An empirical comparison of commercial and open‐source web vulnerability scanners

Web vulnerability scanners (WVSs) are tools that can detect security vulnerabilities in web services. Although both commercial and open-source WVSs exist, their vulnerability detection capability and performance vary. In this article, we report on a comparative study to determine the vulnerability detection capabilities of eight WVSs (both open and commercial) using two vulnerable web applications: WebGoat and Damn vulnerable web application. The eight WVSs studied were: Acunetix; HP WebInspect; IBM AppScan; OWASP ZAP; Skipfish; Arachni; Vega; and Iron WASP. The performance was evaluated using multiple evaluation metrics: precision; recall; Youden index; OWASP web benchmark evaluation; and the web application security scanner evaluation criteria. The experimental results show that, while the commercial scanners are effective in detecting security vulnerabilities, some open-source scanners (such as ZAP and Skipfish) can also be effective. In summary, this study recommends improving the vulnerability detection capabilities of both the open-source and commercial scanners to enhance code coverage and the detection rate, and to reduce the number of false-positives

From SET to PSET--The Pseudonymous Secure Electronic Transaction Protocol

Credit cards have been the dominant payment method in e-commerce during the past years and it is not expected that this is going to change soon. However, credit card payments as used today are not suited for anonymous or pseudonymous payments. Credit card payments disclose the identity of a customer to the merchant and the issuer of the credit card knows exactly where the customer makes payments. The Secure Electronic Transaction (SET) protocol makes credit card payments over the Internet more secure, but it does not much to protect the privacy of the customer. In this report, we present the Pseudonymous Secure Electronic Transaction (PSET) protocol. PSET is an extension of SET and enables pseudonymous credit card payments over the Internet. Pseudonymous payments mean that none of the involved parties in the payment process can learn the identities of both the customer and the merchant at the same time. This is achieved by distributing the knowledge of the whole transaction among the involved parties. On the other hand, PSET guarantees that it is not possible for any of the involved parties to cheat and that it is possible to unambiguously resolve the identity of a pseudonymous customer in case of a dispute

Trust in Anonymity Networks

Anonymity is a security property of paramount importance, as we move steadily towards a wired, online community. Its import touches upon subjects as different as eGovernance, eBusiness and eLeisure, as well as personal freedom of speech in authoritarian societies. Trust metrics are used in anonymity networks to support and enhance reliability in the absence of verifiable identities, and a variety of security attacks currently focus on degrading a user's trustworthiness in the eyes of the other users. In this paper, we analyse the privacy guarantees of the \textsc{Crowds} anonymity protocol, with and without onion forwarding, for standard and adaptive attacks against the trust level of honest users

An Architecture for an Anonymity Network.

peer reviewe

Die Krankheit Depression kann jeden treffen [Not Available]

The survey "Datenerhebung zur Depression in der Allgemeinbevölkerung" was conducted from fall 2010 to spring 2011 on several online platforms. The results show that there is a considerable timespan between the appearance of initial symptoms of depression and the first diagnosis of a patient. Intervention at early stages of the disease can reduce a potentially long time of suffering and can lead to the successful treatment of depression. General practitioners play an important role as the link between patient and psychiatrist