Ontology-based context-sensitive software security knowledge management modeling

The disconcerting increase in the number of security attacks on software calls for an imminent need for including secure development practices within the software development life cycle. The software security management system has received considerable attention lately and various efforts have been made in this direction. However, security is usually only considered in the early stages of the development of software. Thus, this leads to stating other vulnerabilities from a security perspective. Moreover, despite the abundance of security knowledge available online and in books, the systems that are being developed are seldom sufficiently secure. In this paper, we have highlighted the need for including application context sensitive modeling within a case-based software security management system. Furthermore, we have taken the context-driven and ontology-based frameworks and prioritized their attributes according to their weights which were achieved by using the Fuzzy AHP methodology

Integrating environmental social and governance values into higher education curriculum

This paper proposes a framework for integrating Environmental, Social, and Governance (ESG) principles into higher education institutions. The framework consists of six components: curriculum integration, research and innovation, campus operations, community engagement, leadership and governance, and assessment and reporting. Each component is supported by eight implementation strategies that provide practical guidance for institutions looking to advance their sustainability efforts. The proposed framework is informed by a literature review that highlights the importance of ESG considerations in higher education, the challenges and opportunities associated with integrating sustainability into higher education institutions, and the role that institutions can play in promoting sustainable development. The framework is also supported by case studies that illustrate how institutions have successfully implemented sustainability initiatives and the benefits that have accrued as a result. The proposed framework has the potential to make a significant contribution to the advancement of sustainability in higher education institutions and promote sustainable development in the broader community. It is hoped that the framework will be useful to institutions, policymakers, and other stakeholders interested in promoting sustainability in higher education

Android Application Security Scanning Process

This chapter presents the security scanning process for Android applications. The aim is to guide researchers and developers to the core phases/steps required to analyze Android applications, check their trustworthiness, and protect Android users and their devices from being victims to different malware attacks. The scanning process is comprehensive, explaining the main phases and how they are conducted including (a) the download of the apps themselves; (b) Android application package (APK) reverse engineering; (c) app feature extraction, considering both static and dynamic analysis; (d) dataset creation and/or utilization; and (e) data analysis and data mining that result in producing detection systems, classification systems, and ranking systems. Furthermore, this chapter highlights the app features, evaluation metrics, mechanisms and tools, and datasets that are frequently used during the app’s security scanning process

SQL injection attacks countermeasures assessments

SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection attacks, no single approach guarantees flawless prevention/ detection for these attacks. Hundreds of components of open source and commercial software products are reported to be vulnerable for SQL injection to CVE repository every year. In this mapping study, we identify different existing approaches in terms of the cost of computation and protection offered. We found that most of the existing techniques claim to offer protection based on the testing on a very small or limited scale. This study dissects each proposed approach and highlights their strengths and weaknesses and categorizes them based on the underlying technology used to detect or counter the injection attacks

Harnessing deep learning algorithms to predict software refactoring

During software maintenance, software systems need to be modified by adding or modifying source code. These changes are required to fix errors or adopt new requirements raised by stakeholders or market place. Identifying thetargeted piece of code for refactoring purposes is considered a real challenge for software developers. The whole process of refactoring mainly relies on software developers’ skills and intuition. In this paper, a deep learning algorithm is used to develop a refactoring prediction model for highlighting the classes that require refactoring. More specifically, the gated recurrent unit algorithm is used with proposed pre-processing steps for refactoring predictionat the class level. The effectiveness of the proposed model is evaluated usinga very common dataset of 7 open source java projects. The experiments are conducted before and after balancing the dataset to investigate the influence of data sampling on the performance of the prediction model. The experimental analysis reveals a promising result in the field of code refactoring predictio

Security assessment framework for educational ERP systems

The educational ERP systems have vulnerabilities at the different layers such as version-specific vulnerabilities, configuration level vulnerabilities and vulnerabilities of the underlying infrastructure. This research has identified security vulnerabilities in an educational ERP system with the help of automated tools; penetration testing tool and public vulnerability repositories (CVE, CCE) at all layers. The identified vulnerabilities are analyzed for any false positives and then clustered with mitigation techniques, available publicly in security vulnerability solution repository like CCE and CWE. These mitigation techniques are mapped over reported vulnerabilities using mapping algorithms. Security vulnerabilities are then prioritized based on the Common Vulnerability Scoring System (CVSS). Finally, open standards-based vulnerability mitigation recommendations are discussed