Abstract: The paper presents the case study of hazard
identification and sensitivity of potential resource of emergency
water supply as part of the application of methodology classifying
the resources of drinking water for emergency supply of population.
The case study has been carried out on a selected resource of
emergency water supply in one region of the Czech Republic. The
hazard identification and sensitivity of potential resource of
emergency water supply is based on a unique procedure and
developed general registers of selected types of hazards and
sensitivities. The registers have been developed with the help of the
“Fault Tree Analysis” method in combination with the “What if
method”. The identified hazards for the assessed resource include
hailstorms and torrential rains, drought, soil erosion, accidents of
farm machinery, and agricultural production. The developed registers
of hazards and vulnerabilities and a semi-quantitative assessment of
hazards for individual parts of hydrological structure and
technological elements of presented drilled wells are the basis for a
semi-quantitative risk assessment of potential resource of emergency
supply of population and the subsequent classification of such
resource within the system of crisis planning.
Abstract: Static analysis of source code is used for auditing web
applications to detect the vulnerabilities. In this paper, we propose a
new algorithm to analyze the PHP source code for detecting LFI and
RFI potential vulnerabilities. In our approach, we first define some
patterns for finding some functions which have potential to be abused
because of unhandled user inputs. More precisely, we use regular
expression as a fast and simple method to define some patterns for
detection of vulnerabilities. As inclusion functions could be also used
in a safe way, there could occur many false positives (FP). The first
cause of these FP-s could be that the function does not use a usersupplied
variable as an argument. So, we extract a list of usersupplied
variables to be used for detecting vulnerable lines of code.
On the other side, as vulnerability could spread among the variables
like by multi-level assignment, we also try to extract the hidden usersupplied
variables. We use the resulted list to decrease the false
positives of our method. Finally, as there exist some ways to prevent
the vulnerability of inclusion functions, we define also some patterns
to detect them and decrease our false positives.
Abstract: The rapid advance of communication technology is
evolving the network environment into the broadband convergence
network. Likewise, the IT services operated in the individual network
are also being quickly converged in the broadband convergence
network environment. VoIP and IPTV are two examples of such new
services. Efforts are being made to develop the video phone service,
which is an advanced form of the voice-oriented VoIP service.
However, the new IT services will be subject to stability and reliability
vulnerabilities if the relevant security issues are not answered during
the convergence of the existing IT services currently being operated in
individual networks within the wider broadband network
environment. To resolve such problems, this paper attempts to analyze
the possible threats and identify the necessary security measures
before the deployment of the new IT services. Furthermore, it
measures the quality of the encryption algorithm application example
to describe the appropriate algorithm in order to present security
technology that will have no negative impact on the quality of the
video phone service.
Abstract: Today’s technology is heavily dependent on web applications. Web applications are being accepted by users at a very rapid pace. These have made our work efficient. These include webmail, online retail sale, online gaming, wikis, departure and arrival of trains and flights and list is very long. These are developed in different languages like PHP, Python, C#, ASP.NET and many more by using scripts such as HTML and JavaScript. Attackers develop tools and techniques to exploit web applications and legitimate websites. This has led to rise of web application security; which can be broadly classified into Declarative Security and Program Security. The most common attacks on the applications are by SQL Injection and XSS which give access to unauthorized users who totally damage or destroy the system. This paper presents a detailed literature description and analysis on Web Application Security, examples of attacks and steps to mitigate the vulnerabilities.
Abstract: This paper discusses a curriculum approach that will
give emphasis on practical portions of teaching network security
subjects in information and communication technology courses. As
we are well aware, the need to use a practice and application oriented
approach in education is paramount. Research on active learning and
cooperative groups have shown that students grasps more and have
more tendency towards obtaining and realizing soft skills like
leadership, communication and team work as opposed to the more
traditional theory and exam based teaching and learning. While this
teaching and learning paradigm is relatively new in Malaysia, it has
been practiced widely in the West. This paper examines a certain
approach whereby students learning wireless security are divided into
and work in small and manageable groups where there will be 2
teams which consist of black hat and white hat teams. The former
will try to find and expose vulnerabilities in a wireless network while
the latter will try their best to prevent such attacks on their wireless
networks using hardware, software, design and enforcement of
security policy and etc. This paper will try to show that the approach
taken plus the use of relevant and up to date software and hardware
and with suitable environment setting will hopefully expose students
to a more fruitful outcome in terms of understanding of concepts,
theories and their motivation to learn.
Abstract: Recently, with the appearance of smart cards, many
user authentication protocols using smart card have been proposed to
mitigate the vulnerabilities in user authentication process. In 2004,
Das et al. proposed a ID-based user authentication protocol that is
secure against ID-theft and replay attack using smart card. In 2009,
Wang et al. showed that Das et al.-s protocol is not secure to randomly
chosen password attack and impersonation attack, and proposed an
improved protocol. Their protocol provided mutual authentication and
efficient password management. In this paper, we analyze the security
weaknesses and point out the vulnerabilities of Wang et al.-s protocol.
Abstract: In recent years with the rapid development of Internet and the Web, more and more web applications have been deployed in many fields and organizations such as finance, military, and government. Together with that, hackers have found more subtle ways to attack web applications. According to international statistics, SQL Injection is one of the most popular vulnerabilities of web applications. The consequences of this type of attacks are quite dangerous, such as sensitive information could be stolen or authentication systems might be by-passed. To mitigate the situation, several techniques have been adopted. In this research, a security solution is proposed using Artificial Neural Network to protect web applications against this type of attacks. The solution has been experimented on sample datasets and has given promising result. The solution has also been developed in a prototypic web application firewall called ANNbWAF.