example, should they first address a vulnerability with a severity of “5” or one with a severity of “high”? The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for assessing and quantifying the impact of software vulnerabilities. Organizations currently generating CVSS scores include Cisco, US National Institute of Stand...

Discovering vulnerabilities in operating system (OS) kernels and patching them is crucial for OS security. However, there is a lack of effective kernel vulnerability detection tools, especially for closed-source OSes such as Microsoft Windows. In this paper, we present Digtool, an effective, binary-code-only, kernel vulnerability detection framework. Built atop a virtualization monitor we desig...

A network system could be better protected by physically dividing it into administrative management groups according to different access rights. However, to effectively manage a network system, security information sharing is necessary. Since a system could suffer from the same security threats as another system, how to share the security information to prevent a system from the same security f...

Intrusion Detection has been a body of research and development focusing on the development of techniques and products to block malicious activity. In parallel, automated vulnerability assessment tools have been proposed to provide a base ground for estimating the security level of a given infrastructure at a certain period of time. This paper explores the basic limitations of these two fundame...

We introduce a new class of attack against a network signature-based Intrusion Detection System (IDS) which we have tested using SNORT and we call “Squealing”. This vulnerability has significant implications since it can be generalized to any IDS. While signature-based IDSs have implementation problems with high false positive rates that require tuning, we show a more serious general vulnerabil...

The main aim of this paper was to develop and evaluate securely web-based application for construction material testing using object-oriented technology and parameterized queries for SQL command queries. The SQL queries for the web application of construction material testing were modified by adjusting their codes which included connection strings, authorization bypass and execute commands. Det...

With the advancement in the internet technology since last two decades, the dependence on web applications has increased rapidly. All the facilities are nowadays available online at the ease of just one click. As a result, Web applications are prone to cyber-attacks which has major consequences such as theft of personal secure data and information tampering by 'Cookie stealing' or 'Session Hija...

In this work, we study the topology enhancement problem of wireless sensor networks. Our research focuses on reducing the path-based vulnerability. The objective is to get as much information as possible for any target moving out of the surveillance area. We study intelligent targets that have the knowledge of existing sensor distribution. Under such assumption, we find the vulnerable paths tha...

SQL injection is a type of attack which the attacker adds Structured Query Language code to a web form input box to gain access or make changes to data. SQL injection vulnerability allows an attacker to flow commands directly to a web application's underlying database and destroy functionality or confidentiality. Researchers have proposed different tools to detect and prevent this vulnerability...