- Ana-Maria Ciobotaru added an answer:i need 2 free refer for my paper.i want publish my paper at the journal and need 2 free refers for reviewing my paper. who can help me? my paper is about XSS vulnerability
Ismail, O. ; Graduate Sch. of Inf. Sci., Nara Inst. of Sci. & Technol., Japan ; Etoh, M. ; Kadobayashi, Y. ; Yamaguchi, S. , A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability, Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on (Volume:1 ), 2004
Paul Ritchie, The security risks of AJAX/web 2.0 applicationsFollowing
- Vijay Chaitanya Reddy Kovvuri added an answer:How can we automate penetration testing in order to improve network security?Penetration testing is a very difficult and complex task in network security testing. How can we automate this process? Which tools or demo and test versions are available?
i guess Qualys have a zero day analyzer ..:-) which may have some limitations ..But at-least to some part research in progress..Following
- Peter T Breuer added an answer:What is the difference between Information Security, Computer Security and Cyber Security?
- It appears to me that commercial folk are misusing these terms and their meaning. While they mean the same thing to me, It is impacting the way we understand security. Please share your thoughts on what they mean to you when you hear these terms.
You seem to have mixed up Cybersecurity and Network Security - but nice try at a hierarchy! Too bad it also ended up as "interlinked layers" (which means absolutely nothing - technobabble).
I'm often told that Cybersecurity is about the security of physical systems that are controlled by computers or networks. I said "robots" in my answer, but think also of trains, cars, power stations, routers, uranium purification centrifuges ...Following
- Mehdi Dadkhah added an answer:Does anyone have data on a phishing site?
I need data about phishing website in excel format or other for data mining. please help me.
where are placed phishing data set in mentioned site?Following
- Natalia G. Miloslavskaya added an answer:Do we need Information Security Theory?Any thoughts about the need for and possibility of creating a complete IS Theory as a basic science?
Thank you, Sergio, for your comment. Practice is a criterion of truth. Truth is described in theory. Theory is always a platform for practice. We cannot do something properly without knowing what impact will be. (The same is true for pen tests - not to harm during pen tests!) When you pentests systems you know different possible reactions of these systems on your tests and according to them you make a conclusion about these systems' security. What are the criteria of being secured? How to calculate your security level? What to do to be protected? And so on. ISTheory should content the answers.Following
- Francois Mouton added an answer:Are there any new Social Engineering detection techniques?It seems that not much work - too little in fact, is being done to find solutions to detect SE attacks. I would appreciate any references to the latest SE detection techniques research.
Thank you Belai for linking my conference paper. I am currently busy doing new work within the field of Social Engineering detection. I have recently published two new papers which first of all better defines the field of Social Engineering and Social Engineering Attacks. https://www.researchgate.net/publication/263588276_Towards_an_Ontological_Model_Defining_the_Social_Engineering_Domain and https://www.researchgate.net/publication/263588935_Social_Engineering_Attack_Framework . I also have a student whom is currently investigating voice stress analysis and layered voice analysis for Social Engineering detection.Following
- Jiwan Ninglekhu added an answer:What are the main parameters used to measure the strength of an information security algorithm?To compare different techniques/algorithm what parameters are used and how can they be implemented in matlab.
Key Size of course.
But you wouldn't know the strength until it is broken. The breaking can be done in ways no one can define and you wouldn't know until you break it. But the strength of a key is measured in time in relation to brute force attack. The more time it takes more strong it is. All the keys can be broken but it is just a matter of time. For example, a 256 bits AES key takes 3×10^51 years to break by brute force.Following
- Are there any useful security policies or standards to protect the user privacy on the cyberspace ? Like a protocol for encrypting information on the server-side so the service providers cannot access their clients dataThere was an attempt from W3C to protect privacy of users. It is called P3P: http://www.w3.org/P3P/ Unfortunately it has not been widely used due to usability issues.Following
- Syh-Yuan Tan added an answer:What measures does evaluating the security (complexity) level of the designed encryption depend on?tools which help to measure the complexity (level of security) to encryption design,
to other type of time complexity.Not sure if your problem has been solved. Just sharing my thoughts.
In cryptography, asymmetric key cryptosystems can mathematically proven, namely, provable security. The security levels/notions depend on the primitive you are dealing with: encryption, signature, key exchange, identification etc. For encryption, the highest security notion is (adaptive) IND-CCA.
i am not sure for symmetric key cryptosystems as that is not my area, but if I recall correctly, they don't have provably security for that; they become more and more secure or trusted when time goes by :)Following
- Janina Wiertlewska added an answer:Do you support Tom Leinster's call not to help intelligence services through mathematics?"Intelligence agencies hire lots of mathematicians, but would-be employees must realise that their work is misused to snoop on everyone, says Tom Leinster"
New Scientist has published an article recently, where Tom Leinster asks mathematicians to stay away from supporting NSA, CIA, GCHQ, (former) KGB and all the other organizations that spy on us. I even don't know the name of their Chinese colleagues' organization.
What are your thoughts on this?Kevin, I understand what you mean. That's what we all observe in our countries in the last two decades. Many Questions prpbably will need to be answered and a lot willl remain unexplained. That's what I really think of the changes.Regards.Following
- What are the information security challenges in developing countries? How are developing countries dealing with cyber security?You can check the national cyber security strategies of many countries from the ENISA web page: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-worldFollowing
- Does anyone know why we get the username and password of HTTPS websites while sniffing, especially through wireshark? see aboveBtw, the exchanged data is NOT encrypted with publick key. Public key crypto is used to create shared symetric keys by the handshake process in the beginning.Following
- Magdalena Sitek asked a question:Calls for Contributors: Safety of the Information – challenges for economics and public administration Innov@tion -AdministrationConference will examine the following topics, among others:
1. Standards of information security in the light of polish
and eu law.
2. Information security and transparency in public life.
3. The efficiency of information security systems in the
sphere of economics and public administration.
4. Threats to information security.
5. International cooperation in the sphere of information
6. The digitization of public administration and safety
7. Audit and assessment of information security systems.
8. Consumers' right to information.Following
- Sashank Dara added an answer:Does anyone know of a simulator that supports implementing cryptography algorithms in the cloud?I’m conducting a research on cloud computing security. I need a cloud computing simulator that supports implementation of cryptography algorithms. Please advise me which simulator to use.
Thank youQuestion is too vague , be more specific when asking help , CC Simulator what does that mean at all ? Supports crypto algorithms ? what does that mean again ? which algorithm ? what is that you are trying to do ? If you want to install a private cloud , try OpenStack or similar , if you want a suite of crypto try OpenSSL .Following
- Reeta Sony added an answer:How to provide better security in our online communication?If it is on internet it is not private!!!I feel you have to read bout the concept of "Privacy by design" by European Union.Following
- Nikhil Tripathi asked a question:What are the recent advances in research based on the web application security?Regarding the updated information about the topicFollowing
- Manish Shailani asked a question:Anyone aware of pattern based encoding schemes?I need an example of the same.Following
- Surbhi Agrawal asked a question:What is digital watermarking or video watermarking?Can this be a topic for computer science scholar?Following
- What is penetration testing? How it is implemented in information security? I need information on penetration testing to find out the vulnerabilities in the network.You must see OWASP Testing Guide if you are interested in penetration testing. Here is the link: https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdfFollowing
- Si Gao added an answer:What are the available cryptanalysis tools for state of the art algorithms?I'd like to research on the available cryptanalysis tools for algorithms such as AES, DES, RSA, RC4, Blowfish and the like.As far as I know, there's no universal automatic cryptanalysis tool to tell you "how secure this algorithm is". Especially, you have mentioned several types of cipher: AES/DES (Block), RSA(Public Key) and RC4(stream). Blowfish is also a block cipher, but due to the key-dependent S-boxes, many attacks on block cipher may not work on Blowfish.
There's one thing that's universal---brute force attack. You don't need tools for this; just take a look at the key length, and make sure brute force search is infeasible.
You might be interested in this site, which provide several cryptanalysis in a platform. However, this is mainly for e-learning purpose; it doesn't contain much cutting edge technology.Following
- Chikezie Waturuocha added an answer:What is the meaning of information security architecture for cloud computing?Electronic health record security in the cloudEducative assessment and high end assessment of the nature of cloud security in the cloud environment.Following
- Arief Zulianto added an answer:Is there any real-life implementation of an IDS based on danger theory?Intrusion detection system inspired by human immunity.How about this project:
"Detecting danger: applying a novel immunological concept to intrusion detection systems"
- Mazaher Kianpour asked a question:What is the method of security provision in core network (home environment) in 3G mobile communication networks - Encryption or Encoding?In order to security provision in radio access network of mobile communication networks we use encryption methods, I was wondering what method is used to keep confidentiality in core network.Following
- Ngoc Tran added an answer:Can any one please let me know where can I find the source code for elliptic curve diffieehellman in c program?I am currently working on ECDH.Here you are:
- Babak Aminazad added an answer:How to encrypt/decrypt a database using elliptic curve cryptography?I want to know about process of encryption and decryption of a database by using elliptic curve cryptography.Following
- Abdullah A. Mohamed added an answer:I aim to design on-line IDS by using nsl-kDD data set. is there any way to extract the features of NSL-KDD from a real packet?NSL-KDD features consist of 42 features, divided into three classes TCP header, domain and 2-Minette connection. The first type is extracted easily, but the last tow type i can't seem to get. Is there any tool, program language lib. C#.net or other that could be of help?
The feature is shown below.
10 hot no. of hot indicators
11 number failed logins no. of failed logins
12 logged in (discrete)
13 number compromised no. of compromised conditions
14 root shell
15 su attempted
16 num root no. of root accesses
17 num file creations no. of file creation operations
18 num shells no. of shell prompts
19 num access files no. of operations on access control files
20 num outbound cmds no. of outbound commands in an ftp sessionc
21 is host login (if the login belongs to the hot List)
22 is guest login
23 count no. of connections to the same host as the current connection in
24 srv count no. of connections to the same service as the current connection in the past two seconds
25 Serror rate % of connections that have SYN errors
26 srv Serror rate % of connections that have SYN errors
27 rerror rate % of connections that have REJ errors
28 srv rerror rate % of connections that have REJ errors
29 same srv rate % of connections to the same ser-vice
30 diff srv rate % of connections to different service
31 srv diff host rate
32 dst host count
33 dst host srv countAfter searching , I found that some of NSL-KDD features can be extracted using C#.Net with charp PCAB and LibPcap Libraries .Following
- Riad Abdmeziem added an answer:Real security protocols analyzed by YAPA، AVISPA ، Scyther and athina?Hell everybody, i'm searching for real security protocols have been analyzed by YAPA، AVISPA ، Scyther، athina and others. Can you help me??Hi,
Actually, i have downloaded Avispa tool. In the package, you will find examples of protocols such as TLS. You will then be able to run an analysis.
- Rohit Handa asked a question:Does anyone have experience searching encrypted data on cloud?I am currently working on secure searching on encrypted data on cloud. Referred to a few research publications on the same but I am confused as to how to move ahead and make some proposal for M.E. Thesis. Kindly SuggestFollowing
- Rakesh Sehgal added an answer:How can a correlation attack be applied on a keystream?The correlation attack is one of the most important attacks that attacks stream cipher. Can someone share an illustrative example of a simple application process for this attack.www.dtic.mil/dtic/tr/fulltext/u2/a534101.pdf
you may find somelogical reasoning in this paper which gives insight to more such instances also.