منابع مشابه
Standardizing Source Code Security Audits
A source code security audit is a powerful methodology for locating and removing security vulnerabilities. An audit can be used to (1) pass potentially prioritized list of vulnerabilities to developers (2) exploit vulnerabilities or (3) provide proof-of-concepts for potential vulnerabilities. The security audit research currently remains disjoint with minor discussion of methodologies utilized ...
متن کاملSecurity Audits Revisited
Security audits with subsequent certification appear to be the tool of choice to cure failures in providing the right level of security between different interacting parties, e. g., between an outsourcing provider and its clients. Our game-theoretic analysis scrutinizes this view and identifies conditions under which security audits are most effective, and when they are not. We find that basic ...
متن کاملIntrusion Detection and Information Security Audits
The rapid expansion and dramatic advances in information technology in recent years have without question generated tremendous benefits to business and organizations. At the same time, this expansion has created significant, unprecedented risks to organization operations. Computer security has, in turn, become much more important as organizations utilize information systems and security measure...
متن کاملWann sind IT-Security-Audits nützlich?
ZUSAMMENFASSUNG Informationstechnologie vereinfacht die Vernetzung von Wirtschaftseinheiten und erhöht so die Abhängigkeit einzelner Wirtschaftssubjekte von anderen. Dies führt nicht nur zu neuen Risiken, sondern auch zu neuen Anreizstrukturen beim Risikomanagement. In Literatur und Praxis werden IT-Security-Audits oft abstrakt als Mittel gegen Trittbrettfahrer genannt, die Maßnahmen zur Risiko...
متن کاملPartitioners Track: Generating Security Vulnerabilities in Source Code
This paper describes a framework, which modifies existing source code to generate security issues. An example plugin for generating SQL injection in Java source code is described. The generation process is based on static code analysis techniques like dataflow analysis and abstract syntax trees. The framework is evaluated with the help of Java projects from GitHub. One modified project was succ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: International Journal of Software Engineering & Applications
سال: 2012
ISSN: 0976-2221
DOI: 10.5121/ijsea.2012.3101