Jose Carlos Coelho Martins da Fonseca’s scientific contributions

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (1)


A Practical Experience on the Impact of Plugins in Web Security
  • Conference Paper

October 2014

·

60 Reads

·

28 Citations

Proceedings of the IEEE Symposium on Reliable Distributed Systems

Jose Carlos Coelho Martins da Fonseca

·

In an attempt to support customization, many web applications allow the integration of third-party server-side plugins that offer diverse functionality, but also open an additional door for security vulnerabilities. In this paper we study the use of static code analysis tools to detect vulnerabilities in the plugins of the web application. The goal is twofold: 1) to study the effectiveness of static analysis on the detection of web application plugin vulnerabilities, and 2) to understand the potential impact of those plugins in the security of the core web application. We use two static code analyzers to evaluate a large number of plugins for a widely used Content Management System. Results show that many plugins that are currently deployed worldwide have dangerous Cross Site Scripting and SQL Injection vulnerabilities that can be easily exploited, and that even widely used static analysis tools may present disappointing vulnerability coverage and false positive rates.

Citations (1)


... 6) Plugins: Plugin-related vulnerabilities are common in web-based systems and hard to detect. Plugins are modular software adding features to an LLM [31]. Subsequently, they also occur for plugins to LLM interfaces. ...

Reference:

On the Security and Privacy Implications of Large Language Models: In-Depth Threat Analysis
A Practical Experience on the Impact of Plugins in Web Security
  • Citing Conference Paper
  • October 2014

Proceedings of the IEEE Symposium on Reliable Distributed Systems