144,530 research outputs found
Assessing The Security Posture Of Openemr Using Capec Attack Patterns
Attack patterns describe the common methods of exploiting software. Good software engineering practices and principles alone are not enough to produce secure software. It is also important to know how software it attacked and to guard against it. Knowledge of attack patterns provides a good perspective of an attacker, thus enabling developers and testers to build secure software. CAPEC list is a taxonomy of attack patterns which we believe can enhance security testing. This research seeks to assess the security posture of OpenEMR 4.1.1, an open source Electronic Medical Record (EMR) system, based on CAPEC attack patterns. Five categories of CAPEC attack patterns were analyzed to find their relevance and applicability to OpenEMR. Whereas inapplicable attack patterns were not further considered, applicable attack patterns were further tested to assess OpenEMR vulnerability to them. Various security testing tools were used to carry out the tests. Attack patterns helped to focus black-box and white-box testing procedures on what and where to test. OpenEMR was found to be vulnerable to a number of vulnerabilities such as cross site scripting, authentication bypass, session sidejacking, among others. A number of exploitations were carried out based on the vulnerabilities discovered
Implementasi Snort Sebagai Alat Pendeteksi Intrusi Menggunakan Linux
Network security system on the server is an important factor to ensure the stability , integrity and validity of the data . Implementation of Snort -based Intrusion Detection System can save the cost of procurement of software because it is free and quite reliable in detecting security attacks . Snort -based IDS systems can be implemented on the Linux operating system . Snort main settings and network settings , especially on existing Snort rule . An attack can be detected or not by SnortI IDS , depending on the presence or absence of an appropriate rule. Testing the IDS system was done with several attack patterns to test the reliability of Snort to detect an attack against the security system . Based on the results of testing the system Snort IDS with ping , nmap port scanning , exploits , SQL Injection , accessing the database . Snort can provide warning of an attack against the security of a network system . The warning results can be used as a reference for determining the network security policy
Cyber Attack Surface Mapping For Offensive Security Testing
Security testing consists of automated processes, like Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), as well as manual offensive security testing, like Penetration Testing and Red Teaming. This nonautomated testing is frequently time-constrained and difficult to scale. Previous literature suggests that most research is spent in support of improving fully automated processes or in finding specific vulnerabilities, with little time spent improving the interpretation of the scanned attack surface critical to nonautomated testing. In this work, agglomerative hierarchical clustering is used to compress the Internet-facing hosts of 13 representative companies as collected by the Shodan search engine, resulting in an average 89% reduction in attack surface complexity. The work is then extended to map network services and also analyze the characteristics of the Log4Shell security vulnerability and its impact on attack surface mapping. The results highlighted outliers indicative of possible anti-patterns as well as opportunities to improve how testers and tools map the web attack surface. Ultimately the work is extended to compress web attack surfaces based on security relevant features, demonstrating via accuracy measurements not only that this compression is feasible but can also be automated. In the process a framework is created which could be extended in future work to compress other attack surfaces, including physical structures/campuses for physical security testing and even humans for social engineering tests
Analyzing Android Browser Apps for file:// Vulnerabilities
Securing browsers in mobile devices is very challenging, because these
browser apps usually provide browsing services to other apps in the same
device. A malicious app installed in a device can potentially obtain sensitive
information through a browser app. In this paper, we identify four types of
attacks in Android, collectively known as FileCross, that exploits the
vulnerable file:// to obtain users' private files, such as cookies, bookmarks,
and browsing histories. We design an automated system to dynamically test 115
browser apps collected from Google Play and find that 64 of them are vulnerable
to the attacks. Among them are the popular Firefox, Baidu and Maxthon browsers,
and the more application-specific ones, including UC Browser HD for tablet
users, Wikipedia Browser, and Kids Safe Browser. A detailed analysis of these
browsers further shows that 26 browsers (23%) expose their browsing interfaces
unintentionally. In response to our reports, the developers concerned promptly
patched their browsers by forbidding file:// access to private file zones,
disabling JavaScript execution in file:// URLs, or even blocking external
file:// URLs. We employ the same system to validate the ten patches received
from the developers and find one still failing to block the vulnerability.Comment: The paper has been accepted by ISC'14 as a regular paper (see
https://daoyuan14.github.io/). This is a Technical Report version for
referenc
Idea-caution before exploitation:the use of cybersecurity domain knowledge to educate software engineers against software vulnerabilities
The transfer of cybersecurity domain knowledge from security experts (‘Ethical Hackers’) to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed
Small Scale AES Toolbox: Algebraic and Propositional Formulas, Circuit-Implementations and Fault Equations
Cryptography is one of the key technologies ensuring security in the digital
domain. As such, its primitives and implementations have been extensively analyzed both
from a theoretical, cryptoanalytical perspective, as well as regarding their capabilities to
remain secure in the face of various attacks.
One of the most common ciphers, the Advanced Encryption Standard (AES) (thus far)
appears to be secure in the absence of an active attacker. To allow for the testing and
development of new attacks or countermeasures a small scale version of the AES with a
variable number of rounds, number of rows, number of columns and data word size, and a
complexity ranging from trivial up to the original AES was developed.
In this paper we present a collection of various implementations of the relevant small scale
AES versions based on hardware (VHDL and gate-level), algebraic representations (Sage
and CoCoA) and their translations into propositional formulas (in CNF). Additionally, we
present fault attack equations for each version.
Having all these resources available in a single and well structured package allows researchers
to combine these different sources of information which might reveal new patterns or solving
strategies. Additionally, the fine granularity of difficulty between the different small scale
AES versions allows for the assessment of new attacks or the comparison of different attacks
Structural Learning of Attack Vectors for Generating Mutated XSS Attacks
Web applications suffer from cross-site scripting (XSS) attacks that
resulting from incomplete or incorrect input sanitization. Learning the
structure of attack vectors could enrich the variety of manifestations in
generated XSS attacks. In this study, we focus on generating more threatening
XSS attacks for the state-of-the-art detection approaches that can find
potential XSS vulnerabilities in Web applications, and propose a mechanism for
structural learning of attack vectors with the aim of generating mutated XSS
attacks in a fully automatic way. Mutated XSS attack generation depends on the
analysis of attack vectors and the structural learning mechanism. For the
kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the
structure of the attack vector model to capture the implicit manner of the
attack vector, and this manner is benefited from the syntax meanings that are
labeled by the proposed tokenizing mechanism. Bayes theorem is used to
determine the number of hidden states in the model for generalizing the
structure model. The paper has the contributions as following: (1)
automatically learn the structure of attack vectors from practical data
analysis to modeling a structure model of attack vectors, (2) mimic the manners
and the elements of attack vectors to extend the ability of testing tool for
identifying XSS vulnerabilities, (3) be helpful to verify the flaws of
blacklist sanitization procedures of Web applications. We evaluated the
proposed mechanism by Burp Intruder with a dataset collected from public XSS
archives. The results show that mutated XSS attack generation can identify
potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
- …