با سلام خدمت کاربران در صورتی که با خطای سیستم پرداخت بانکی مواجه شدید از طریق کارت به کارت (6037997535328901 بانک ملی ناصر خنجری ) مقاله خود را دریافت کنید (تا مشکل رفع گردد).
ردیف | عنوان | نوع |
---|---|---|
1 |
Formal methods for web security
روش های رسمی برای امنیت وب-2017 Article history:Received 23 December 2015Received in revised form 29 August 2016 Accepted 30 August 2016Available online 5 September 2016Keywords: Formal methods Web security SurveyIn the last few years, many security researchers proposed to endow the web platform with more rigorous foundations, thus allowing for a precise reasoning on web security issues. Given the complexity of the Web, however, research efforts in the area are scattered around many different topics and problems, and it is not easy to understand the import of formal methods on web security so far. In this survey we collect, classify and review existing proposals in the area of formal methods for web security, spanning many different topics: JavaScript security, browser security, web application security, and web protocol analysis. Based on the existing literature, we discuss recommendations for researchers working in the area to ensure their proposals have the right ingredients to be amenable for a large scale adoption. 2016 Elsevier Inc. All rights reserved.1. Keywords:Formal methods | Web security | Survey |
مقاله انگلیسی |
2 |
Measuring web service security in the era of Internet of Things
اندازه گیری امنیت وب سرویس در عصر اینترنت اشیاء-2017 Technologies such as Internet of Things allow small devices to offer web-based services in
an open and dynamic networking environments on a massive scale. End users or service
consumers face a hard decision over which service to choose among the available ones, as
security holds a key in the decision making process. In this paper a base linguistic evalua
tion set is designed, based on which all the other fuzzy term sets that used for describing
security attributes are uniformed and integrated for calculating an overall security value
of the services. This work, to the best of our knowledge, is the first practical solution to
offer direct comparisons and rankings of network services based on multiple security at
tributes such as confidentiality, availability, privacy and accountability. We analysed four
major cloud service platforms to illustrate the proposed approach.
Keywords: Web service | Security measurement and evaluation | Quantitative service security | Service level agreement | Linguistic evaluation | Multiple attribute decision making |
مقاله انگلیسی |
3 |
Exploring the protection of private browsing in desktop browsers
بررسی حفاظت از مرور خصوصی در مرورگرهای دسکتاپ-2017 Desktop browsers have introduced private browsing mode, a security control which aims to
protect users’ data that are generated during a private browsing session by not storing them
in the filesystem. As the Internet becomes ubiquitous, the existence of this security control
is beneficial to users, since privacy violations are increasing, while users tend to be more
concerned about their privacy when browsing the web in a post-Snowden era. In this context,
this work examines the protection that is offered by the private browsing mode of the most
popular desktop browsers in Windows (i.e., Chrome, Firefox, IE and Opera). Our experi
ments uncover occasions in which even if users browse the web with a private session, privacy
violations exist contrary to what is documented by the browser. To raise the bar of privacy
protection that is offered by web browsers, we propose the use of a virtual filesystem as
the storage medium of browsers’ cache data. We demonstrate with a case study how this
countermeasure protects users from the privacy violations, which are previously identi
fied in this work.
Keywords: Private browsing | Web browser | Web security | Browsing artefacts | Privacy |
مقاله انگلیسی |
4 |
Model-based analysis of Java EE web security misconfigurations
تجزیه و تحلیل مبتنی بر مدل ناسازگاری امنیت وب سایت Java EE-2017 The Java EE framework, a popular technology of choice for the development of web applications, provides developers with the means to define access-control policies to protect application resources from unauthorized disclosures and manipulations. Unfor- tunately, the definition and manipulation of such security policies remains a complex and error prone task, requiring expert-level knowledge on the syntax and semantics of the Java EE access-control mechanisms. Thus, misconfigurations that may lead to uninten- tional security and/or availability problems can be easily introduced. In response to this problem, we present a (model-based) reverse engineering approach that automatically evaluates a set of security properties on reverse engineered Java EE security configura- tions, helping to detect the presence of anomalies. We evaluate the efficacy and perti- nence of our approach by applying our prototype tool on a sample of real Java EE appli- cations extracted from GitHub.& 2017 Elsevier Ltd. All rights reserved. Keywords:Model-drivenengineering | Security | Reverse-engineering |
مقاله انگلیسی |
5 |
تجزیه و تحلیل تجربی از هک وب
سال انتشار: 2016 - تعداد صفحات فایل pdf انگلیسی: 9 - تعداد صفحات فایل doc فارسی: 14 برنامه های کاربردی وب در عصر حاضر اینترنت، محبوب تر و پیچیده تر می شوند. این برنامه های آنلاین به همراه ریسک برای سازمان، نام تجاری و داده ها، مزایایی غنی دارند. مهاجمان مخرب همچنان به آسیب پذیری ها در برنامه ها برای سوء استفاده از اطلاعات حساس دسترسی پیدا می کنند. خطوط اصلی این مقاله تجزیه و تحلیل هک وب در سال های اخیر است که برنامه های وب، اطلاعات و یا کاربران آن را به خطر انداخته است. این مقاله شامل تجزیه و تحلیل هک پایگاه داده وب سایت (WHID) و سایر اطلاعات امنیتی و وب سایت های خبری است. همچنین برای تجزیه و تحلیل هکهای مختلف به دسته های اصلی وب سایت ها تلاش می¬کند که راهنمای توسعه دهندگان است تا اقدامات پیشگیرانه مناسب در آینده را انجام دهد. هکهای بالای وب شناسایی شده است و همچنین آسیب پذیر ترین برنامه های وب مورد تجزیه و تحلیل قرار گرفته است.
کلمات کلیدی: هک وب | امنیت وب | توسعه امنیت وب | دسته های وب و آسیب پذیری های وب. |
مقاله ترجمه شده |