Automated Black-box Testing of Mass Assignment Vulnerabilities in RESTful APIs

Mass assignment is one of the most prominent vulnerabilities in RESTful APIs that originates from a misconfiguration in common web frameworks. This allows attackers to exploit naming convention and automatic binding to craft malicious requests that (massively) override data supposed to be read-only.In this paper, we adopt a black-box testing perspective to automatically detect mass assignment vulnerabilities in RESTful APIs. Indeed, execution scenarios are generated purely based on the OpenAPI specification, that lists the available operations and their message format. Clustering is used to group similar operations and reveal read-only fields, the latter are candidates for mass assignment. Then, test interaction sequences are automatically generated by instantiating abstract testing templates, with the aim of trying to use the found read-only fields to carry out a mass assignment attack. Test interactions are run, and their execution is assessed by a specific oracle, in order to reveal whether the vulnerability could be successfully exploited.The proposed novel approach has been implemented and evaluated on a set of case studies written in different programming languages. The evaluation highlights that the approach is quite effective in detecting seeded vulnerabilities, with a remarkably high accuracy

LIFE-THREATENING HYPOCALCEMIA IN A PATIENT WITH HIGHLY SUSPECTED OSTEOMALACIA: A CASE REPORT

ABSTRACT: Objective: Osteomalacia is a metabolic bone disease characterized by impaired mineralization with increased non-mineralized osteoid tissue, increased frailty, and reduced bone mineral density. A common cause of osteomalacia in adults and the elderly is severe deficiency of vitamin D, which leads to chronic hypocalcemia, hypophosphatemia, and secondary hyperparathyroidism. The objective of this case report is to describe an unusual clinical presentation of osteomalacia, consisting of life-threatening acute hypocalcemia.Methods: Clinical, laboratory, and imaging data are presented.Results: We report the case of a 65-year-old man that showed symptoms and signs of severe and prolonged hypocalcemia due to unrecognized vitamin D deficiency. He presented at the emergency room reporting abdominal pain and vomiting since the evening before. Blood tests showed increased levels of rhabdomyolysis markers, severe hypocalcemia, hypophosphatemia, hypomagnesemia, normal renal function, elevated levels of alkaline phosphatase, extremely high levels of parathyroid hormone, and hypovitaminosis D. Radiological skeletal features of bone demineralization and bone abnormalities suggestive of osteomalacia were additionally detected. Other secondary causes of hypocalcemia were excluded. Clinical and biochemical resolution were progressively obtained only after an intramuscular loading dose of cholecalciferol was added to the standard calcium intravenous replacement therapy.Conclusion: This case report shows that osteomalacia consequent to a severe vitamin D deficiency can present with acute symptoms and signs of severe hypocalcemia requiring hospital admission. In such cases, vitamin D administration, and not intensive calcium supplementation alone, is essential to achieve clinical resolution of symptoms and normalization of mineral metabolism parameters.Abbreviations: 25-OH-D 25-hydroxyvitamin D CT computed tomography IV intravenous PTH parathyroid hormon

Effects of alternative steeping methods on composition, antioxidant property and colour of green, black and oolong tea infusions

Cold water steeping is reported to maximise tea health benefits, but requires long infusion time. In this work, the employment of a brief hot infusion step followed by ice addition was evaluated. The comparison of this innovative method with hot and cold steeping was investigated on green, black and oolong teas. Catechins, xanthines and gallic acid content, antioxidant power, total phenolics and colour analysis were evaluated. Hot infusion shown rapid extractive power, but relevant compound degradation. On the contrary, cold infusion extracted higher level of healthy molecules with slow kinetic. The innovative method achieved in short time similar properties of cold infusion in terms of antioxidant power. As for bioactive compounds, such as gallic acid and epigallocatechin gallate, highest values, about double than in hot infusion, were recorded for green and black teas. This steeping method may represent an alternative approach for industrial beverage preparation

Insulin autoimmune syndrome in an Argentine woman taking α-lipoic acid: A case report and review of the literature.

Insulin autoimmune syndrome is an unusual cause of spontaneous hypoglycaemia in non-Asian populations. In the majority of cases, this syndrome appears a few weeks after the administration of drugs containing a sulfhydryl group. A strong association between this syndrome and HLA-DR4 has been shown. Only seven cases have been described in non-Asian patients. We report the first case of insulin autoimmune syndrome in an Argentine woman taking alfa-lipoic acid. She developed hypoglycaemic symptoms approximately 1 month after starting therapy. Blood sampling collected during an episode of symptomatic hypoglycaemia showed low blood glucose level (2.39 mmol/L), high level of serum insulin (1971.55 pmol/L), inappropriately high level of C-peptide (2.36 nmol/L) and high levels of insulin antibodies (274.78 IU/mL). HLA-DNA typing identified DRB1*04:03. Due to the widespread use of alfa-lipoic acid for its antioxidant properties, clinicians should be aware that it may trigger an autoimmune hypoglycaemia in people with a genetic predisposition

Integrated Structure and Semantics for Reo Connectors and Petri Nets

In this paper, we present an integrated structural and behavioral model of Reo connectors and Petri nets, allowing a direct comparison of the two concurrency models. For this purpose, we introduce a notion of connectors which consist of a number of interconnected, user-defined primitives with fixed behavior. While the structure of connectors resembles hypergraphs, their semantics is given in terms of so-called port automata. We define both models in a categorical setting where composition operations can be elegantly defined and integrated. Specifically, we formalize structural gluings of connectors as pushouts, and joins of port automata as pullbacks. We then define a semantical functor from the connector to the port automata category which preserves this composition. We further show how to encode Reo connectors and Petri nets into this model and indicate applications to dynamic reconfigurations modeled using double pushout graph transformation

Offline and online LSTM networks for respiratory motion prediction in MR-guided radiotherapy

Objective. Gated beam delivery is the current clinical practice for respiratory motion compensation in MR-guided radiotherapy, and further research is ongoing to implement tracking. To manage intra-fractional motion using multileaf collimator tracking the total system latency needs to be accounted for in real-time. In this study, long short-term memory (LSTM) networks were optimized for the prediction of superior–inferior tumor centroid positions extracted from clinically acquired 2D cine MRIs. Approach. We used 88 patients treated at the University Hospital of the LMU Munich for training and validation (70 patients, 13.1 h), and for testing (18 patients, 3.0 h). Three patients treated at Fondazione Policlinico Universitario Agostino Gemelli were used as a second testing set (1.5 h). The performance of the LSTMs in terms of root mean square error (RMSE) was compared to baseline linear regression (LR) models for forecasted time spans of 250 ms, 500 ms and 750 ms. Both the LSTM and the LR were trained with offline (offline LSTM and offline LR) and online schemes (offline+online LSTM and online LR), the latter to allow for continuous adaptation to recent respiratory patterns. Main results. We found the offline+online LSTM to perform best for all investigated forecasts. Specifically, when predicting 500 ms ahead it achieved a mean RMSE of 1.20 mm and 1.00 mm, while the best performing LR model achieved a mean RMSE of 1.42 mm and 1.22 mm for the LMU and Gemelli testing set, respectively. Significance. This indicates that LSTM networks have potential as respiratory motion predictors and that continuous online re-optimization can enhance their performance

Characterization and dynamics of specific T cells against nucleophosmin-1 (NPM1)-mutated peptides in patients with NPM1-mutated acute myeloid leukemia

Nucleophosmin(NPM1)-mutated protein, a leukemia-specific antigen, represents an ideal target for AML immunotherapy. We investigated the dynamics of NPM1-mutated-specific T cells on PB and BM samples, collected from 31 adult NPM1-mutated AML patients throughout the disease course, and stimulated with mixtures of 18 short and long peptides (9-18mers), deriving from the complete C-terminal of the NPM1-mutated protein. Two 9-mer peptides, namely LAVEEVSLR and AVEEVSLRK (13.9-14.9), were identified as the most immunogenic epitopes. IFNγ-producing NPM1-mutated-specific T cells were observed by ELISPOT assay after stimulation with peptides 13.9-14.9 in 43/85 (50.6%) PB and 34/80 (42.5%) BM samples. An inverse correlation between MRD kinetics and anti-leukemic specific T cells was observed. Cytokine Secretion Assays allowed to predominantly and respectively identify Effector Memory and Central Memory T cells among IFNγ-producing and IL2-producing T cells. Moreover, NPM1-mutated-specific CTLs against primary leukemic blasts or PHA-blasts pulsed with different peptide pools could be expanded ex vivo from NPM1-mutated AML patients or primed in healthy donors. We describe the spontaneous appearance and persistence of NPM1-mutated-specific T cells, which may contribute to the maintenance of long-lasting remissions. Future studies are warranted to investigate the potential role of both autologous and allogeneic adoptive immunotherapy in NPM1-mutated AML patients

COVID-19 vaccinations : summary guidance for cancer patients in 28 languages : breaking barriers to cancer patient information

Background Covid-19 vaccination has started in the majority of the countries at the global level. Cancer patients are at high risk for infection, serious illness, and death from COVID-19 and need vaccination guidance and support. Guidance availability in the English language only is a major limit for recommendations' delivery and their application in the world’s population and generates information inequalities across the different populations. Methods Most of the available COVID-19 vaccination guidance for cancer patients was screened and scrutinized by the European Cancer Patients Coalition (ECPC) and an international oncology panel of 52 physicians from 33 countries.Results: A summary guidance was developed and provided in 28 languages in order to reach more than 70 percent of the global population. Conclusion Language barrier and e-guidance availability in the native language are the most important barriers when communicating with patients. E-guidance availability in various native languages should be considered a major priority by international medical and health organizations that are communicating with patients at the global level

Preface of the 31st Italian Symposium on Advanced Database Systems

This volume contains the proceedings of the 31st Italian Symposium on Advanced Database Systems (SEBD - Sistemi Evoluti per Basi di Dati), held in Galzinagno Terme (Padua, Italy) from 2 to 5 July 2023.</p