XSS PEEKER: Dissecting the XSS Exploitation Techniques and Fuzzing Mechanisms of Blackbox Web Application Scanners

Part 6: Software VulnerabilitiesInternational audienceBlack-box vulnerability scanners can miss a non-negligible portion of vulnerabilities. This is true even for cross-site scripting (XSS) vulnerabilities, which are relatively simple to spot. In this paper, we focus on this vulnerability class, and systematically explore 6 black-box scanners to uncover how they detect XSS vulnerabilities, and obtain useful insights to understand their limitations and design better detection methods. A novelty of our workflow is the retrofitting of the testbed so as to accommodate payloads that triggered no vulnerabilities in the initial set. This has the benefit of creating a systematic process to increase the number of test cases, which was not considered by previous testbed-driven approaches

ZARATHUSTRA: Extracting Webinject signatures from banking trojans

Abstract-Modern trojans are equipped with a functionality, called WebInject, that can be used to silently modify a web page on the infected end host. Given its flexibility, WebInject-based malware is becoming a popular information-stealing mechanism. In addition, the structured and well-organized malware-as-a service model makes revenue out of customization kits, which in turns leads to high volumes of binary variants. Analysis approaches based on memory carving to extract the decrypted webinject.txt and config.bin files at runtime make the strong assumption that the malware will never change the way such files are handled internally, and therefore are not future proof by design. In addition, developers of sensitive web applications (e.g., online banking) have no tools that they can possibly use to even mitigate the effect of WebInjects. WebInject-based trojans insert client-side code (e.g., HTML

Postpartum depression screening in mothers and fathers at well-child visits: a feasibility study within the NASCITA cohort

Objective To assess the feasibility of the family paediatrician’s (FP) role in identifying the signs of postpartum depression in parents in time to guarantee child well-being.Design, setting and participants Data for this observational prospective study were collected within the NASCITA (NAscere e creSCere in ITAlia) cohort. During the first visit, paediatricians collected sociodemographic data regarding the parents and information about their health status, the pregnancy and the delivery. Whooley questions were administered during the first and second visits (scheduled 60–90 days after childbirth). Moreover, on the third visit (5–7 months after childbirth) the FP was asked to answer ‘yes’ or ‘no’ to a question on the parental postpartum depression, based on his knowledge and on the acquired information.Results In 2203 couples who completed the assessment, 529 mothers (19.9%), 141 fathers (6.3%) and 110 (5%) couples reported any depressive symptomatology. Of these, 141 mothers (5.3% of the total sample) and 18 fathers (0.8% of the total sample) were classified as ‘likely depressed’. An association was found between maternal postnatal depressive symptoms and having a diagnosed psychiatric disorder during pregnancy (OR 9.49, 95% CI: 3.20 to 28.17), not exclusively breastfeeding at hospital discharge (OR 1.76, 95% CI: 1.19 to 2.61) and the presence of child sleeping disorders at 3 (OR 2.46, 95% CI: 1.41 to 4.28) and 6 months (OR 2.18, 95% CI: 1.37 to 3.47). Another significant predictor of postpartum depression was being primiparous (OR 1.99, 95% CI: 1.31 to 3.02). Concerning the fathers, a significant association was reported only between likely depressed fathers and child sleeping disorders at 3 months (OR 7.64, 95% CI: 2.92 to 19.97). Moreover, having a likely depressed partner was strongly associated with depressive symptoms in fathers (OR 85.53, 95% CI 26.83 to 272.69).Conclusions The findings of this study support the feasibility of an active screening programme for parental postnatal depression during well-child visits as an integral part of postpartum care.Trial registration number NCT03894566; Pre-results

National, longitudinal NASCITA birth cohort study: prevalence of overweight at 12 months of age in children born healthy

Objective To estimate the prevalence of overweight at 12 months in an Italian birth cohort and to identify factors related to an increased likelihood of being overweight.Methods The Italian NASCITA birth cohort was analysed. Infants were classified as underweight (<5th), normal weight (5–84th) and overweight (≥85th centile) at 12 months of age according to the WHO percentiles of body mass index (BMI) and the prevalence of overweight was estimated. To test the association between the chance of being overweight and parental and newborn characteristics, and infant feeding, healthy newborns (no preterm/low birth weight and with no malformations), with appropriate-for-gestational-age birth weight were selected, and univariate and multivariate analyses were performed.Results The prevalence of overweight was 23.5% (95% CI 22.2% to 24.8%) in all cohort members with 12-month data (N=4270), and 23.1% in the appropriate-for-gestational age subsample (N=2835).A big infant appetite (OR 3.92, 95% CI 2.40 to 6.40) and living in southern Italy (OR 1.58, 95% CI 1.29 to 1.94) were the main variables associated with a greater likelihood of being overweight. Breastfeeding practice did not influence the chance of being overweight, but was associated with an increase (exclusive breast feeding for at least 6 months) or a decrease (breast feeding for at least 12 months) in BMI z score at 12 months.Conclusions The sociodemographic factors (eg, area of residence, maternal employment status) seem to be the most relevant determinants influencing the chance of being overweight at 12 months. Early interventions, with particular attention to vulnerable families, may be helpful in preventing childhood and adult obesity