A Course Module On Application Logic Flaws

Software security is extremely important, and even thoroughly tested code may still have exploitable vulnerabilities. Some of these vulnerabilities are caused by logic flaws. Due to the nature of application or business logic, few automated tools can test for these types of security issues. Therefore, it is important for students to learn how to reduce the number of logic flaws when developing software, and how to test for them manually. A course module with a case study was created to teach students about this topic. Case-based teaching methods are used because it allows students to better apply learned skills to real world industrial settings, and there is a lack of case studies available for current software engineering curriculum. The course module includes an introduction, a quiz on the reading, an animated PowerPoint about the case, and a set of discussion questions. The introduction covers what logic flaws are, reducing logic flaws during software development, and how to test for them manually. The case is about eCommerce merchant software Bigcommerce using PayPal Express to collect payment. A flaw lets attackers complete an expensive order using the payment intended for a cheaper order. An animation was created to trace the HTTP interactions and back-end code representing the steps of the exploit from this case, and explain the manual testing method used to discover the exploit. A set of discussion questions has students apply this method to similar code, to find potential vulnerabilities and then fix them. This course module was taught in COMP 727 Secure Software Engineering at North Carolina A&T State University in the Spring 2015 semester. A pre-survey and post-survey on the learning objectives shows students felt they improved their knowledge and skills relating to application logic flaws. A quiz based on the reading shows students understood the material. The quality of student discussions was very high. Discussion question results were graded using a rubric, and three-quarters of the class received an 85% grade or higher. Overall, this case study was effective at teaching students about application logic flaws. It will be made available to other universities, and can be easily integrated into existing curriculum

Supplemental Material - Effects of adherence to treatment for repositioning therapy, physical therapy, and cranial remolding orthoses in infants with cranial deformation

Supplemental Material for Effects of adherence to treatment for repositioning therapy, physical therapy, and cranial remolding orthoses in infants with cranial deformation by Victoria Moses, Caitlin Deville, Susan Simpkins, Jijia Wang, Tally Marlow, Cayman Holley, Shea Briggs, Olivia Sheffer, Amy Payne, Lindsay Pauline, Tristine Lam, Ashton Blasingim and Tiffany Graham in Journal of Rehabilitation and Assistive Technologies Engineering.</p

Prediction of VRC01 neutralization sensitivity by HIV-1 gp160 sequence features.

The broadly neutralizing antibody (bnAb) VRC01 is being evaluated for its efficacy to prevent HIV-1 infection in the Antibody Mediated Prevention (AMP) trials. A secondary objective of AMP utilizes sieve analysis to investigate how VRC01 prevention efficacy (PE) varies with HIV-1 envelope (Env) amino acid (AA) sequence features. An exhaustive analysis that tests how PE depends on every AA feature with sufficient variation would have low statistical power. To design an adequately powered primary sieve analysis for AMP, we modeled VRC01 neutralization as a function of Env AA sequence features of 611 HIV-1 gp160 pseudoviruses from the CATNAP database, with objectives: (1) to develop models that best predict the neutralization readouts; and (2) to rank AA features by their predictive importance with classification and regression methods. The dataset was split in half, and machine learning algorithms were applied to each half, each analyzed separately using cross-validation and hold-out validation. We selected Super Learner, a nonparametric ensemble-based cross-validated learning method, for advancement to the primary sieve analysis. This method predicted the dichotomous resistance outcome of whether the IC50 neutralization titer of VRC01 for a given Env pseudovirus is right-censored (indicating resistance) with an average validated AUC of 0.868 across the two hold-out datasets. Quantitative log IC50 was predicted with an average validated R2 of 0.355. Features predicting neutralization sensitivity or resistance included 26 surface-accessible residues in the VRC01 and CD4 binding footprints, the length of gp120, the length of Env, the number of cysteines in gp120, the number of cysteines in Env, and 4 potential N-linked glycosylation sites; the top features will be advanced to the primary sieve analysis. This modeling framework may also inform the study of VRC01 in the treatment of HIV-infected persons

North-South asymmetry in the modeled phytoplankton community response to climate change over the 21st century

Author Posting. © American Geophysical Union, 2013. This article is posted here by permission of American Geophysical Union for personal use, not for redistribution. The definitive version was published in Global Biogeochemical Cycles 27 (2013): 1274–1290, doi:10.1002/2013GB004599.Here we analyze the impact of projected climate change on plankton ecology in all major ocean biomes over the 21st century, using a multidecade (1880–2090) experiment conducted with the Community Climate System Model (CCSM-3.1) coupled ocean-atmosphere-land-sea ice model. The climate response differs fundamentally in the Northern and Southern Hemispheres for diatom and small phytoplankton biomass and consequently for total biomass, primary, and export production. Increasing vertical stratification in the Northern Hemisphere oceans decreases the nutrient supply to the ocean surface. Resulting decreases in diatom and small phytoplankton biomass together with a relative shift from diatoms to small phytoplankton in the Northern Hemisphere result in decreases in the total primary and export production and export ratio, and a shift to a more oligotrophic, more efficiently recycled, lower biomass euphotic layer. By contrast, temperature and stratification increases are smaller in the Southern compared to the Northern Hemisphere. Additionally, a southward shift and increase in strength of the Southern Ocean westerlies act against increasing temperature and freshwater fluxes to destratify the water-column. The wind-driven, poleward shift in the Southern Ocean subpolar-subtropical boundary results in a poleward shift and increase in the frontal diatom bloom. This boundary shift, localized increases in iron supply, and the direct impact of warming temperatures on phytoplankton growth result in diatom increases in the Southern Hemisphere. An increase in diatoms and decrease in small phytoplankton partly compensate such that while total production and the efficiency of organic matter export to the deep ocean increase, total Southern Hemisphere biomass does not change substantially. The impact of ecological shifts on the global carbon cycle is complex and varies across ecological biomes, with Northern and Southern Hemisphere effects on the biological production and export partially compensating. The net result of climate change is a small Northern Hemisphere-driven decrease in total primary production and efficiency of organic matter export to the deep ocean.I. Marinov was supported by National Science Foundation (NSF) Grant ATM06-28582 while at WHOI and by NASA Grant NNX13AC92G while at Penn. I. Lima and S. Doney were supported by the Center for Microbial Oceanography, Research, and Education (CMORE), an NSF Science and Technology Center (EF-0424599).2014-06-2