7,700 research outputs found
Ghera: A Repository of Android App Vulnerability Benchmarks
Security of mobile apps affects the security of their users. This has fueled
the development of techniques to automatically detect vulnerabilities in mobile
apps and help developers secure their apps; specifically, in the context of
Android platform due to openness and ubiquitousness of the platform. Despite a
slew of research efforts in this space, there is no comprehensive repository of
up-to-date and lean benchmarks that contain most of the known Android app
vulnerabilities and, consequently, can be used to rigorously evaluate both
existing and new vulnerability detection techniques and help developers learn
about Android app vulnerabilities. In this paper, we describe Ghera, an open
source repository of benchmarks that capture 25 known vulnerabilities in
Android apps (as pairs of exploited/benign and exploiting/malicious apps). We
also present desirable characteristics of vulnerability benchmarks and
repositories that we uncovered while creating Ghera.Comment: 10 pages. Accepted at PROMISE'1
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Benchmarking Software Vulnerability Detection Techniques: A Survey
Software vulnerabilities can have serious consequences, which is why many
techniques have been proposed to defend against them. Among these,
vulnerability detection techniques are a major area of focus. However, there is
a lack of a comprehensive approach for benchmarking these proposed techniques.
In this paper, we present the first survey that comprehensively investigates
and summarizes the current state of software vulnerability detection
benchmarking. We review the current literature on benchmarking vulnerability
detection, including benchmarking approaches in technique-proposing papers and
empirical studies. We also separately discuss the benchmarking approaches for
traditional and deep learning-based vulnerability detection techniques. Our
survey analyzes the challenges of benchmarking software vulnerability detection
techniques and the difficulties involved. We summarize the challenges of
benchmarking software vulnerability detection techniques and describe possible
solutions for addressing these challenges
The approaches to quantify web application security scanners quality: A review
The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality
Firmware enhancements for BYOD-aware network security
In today’s connected world, users migrate within a complex set of networks, including, but not limited to, 3G and 4G (LTE) services provided by mobile operators, Wi-Fi hotspots in private and public places, as well as wireless and/or wired LAN access in business and home environments. Following the widely expanding Bring Your Own Device (BYOD) approach, many public and educational institutions have begun to encourage customers and students to use their own devices at all times. While this may be cost-effective in terms of decreased investments in hardware and consequently lower maintenance fees on a long-term basis, it may also involve some security risks. In particular, many users are often connected to more than one network and/or communication service provider at the same time, for example to a 3G/4G mobile network and to a Wi-Fi. In a BYOD setting, an infected device or a rogue one can turn into an unwanted gateway, causing a security breach by leaking information across networks. Aiming at investigating in greater detail the implications of BYOD on network security in private and business settings we are building a framework for experiments with mobile routers both in home and business networks. This is a continuation of our earlier work on communications and services with enhanced security for network appliances
- …