulnerabilities</a> </p> <a href="https://publications.waset.org/abstracts/135685/a-medical-vulnerability-scoring-system-incorporating-health-and-data-sensitivity-metrics" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/135685.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">166</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">203</span> Towards a Security Model against Denial of Service Attacks for SIP Traffic</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Arellano%20Karina">Arellano Karina</a>, <a href="https://publications.waset.org/abstracts/search?q=Diego%20Avila-Pes%C3%A1ntez"> Diego Avila-Pesántez</a>, <a href="https://publications.waset.org/abstracts/search?q=Leticia%20Vaca-C%C3%A1rdenas"> Leticia Vaca-Cárdenas</a>, <a href="https://publications.waset.org/abstracts/search?q=Alberto%20Arellano"> Alberto Arellano</a>, <a href="https://publications.waset.org/abstracts/search?q=Carmen%20Mantilla"> Carmen Mantilla</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-of-Service (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organization. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=Denial-of-Service%20SIP%20attacks" title="Denial-of-Service SIP attacks">Denial-of-Service SIP attacks</a>, <a href="https://publications.waset.org/abstracts/search?q=MS-DoS-SIP" title=" MS-DoS-SIP"> MS-DoS-SIP</a>, <a href="https://publications.waset.org/abstracts/search?q=security%20model" title=" security model"> security model</a>, <a href="https://publications.waset.org/abstracts/search?q=VoIP-SIP%20vulnerabilities" title=" VoIP-SIP vulnerabilities"> VoIP-SIP vulnerabilities</a> </p> <a href="https://publications.waset.org/abstracts/85955/towards-a-security-model-against-denial-of-service-attacks-for-sip-traffic" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/85955.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">203</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">202</span> The Nature and Impact of Trojan Horses in Cybersecurity</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Mehrab%20Faraghti">Mehrab Faraghti</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Trojan horses, a form of malware masquerading as legitimate software, pose significant cybersecurity threats. These malicious programs exploit user trust, infiltrate systems, and can lead to data breaches, financial loss, and compromised privacy. This paper explores the mechanisms through which Trojan horses operate, including delivery methods such as phishing and software vulnerabilities. It categorizes various types of Trojan horses and their specific impacts on individuals and organizations. Additionally, the research highlights the evolution of Trojan threats and the importance of user awareness and proactive security measures. By analyzing case studies of notable Trojan attacks, this study identifies common vulnerabilities that can be exploited and offers insights into effective countermeasures, including behavioral analysis, anomaly detection, and robust incident response strategies. The findings emphasize the need for comprehensive cybersecurity education and the implementation of advanced security protocols to mitigate the risks associated with Trojan horses. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=Trojan%20horses" title="Trojan horses">Trojan horses</a>, <a href="https://publications.waset.org/abstracts/search?q=cybersecurity" title=" cybersecurity"> cybersecurity</a>, <a href="https://publications.waset.org/abstracts/search?q=malware" title=" malware"> malware</a>, <a href="https://publications.waset.org/abstracts/search?q=data%20breach" title=" data breach"> data breach</a> </p> <a href="https://publications.waset.org/abstracts/193829/the-nature-and-impact-of-trojan-horses-in-cybersecurity" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/193829.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">10</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">201</span> Community Level Vulnerabilities to Climate Change in Cox’s Bazar-Teknaf Coastal Area of Bangladesh</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Pronob%20Kumar%20Mozumder">Pronob Kumar Mozumder</a>, <a href="https://publications.waset.org/abstracts/search?q=M.%20Abdur%20Rob%20Mollah"> M. Abdur Rob Mollah</a> </p> <p class="card-text"><strong>Abstract:</strong></p> This research was conducted in two coastal locations of Bangladesh from February, 2013 to January, 2014.The objective of this research was to assess the potential vulnerabilities of climate change on local ecosystem and people and to identify and recommend local level adaptation strategies to climate change. Focus group discussions, participatory rural appraisal, interviewing local elderly people were conducted. Perceptions about climate change indicate that local people are experiencing impacts of climate change. According to local people, temperature, cyclone, rain, water-logging, siltation, salinity, erosion, and flash flood are increasing. Vulnerability assessment revealed that local people are variously affected by abnormal climate related disasters. This is jeopardizing their livelihoods, risking their lives, health, and their assets. This prevailing climatic situation in the area is also impacting their environmental conditions, biodiversity and natural resources, and their economic activities. The existing adaptation includes using traditional boat and mobile phone while fishing and making house on high land and lower height. Proposed adaptation for fishing boat are using more than 60 feet length with good timber, putting at least 3 longitudinal bar along upper side, using enough vertical side bars. The homestead measures include use of cross bracing of wall frame, roof tying with extra-post by ropes and plantation of timber tree against wind. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=community%20level%20vulnerabilities" title="community level vulnerabilities">community level vulnerabilities</a>, <a href="https://publications.waset.org/abstracts/search?q=climate%20change" title=" climate change"> climate change</a>, <a href="https://publications.waset.org/abstracts/search?q=Cox%E2%80%99s%20Bazar-Teknaf%20Coastal%20Area" title=" Cox’s Bazar-Teknaf Coastal Area"> Cox’s Bazar-Teknaf Coastal Area</a>, <a href="https://publications.waset.org/abstracts/search?q=Bangladesh" title=" Bangladesh"> Bangladesh</a> </p> <a href="https://publications.waset.org/abstracts/19015/community-level-vulnerabilities-to-climate-change-in-coxs-bazar-teknaf-coastal-area-of-bangladesh" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/19015.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">537</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">200</span> A Survey on the Blockchain Smart Contract System: Security Strengths and Weaknesses</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Malaw%20Ndiaye">Malaw Ndiaye</a>, <a href="https://publications.waset.org/abstracts/search?q=Karim%20Konate"> Karim Konate</a> </p> <p class="card-text"><strong>Abstract:</strong></p> Smart contracts are computer protocols that facilitate, verify, and execute the negotiation or execution of a contract, or that render a contractual term unnecessary. Blockchain and smart contracts can be used to facilitate almost any financial transaction. Thanks to these smart contracts, the settlement of dividends and coupons could be automated. Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Smart contracts, although widely used in blockchain technology, are far from perfect due to security concerns. Since there are recent studies on smart contract security, none of them systematically study the strengths and weaknesses of smart contract security. Some have focused on an analysis of program-related vulnerabilities by providing a taxonomy of vulnerabilities. Other studies are responsible for listing the series of attacks linked to smart contracts. Although a series of attacks are listed, there is a lack of discussions and proposals on improving security. This survey takes stock of smart contract security from a more comprehensive perspective by correlating the level of vulnerability and systematic review of security levels in smart contracts. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=blockchain" title="blockchain">blockchain</a>, <a href="https://publications.waset.org/abstracts/search?q=Bitcoin" title=" Bitcoin"> Bitcoin</a>, <a href="https://publications.waset.org/abstracts/search?q=smart%20contract" title=" smart contract"> smart contract</a>, <a href="https://publications.waset.org/abstracts/search?q=criminal%20smart%20contract" title=" criminal smart contract"> criminal smart contract</a>, <a href="https://publications.waset.org/abstracts/search?q=security" title=" security"> security</a> </p> <a href="https://publications.waset.org/abstracts/135465/a-survey-on-the-blockchain-smart-contract-system-security-strengths-and-weaknesses" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/135465.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">168</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">199</span> Emerging Threats and Adaptive Defenses: Navigating the Future of Cybersecurity in a Hyperconnected World</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Olasunkanmi%20Jame%20Ayodeji">Olasunkanmi Jame Ayodeji</a>, <a href="https://publications.waset.org/abstracts/search?q=Adebayo%20Adeyinka%20Victor"> Adebayo Adeyinka Victor</a> </p> <p class="card-text"><strong>Abstract:</strong></p> In a hyperconnected world, cybersecurity faces a continuous evolution of threats that challenge traditional defence mechanisms. This paper explores emerging cybersecurity threats like malware, ransomware, phishing, social engineering, and the Internet of Things (IoT) vulnerabilities. It delves into the inadequacies of existing cybersecurity defences in addressing these evolving risks and advocates for adaptive defence mechanisms that leverage AI, machine learning, and zero-trust architectures. The paper proposes collaborative approaches, including public-private partnerships and information sharing, as essential to building a robust defence strategy to address future cyber threats. The need for continuous monitoring, real-time incident response, and adaptive resilience strategies is highlighted to fortify digital infrastructures in the face of escalating global cyber risks. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=cybersecurity" title="cybersecurity">cybersecurity</a>, <a href="https://publications.waset.org/abstracts/search?q=hyperconnectivity" title=" hyperconnectivity"> hyperconnectivity</a>, <a href="https://publications.waset.org/abstracts/search?q=malware" title=" malware"> malware</a>, <a href="https://publications.waset.org/abstracts/search?q=adaptive%20defences" title=" adaptive defences"> adaptive defences</a>, <a href="https://publications.waset.org/abstracts/search?q=zero-trust%20architecture" title=" zero-trust architecture"> zero-trust architecture</a>, <a href="https://publications.waset.org/abstracts/search?q=internet%20of%20things%20vulnerabilities" title=" internet of things vulnerabilities"> internet of things vulnerabilities</a> </p> <a href="https://publications.waset.org/abstracts/192296/emerging-threats-and-adaptive-defenses-navigating-the-future-of-cybersecurity-in-a-hyperconnected-world" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/192296.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">20</span> </span> </div> </div> <div class="card paper-listing mb-3 mt-3"> <h5 class="card-header" style="font-size:.9rem"><span class="badge badge-info">198</span> SVID: Structured Vulnerability Intelligence for Building Deliberated Vulnerable Environment</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/abstracts/search?q=Wenqing%20Fan">Wenqing Fan</a>, <a href="https://publications.waset.org/abstracts/search?q=Yixuan%20Cheng"> Yixuan Cheng</a>, <a href="https://publications.waset.org/abstracts/search?q=Wei%20Huang"> Wei Huang</a> </p> <p class="card-text"><strong>Abstract:</strong></p> The diversity and complexity of modern IT systems make it almost impossible for internal teams to find vulnerabilities in all software before the software is officially released. The emergence of threat intelligence and vulnerability reporting policy has greatly reduced the burden on software vendors and organizations to find vulnerabilities. However, to prove the existence of the reported vulnerability, it is necessary but difficult for security incident response team to build a deliberated vulnerable environment from the vulnerability report with limited and incomplete information. This paper presents a structured, standardized, machine-oriented vulnerability intelligence format, that can be used to automate the orchestration of Deliberated Vulnerable Environment (DVE). This paper highlights the important role of software configuration and proof of vulnerable specifications in vulnerability intelligence, and proposes a triad model, which is called DIR (Dependency Configuration, Installation Configuration, Runtime Configuration), to define software configuration. Finally, this paper has also implemented a prototype system to demonstrate that the orchestration of DVE can be automated with the intelligence. <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/abstracts/search?q=DIR%20triad%20model" title="DIR triad model">DIR triad model</a>, <a href="https://publications.waset.org/abstracts/search?q=DVE" title=" DVE"> DVE</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerability%20intelligence" title=" vulnerability intelligence"> vulnerability intelligence</a>, <a href="https://publications.waset.org/abstracts/search?q=vulnerability%20recurrence" title=" vulnerability recurrence"> vulnerability recurrence</a> </p> <a href="https://publications.waset.org/abstracts/108327/svid-structured-vulnerability-intelligence-for-building-deliberated-vulnerable-environment" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/abstracts/108327.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">121</span> </span> </div> </div> <ul class="pagination"> <li class="page-item disabled"><span class="page-link">&lsaquo;</span></li> <li class="page-item active"><span class="page-link">1</span></li> <li class="page-item"><a class="page-link" href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities&amp;page=2">2</a></li> <li class="page-item"><a class="page-link" href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities&amp;page=3">3</a></li> <li class="page-item"><a class="page-link" href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities&amp;page=4">4</a></li> <li class="page-item"><a class="page-link" href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities&amp;page=5">5</a></li> <li class="page-item"><a class="page-link" href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities&amp;page=6">6</a></li> <li class="page-item"><a class="page-link" href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities&amp;page=7">7</a></li> <li class="page-item"><a class="page-link" href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities&amp;page=8">8</a></li> <li class="page-item"><a class="page-link" href="https://publications.waset.org/abstracts/search?q=web%20vulnerabilities&amp;page=2" rel="next">&rsaquo;</a></li> </ul> </div> </main> <footer> <div id="infolinks" class="pt-3 pb-2"> <div class="container"> <div style="background-color:#f5f5f5;" class="p-3"> <div class="row"> <div class="col-md-2"> <ul class="list-unstyled"> About <li><a href="https://waset.org/page/support">About Us</a></li> <li><a href="https://waset.org/page/support#legal-information">Legal</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/WASET-16th-foundational-anniversary.pdf">WASET celebrates its 16th foundational anniversary</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Account <li><a href="https://waset.org/profile">My Account</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Explore <li><a href="https://waset.org/disciplines">Disciplines</a></li> <li><a href="https://waset.org/conferences">Conferences</a></li> <li><a href="https://waset.org/conference-programs">Conference Program</a></li> <li><a href="https://waset.org/committees">Committees</a></li> <li><a href="https://publications.waset.org">Publications</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Research <li><a href="https://publications.waset.org/abstracts">Abstracts</a></li> <li><a href="https://publications.waset.org">Periodicals</a></li> <li><a href="https://publications.waset.org/archive">Archive</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Open Science <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Science-Philosophy.pdf">Open Science Philosophy</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Science-Award.pdf">Open Science Award</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Society-Open-Science-and-Open-Innovation.pdf">Open Innovation</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Postdoctoral-Fellowship-Award.pdf">Postdoctoral Fellowship Award</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Scholarly-Research-Review.pdf">Scholarly Research Review</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Support <li><a href="https://waset.org/page/support">Support</a></li> <li><a href="https://waset.org/profile/messages/create">Contact Us</a></li> <li><a href="https://waset.org/profile/messages/create">Report Abuse</a></li> </ul> </div> </div> </div> </div> </div> <div class="container text-center"> <hr style="margin-top:0;margin-bottom:.3rem;"> <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank" class="text-muted small">Creative Commons Attribution 4.0 International License</a> <div id="copy" class="mt-2">&copy; 2024 World Academy of Science, Engineering and Technology</div> </div> </footer> <a href="javascript:" id="return-to-top"><i class="fas fa-arrow-up"></i></a> <div class="modal" id="modal-template"> <div class="modal-dialog"> <div class="modal-content"> <div class="row m-0 mt-1"> <div class="col-md-12"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button> </div> </div> <div class="modal-body"></div> </div> </div> </div> <script src="https://cdn.waset.org/static/plugins/jquery-3.3.1.min.js"></script> <script src="https://cdn.waset.org/static/plugins/bootstrap-4.2.1/js/bootstrap.bundle.min.js"></script> <script src="https://cdn.waset.org/static/js/site.js?v=150220211556"></script> <script> jQuery(document).ready(function() { /*jQuery.get("https://publications.waset.org/xhr/user-menu", function (response) { jQuery('#mainNavMenu').append(response); });*/ jQuery.get({ url: "https://publications.waset.org/xhr/user-menu", cache: false }).then(function(response){ jQuery('#mainNavMenu').append(response); }); }); </script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10