Abstract With the advent of Internet, activities individuals and businesses have expanded into online realm. As a result, vulnerabilities that result in actual breaches can lead to data loss program failure. The number is increasing every year, as vulnerabilities. To address this problem, current research focuses on detection using static analysis techniques. prevent propagation vulnerabilities...

Cloud security is one of the biggest concerns for many companies. The growth in the number and size of websites increases the need for better securing those websites. Manual testing and detection of web vulnerabilities can be very time consuming. Automated Web Vulnerability Scanners (WVS) help with the detection of vulnerabilities in web applications. Acunetix is one of the widely used vulnerab...

Rising vulnerability statistics demands multidimensional trend analysis for efficient threat mitigation. Understanding trends aids in early detection of problems and also in planning defense mechanisms. In this regard, this paper presents finegrained trend analysis on classified vulnerability data provided by NVD, across six CVSS base metrics. Such analysis of vulnerability data according to th...

This paper explores the algebraic matching approach for detection of vulnerabilities in binary codes. The algebraic programming system is used for implementing this method. It is anticipated that models of vulnerabilities and programs to be verified are presented as behavior algebra and action language specifications. The methods of algebraic matching are based on rewriting rules and techniques...

Cross-Site Scripting (XSS) vulnerability is one of the most critical breaches that may compromise the security of Web applications. Reflected XSS is usually easy to detect as the attack vector is immediately executed, and classical Web application scanners are commonly efficient to detect it. However, they are less efficient to discover multi-step XSS, which requires behavioral knowledge to be ...

We report a vulnerability to network signature-based IDS which we have tested using Snort and we call “Squealing”. This vulnerability has significant implications since it can easily be generalized to any IDS. The vulnerability of signature-based IDS to high false positive rates has been welldocumented but we go further to show (at a high level) how packets can be crafted to match attack signat...

Current network security tools generally lack sufficient context for maintaining a well informed and proactive defense posture. Vulnerabilities are usually assessed in isolation, without considering how they contribute to overall attack risk. Similarly, intrusion alarms are logged as isolated events, with limited correlation capabilities. Security professionals are overwhelmed by constant threa...

To understand the effect of code complexity on static analysis, thirty-five format string vulnerabilities were studied. We analyzed two code samples for each vulnerability, one containing the vulnerability and one in which the vulnerability was fixed. We examined the effect of code complexity on the quality of static analysis results, including successful detection and false positive rates. Sta...

Information gathering is an essential part of acute vulnerability assessment, especially when the whole process is automated. In this context, host Operating System detection must be precise, even when networks are well defended. We present an original Operating System detection method, based on temporal response analysis. As a proof of concept, we release the open source tool called RING – for...