Efficient and Flexible Discovery of PHP Application Vulnerabilities

The Web today is a growing universe of pages and applications teeming with interactive content. The security of such applications is of the utmost importance, as exploits can have a devastating impact on personal and economic levels. The number one programming language in Web applications is PHP, powering more than 80% of the top ten million websites. Yet it was not designed with security in mind, and, today, bears a patchwork of fixes and inconsistently designed functions with often unexpected and hardly predictable behavior that typically yield a large attack surface. Consequently, it is prone to different types of vulnerabilities, such as SQL Injection or Cross-Site Scripting. In this paper, we present an interprocedural analysis technique for PHP applications based on code property graphs that scales well to large amounts of code and is highly adaptable in its nature. We implement our prototype using the latest features of PHP 7, leverage an efficient graph database to store code property graphs for PHP, and subsequently identify different types of Web application vulnerabilities by means of programmable graph traversals. We show the efficacy and the scalability of our approach by reporting on an analysis of 1,854 popular open-source projects, comprising almost 80 million lines of code

Excitation of Rotational Bands in 40Ca Observed in the Reaction 36Ar(16O, 12C)

Levels strongly populated in the reaction 36Ar(16O, 12C)40Ca are compared with predictions for the lowest (oblate) 4p-4h rotational band in 40Ca

Ultrasound-based "CEUS-Bosniak"classification for cystic renal lesions: an 8-year clinical experience

Purpose Renal cysts comprise benign and malignant entities. Risk assessment profts from CT/MRI imaging using the Bosniak classifcation. While Bosniak-IIF, -III, and -IV cover complex cyst variants, Bosniak-IIF and -III stand out due to notorious overestimation. Contrast-enhanced ultrasound (CEUS) is promising to overcome this defcit but warrants standardization. This study addresses the benefts of a combined CEUS and CT/MRI evaluation of renal cysts. The study provides a realistic account of kidney tumor boards' intricacies in trying to validate renal cysts. Methods 247 patients were examined over 8 years. CEUS lesions were graded according to CEUS-Bosniak (IIF, III, IV). 55 lesions were resected, CEUS-Bosniak- and CT/MRI-Bosniak-classifcation were correlated with histopathological diagnosis. Interobserver agreement between the classifcations was evaluated statistically. 105 lesions were followed by ultrasound, and change in CEUS-Bosniak-types and lesion size were documented. Results 146 patients (156 lesions) were included. CEUS classifed 67 lesions as CEUS-Bosniak-IIF, 44 as CEUS-BosniakIII, and 45 as CEUS-Bosniak-IV. Histopathology of 55 resected lesions revealed benign cysts in all CEUS-Bosniak-IIF lesions (2/2), 40% of CEUS-Bosniak-III and 8% of CEUS-Bosniak-IV, whereas malignancy was uncovered in 60% of CEUS-Bosniak-III and 92% of CEUS-Bosniak-IV. Overall, CEUS-Bosniak-types matched CT/MRI-Bosniak types in 58% (fair agreement, κ=0.28). CEUS-Bosniak resulted in higher stages than CT/MRI-Bosniak (40%). Ultrasound follow-up of 105 lesions detected no relevant diferences between CEUS-Bosniak-types concerning cysts size. 99% of lesions showed the same CEUS-Bosniak-type. Conclusion The CEUS-Bosniak classifcation is an essential tool in clinical practice to diferentiate and monitor renal cystic lesions and empowers diagnostic work-up and patient care

Observation of enhanced subthreshold K+ production in central collisions between heavy nuclei

In the very heavy collision system 197Au+197Au the K+ production process was studied as a function of impact parameter at 1 GeV/nucleon, a beam energy well below the free N-N threshold. The K+ multiplicity increases more than linearly with the number of participant nucleons and the K+/ pi + ratio rises significantly when going from peripheral to central collisions. The measured K+ double differential cross section is enhanced by a factor of 6 compared to microscopic transport calculations if secondary processes (Delta N-->K Lambda N and Delta Delta -->K Lambda N) are ignored

Social Transfer of Pathogenic Fungus Promotes Active Immunisation in Ant Colonies

Social contact with fungus-exposed ants leads to pathogen transfer to healthy nest-mates, causing low-level infections. These micro-infections promote pathogen-specific immune gene expression and protective immunization of nest-mates

Kindeswohlgefährdung – Ausweitung des Hellfeldes durch Neukonzeption der klinischen Kinderschutzarbeit

Background!#!Identification of child abuse is a daily challenge in medical work. The estimated number of unreported cases of child abuse and neglect is high.!##!Objectives!#!The aim of this study was to investigate the effectiveness of the redesigned clinical child protection program of a major German pediatric hospital and to improve programs in other hospitals for children and physicians through presentation of the advantages of the new structure.!##!Methods!#!All cases of child protection at the Altona Children's Hospital were retrospectively analyzed before and after restructuring of the clinic's child protection program for a two-year period each, and a comparison was made. The child protection program was restructured and the new program subsequently managed by a fulltime coordinator.!##!Results!#!The prevalence of both suspected and substantiated cases of child abuse was significantly higher after restructuring of the child protection program. Before the change, 24 cases were investigated, of which 23 were substantiated; afterward, 124 cases were investigated and 89 were substantiated. Despite the high number of false-positive suspected cases, stigmatization of the families during the clarification progress was avoided by using a very sensitive approach, and the family was not confronted until the suspicion was affirmed.!##!Conclusion!#!The presented concept of child protection in medical clinics seems to facilitate a higher detection rate of child abuse cases. The reduction in the number of undetected cases and thereby prevention of possible escalation of abuse, as well as the decline in the immense social follow-up costs, justifies the increased personnel costs