Алгоритми та програмні рішення для тестування вразливості в інтерфейсі SQL у веб-програмах

Software security gains importance day by day and developers try to secure web applications as much as possible to protect confidentiality, integrity and availability that are described in the fundamental security model so-called CIA triad. SQL injection vulnerability which can violate the confidentiality and integrity principles of the CIA triad is reviewed, and SQL injection attack execution and protection techniques are explained. The common frameworks’ solutions against SQL injection vulnerability were compared, and this comparison shown the most used techniques in this domain. Error-based and time-based detection algorithms for SQL injection’s identification are developed to create a vulnerability scanner that can detect SQL attacks which cause vulnerability in web applications, and these algorithms are represented in form of UML-activity diagrams. In order to discover all possible links and forms to perform SQL injection vulnerability tests in the entire website, a web crawler is needed. Breadth-First Search (BFS) algorithm for developing the web crawler is proposed, and the appropriate pseudo code and activity diagram are provided. Besides, Common Vulnerability Scoring System (CVSS) that is used to measure severity score of attacks that can violate CIA triad principles is reviewed. Qualitative severity score rating scale of CVSS is explained. An example of CVSS calculation is represented. Necessary components of a vulnerability scanner are explained. A vulnerability scanner prototype is developed using explained algorithms. Process results of this vulnerability scanner’s usage for real web applications are represented. Conclusions are made, and goals of future work are defined.Безпека програмного забезпечення щоденно набуває все більшого значення, і розробники намагаються максимально захистити веб-програми, щоб забезпечити їх конфіденційність, цілісність та доступність, які описані в основній моделі безпеки так званої тріади CIA. Розглянута вразливість SQL-ін'єкцій, яка може порушувати принципи конфіденційності та цілісності тріади ЦРУ та пояснюються виконання SQL-атак та методи захисту від них. Було проведено порівняння загальних структурних рішень для усунення вразливості SQL-ін’єкцій, яке виявило найпоширеніші технології у цій галузі. Розроблені алгоритми виявлення на основі помилок та на основі вимірі часу для ідентифікації SQL-ін’єкцій для створення сканера вразливості, який може виявити SQL-атаки, що викликають уразливість в веб-додатках, і ці алгоритми представлені у формі UML-діаграм активності. Щоб виявити всі можливі посилання та форми для виконання тестів вразливості на всьому веб-сайті, потрібен пошуковий веб-робот. Запропоновано алгоритм Breadth-First Search (BFS) для розробки веб-сканеру, для нього наведено псевдокод та діаграма активності. Розглядається система загальної оцінки вразливості (CVSS), яка використовується для вимірювання ступеня тяжкості атак, що можуть порушувати принципи захисту тріади ЦРУ. Роз'яснено якісну оціночну шкалу CVSS. Представлений приклад розрахунку CVSS. Розроблено прототип сканера вразливості з використанням запропонованих алгоритмів. Результати застосування цього сканеру вразливості представлені прикладами оцінки реальних веб-застосувань. Зроблено висновки, визначені цілі майбутньої роботи

Sonsuz geniş bir tabakaya gömülü doğrultusu bilinmeyen silindir cisimlere ilişkin ters saçılma problemleri

TEZ1173Tez (Doktora) -- Çukurova Üniversitesi, Adana, 1993.Kaynakça (s. 43-44) var.vi, 44 s. ; 30 cm.

Deep Assessment Methodology Using Fractional Calculus on Mathematical Modeling and Prediction of Gross Domestic Product per Capita of Countries

In this study, a new approach for time series modeling and prediction, “deep assessment methodology,” is proposed and the performance is reported on modeling and prediction for upcoming years of Gross Domestic Product (GDP) per capita. The proposed methodology expresses a function with the finite summation of its previous values and derivatives combining fractional calculus and the Least Square Method to find unknown coefficients. The dataset of GDP per capita used in this study includes nine countries (Brazil, China, India, Italy, Japan, the UK, the USA, Spain and Turkey) and the European Union. The modeling performance of the proposed model is compared with the Polynomial model and the Fractional model and prediction performance is compared to a special type of neural network, Long Short-Term Memory (LSTM), that used for time series. Results show that using Deep Assessment Methodology yields promising modeling and prediction results for GDP per capita. The proposed method is outperforming Polynomial model and Fractional model by 1.538% and by 1.899% average error rates, respectively. We also show that Deep Assessment Method (DAM) is superior to plain LSTM on prediction for upcoming GDP per capita values by 1.21% average error

The Electric Field Calculation for Mobile Communication Coverage in Buildings and Indoor Areas by Using the Method of Auxiliary Sources

In this article, the diffraction of the electromagnetic wave by the building with two rooms is considered. The rooms have doors and windows with lossy dielectric walls. The electromagnetic properties of the building as an opened coupled resonator system are investigated at different source locations and several frequencies including 5G band. The problem is solved by using the Method of Auxiliary Sources. The near electric field distributions are calculated and analyzed

Algorithms and software solutions for SQL injection vulnerability testing in web applications

Software security gains importance day by day and developers try to secure web applications as much as possible to protect confidentiality, integrity and availability that are described in the fundamental security model so-called CIA triad. SQL injection vulnerability which can violate the confidentiality and integrity principles of the CIA triad is reviewed, and SQL injection attack execution and protection techniques are explained. The common frameworks’ solutions against SQL injection vulnerability were compared, and this comparison shown the most used techniques in this domain. Error-based and time-based detection algorithms for SQL injection’s identification are developed to create a vulnerability scanner that can detect SQL attacks which cause vulnerability in web applications, and these algorithms are represented in form of UML-activity diagrams. In order to discover all possible links and forms to perform SQL injection vulnerability tests in the entire website, a web crawler is needed. Breadth-First Search (BFS) algorithm for developing the web crawler is proposed, and the appropriate pseudo code and activity diagram are provided. Besides, Common Vulnerability Scoring System (CVSS) that is used to measure severity score of attacks that can violate CIA triad principles is reviewed. Qualitative severity score rating scale of CVSS is explained. An example of CVSS calculation is represented. Necessary components of a vulnerability scanner are explained. A vulnerability scanner prototype is developed using explained algorithms. Process results of this vulnerability scanner’s usage for real web applications are represented. Conclusions are made, and goals of future work are defined