The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript, and style sheets. A common programming error is the use of a wrong encoder to sanitize untrusted data, leaving the application vulnerable. We present a security...
Introducing the SEI CERT C++ Coding Standard, a new, security-focused coding standard for the C++ programming language that focuses on the security of applications written with modern versions of C++.
This paper describes a steganography technique in which text is concealed in an image. The lower nibble of each image byte is modified so as to contain each nibble of the input text. The steganography algorithm used in this implementation maximises on data capacity and also ensures security. The Java programming language is used for its comprehensive libraries and ease of use. A simple GUI has been...
This paper describes an implementation of a Secure Coding learning package for Undergraduate students in the Kulliyyah of Information and Communication Technology (KICT) at the International Islamic University Malaysia. The learning package consists of three components which are SCALT, WebGoat and notes on several vulnerabilities in programming languages. This work aims to create awareness among the...
Twitter is a popular means to disseminate information and currently more than 300 million people are using it actively. Software engineers are no exception; Singer et al. have shown that many developers use Twitter to stay current with recent technological trends. At various time points, many users are posting microblogs (i.e., tweets) about the same topic in Twitter. We refer to this reasonably large...
A Java Card Virtual Machine applet running on smart cards may be subject to tampering. We protect existing applets by encoding additional lists representing specific instructions which may be the targets of a variety of attacks. The lists are specifically encoded to be a viable solution in limited smart cards hardware. Our modified virtual machine before executing a fetched instruction checks the...
This minitrack focuses on the research and automation techniques that can be applied to mobile platforms to ensure that software developed for these devices is secure without compromising other system properties such as performance or reliability.
Software security is a tough reality that affects the many facets of our modern, digital world. The pressure to produce secure software is felt particularly strongly by software engineers. Today's software engineering students will need to deal with software security in their profession. However, these students will also not be security experts, rather, they need to balance security concerns with...
JavaScript code is often obfuscated; given such code, can we tell whether if it is malicious or benign? We propose Obfuscating Causal Relations Finding (OCRF), which addresses this problem. The contributions are the following: (1) careful feature extraction, using domain knowledge (2) no need for de-obfuscation, since our method can be applied to the obfuscated script directly, (3) combined obfuscation...
Along with the development of the Internet and distributed systems, it requires that the software is irrelative with the runtime platform, and can be transplanted. Meanwhile how to protect mobile code from malicious host is a new issue that cannot be dealt by traditional technologies. Under this condition, the Java appears. However the JVM instruction system is too simple, but its class format includes...
On-line practice and examination is a new trend of interactive remote teaching and learning. By providing practice and examination content, OPES realizes another distributed and asynchronous learning atmosphere for students. OPES is carried out under the B/S design model with student, teacher, system administrator three functional roles. During the practice procedure, the practice content is focused...
Security in code level is an important aspect to achieve high quality software. Various security programming guidelines are defined to improve the quality of software code. At the same time, enforcing mechanisms of these guidelines are needed. In this paper, we use source code model checking technique to check whether some security programming guidelines are followed, and correspondingly to detect...
Due to their reconfigurability and their high density of resources, SRAM-based FPGAs are more and more used in embedded systems. For some applications (Pay-TV,Banking, Telecommunication ...), a high level of security is needed. FPGAs are intrinsically sensitive to ionizing effects, such as light stimulation, and attackers can try to exploit faults injected in the downloaded configuration. Previous...
This paper presents a course model for teaching component-based software development (CBSD) in the software engineering undergraduate curriculum to deepen and broaden student comprehension of component software. All hands-on lab practices are designed with open-source software tools. The course endows students the precious experiences of making design decisions via comparative study, risk analysis,...
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered...
Conscientious Java developers are typically aware of the numerous coding guidelines that they should follow when writing code, such as validating inputs, minimizing accessibility to classes and members, and avoiding public static nonfinal fields. Java developers follow such guidelines to avoid common programming pitfalls (often called antipatterns), thereby reducing the likelihood of bugs or security...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.