A Demand-Side Viewpoint to Software Vulnerabilities in WordPress Plugins

Ruohonen, Jukka

doi:10.1145/3319008.3319029

Cited by 10 publications

(7 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bug fixing times are a classical topic in software engineering. Although not all bugs found by fuzzing are security bugs, previous results generally indicate that also security bugs often take a surprisingly long time to fix in many different contexts [15], [16]. Some bugs are never fixed even though these have been recognized as vulnerabilities [17].…”

Section: Research Design a Research Questionsmentioning

confidence: 95%

“…No universal explanation is known for these and related results. Numerous different explanations are offered in the literature: some build on bug triaging aspects and different incentives for vendors, bug reporters, and developers [15], [18]; others stem from bug severity, testing, architectural flaws, dependencies, code complexity, and code churn [19], [20]; some are related to problems in vulnerability disclosure and associated coordination, including the allocation of CVEs for the vulnerabilities [16], [21]; and so forth. Whatever the explanations may be, the first research question is worth asking to better understand the time delays associated with continuous fuzzing and automated testing in general.…”

Section: Research Design a Research Questionsmentioning

confidence: 99%

See 1 more Smart Citation

Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development

Ruohonen

Rindell

2019

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

Self Cite

View full text Add to dashboard Cite

Fuzzing has been studied and applied ever since the 1990s. Automated and continuous fuzzing has recently been applied also to open source software projects, including the Linux and BSD kernels. This paper concentrates on the practical aspects of continuous kernel fuzzing in four open source kernels. According to the results, there are over 800 unresolved crashes reported for the four kernels by the syzkaller/syzbot framework. Many of these have been reported relatively long ago. Interestingly, fuzzing-induced bugs have been resolved in the BSD kernels more rapidly. Furthermore, assertions and debug checks, use-afterfrees, and general protection faults account for the majority of bug types in the Linux kernel. About 23% of the fixed bugs in the Linux kernel have either went through code review or additional testing. Finally, only code churn provides a weak statistical signal for explaining the associated bug fixing times in the Linux kernel.

show abstract

Section: Research Design a Research Questionsmentioning

confidence: 95%

Section: Research Design a Research Questionsmentioning

confidence: 99%

Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development

Ruohonen

Rindell

2019

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Authors [4] review existing CAPTCHA schemes to protect various Web services. Authors explains that textbased CAPTCHAs have become suffi ciently hard for humans to solve and thus their usability has decreased at least for an ordinary user.…”

Section: State Of the Artmentioning

confidence: 99%

Enchantment of Magento CMS Security

Pavlović¹,

Šarac²,

Adamović³

et al. 2019

Proceedings of the International Scientific Conference - Sinteza 2019

View full text Add to dashboard Cite

Magento is a CMS (Content Management System) platform used to create e-commerce websites and online stores. With it, users can fully manage their online store, display specific products, provide customers with different methods of payment and delivery, as well as many other options. Magento uses an authentication system based on the knowledge of the user name and password. In addition to increasing this problem, there is no mechanism that prevents an attacker from brute forcing passwords. The proposed solution is replacing default Magento authentication with OAuth.

show abstract

“…is may disturb other applications during the upgradation of the PHP version if there is a shared server to save the operational cost of hosting or any old version of PHP framework such as WordPress in use that can be also more dangerous for web application services [3]. With these vulnerable frameworks, the attacker can delete databases or ask for a ransom to restore those databases or encrypted code.…”

Section: Introductionmentioning

confidence: 99%

Poor Coding Leads to DoS Attack and Security Issues in Web Applications for Sensors

Jalbani

Yousaf

Sarfraz

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

As the SQL injection attack is still at the top of the list at Open Web Application Security Project (OWASP) for more than one decade, this type of attack created too many types of issues for a web application, sensors, or any similar type of applications, such as leakage of user private data and organization intellectual property, or may cause Distributed Denial of Service (DDoS) attacks. This paper focused on the poor coding or invalidated input field which is a big cause of services unavailability for web applications. Secondly, it focused on the selection of program created issues for the WebSocket connections between sensors and the webserver. The number of users is growing to use web applications and mobile apps. These web applications or mobile apps are used for different purposes such as tracking vehicles, banking services, online stores for shopping, taxi booking, logistics, education, monitoring user activities, collecting data, or sending any instructions to sensors, and social websites. Web applications are easy to develop with less time and at a low cost. Due to that, business community or individual service provider’s first choice is to have a website and mobile app. So everyone is trying to provide 24/7 services to its users without any downtime. But there are some critical issues of web application design and development. These problems are leading to too many security loopholes for web servers, web applications, and its user’s privacy. Because of poor coding and validation of input fields, these web applications are vulnerable to SQL Injection and other security problems. Instead of using the latest third-party frameworks, language for website development, and version database server, another factor to disturb the services of a web server may be the socket programming for sensors at the production level. These sensors are installed in vehicles to track or use them for booking mobile apps.

show abstract

A Demand-Side Viewpoint to Software Vulnerabilities in WordPress Plugins

Cited by 10 publications

References 32 publications

Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development

Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development

Enchantment of Magento CMS Security

Poor Coding Leads to DoS Attack and Security Issues in Web Applications for Sensors

Contact Info

Product

Resources

About