The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we have tested several open source web applications against common security vulnerabilities. These vulnerabilities spans from unnecessary data member declaration to leaving gaps for SQL injection. The static security vulnerabilities testing was done in three categories (1) Dodgy code vulnerabilities (2) Malicious code vulnerabilities (3) Security code vulnerabilities on seven (7) different...
In this paper, we describe penetration testing, as a methodology for information security. Pentesting is used for proactive defence and information systems protection. Special operational systems on UNIX core, developed scripts, utilities and applications are suggested. Most pros and cons of manual and automated pentest are given.
An application logic flaw is a type of software vulnerability related to privilege manipulation or transaction control manipulation. They are often difficult to identify using automated scanners. A case study on the eCommerce merchant software Bigcommerce, integrated with PayPal Express as a third party payment collector, was created to teach students about this topic. Case studies provide students...
Security testing of web applications remains a major problem of software engineering. In order to reveal vulnerabilities, manual and automatic testing approaches use different strategies for detection of certain kinds of inputs that might lead to a security breach. In this paper we compared a state-of-the-art manual testing tool with an automated one that is based on model-based testing. The first...
In an attempt to support customization, many web applications allow the integration of third-party server-side plugins that offer diverse functionality, but also open an additional door for security vulnerabilities. In this paper we study the use of static code analysis tools to detect vulnerabilities in the plugins of the web application. The goal is twofold: 1) to study the effectiveness of static...
We have applied static analysis to find out how vulnerable the plugins available at the official Word Press plug in directory are to well known security exploits. We have compared the amount of potential vulnerabilities and vulnerability density to the user ratings, to determine if user ratings can be used for finding secure plugins. We conclude that the quality of the plugins varies and there is...
Formal specification is usually employed to avoid ambiguity of security requirements. However, it is hard to assure correctness of this formal model and its conformance with security implementation. In this paper, a framework combining formal verification and security functional testing is proposed to support the correctness and conformance check procedure. Formal requirements are verified following...
This paper introduces rule-based exploratory testing, an approach to GUI testing that combines aspects of manual exploratory testing with rule-based test automation. This approach uses short, automated rules to increase the bug-detection capability of recorded exploratory test sessions. A preliminary evaluation found that this approach can be used to detect both general and application-specific bugs,...
Records management has evolved over the centuries and the concept of electronic records is quickly becoming the major trends in managing electronic information compared to traditional recordkeeping which required tedious and complexity of works. This paper is discussed about the management of records from paper based into electronic through the implementation of Vehicle Observation System, an IT collaboration...
Security testing is an important step in the lifetime of both newly-designed and existing systems. Different methodologies exist to guide testers to the selection, design, and implementation of the most appropriate testing procedures for various contexts. Typically, each methodology stems from the specific needs of a particular category of actors, and consequently is biased towards some aspect of...
Penetration testing is an important branch of network security evaluation, which aims at providing all-round investigation to find the vulnerabilities and security threats in systems and networks. Former penetration testing platforms lack the adaptability when applied to different types of systems or networks, and the manual tests which are prevailed in those platforms are usually long and complex...
We have investigated a technique for recognising faces invariant of facial expressions. We apply multi-linear tensor algebra, which subsumes linear algebra, to analyse and recognise 3D face surfaces. This potent framework possesses a remarkable ability to deal with the shortcomings of principle component analysis in less constrained situations. A set of vector spaces can be used to represent the variation...
One of the core components of any visual surveillance system is object classification, where detected objects are classified into different categories of interest. Although in airports or train stations, abandoned objects are mainly luggage or trolleys, none of the existing works in the literature have attempted to classify or recognize trolleys. In this paper, we analyzed and classified images of...
For the past 20 years, Seattle University's Master of Software Engineering program has incorporated industry sponsored projects into its capstone course sequence. Starting in 2005 the program was expanded to leverage projects that would cut across the themes presented in various courses to enable students to experience continuity and a common pedagogical application in various topics. The projects...
We propose an approach to generate and execute tests of the conformance of a system to a given security policy. The method is rule-based: it generates test cases directly from a security policy expressed as a set of security requirements, using two relations: one between predicates appearing in the rules and elementary test cases, called tiles, used to test predicates in the system, and another one...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.