惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Privacy International News Feed
D
Docker
WordPress大学
WordPress大学
G
Google Developers Blog
小众软件
小众软件
Stack Overflow Blog
Stack Overflow Blog
MyScale Blog
MyScale Blog
S
Security Archives - TechRepublic
S
SegmentFault 最新的问题
宝玉的分享
宝玉的分享
爱范儿
爱范儿
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
F
Full Disclosure
S
Secure Thoughts
S
Security @ Cisco Blogs
Recent Announcements
Recent Announcements
W
WeLiveSecurity
Schneier on Security
Schneier on Security
AWS News Blog
AWS News Blog
T
Tenable Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
U
Unit 42
Project Zero
Project Zero
V
V2EX
T
The Blog of Author Tim Ferriss
T
Tailwind CSS Blog
Spread Privacy
Spread Privacy
C
CERT Recently Published Vulnerability Notes
Webroot Blog
Webroot Blog
The Last Watchdog
The Last Watchdog
B
Blog
K
Kaspersky official blog
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
J
Java Code Geeks
阮一峰的网络日志
阮一峰的网络日志
美团技术团队
I
Intezer
雷峰网
雷峰网
GbyAI
GbyAI
罗磊的独立博客
Jina AI
Jina AI
Help Net Security
Help Net Security
A
Arctic Wolf
腾讯CDC
H
Heimdal Security Blog
V
Visual Studio Blog
TaoSecurity Blog
TaoSecurity Blog
Last Week in AI
Last Week in AI

cs.CR updates on arXiv.org

An AI Security Agent for University ACMIS: Multi-Vector Threat Detection and Automated Response From Privacy to Workflow Integrity: Communication-Graph Metadata in Autonomous Agent Interoperability Learn from Your Mistakes: Tree-like Self-Play for Secure Code LLMs Send a SCOUT First: Pre-hoc Reasoning for Adaptive Detector Allocation in Prompt-Injection Defense QSignAI: Quantum-Randomness-Seeded Identity Signatures at the Intersection of AI for Science and Science for AI A Standardized Ontology for Intent-Based Security Management in Autonomous Networks Code as a Weapon: A Consensus-Labeled Prompt Bank for Measuring Coding-Model Compliance with Malicious-Code Requests Cordyceps: Covert Control Attacks on LLMs via Data Poisoning SAMark: A Self-Anchored Text Watermarking with Paragraph-Level Paraphrase Robustness Mechanistic origins of catastrophic forgetting: why RL preserves circuits better than SFT? Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents Attacking the Spike: On the Transferability and Security of Spiking Neural Networks to Adversarial Examples Vendor-Conditioned Contrastive Learning for Predicting Organizational Cyber Threat Targets A Formal Calculus for International Relations Computation and Evaluation On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis Moving Target Defense for Web Applications using Bayesian Stackelberg Games A Mathematical Trust Algebra for International Nation Relations Computation and Evaluation A First Attempt to Cloud-Based User Verification in Distributed System Some Experimental Issues in Financial Fraud Detection: An Investigation Using Data Analytics to Detect Anomalous States in Vehicles On the Differential Privacy of Bayesian Inference Building and Measuring Privacy-Preserving Predictive Blacklists Novel Feature Extraction, Selection and Fusion for Effective Malware Family Classification Security Games with Ambiguous Beliefs of Agents Generating and Exploring S-Box Multivariate Quadratic Equation Systems with SageMath Private Disclosure of Information in Health Tele-monitoring Applications of Artificial Intelligence Techniques to Combating Cyber Crimes: A Review Implicit Contextual Integrity in Online Social Networks Phishing Detection in IMs using Domain Ontology and CBA - An innovative Rule Generation Approach Detecting fraudulent activity in a cloud using privacy-friendly data aggregates The Application of Differential Privacy for Rank Aggregation: Privacy and Accuracy An Evasion and Counter-Evasion Study in Malicious Websites Detection Hybrid Epidemics - A Case Study on Computer Worm Conficker A Self-Adaptive Network Protection System An Argumentation-Based Framework to Address the Attribution Problem in Cyber-Warfare Protecting Privacy through Distributed Computation in Multi-agent Decision Making Using Neural Network to Propose Solutions to Threats in Attack Patterns A Utility-Theoretic Approach to Privacy in Online Services Intrusion Detection using Continuous Time Bayesian Networks A DDoS-Aware IDS Model Based on Danger Theory and Mobile Agents Mining Malware Specifications through Static Reachability Analysis Subjective Logic Operators in Trust Assessment: an Empirical Study GOTCHA Password Hackers! On estimating total time to solve SAT in distributed computing environments: Application to the SAT@home project POMDPs Make Better Hackers: Accounting for Uncertainty in Penetration Testing Les POMDP font de meilleurs hackers: Tenir compte de l'incertitude dans les tests de penetration Automated Attack Planning Penetration Testing == POMDP Solving? Attack Planning in the Real World An Algorithm to Find Optimal Attack Paths in Nondeterministic Scenarios A Fuzzy Logic Based Certain Trust Model for E-Commerce Predicting Network Attacks Using Ontology-Driven Inference Semantic Matching of Security Policies to Support Security Experts A formalization of re-identification in terms of compatible probabilities A trust-based security mechanism for nomadic users in pervasive systems Intrusion Detection on Smartphones Obesity Heuristic, New Way On Artificial Immune Systems Secured Wireless Communication using Fuzzy Logic based High Speed Public-Key Cryptography (FLHSPKC) Mining Permission Request Patterns from Android and Facebook Applications (extended author version) Building a Chaotic Proved Neural Network Detecting Danger: The Dendritic Cell Algorithm Detecting Anomalous Process Behaviour using Second Generation Artificial Immune Systems Outrepasser les limites des techniques classiques de Prise d'Empreintes grace aux Reseaux de Neurones Building Computer Network Attacks ToLeRating UR-STD The DCA:SOMe Comparison A comparative study between two biologically-inspired algorithms Real-Time Alert Correlation with Type Graphs Performance Evaluation of DCA and SRC on a Single Bot Detection Behavioural Correlation for Detecting P2P Bots Malicious Code Execution Detection and Response Immune System inspired by the Danger Theory Integrating Real-Time Analysis With The Dendritic Cell Algorithm Through Segmentation Integrating Innate and Adaptive Immunity for Intrusion Detection Information Fusion for Anomaly Detection with the Dendritic Cell Algorithm Further Exploration of the Dendritic Cell Algorithm: Antigen Multiplier and Time Windows Detecting Bots Based on Keylogging Activities Detecting Danger: Applying a Novel Immunological Concept to Intrusion Detection Systems Detecting Motifs in System Call Sequences Dendritic Cells for SYN Scan Detection Detecting Botnets Through Log Correlation DCA for Bot Detection Cooperative Automated Worm Response and Detection Immune Algorithm Cryptographic Implications for Artificially Mediated Games Differentially Private Empirical Risk Minimization An Immune Inspired Network Intrusion Detection System Utilising Correlation Context An Immune Inspired Approach to Anomaly Detection Hybrid Intrusion Detection and Prediction multiAgent System HIDPAS Artificial Dendritic Cells: Multi-faceted Perspectives AIS for Misbehavior Detection in Wireless Sensor Networks: Performance and Design Principles The Role of Self-Forensics in Vehicle Crash Investigations and Event Reconstruction Beyond Nash Equilibrium: Solution Concepts for the 21st Century From Qualitative to Quantitative Proofs of Security Properties Using First-Order Conditional Logic Danger Theory: The Link between AIS and IDS? Dempster-Shafer for Anomaly Detection The Danger Theory and Its Application to Artificial Immune Systems ANTIDS: Self-Organized Ant-based Clustering Model for Intrusion Detection System Analyzing and Improving Performance of a Class of Anomaly-based Intrusion Detectors Soft Constraint Programming to Analysing Security Protocols A Method for Clustering Web Attacks Using Edit Distance Encoding a Taxonomy of Web Attacks with Different-Length Vectors
Web Application Weakness Ontology Based on Vulnerability Data
Onyeka Ezenwoye, Yi Liu · 2022-09-17 · via cs.CR updates on arXiv.org

Web applications are becoming more ubiquitous. All manner of physical devices are now connected and often have a variety of web applications and web-interfaces. This proliferation of web applications has been accompanied by an increase in reported software vulnerabilities. The objective of this analysis of vulnerability data is to understand the current landscape of reported web application flaws. Along those lines, this work reviews ten years (2011 - 2020) of vulnerability data in the National Vulnerability Database. Based on this data, most common web application weaknesses are identified and their profiles presented. A weakness ontology is developed to capture the attributes of these weaknesses. These include their attack method and attack vectors. Also described is the impact of the weaknesses to software quality attributes. Additionally, the technologies that are susceptible to each weakness are presented, they include programming languages, frameworks, communication protocols, and data formats.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。