Алгоритми та програмні рішення для тестування вразливості в інтерфейсі SQL у веб-програмах

Software security gains importance day by day and developers try to secure web applications as much as possible to protect confidentiality, integrity and availability that are described in the fundamental security model so-called CIA triad. SQL injection vulnerability which can violate the confidentiality and integrity principles of the CIA triad is reviewed, and SQL injection attack execution and protection techniques are explained. The common frameworks’ solutions against SQL injection vulnerability were compared, and this comparison shown the most used techniques in this domain. Error-based and time-based detection algorithms for SQL injection’s identification are developed to create a vulnerability scanner that can detect SQL attacks which cause vulnerability in web applications, and these algorithms are represented in form of UML-activity diagrams. In order to discover all possible links and forms to perform SQL injection vulnerability tests in the entire website, a web crawler is needed. Breadth-First Search (BFS) algorithm for developing the web crawler is proposed, and the appropriate pseudo code and activity diagram are provided. Besides, Common Vulnerability Scoring System (CVSS) that is used to measure severity score of attacks that can violate CIA triad principles is reviewed. Qualitative severity score rating scale of CVSS is explained. An example of CVSS calculation is represented. Necessary components of a vulnerability scanner are explained. A vulnerability scanner prototype is developed using explained algorithms. Process results of this vulnerability scanner’s usage for real web applications are represented. Conclusions are made, and goals of future work are defined.Безпека програмного забезпечення щоденно набуває все більшого значення, і розробники намагаються максимально захистити веб-програми, щоб забезпечити їх конфіденційність, цілісність та доступність, які описані в основній моделі безпеки так званої тріади CIA. Розглянута вразливість SQL-ін'єкцій, яка може порушувати принципи конфіденційності та цілісності тріади ЦРУ та пояснюються виконання SQL-атак та методи захисту від них. Було проведено порівняння загальних структурних рішень для усунення вразливості SQL-ін’єкцій, яке виявило найпоширеніші технології у цій галузі. Розроблені алгоритми виявлення на основі помилок та на основі вимірі часу для ідентифікації SQL-ін’єкцій для створення сканера вразливості, який може виявити SQL-атаки, що викликають уразливість в веб-додатках, і ці алгоритми представлені у формі UML-діаграм активності. Щоб виявити всі можливі посилання та форми для виконання тестів вразливості на всьому веб-сайті, потрібен пошуковий веб-робот. Запропоновано алгоритм Breadth-First Search (BFS) для розробки веб-сканеру, для нього наведено псевдокод та діаграма активності. Розглядається система загальної оцінки вразливості (CVSS), яка використовується для вимірювання ступеня тяжкості атак, що можуть порушувати принципи захисту тріади ЦРУ. Роз'яснено якісну оціночну шкалу CVSS. Представлений приклад розрахунку CVSS. Розроблено прототип сканера вразливості з використанням запропонованих алгоритмів. Результати застосування цього сканеру вразливості представлені прикладами оцінки реальних веб-застосувань. Зроблено висновки, визначені цілі майбутньої роботи

An integrated approach of multiple correspondences analysis (MCA) and fuzzy AHP method for occupational health and safety performance evaluation in the land cargo transportation

Land cargo transportation is one of the components of the logistics chain with high impact on economic and social development worldwide. However, problems such as top logistics costs, deficiencies in transportation infrastructure and the failure to adopt good operating practices in aspects such as quality, environment, and occupational safety and health affect the ability of companies to comply with the agreements, requirements, and regulations of the clients and other interested parties. One of the most relevant problems for the sector is associated with the high accident rates that make this medium less advantageous compared to other means of transport with impact on operational costs, on logistics indicators, on compliance with legal regulations and customer satisfaction. However, although there are legal standards and management standards in occupational safety and health, evaluating performance can become a difficult and subjective process, due to the complexity of the land cargo transportation and the different interest groups involved. Besides, there is little information in the literature that provides solutions for the industry. Therefore, this document presents an integrated approach between multi-criterion decision making models (MCDM) and the Multiple Correspondences Analysis (MCA) to facilitate the evaluation and improvement of occupational health and safety performance, with a logical process, objective, robust and using both qualitative and quantitative techniques, with real application in the land cargo transportation sector. First, the multivariate method of Multiple Correspondences Analysis (MCA) was used for the evaluation of a sample of companies in the industry, considering the factors and sub-factors identified in the first stage and performing correlational analyzes among the variables. Subsequently, a multicriteria decision-making model was designed to determine the factors and sub-factors that affect occupational health and safety performance through the technique of the Fuzzy Analytic Hierarchy Process (FAHP). Finally, improvement strategies are proposed based on the approaches suggested in this document

Genome-wide association analyses of symptom severity among clozapine-treated patients with schizophrenia spectrum disorders

Clozapine is the most effective antipsychotic for patients with treatment-resistant schizophrenia. However, response is highly variable and possible genetic underpinnings of this variability remain unknown. Here, we performed polygenic risk score (PRS) analyses to estimate the amount of variance in symptom severity among clozapine-treated patients explained by PRSs (R2) and examined the association between symptom severity and genotype-predicted CYP1A2, CYP2D6, and CYP2C19 enzyme activity. Genome-wide association (GWA) analyses were performed to explore loci associated with symptom severity. A multicenter cohort of 804 patients (after quality control N = 684) with schizophrenia spectrum disorder treated with clozapine were cross-sectionally assessed using the Positive and Negative Syndrome Scale and/or the Clinical Global Impression-Severity (CGI-S) scale. GWA and PRS regression analyses were conducted. Genotype-predicted CYP1A2, CYP2D6, and CYP2C19 enzyme activities were calculated. Schizophrenia-PRS was most significantly and positively associated with low symptom severity (p = 1.03 × 10−3; R2 = 1.85). Cross-disorder-PRS was also positively associated with lower CGI-S score (p = 0.01; R2 = 0.81). Compared to the lowest tertile, patients in the highest schizophrenia-PRS tertile had 1.94 times (p = 6.84×10−4) increased probability of low symptom severity. Higher genotype-predicted CYP2C19 enzyme activity was independently associated with lower symptom severity (p = 8.44×10−3). While no locus surpassed the genome-wide significance threshold, rs1923778 within NFIB showed a suggestive association (p = 3.78×10−7) with symptom severity. We show that high schizophrenia-PRS and genotype-predicted CYP2C19 enzyme activity are independently associated with lower symptom severity among individuals treated with clozapine. Our findings open avenues for future pharmacogenomic projects investigating the potential of PRS and genotype-predicted CYP-activity in schizophrenia

Microsatellite diversity of the Nordic type of goats in relation to breed conservation: how relevant is pure ancestry?

In the last decades, several endangered breeds of livestock species have been re-established effectively. However, the successful revival of the Dutch and Danish Landrace goats involved crossing with exotic breeds and the ancestry of the current populations is therefore not clear. We have generated genotypes for 27 FAO-recommended microsatellites of these landraces and three phenotypically similar Nordic-type landraces and compared these breeds with central European, Mediterranean and south-west Asian goats. We found decreasing levels of genetic diversity with increasing distance from the south-west Asian domestication site with a south-east-to-north-west cline that is clearly steeper than the Mediterranean east-to-west cline. In terms of genetic diversity, the Dutch Landrace comes next to the isolated Icelandic breed, which has an extremely low diversity. The Norwegian coastal goat and the Finnish and Icelandic landraces are clearly related. It appears that by a combination of mixed origin and a population bottleneck, the Dutch and Danish Land-races are separated from the other breeds. However, the current Dutch and Danish populations with the multicoloured and long-horned appearance effectively substitute for the original breed, illustrating that for conservation of cultural heritage, the phenotype of a breed is more relevant than pure ancestry and the genetic diversity of the original breed. More in general, we propose that for conservation, the retention of genetic diversity of an original breed and of the visual phenotype by which the breed is recognized and defined needs to be considered separately

Cyclic fatigue life of novel rotary compactors: A scanning electron microscopy evaluation.

The aim was to investigate the cyclic fatigue life of two novel rotary compactors produced for MTA compaction and produced for gutta-percha compaction. Two-type of nickel-titanium rotary compactors were used (n = 20). A static model was preferred for this study due to simulating the clinical application of compaction and to obtain a baseline repository data of this type of instruments. OrthoMTA Compacter (25/0.02) and Revo Condensor (30/0.04) instruments were operated speed of 250 and 4,800 rpm, respectively at 35°C until fracture occurred. The time to fracture was recorded, and the length of the fractured fragments was registered. The independent t-test was performed (p < .05). The fractured instruments were evaluated with a high-resolution field emission scanning electron microscope to allow visualization of the surfaces under several magnifications (×100 and ×10,000). OrthoMTA Compacter (3679.27 NCF), was extremely different in the mean number of cycles to failure when compared with Revo Condensor (1269.48 NCF) (p < .0001). The mean length of the fractured tip of OrthoMTA Compacter and Revo Condensor were 4.87 mm and 4.51, respectively (p < .0001). The surfaces of the instruments shown typical features of cyclic fatigue failure, involving crack origins, fatigue regions, and an overload region. This is the first study in the literature to date evaluating the cyclic fatigue life of Revo Condensor and OrthoMTA Compacter. OrthoMTA Compacter presented higher cyclic fatigue life compared with Revo Condensor

Does plateletpheresis induce a hypercoagulable state? A global assessment of donor’s hemostatic system by ROTEM

Since there is still debate on the effects of plateletpheresis on coagulation system, we aimed to perform a global assessment of donor’s hemostatic function undergoing plateletpheresis by rotation thromboelastometry (ROTEM) analysis and to clarify if plateletpheresis procedure induces a hypercoagulable state. Thirty male plateletpheresis donors were included in the study. Four blood samples were drawn at different time intervals: before the beginning of the apheresis procedure; immediately after the completion of the apheresis procedure; 24 h and 7 days after the apheresis procedure. “Hypercoagulability” was diagnosed readily by having an accelerated clot formation, as evidenced by shortening of CFT and an increase of the clot strength, as evidenced by increasing of MCF. In INTEM assay, CFT value after apheresis was significantly prolonged compared with baseline value while CFT value 7 days after apheresis was significantly shortened compared with values immediately and 24 h after apheresis (p < 0.001). However, CFT-INTEM still did not show any shortening in any of the measurements when compared to pre-apheresis value. MCF value after apheresis was significantly shortened compared with baseline value while MCF value 7 days after apheresis was significantly prolonged compared with values immediately and 24 h after apheresis (p < 0.001). However, MCF-INTEM still did not show any increase in any of the measurements when compared to pre-apheresis value. There was no significant difference in CT value between four measurements (p = 0.064). In EXTEM assay, CFT value after apheresis was significantly prolonged compared with baseline value while CFT value 7 days after apheresis was significantly shortened compared with values immediately and 24 h after apheresis (p < 0.001). However, CFT-EXTEM still did not show any shortening in any of the measurements when compared to pre-apheresis value. MCF values immediately and 24 h after apheresis were significantly shortened compared with baseline value while MCF value 7 days after apheresis was significantly prolonged compared with values immediately and 24 h after apheresis (p < 0.001). However, MCF-EXTEM still did not show any increase in any of the measurements when compared to pre-apheresis value. We found no differences in CT value between four measurements (p = 0.208). Since ROTEM tracings on both INTEM and EXTEM assays did not reveal any significant shortening of CFT and increasing of MCF in any of the measurements after apheresis procedure, we concluded that plateletpheresis does not induce a hypercoagulable state in healthy donors