To see the other types of publications on this topic, follow the link: WordPress content injection vulnerability.
Journal articles on the topic 'WordPress content injection vulnerability'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 31 journal articles for your research on the topic 'WordPress content injection vulnerability.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Md, Maruf Hassan, Kaushik Sarker, Saikat Biswas, and Hasan Sharif Md. "Detection of Wordpress Content Injection Vulnerability." International Journal on Cybernetics & Informatics 6, no. 5 (2017): 1–15. http://dx.doi.org/10.5121/ijci.2017.6501.
Full text
2
Yudistiawan, Ari Dimas, and Nuril Anwar. "Website Application Security Value Analysis Using Crawling Method Against SQL Injection Attacks." Mobile and Forensics 6, no. 1 (2024): 39–50. http://dx.doi.org/10.12928/mf.v6i1.8198.
Full textAbstract:
This study focuses on analyzing security vulnerabilities in the Codelatte website, specifically targeting SQL Injection attacks. While the implementation of HTTPS has enhanced user communication and server security, outdated pages lacking WordPress security features remain vulnerable to SQL Injection. The research employs a crawling method to assess security gaps, starting with URL processing, data crawling, and interaction with the web server, followed by output generation in the form of an HTML file. The collected data is used for vulnerability testing via the Acunetix web vulnerability scanner, as well as manual testing and Sqlmap penetration testing. Findings reveal security weaknesses categorized into informational, low, medium, and high risk levels. Through crawling, the study identifies vulnerabilities and reduces them to informational, low, and medium levels, highlighting the importance of regularly updating website security. The final report provides recommendations for enhancing the Codelatte website's security to prevent unauthorized database access.
3
Petkova, Lilyana, and Vasilisa Pavlova. "Security Analysis on Content Management Systems." Mathematics and Informatics LXV, no. 5 (2022): 423–34. http://dx.doi.org/10.53656/math2022-5-2-sec.
Full textAbstract:
This paper is dedicated to the challenges of the use of the most popular content management systems (CMS) in software development. Fundamental information about the selected CMS platforms and vulnerability analysis are introduced. The review is made on CMS like Umbraco, Sitecore, WordPress and Drupal categorized in two groups defined by the technology used for development. And as the IT world changes a lot these brings one constant battle against threats. Therefore, this article will add some vulnerabilities analysis of the selected systems since 2014. Results were grouped by common vulnerabilities of the selected platforms and such specific ones.
4
Putra, Bagus Setya, and Dwi Budi Santoso. "Analisis Keamanan Website Berbasis WordPress melalui Penetration Testing untuk Meningkatkan Keamanan Digital." Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi) 9, no. 3 (2025): 981–90. https://doi.org/10.35870/jtik.v9i3.3692.
Full textAbstract:
The development of information technology has made the security and integrity of digital information exchange on websites extremely important. Many websites utilize Content Management Systems CMS like WordPress as an alternative choice. This research aims to conduct penetration testing on the WordPress based website teknoblog.top using the Penetration Testing Execution Standard PTES method and provide recommendations for improving existing vulnerabilities. The analysis results on teknoblog.top using the WPScan tool found 6 informational findings, which do not indicate vulnerabilities. Meanwhile, OWASP ZAP identified vulnerabilities with a total of 3 medium level alerts, 5 low level alerts, and 6 informational alerts. The vulnerability successfully exploited in this research was the Missing Anti Clickjacking Header with a medium level severity. This finding was confirmed using the BurpSuite Scanner tool. The vulnerability was caused by the website not properly configuring the security header. To verify the accuracy of the Missing Anti Clickjacking Header vulnerability findings on the OWASP ZAP scanning tool, exploitation was carried out manually using a simple HTML script and through the clickjacker.io website. It is important to address this issue to prevent web pages from being loaded in iframes on other websites. The recommended fix for this vulnerability is the addition of the X Frame Options header to protect the website from clickjacking attacks.
5
A. Karunamurthy, Dr. "SECURE AND SCALABLE WORDPRES DEPLOYMENT ON AWS WITH RDS." International Scientific Journal of Engineering and Management 04, no. 06 (2025): 1–9. https://doi.org/10.55041/isjem04077.
Full textAbstract:
Abstract This paper digital landscape, ensuring high availability, scalability, and security for web applications is crucial. This project focuses on deploying a secure and scalable WordPress website on Amazon Web Services (AWS) using industry best practices. By leveraging AWS services such as EC2, Auto Scaling, RDS, S3, VPC, IAM, and Security Groups, this deployment achieves high performance, reliability, and security. The architecture includes Amazon EC2 instances running WordPress in an Auto Scaling Group, ensuring seamless horizontal scalability. Amazon RDS is used for the MySQL database, providing managed, high-performance, and fault-tolerant data storage. Amazon S3 is integrated for media storage, reducing server load and improving content delivery. A Virtual Private Cloud (VPC) is configured to establish a secure and isolated network environment. IAM roles and policies enforce strict access control, while Security Groups protect against unauthorized access. To enhance security, HTTPS is enabled using an SSL certificate, and AWS WAF (Web Application Firewall) is employed to mitigate threats such as SQL injection and DDoS attacks. Automated backups and monitoring solutions like CloudWatch and AWS Backup ensure data integrity and real-time performance tracking. This project demonstrates a robust WordPress hosting solution that dynamically scales to handle traffic spikes while maintaining strong security standards. It serves as an ideal model for businesses seeking a cloud-based, resilient WordPress deployment on Aws. Key words: WordPress hosting, Amazon Web Services (AWS), EC2, Auto Scaling, RDS, S3, VPC, IAM, Security Groups, HTTPS, SSL certificate, AWS WAF, DDoS protection, SQL injection mitigation, CloudWatch, AWS Backup, high availability, scalability, cloud security, performance monitoring, managed database, media offloading, resilient architecture, and secure cloud deployment.
6
Susanto, Budi. "PEMBENAHAN WEB PROFIL SINODE GEREJA KRISTEN JAWA." SHARE "SHaring - Action - REflection" 6, no. 2 (2020): 93–98. http://dx.doi.org/10.9744/share.6.2.93-98.
Full textAbstract:
The GKJ Synod Web had undergone several modifications independently. It led to a vulnerability condition that cost system breaches. Building the web application independently in limited security resource was the main problem for GKJ Synod. In order to resolve the problem, the GKJ Synod collaborated with FTI UKDW. Wordpress was implemented to restore the the GKJ Synod web. The restoration process, requirement and content analysis, and information architecture design. Based on the information architecture design, the website had been setup and then the team empowered the Data and Multimedia Information Service Center of GKJ Synod to maintain the web application and the contents. The installed WordPress utilised the VPS service with an additional SSL security protocol that provides development support and security. Thie web application project will continue to the next stage which is online document management services.
7
Buchyk, Serhii, and Andrii Kuroiedov. "JAVASCRIPT-BASED WEB EXPLOIT ANALYSIS MODEL." Information systems and technologies security, no. 2 (8) (2024): 17–25. https://doi.org/10.17721/ists.2024.8.17-25.
Full textAbstract:
B a c k g r o u n d . The task of ensuring the security of web applications and servers remains important and relevant in the face of the ever-increasing number of attacks in cyberspace. The use of various open-source content management systems (e.g. WordPress, Joomla, Open Journal Systems, Drupal), which are quite popular for creating websites due to their ease of installation and use, unfortunately, require constant updating not only to improve the content but also to ensure the security of the system. In this article, the authors focus on the WordPress system, although this approach can be used for other systems as well. The article emphasises the importance of early detection of vulnerabilities to prevent potential cyber threats and their negative consequences. The article proposes a model and a script designed to speed up the detection of vulnerabilities in WordPress applications. Automation of the scanning process with a custom script allows you to quickly detect vulnerabilities, ensuring prompt fixes and updates. This approach not only strengthens security, but also helps preserve the reputation of websites and brands, which is critical in today's digital environment. M e t h o d s . The methods of analysing JavaScript-based web exploits were used, taking into account the general principles of their analysis and taking into account the methodologies for analysing web applications for vulnerabilities. R e s u l t s . An improved model of analysing a web application on CMS Wordpress based on a script that provides automated scanning of a web application by running the following utilities is presented: NMAP, Dirb, Nikto, SQLMap, WPScan and PwnXSS. All the results are recorded in a separate file for further study of all the found security issues of the web application. C o n c l u s i o n s . The developed model and script should help developers and testers speed up the process of identifying vulnerabilities in Wordpress, as they can run one script and get a voluminous and meaningful report with the identified vulnerabilities in a short time. This optimises vulnerability detection by automating the launch of scanners.
8
Rohit, Kumar*. "DEVELOPING A SECURE WORDPRESS WEBSITE AND HOSTING ON NIC PLATFORM." wordpress, hack, security threat, website 5, no. 8 (2016): 1027–38. https://doi.org/10.5281/zenodo.60877.
Full textAbstract:
Now-a-days most people explores the web at the end of the when a majority of business are closed and the reason being that websites are always there. A website allows us to do business for 24 hours a day, 7 days a week, 365 days a year. If your competitor has a website then they will have a definite advantage to influence your business or even if you have an informative website then also it will help you to make your stakeholders aware about the progress of your organization. Moreover with powerful search engines it is easier to locate your organization online. A professional website improves your public image and your customers/stakeholders will have more confidence in your organization. Most small businesses are only able to market to their town and surrounding communities. With a website, you can take your products and services globally. With the edges of having a website it is required to develop a website but to develop a website it is an obvious thought that the knowledge of HTML, CSS, PHP, MYSQL, etc. is a must. This is not a necessity to have absolute knowledge of above languages although it is advantageous if you possess that, the reason being the availability of several open source content management system in the public domain some of them are wordpress, joomla and drupal. The basic knowledge of above CMS will help you developing websites in minute or hours.[1][2] Now the other side of website development emphasizes the security constraint or the recovery after hack which is the common issues now-a-days with daily advancements in web technologies. Although there is a lot of online support for these abrupt issues but still a smart knowledge is required to deal with these issues to have a healthy website. In the proposed work, the limitation associated with the website are studied and removed. The complete method was presented that how the website got secured after vulnerability detection.
9
J. Santhosh Kumar, B., and Kankanala Pujitha. "Web Application Vulnerability Detection Using Hybrid String Matching Algorithm." International Journal of Engineering & Technology 7, no. 3.6 (2018): 106. http://dx.doi.org/10.14419/ijet.v7i3.6.14950.
Full textAbstract:
Application uses URL as contribution for Web Application Vulnerabilities recognition. if the length of URL is too long then it will consume more time to scan the URL (Ain Zubaidah et.al 2014).Existing system can notice the web pages but not overall web application. This application will test for URL of any length using String matching algorithm. To avoid XSS and CSRF and detect attacks that try to sidestep program upheld arrangements by white list and DOM sandboxing techniques (Elias Athanasopoulos et.al.2012). The web application incorporates a rundown of cryptographic hashes of legitimate (trusted) client side contents. In the event that there is a cryptographic hash for the content in the white list. On the off chance that the hash is discovered the content is viewed as trusted or not trusted. This application makes utilization of SHA-1 for making a message process. The web server stores reliable scripts inside div or span HTML components that are attribute as reliable. DOM sandboxing helps in identifying the script or code. Partitioning Program Symbols into Code and Non-code. This helps to identify any hidden code in trusted tag, which bypass web server. Scanning the website for detecting the injection locations and injecting the mischievous XSS assault vectors in such infusion focuses and check for these assaults in the helpless web application( Shashank Gupta et.al 2015).The proposed application improve the false negative rate.
10
Rosner, Sabine, Sebastian Nöbauer, and Klara Voggeneder. "Ready for Screening: Fast Assessable Hydraulic and Anatomical Proxies for Vulnerability to Cavitation of Young Conifer Sapwood." Forests 12, no. 8 (2021): 1104. http://dx.doi.org/10.3390/f12081104.
Full textAbstract:
Research Highlights: novel fast and easily assessable proxies for vulnerability to cavitation of conifer sapwood are proposed that allow reliable estimation at the species level. Background and Objectives: global warming calls for fast and easily applicable methods to measure hydraulic vulnerability in conifers since they are one of the most sensitive plant groups regarding drought stress. Classical methods to determine P12, P50 and P88, i.e., the water potentials resulting in 12, 50 and 88% conductivity loss, respectively, are labour intensive, prone to errors and/or restricted to special facilities. Vulnerability proxies were established based on empirical relationships between hydraulic traits, basic density and sapwood anatomy. Materials and Methods: reference values for hydraulic traits were obtained by means of the air injection method on six conifer species. Datasets for potential P50 proxies comprised relative water loss (RWL), basic density, saturated water content as well as anatomical traits such as double wall thickness, tracheid lumen diameter and wall/lumen ratio. Results: our novel proxy P25W, defined as 25% RWL induced by air injection, was the most reliable estimate for P50 (r = 0.95) and P88 (r = 0.96). Basic wood density (r = −0.92), tangential lumen diameters in earlywood (r = 0.88), wall/lumen ratios measured in the tangential direction (r = −0.86) and the number of radial cell files/mm circumference (CF/mm, r = −0.85) were also strongly related to P50. Moreover, CF/mm was a very good predictor for P12 (r = −0.93). Conclusions: the proxy P25W is regarded a strong phenotyping tool for screening conifer species for vulnerability to cavitation assuming that the relationship between RWL and conductivity loss is robust in conifer sapwood. We also see a high potential for the fast and easily applicable proxy CF/mm as a screening tool for drought sensitivity and for application in dendroecological studies that investigate forest dieback.
11
Haeruddin, Gautama Wijaya, Hendra Winata, Sukma Aji, and Muhammad Nur Faiz. "Website Security Analysis Using Vulnerability Assessment Method." Journal of Innovation Information Technology and Application (JINITA) 6, no. 2 (2024): 173–80. https://doi.org/10.35970/jinita.v6i2.2476.
Full textAbstract:
In today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this research was vulnerability assessment. It will involve gathering information with the tools such as, Nmap, whois and nslookup. OWASP ZAP detected 11 vulnerabilities, categorized into 6 medium level and 5 low level, including Content Security Policies (CSP) and anti-clickjacking headers. Otherwise, Nessus only detected one medium level vulnerability, the absence of HTTP Strict Transport Security (HSTS). The difference in detection results from the tools that OWASP ZAP is better at finding web application weakness that are consistent with the OWASP Top Ten 2021, while Nessus specifically targets server and network configuration. For educational institutions, these results emphasize the importance of conducting regular vulnerability assessment to protect sensitive data. Recommended action include implementing CSP to prevent Cross-site scripting (XSS) and other injection attacks, enforcing HSTS to secure communication, and its recommend to updating software to mitigate the unknown vulnerabilities. By adopting these measures, institutions can reduce their exposure to cyber attacks, its also can maintain user trust, and strengthen overall security. This research provides a pratical framework for stregthening the security of educational websites against evolving threats. These findings highlight that the importance of using multiple tools can provide a more comprehensive view of security gaps.
12
Cho, Ying-Chiang, and Jen-Yi Pan. "Multiple-Feature Extracting Modules Based Leak Mining System Design." Scientific World Journal 2013 (2013): 1–11. http://dx.doi.org/10.1155/2013/704865.
Full textAbstract:
Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing.
13
M, Indushree, Manjit Kaur, Manish Raj, Shashidhara R, and Heung-No Lee. "Cross Channel Scripting and Code Injection Attacks on Web and Cloud-Based Applications: A Comprehensive Review." Sensors 22, no. 5 (2022): 1959. http://dx.doi.org/10.3390/s22051959.
Full textAbstract:
Cross channel scripting (XCS) is a common web application vulnerability, which is a variant of a cross-site scripting (XSS) attack. An XCS attack vector can be injected through network protocol and smart devices that have web interfaces such as routers, photo frames, and cameras. In this attack scenario, the network devices allow the web administrator to carry out various functions related to accessing the web content from the server. After the injection of malicious code into web interfaces, XCS attack vectors can be exploited in the client browser. In addition, scripted content can be injected into the networked devices through various protocols, such as network file system, file transfer protocol (FTP), and simple mail transfer protocol. In this paper, various computational techniques deployed at the client and server sides for XCS detection and mitigation are analyzed. Various web application scanners have been discussed along with specific features. Various computational tools and approaches with their respective characteristics are also discussed. Finally, shortcomings and future directions related to the existing computational techniques for XCS are presented.
14
Wardana, Wasis, Ahmad Almaarif, and Adityas Widjajarto. "Vulnerability Assessment and Penetration Testing On The Xyz Website Using Nist 800-115 Standard." Syntax Literate ; Jurnal Ilmiah Indonesia 7, no. 1 (2022): 520. http://dx.doi.org/10.36418/syntax-literate.v7i1.5800.
Full textAbstract:
Currently the website has become an effective communication tool. However, it is essential to have vulnerabilities assessment and penetration testing using specific standards on released websites to the public for securing information. The problems raised in this research are conducting vulnerability testing on the XYZ website to analyze security gaps in the XYZ website, as well as conducting penetration testing on high vulnerabilities found. Testing was conducted using the NIST 800 – 115 Standard through 4 main stages: planning, discovery, attack, and report. Several tools were used: Nmap, OWASP ZAP, Burp Suite, and Foxy Proxy. This research results are presented and analyzed. There were seven vulnerabilities found, one high-level vulnerability, two medium-level vulnerabilities, and four low-level vulnerabilities. At the high level, SQL Injection types are found, at the medium level, Cross-Domains Misconfiguration and vulnerabilities are found, at the low level, Absence of Anti-CSRF Tokens, Incomplete or No Cache-control and Pragma HTTP Header Set, Server Leaks Information via “X-Powered-By” HTTP Response Header Field and X-Content-Type-Options Header Missing are found.
15
Saputra, Dio Wahyu, Risqy Siwi Pradini, and Mochammad Anshori. "Analisis dan Rekomendasi Keamanan Website Kampus X Menggunakan ISSAF." Jurnal Indonesia : Manajemen Informatika dan Komunikasi 6, no. 1 (2025): 830–43. https://doi.org/10.35870/jimik.v6i1.1306.
Full textAbstract:
The security of educational institution websites is critical in the digital era, especially with the increasing reliance on web-based services. This study evaluates the security of the Campus X website in Malang City using ISSAF (Information Systems Security Assessment Framework). The research stages include information gathering, network mapping, vulnerability identification, and penetration testing. At the vulnerability identification stage, tools such as OWASP ZAP and Acunetix detect security holes in web applications. The results show that the server has implemented the TLS protocol with basic security configuration. Still, several vulnerabilities exist, such as unnecessary open ports and deficiencies in the security header settings. Scanning using OWASP ZAP identified 24 security alerts, 12.5% of which were categorized as high risk, including SQL Injection and a lack of Content Security Policy (CSP). Additionally, DDoS attack simulations demonstrated server resilience, but testing showed the need for security improvements in other aspects. Key recommendations include implementing DNSSEC, closing unused ports, adding CSP headers, and improving protection against web application-based attacks. This research emphasizes the importance of a holistic and ongoing approach to website security management, including regular audits and real-time monitoring. With this strategy, institutions hope to strengthen their security posture, protect digital assets, and minimize the risk of ever-growing cyber attacks.
16
Sukumar, Viresh Krishnan, Yee Kit Tai, Ching Wan Chan, et al. "Brief Magnetic Field Exposure Stimulates Doxorubicin Uptake into Breast Cancer Cells in Association with TRPC1 Expression: A Precision Oncology Methodology to Enhance Chemotherapeutic Outcome." Cancers 16, no. 22 (2024): 3860. http://dx.doi.org/10.3390/cancers16223860.
Full textAbstract:
Background/Objectives: Doxorubicin (DOX) is commonly used as a chemotherapeutic agent for the treatment of breast cancer. Nonetheless, its systemic delivery via intravenous injection and toxicity towards healthy tissues commonly result in a broad range of detrimental side effects. Breast cancer severity was previously shown to be correlated with TRPC1 channel expression that conferred upon it enhanced vulnerability to pulsed electromagnetic field (PEMF) therapy. PEMF therapy was also previously shown to enhance breast cancer cell vulnerability to DOX in vitro and in vivo that correlated with TRPC1 expression and mitochondrial respiratory rates. Methods: DOX uptake was assessed by measuring its innate autofluorescence within murine 4T1 or human MCF7 breast cancer cells following magnetic exposure. Cellular vulnerability to doxorubicin uptake was assessed by monitoring mitochondrial activity and cellular DNA content. Results: Here, we demonstrate that 10 min of PEMF exposure could augment DOX uptake into 4T1 and MCF7 breast cancer cells. DOX uptake could be increased by TRPC1 overexpression, whereas inhibiting the activity of TRPC1 channels with SKF-96356 or genetic knockdown, precluded DOX uptake. PEMF exposure enhances DOX-mediated killing of breast cancer cells, reducing the IC50 value of DOX by half, whereas muscle cells, representative of collateral tissues, were less sensitive to PEMF-enhanced DOX-mediated cytotoxicity. Vesicular loading of DOX correlated with TRPC1 expression. Conclusions: This study presents a novel TRPC1-mediated mechanism through which PEMF therapy may enhance DOX cytotoxicity in breast cancer cells, paving the way for the development of localized non-invasive PEMF platforms to improve cancer outcomes with lower systemic levels of DOX.
17
Santos, Sônia Maria Soares dos, and Magda Lúcia Félix de Oliveira. "Knowledge about aids and drugs among undergraduate students in a higher education institution in the state of Paraná." Revista Latino-Americana de Enfermagem 17, no. 4 (2009): 522–28. http://dx.doi.org/10.1590/s0104-11692009000400014.
Full textAbstract:
The main objective of this study was to measure the knowledge of undergraduate nursing students about Acquired Immunodeficiency Syndrome (AIDS) and drugs. The study was carried out in 2007 with a random sample of 289 undergraduate students at a State University in the Northwest of Paraná, Brazil. The students self-applied a questionnaire validated by experts. Questions were divided into three levels of complexity: low, average and high. The level of correct answers was higher in the questions of low complexity, diminishing as the questions' complexity increased. Thirteen percent of questions concerning risk factors and vulnerability to HIV infection among injection drug users (IDU) and biological material for diagnosis of AIDS was correctly answered by 90% of students. Students possessed knowledge concerning AIDS and drugs, however such knowledge was considered insufficient, showing lack of information and gaps in education with a dissociation of interdisciplinary and inter-curricular content.
18
Riadi, Imam, Rusydi Umar, and Tri Lestari. "Analisis Kerentanan Serangan Cross Site Scripting (XSS) pada Aplikasi Smart Payment Menggunakan Framework OWASP." JISKA (Jurnal Informatika Sunan Kalijaga) 5, no. 3 (2020): 146. http://dx.doi.org/10.14421/jiska.2020.53-02.
Full textAbstract:
E-commerce that is growing so rapidly can provide space for unauthorized parties in carrying out cybercrime, security anticipation is needed so that e-commerce applications can be protected from harassment or hacking attacks such as cross-site scripting (XSS), malware, exploits, and database injection. This research was conducted to determine the vulnerability of the Smart Payment application by self-test using the ZAP tool. This test is carried out to secure applications that serve as recommendations for follow-up in securing the Smart Payment application. The results of this study found vulnerabilities in the Smart Payment application. Vulnerabilities found were Information Disclosure-Suspicious Comments, X-Frame-Options Header not Set, X-Content-Type-Options Header Missing, Timestamp Disclosure-Unix, XSS Protection Not Enabled Web Browsers, and Directory Browsing. In addition to obtaining vulnerabilities from the Smart Payment application, solutions are also provided to overcome vulnerabilities in the Smart Payment application.
19
Widyaningrum, Bajeng Nurul, Destri Maya Rani, and Lingga Kurnia Ramadhani. "Analysis of the OWASP V4.2 Method in Hospital Information System Security Testing." MEDIKA TRADA 5, no. 2 (2024): 87–97. https://doi.org/10.59485/jtemp.v5i2.99.
Full textAbstract:
This research aims to identify and mitigate security vulnerabilities in the Hospital Information System (SIMRS) using the OWASP Web Security Testing Guide (WSTG) v4.2 based testing method. With the help of the OWASP ZAP tool, various vulnerabilities were identified, such as SQL Injection, weaknesses in session management, lack of security attributes in cookies, and disclosure of sensitive information through URLs or code comments. SQL Injection was identified as the highest risk vulnerability, as it potentially allows attackers to access, manipulate, or delete sensitive data in the database. In addition, weaknesses in cookie attributes, such as HttpOnly and SameSite, and the absence of an anti-CSRF mechanism, indicate potential threats in the form of Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The implementation of a solution based on WSTG v4.2 involves steps such as the implementation of HTTPS encryption, the use of prepared statements for database interaction, the application of security headers such as Content-Security-Policy (CSP), and input validation to reduce the risk of XSS. In addition, code audits were conducted to remove sensitive comments, while hidden files or unnecessary backups were removed to minimize the potential for information leakage. Test results after the implementation of the solution showed a significant improvement in the security level of the application. This research proves that the WSTG v4.2-based approach can provide comprehensive and systematic guidance in web application security testing. With these results, organizations, particularly in the healthcare sector, can ensure better protection of patient data and comply with applicable information security standards.
20
Kumar, Saket, Roshan Tiwari, Maen Husein, Nitesh Kumar, and Upendra Yadav. "Enhancing the Performance of HPAM Polymer Flooding Using Nano CuO/Nanoclay Blend." Processes 8, no. 8 (2020): 907. http://dx.doi.org/10.3390/pr8080907.
Full textAbstract:
A single polymer flooding is a widely employed enhanced oil recovery method, despite polymer vulnerability to shear and thermal degradation. Nanohybrids, on the other hand, resist degradation and maintain superior rheological properties at different shear rates. In this article, the effect of coupling CuO nanoparticles (NPs) and nanoclay with partially hydrolyzed polyacrylamide (HPAM) polymer solution on the rheological properties and the recovery factor of the nanohybrid fluid was assessed. The results confirmed that the NP agents preserved the polymer chains from degradation under mechanical, chemical (i.e., salinity), and thermal stresses and maintained good extent of entanglement among the polymer chains, leading to a strong viscoelastic attribute, in addition to the pseudoplastic behavior. The NP additives increased the viscosity of the HPAM polymer at shear rates varying from 10–100 s−1. The rheological properties of the nanohybrid systems varied with the NP additive content, which in turn provided a window for engineering a nanohybrid system with a proper mobility ratio and scaling coefficient, while avoiding injectivity issues. Sandpack flooding tests confirmed the superior performance of the optimized nanohybrid system and showed a 39% improvement in the recovery ratio relative to the HPAM polymer injection.
21
Sepúlveda, Johanna, Felix Wilgerodt, and Michael Pehl. "Towards memory integrity and authenticity of multi-processors system-on-chip using physical unclonable functions." it - Information Technology 61, no. 1 (2019): 29–43. http://dx.doi.org/10.1515/itit-2018-0030.
Full textAbstract:
Abstract A persistent problem for modern Multi-Processors System-on-Chip (MPSoCs) is their vulnerability to code injection attacks. By tampering the memory content, attackers are able to extract secrets from the MPSoC and to modify or deny the MPSoC’s operation. This work proposes SEPUFSoC (Secure PUF-based SoC), a novel flexible, secure, and fast architecture able to be integrated into any MPSoC. SEPUFSoC prevents execution of unauthorized code as well as data manipulation by ensuring memory integrity and authentication. SEPUFSoC achieves: i) efficiency, through the integration of a fast and lightweight hash function for Message Authentication Code (MAC) generation and integrity verification of the memory lines at runtime; and ii) lightweight security, through the use of a Physical Unclonable Function (PUF) to securely generate and store the cryptographic keys that are used for the application authentication. We discuss the security and performance of SEPUFSoC for single core and multi-core systems. Results show that the SEPUFSoC is a secure, fast, and low overhead solution for MPSoCs. We discuss the SEPUFSoC security and cost, which strongly depends on the PUF and hash selection. In the future, new technologies may allow the exploration of different PUFs.
22
Wijaya, I. Gusti Agung Surya Pramana, Gusti Made Arya Sasmita, and I. Putu Agus Eka Pratama. "Web Application Penetration Testing on Udayana University's OASE E-learning Platform Using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM)." International Journal of Information Technology and Computer Science 16, no. 2 (2024): 45–56. http://dx.doi.org/10.5815/ijitcs.2024.02.04.
Full textAbstract:
Education is a field that utilizes information technology to support academic and operational activities. One of the technologies widely used in the education sector is web-based applications. Web-based technologies are vulnerable to exploitation by attackers, which highlights the importance of ensuring strong security measures in web-based systems. As an educational organization, Udayana University utilizes a web-based application called OASE. OASE, being a web-based system, requires thorough security verification. Penetration testing is conducted to assess the security of OASE. This testing can be performed using the ISSAF and OSSTMM frameworks. The penetration testing based on the ISSAF framework consists of 9 steps, while the OSSTMM framework consists of 7 steps for assessment. The results of the OASE penetration testing revealed several system vulnerabilities. Throughout the ISSAF phases, only 4 vulnerabilities and 3 information-level vulnerabilities were identified in the final testing results of OASE. Recommendations for addressing these vulnerabilities are provided as follows. Implement a Web Application Firewall (WAF) to reduce the risk of common web attacks in the OASE web application. input and output validation to prevent the injection of malicious scripts addressing the stored XSS vulnerability. Update the server software regularly and directory permission checks to eliminate unnecessary information files and prevent unauthorized access. Configure a content security policy on the web server to ensure mitigation and prevent potential exploitation by attackers.
23
Md., Maruf Hassan, and Sarker Kaushik. "DETECTION OF WORDPRESS CONTENT INJECTION VULNERABILITY." May 24, 2019. https://doi.org/10.5121/ijci.2017.6501.
Full textAbstract:
The popularity of content management software (CMS) is growing vastly to the web developers and the business people because of its capacity for easy accessibility, manageability and usability of the distributed website contents. As per the statistics of Built with, 32% of the web applications are developed with WordPress(WP) among all other CMSs [1]. It is obvious that quite a good number of web applications were built with WP in version 4.7.0 and 4.7.1. A recent research reveals that content injection vulnerability was found available in the above two versions of WP [2]. Unauthorized content injection by an intruder in a CMS managed application is one of the serious problems for the business as well as for the web owner. Therefore, detection of the vulnerability becomes a critical issue for this time. In this paper, we have discussed about the root cause of WP content injection of the above versions and have also proposed a detection model for the given vulnerability. A tool, SAISAN has been implemented as per our anticipated model and conducted an examination on 176 WP developed web applications using SAISAN. We achieved the accuracy of 92% of the result of SAISAN as compared to manual black box testing outcome.
24
Chandramouli, Sai Prashanth, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn. "E-mail Header Injection Vulnerabilities." it - Information Technology 59, no. 2 (2017). http://dx.doi.org/10.1515/itit-2016-0039.
Full textAbstract:
AbstractE-mail Header Injection vulnerability is a class of vulnerability that can occur in web applications that use user input to construct e-mail messages. E-mail Header Injection is possible when the mailing script fails to check for the presence of e-mail headers in user input (either form fields or URL parameters). The vulnerability exists in the reference implementation of the built-in mail functionality in popular languages such as PHP, Java, Python, and Ruby. With the proper injection string, this vulnerability can be exploited to inject additional headers, modify existing headers, and alter the content of the e-mail.
25
"Component based Web Application Firewall for Analyzing and Defending SQL Injection Attack Vectors." International Journal of Recent Technology and Engineering 8, no. 3 (2019): 4183–90. http://dx.doi.org/10.35940/ijrte.c4674.098319.
Full textAbstract:
Structured query language injection is a top rated vulnerability by open web application security project community. If a web application has structured query language vulnerability in source code, then such application is prone to cyber-attacks, leading to attack on confidentiality, integrity and availability. Attackers are always ready to exploit structured query language injection vulnerabilities by executing various online attack vectors and many times successfully bypass authentication and authorization to gain privilege access on web and database server leading to service interruption, data interception, modification, fabrication and sometime complete deletion of database. The present paper is an attempt to propose an advance component based web application firewall to enhance web application security by mitigating structured query language injection attack vectors by analyzing hypertext transfer protocol request variables through analyzer component and defending injection attack through defender component based on content policy installed on advance web application firewall.
26
Bhanwar Lal and Irfan Khan. "Implementation of PSO Algorithm for Detection and Removal of XSS Attack." International Journal of Scientific Research in Computer Science, Engineering and Information Technology, September 1, 2022, 39–51. http://dx.doi.org/10.32628/cseit22857.
Full textAbstract:
In recent years, managing the security over the web has gained its importance. Use of appropriate security handling techniques help to solve controversies and to extract interesting scenarios based on the content of the web page. Many varieties of vulnerabilities prevail and Cross-Site Scripting (XSS) vulnerability is ranked among the top ten risks found over the web which is a mandatory issue that requires a solution. XSS vulnerability injects malicious code in many ways that rise during the browsing session. Analysis should be made over the web page to identify whether the page is vulnerable or not. A dataset is formulated that contains malicious and benign data. Malicious data are obtained from the XSS archive [source: www.xssed.com] which contains the vulnerable XSS web pages and benign data are the web pages that are obtained through queries from the Google search engine. The major constraint is the number of Lines of Code (LOC) present in the web page. Five samples from the dataset were considered and algorithms are applied. About 24 attributes are used by the classifier. The samples vary in terms of content and size. Different optimization techniques are applied and the results are analyzed. Evaluation measures like Detection Rate (DR), False Detection Rate (FDR) and F Score (FS) are calculated based on the Confusion Matrix. The final content obtained after the „XSS Handler phase? that is to be displayed on the browser is tested using black box testing technique and also using XSS and SQL Injection Scanner tool. The tool is capable of identifying promising XSS code available in web pages. Based on the experiments, it was observed that the generation of paths using PPACO achieves better results in terms of DR, FDR and FS than other algorithms.
27
Hussain, Shahbaz, Atif Iqbal, S. M. Suhail Hussain, et al. "A novel hybrid methodology to secure GOOSE messages against cyberattacks in smart grids." Scientific Reports 13, no. 1 (2023). http://dx.doi.org/10.1038/s41598-022-27157-z.
Full textAbstract:
AbstractIEC 61850 is emerging as a popular communication standard for smart grids. Standardized communication in smart grids has an unwanted consequence of higher vulnerability to cyber-attacks. Attackers exploit the standardized semantics of the communication protocols to launch different types of attacks such as false data injection (FDI) attacks. Hence, there is a need to develop a cybersecurity testbed and novel mitigation strategies to study the impact of attacks and mitigate them. This paper presents a testbed and methodology to simulate FDI attacks on IEC 61850 standard compliant Generic Object-Oriented Substation Events (GOOSE) protocol using real time digital simulator (RTDS) together with open-source tools such as Snort and Wireshark. Furthermore, a novel hybrid cybersecurity solution by the name of sequence content resolver is proposed to counter such attacks on the GOOSE protocol in smart grids. Utilizing the developed testbed FDI attacks in the form of replay and masquerade attacks on are launched and the impact of attacks on electrical side is studied. Finally, the proposed hybrid cybersecurity solution is implemented with the developed testbed and its effectiveness is demonstrated.
28
Han, Xiaoxuan, Songlin Yang, Wei Wang, Ziwen He, and Jing Dong. "Exploiting Backdoors of Face Synthesis Detection with Natural Triggers." ACM Transactions on Multimedia Computing, Communications, and Applications, July 11, 2024. http://dx.doi.org/10.1145/3677380.
Full textAbstract:
Deep neural networks have enhanced face synthesis detection in discriminating Artificial Intelligence Generated Content (AIGC). However, their security is threatened by the injection of carefully crafted triggers during model training (i.e., backdoor attacks). Although existing backdoor defenses and manual data selection are able to mitigate those using human-eye-sensitive triggers, such as patches or adversarial noises, the more challenging natural backdoor triggers remain insufficiently researched. To further investigate natural triggers, we propose a novel analysis-by-synthesis backdoor attack against face synthesis detection models, which embeds natural triggers in the latent space. We study such backdoor vulnerability from two perspectives: (1) Model Discrimination (Optimization-Based Trigger) : we adopt a substitute detection model and find the trigger by minimizing the cross-entropy loss; (2) Data Distribution (Custom Trigger) : we manipulate the uncommon facial attributes in the long-tailed distribution to generate poisoned samples without the supervision from detection models. Furthermore, to evaluate the detection models towards the latest AIGC, we utilize both the state-of-the-art StyleGAN and Stable Diffusion for trigger generation. Finally, these backdoor triggers introduce specific semantic features to the generated poisoned samples (e.g., skin textures and smile), which are more natural and robust. Extensive experiments show that our method is superior over existing pixel space backdoor attacks on three levels: (1) Attack Success Rate : achieving an attack success rate exceeding 99 \(\%\) , comparable to baseline methods, with less than 0.1 \(\%\) model accuracy drop and under 3 \(\%\) poisoning rate; (2) Backdoor Defense : showing superior robustness when faced with existing backdoor defenses (e.g., surpassing baseline methods by over 30 \(\%\) after a 15-degree rotation); (3) Human Inspection : being less human-eye-sensitive from a user study with 46 participants and a collection of 2,300 data points.
29
Chong, S. Y., X. Wang, L. Van Bloois, et al. "Liposomal docosahexaenoic acid halts atherosclerosis progression." European Heart Journal 43, Supplement_2 (2022). http://dx.doi.org/10.1093/eurheartj/ehac544.1229.
Full textAbstract:
Abstract Background Atherosclerosis is the main cause underlying cardiovascular disease (CVD). Docosahexaenoic acid (DHA, 22:6n-3) is a hydrophobic polyunsaturated fatty acid that exerts anti-inflammatory and antioxidant activities. However, the beneficial effects of DHA on CVD have been controversial likely due to variations in bioavailability after oral intake. Purpose In this study, we aim to investigate the potential inhibiting properties of liposomal DHA on atherosclerosis progression upon intravenous administration. Methods Four weeks old ApoE−/− and LDLr−/− mice were fed on athero-inducing high fat diet for 4 weeks and then randomly divided into two groups. The mice received either control liposomes (control group) or liposomes containing DHA (liposomal DHA treatment group) via intravenous injection, twice a week for 8 weeks while still being fed on high fat diet. At the experiment endpoint, whole aortas were collected for Oil Red O staining to quantify plaque area or for biochemical analysis. Plasma was collected for total cholesterol measurement and lipidomic analysis. Aortic roots were used for histological analysis. Results Upon intravenous injection, as shown by IVIS imaging, DHA-containing liposomes accumulated preferentially in the atherosclerotic plaques. Compared to control liposomes, liposomal DHA treatment reduced the atherosclerotic plaque area in both atherosclerosis animal models, with the total plaque area decreased by 35.8% in ApoE−/− mice, (p<0.001) and by 22.4% in LDLr−/− mice (p<0.05). Plaque composition analysis revealed that liposomal DHA treatment increased collagen content and reduced the number of macrophages and neutral lipid within the plaques, resulting in a lower plaque vulnerability index (1.095 for liposomal DHA treated group vs. 1.692 for control group, p<0.05). Among those plaque macrophages, as demonstrated by immunohistology, M2 (anti-inflammatory) macrophages accounted for 4.44% in liposomal DHA treated mice and 2.24% in control liposomes treated mice (p<0.05). In agreement with the histology results, higher mRNA expression levels of anti-inflammatory markers (IL-10, CD206 and CD163) and collagen type 1 were determined in aortic tissue after liposomal DHA treatment. Moreover, liposomal DHA did not change total cholesterol level in the blood but significantly lowered plasma levels of several species of triglycerides. In vitro experiment with bone marrow derived macrophages showed that liposomal DHA was able to suppress lipopolysaccharide-induced inflammatory response and oxidative stress. Conclusions Our findings demonstrate that incorporation of DHA in injectable liposomes is an effective way to increase the inhibitory effects of DHA on halting the progression of atherosclerosis via lowering circulating triglycerides, reducing plaque inflammation, and enhancing plaque stability. Intravenous administration of liposomal DHA may become an efficacious strategy for the treatment of atherosclerosis. Funding Acknowledgement Type of funding sources: Public Institution(s). Main funding source(s): NUSMed Seed Fund
30
Filaretova, Ludmila, Olga Komkova, Olga Morozova, Polina Punina, and Natalia Yarushkina. "Environmental enrichment reverses proulcerogenic action of social isolation on the gastric mucosa and increases resilience to pain stimuli and working capacity in a treadmill." Physiology 38, S1 (2023). http://dx.doi.org/10.1152/physiol.2023.38.s1.5734968.
Full textAbstract:
Social isolation (SI) negatively influences on a wide range of physiological function and behavior. Environmental enrichment (EE) that provides high sensory, motor, cognitive, and social stimulation can be one of approaches to modify or even reverse the negative consequences of SI. The aim of the study was to investigate the effect of housing keeping of rats – standard conditions (SC), social isolation (SI), environmental enrichment (EE) - and the subsequent reversion of these conditions on the vulnerability of the gastric mucosa to the action of ulcerogenic stimuli, somatic pain sensitivity and working capacity. The rats aged 30 days were divided into groups and placed in standard cages 6 rats per cage (standard conditions) or 1 rats per cage (isolation) or in enriched cages 6 rats per cage (environment enrichment) for 4 weeks. Then, housing conditions were reversed for half of the rats in each group following manner: isolated rats were placed in EE, rats kept in EE were moved to SI and rats kept in SC were moved to SI. The second half of the rats (control) were kept under initial conditions for all time of experiment. Two weeks after reversion the vulnerability of the gastric mucosa to action of ulcerogenic stimuli (indomethacin) as well as somatic pain sensitivity (hot plate test) and working capacity (the running distance in a treadmill, 9 m/min, 0 decline, for 30 min) were evaluated in control and reversed groups. Indomethacin (IM, 35 mg/kg, sc) administration caused the gastric erosion 2 h after injection in preliminary fasting (24 h) rats. In control rats (without reversion of housing conditions) SI resulted in an increase of mean area of gastric erosions (proulcerogenic effect) compared to that of SC and EE groups. Moving rats from SI to EE reverses the proulcerogenic action induced by SI. On the contrary, transfer rats from EE to SI exacerbated ulcerogenic action of IM. Control rats kept in EE as well as SI showed an increase in paw licking latency (PLL) in hot plate test compared to that of rats in SC, but PLLs in EE group were higher than that in SI group. Reversion of housing keeping eliminated the differences between PLL in rat placed in EE and SI. Rats kept in EE had the longest running distance in a treadmill compared to that in other groups. Reversion of housing keeping decreased running distance and eliminated the differences between the groups. Effects of housing keeping and following reversion of the conditions were dependent on the environmental conditions (temperature). The data obtained suggest that EE can reverse the proulcerogenic action of SI, increase the resistance to thermic pain stimuli and working capacity in a treadmill. The study was supported by the Ministry of Education and Science of the Russian Federation (agreement No. 075-15-2020-921 for the creation and development of the world-class scientific center “Pavlov Center “Integrative Physiology - to medicine, high-tech healthcare and technologies of stress resistance ”). This is the full abstract presented at the American Physiology Summit 2023 meeting and is only available in HTML format. There are no additional versions or additional content available for this abstract. Physiology was not involved in the peer review process.
31
Kalil, Bruna, Nayara Pestana-Oliveira, Isabelle R. Santos, Ruither O. G. Carolino, and Janete A. Anselmo-Franci. "MON-017 Effect of Estradiol Therapy on Depressive like Behavior in an Ovarian Intact Rat Model of Perimenopause." Journal of the Endocrine Society 4, Supplement_1 (2020). http://dx.doi.org/10.1210/jendso/bvaa046.1298.
Full textAbstract:
Abstract In women, perimenopause is a period of high vulnerability to mood disorders which are associated with vasomotor symptoms, sleep disorders and several changes in the reproductive cycle. The general clinical practice to ameliorate these symptoms strongly relies on the use of estradiol therapy (E2T), although perimenopausal women are not estradiol deficient and it is not known whether E2T provides beneficial effects to all perimenopausal symptoms experienced. Our aim was to investigate the effect of E2T on depressive like behavior in rats treated with 4-vinylcycloxene diepoxide (VCD), which accelerates the natural process of ovarian follicular atresia modelling perimenopause in women. For this, prepubertal female rats (PND 28) were injected daily with VCD or oil for 15 days; 55-65 days after the first injection, pellets of 17β-estradiol (VCD+E) or oil (VCD+O and O+O) were inserted subcutaneously. Around 20 days later, the rats underwent 5 min open field (OFT) test followed by 5 min forced swimming test (FST; O+O and VCD+O rats on diestrus). Next, the animals were anesthetized, a blood sample was withdrawn from cardiac puncture for hormonal radioimmunoassay. The liver, adrenal glands, ovaries, kidney and uterus were removed and weighted. Another set of animals were submitted to the same experimental protocol described above; on the day of the experiment the rats were decapitated for noradrenaline (NA) measurement in brain punches of Hippocampus (HP). In the OFT there were no significant differences in the total distance travelled and the time spent in the periphery and central zone among the groups, showing that neither VCD nor E2 treatment were able to alter the locomotor activity. In the FST, on the other hand, VCD rats displayed increased immobility time and decreased climbing (CT) and swimming times compared to the Oil treated animals. VCD+E displayed similar results to VCD+O with an additional stronger effect in decreasing CT, demonstrating a negative effect of E2T in depressive like behavior in VCD-periestropausal rats. Associated to these behavioral responses we found that the content of NA in the HP of VCD+E was reduced compared to O+O and VCD+O. Plasma levels of LH and FSH were similar among the groups. Progesterone plasma levels were decreased in VCD+O compared to O+O rats and E2T increased progesterone and decreased testosterone in VCD+E compared to O+O and VCD+O groups. The weight of the liver, kidney and adrenal glands did not vary among the groups. As expected, in the VCD+E rats, the weight of the ovaries was decreased and that of the uterus increased in response to E2T. In conclusion, we showed that progressive ovarian failure triggers depressive like behavior in VCD-periestropausal rats associated with low progesterone plasma levels. Although progesterone levels are improved by E2T, depressive like behavior is intensified possibly due to a reduction in NA transmission in the hippocampus.