Evaluation of Dynamic Analysis Tools for Software Security

This article discusses the development of secure software by means of dynamic analysis tools. A secure software-based system should have security checks and balances integrated throughout its entire development lifecycle, including its deployment phase. Therefore, this article covers both using software security tools for testing code in development as well as monitoring code in deployment to ensure that it is operating securely. The security issues discussed in this article will be split into two categories – memory safety issues and input validation issues. Memory safety issues concern problems of unauthorized memory access such as buffer overflows, stack overflows, use-after-free, double-free, memory leaks, etc. Although not strictly a memory safety issue, concurrency issues, such as data races, will be considered as memory safety issues in this article. Input validation issues concern problems where untrusted input is directly passed to handlers which are designed to handle both data and commands. Examples of this include path traversal, SQL injection, command injection, JavaScript/HTML injection, etc. As a result of this significant difference between these two types of security vulnerabilities, two sets of tools are evaluated with one set focusing on memory safety issues and the other on input validation issues. This article explores the benefits and limitations of current software dynamic analysis tools by evaluating them against both the authors test cases as well as the OWASP Benchmark for Security Automation and proposes solutions for implementing secure software applications.

Download Full-text

Cost Benefit Analysis of Incorporating Security and Evaluation of Its Effects on Various Phases of Agile Software Development

Mathematical Problems in Engineering ◽

10.1155/2021/7837153 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Sushil Kumar ◽

Avinash Kaur ◽

Ashish Jolly ◽

Mohammed Baz ◽

Omar Cheikhrouhou

Keyword(s):

Cost Benefit Analysis ◽

Cost Benefit ◽

Legal Responsibility ◽

Software Systems ◽

Costs And Benefits ◽

Safety Issues ◽

Security Issues ◽

Secure Software ◽

Security Costs ◽

Agile Software

This article addresses the costs and benefits of integrating security into the development of applications and gives formulas for calculating security costs and benefits. The lack of safe application might lead to safety issues. Increasingly, there are accidents recorded that expose security flaws in many major software systems. It results in significant losses for consumer companies. While software businesses are working to produce secure software, the utility of secure software is quite limited. In contrast to the traditional manufacturers of commodities, for example, automakers, software developers have no legal responsibility if their products include flaws. The market reacts adversely to software manufacturers with serious vulnerabilities in their products. This is because of the loss of credibility, cost of patches, and so on. The study shows that the market is ready to penalize the supplier for insecurity and therefore offers the chance to deliver safer technologies. To improve cost/efficiency, the vulnerabilities are connected by accessible fixes. Significant savings are gained when security shortcomings are corrected during designing requirements instead of fixing security failures after deploying software. For suppliers, updates are more expensive to produce and publish. In addition, development costs can be reduced by plugging security issues in the early stages of development.

Download Full-text

Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽

10.1186/s42400-021-00083-9 ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Roee S. Leon ◽

Michael Kiperberg ◽

Anat Anatey Leon Zabag ◽

Nezer Jacob Zaidenberg

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Cyber Security ◽

Malware Analysis ◽

Analysis Tools ◽

Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Download Full-text

Sarcocystis species in bovine carcasses from a Belgian abattoir: a cross-sectional study

Parasites & Vectors ◽

10.1186/s13071-021-04788-1 ◽

2021 ◽

Vol 14 (1) ◽

Author(s):

Hang Zeng ◽

Inge Van Damme ◽

Teresia Wanjiru Kabi ◽

Barbara Šoba ◽

Sarah Gabriël

Keyword(s):

Safety Issue ◽

Cross Sectional Study ◽

Occurrence Rate ◽

Sarcocystis Species ◽

Cross Sectional ◽

Significant Difference ◽

Pcr Rflp ◽

Prevalent Species ◽

Potential Food ◽

Effect Of Age

Abstract Background Sarcocystis species are obligatorily heteroxenous parasites, of which some are zoonotic, representing a public health and economic impact. This study investigated the occurrence of Sarcocystis spp. in cattle sampled from a Belgian slaughterhouse. Methods A total of 200 carcasses were included in the study, sampled during 10 sampling days. The sedimentation method was applied to isolate the sarcocysts from both heart and diaphragm muscles collected from each carcass. Multiplex PCR, PCR–RFLP as well as cox1 gene sequencing techniques were applied serially on collected sarcocysts for species identification. Results Sarcocystis spp. were detected in 64% (128/200; 95% CI 57–71%) of the sampled carcasses. Female dairy cattle presented the highest Sarcocystis occurrence rate (91%) as well as the highest Sarcocystis species diversity compared to female beef and male beef. Sarcocystis spp. were detected more often in the heart muscles than in the diaphragm among female beef (p < 0.001) and dairy carcasses (p = 0.001), while in male carcasses no significant difference was observed (p = 0.763). The effect of age was not significant in male carcasses (p = 0.872), while the odds of finding sarcocysts significantly increased with age (p = 0.003) within both types of female carcasses. S. cruzi was the most prevalent species and was found in 56.5% (113/200) of the carcasses, followed by S. hominis (21.0%, 42/200), S. bovifelis (12.5%, 25/200), S. bovini (2.0%, 4/200), S. hirsuta (1.5%, 3/200) and S. heydorni (0.5%, 1/200). Six different species were detected in the diaphragm, while only two species were recovered from the heart. S. cruzi was the most prevalent species in heart, while in the diaphragm, this was S. hominis. Conclusions The detection of S. hominis in 21% of the sampled carcasses presents a potential food safety issue, and further research is warranted into controlling this infection. Graphic Abstract

Download Full-text

Faktor-Faktor yang Mempengaruhi Keberkesanan Amali Kerja Kayu dari Perspektif Pelajar Sekolah Menengah Vokasional di Provinsi Acheh

Sains Humanika ◽

10.11113/sh.v9n1-5.1188 ◽

2017 ◽

Vol 9 (1-5) ◽

Author(s):

Lailan Fachrah ◽

Nor Azlina Hasbullah ◽

Ashah Ab Rahman

Keyword(s):

Linear Regression Analysis ◽

Demographic Factors ◽

Multiple Linear Regression Analysis ◽

Vocational Schools ◽

Student Interest ◽

Security Issues ◽

Equipment Safety ◽

Significant Difference ◽

Hands On ◽

Stepwise Method

This study aims to identify factors that influence the effectiveness of practical woodworking and determine the effectiveness of practical woodworking from the perspective of students of secondary vocational schools in the province of Aceh. Factors studied were the workshop equipment, safety workshops, teaching skills, the workshop environment and student interest. This study was designed to investigate the significant differences concerning factors woodworking practical effectiveness based on demographic factors. A total of 130 respondents were randomly selected from six vocational schools in the province of Aceh. The instrument consists of a set of questionnaire consisting of 49 items and distributed to second level students. Data analysis using the two types of statistics, namely descriptive statistics and statistical inference. The results showed no significant difference between factors woodworking practical effectiveness based on demographic factors except the income level of parents and the parents of the respondents work. The results of multiple linear regression analysis stepwise method found that only four factors (environmental factors workshops, the students interest, the skills of teachers and workshop equipment factors) that affect the practical effectiveness of woodworking with the correlation coefficient R = 0.779. This shows there is a significant effect of the four factors, the effectiveness of practical woodworking, accounting for 60.6% (R2 = 0.606) changes in the variance in effectiveness of hands-on woodworking, and between the four factors, the workshop environment is the factor that most influences the effectiveness practical woodworking by contributing 43.3% (R2 = 0.433) of the variance in effectiveness of practical woodworking. The main implication of this study is the need for attention from the authorities to be more serious in efforts to improve the facilities and infrastructure in the workshop as well as security issues in practical workshops so that the effectiveness of the woodwork to be more robust.

Download Full-text

Nursing Student’s Knowledge about Understanding and Prevention of Needle Stick Injury

Croatian Nursing Journal ◽

10.24141/2/4/1/6 ◽

2020 ◽

Vol 4 (1) ◽

pp. 73-80

Author(s):

Sanja Ledinski Fičko ◽

Janko Babić ◽

Biljana Kurtović ◽

Martina Smrekar ◽

Ana Marija Hošnjak ◽

...

Keyword(s):

Nursing Students ◽

Secondary Schools ◽

Safety Issue ◽

Demographic Data ◽

Health And Safety ◽

Needle Stick Injury ◽

Needle Stick ◽

Significant Difference ◽

Level Of Knowledge ◽

The University

Introduction. Needle stick injury (NSI) is an occupational health and safety issue. Nursing students are prone to NSI due to lack of experience with handling needles and sharps. Aim. To determine the level of knowledge about the prevention of NSI and examine the level of knowledge about the post-exposure procedure and the students’ understanding of NSI. Methods. The study was conducted in 2017 at the University of Applied Health Sciences in Zagreb. The participants were nursing students from all regions of Croatia. The data was collected using a questionnaire containing 17 questions specifically designed for this study. One question had three subquestions and one had five subquestions regarding the knowledge of how to react if a needle stick injury occurs. The participants also responded to a questionnaire on their socio-demographic data. Results. The study included 149 students. The results show that 16 students have experienced NSI. A statistically significant difference was observed among students who have finished a secondary medical school in the answers about post-NSI interventions and in answers to the question of whether the needle should be recapped. The respondents from medical schools answered correctly. A statistically significant difference was observed among students from non-medical secondary schools in the answers about education on post-exposition procedures and in the answers about necessary action following a needle stick injury. The respondents from non-medical secondary schools had higher scores. Conclusion. The results of this study can be used to establish appropriate education strategies, increase the awareness of needle stick injuries and minimize the occurrence of these injuries among nursing students in Croatia.

Download Full-text

Techniques and Trends Towards Various Dimensions of Robust Security Testing in Global Software Engineering

Human Factors in Global Software Engineering - Advances in Systems Analysis, Software Engineering, and High Performance Computing ◽

10.4018/978-1-5225-9448-2.ch009 ◽

2019 ◽

pp. 219-251

Author(s):

Muhammad Sulleman Memon ◽

Mairaj Nabi Bhatti ◽

Manzoor Ahmed Hashmani ◽

Muhammad Shafique Malik ◽

Naveed Murad Dahri

Keyword(s):

Complete Analysis ◽

Security Testing ◽

Safety Issues ◽

Software Vulnerabilities ◽

Security Issues ◽

Evaluation Strategies ◽

Software Program ◽

High Level ◽

Technical Assessment ◽

Global Software Engineering

With the growth of software vulnerabilities, the demand for security integration is increasingly necessary to more effectively achieve the goal of secure software development globally. Different practices are used to keep the software intact. These practices should also be examined to obtain better results depending on the level of security. The security of a software program device is a characteristic that permeates the whole system. To resolve safety issues in a software program security solutions have to be implemented continually throughout each web page. The motive of this study is to offer a complete analysis of safety, wherein protection testing strategies and equipment can be categorized into: technical evaluation strategies and non-technical assessment strategies. This study presents high-level ideas in an easy form that would help professionals and researchers solve software security testing problems around the world. One way to achieve these goals is to separate security issues from other enforcement issues so that they can be resolved independently and applied globally.

Download Full-text

Measuring Developers' Software Security Skills, Usage, and Training Needs

Exploring Security in Software Architecture and Design - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-6313-6.ch011 ◽

2019 ◽

pp. 260-286 ◽

Cited By ~ 1

Author(s):

Tosin Daniel Oyetoyan ◽

Martin Gilje Gilje Jaatun ◽

Daniela Soares Cruzes

Keyword(s):

Software Development ◽

Software Security ◽

Training Needs ◽

Theoretical Background ◽

Practical Skills ◽

Divine Intervention ◽

Development Organizations ◽

Secure Software ◽

Training Need ◽

And Training

Software security does not emerge fully formed by divine intervention in deserving software development organizations; it requires that developers have the required theoretical background and practical skills to enable them to write secure software, and that the software security activities are actually performed, not just documented procedures that sit gathering dust on a shelf. In this chapter, the authors present a survey instrument that can be used to investigate software security usage, competence, and training needs in agile organizations. They present results of using this instrument in two organizations. They find that regardless of cost or benefit, skill drives the kind of activities that are performed, and secure design may be the most important training need.

Download Full-text

Risk Ranking: Investigating Expert and Public Differences in Evaluating Food Safety Hazards

Journal of Food Protection ◽

10.4315/0362-028x-73.10.1875 ◽

2010 ◽

Vol 73 (10) ◽

pp. 1875-1885 ◽

Cited By ~ 16

Author(s):

KEVIN WEBSTER ◽

CINDY JARDINE ◽

SEAN B. CASH ◽

LYNN M. MCMULLEN

Keyword(s):

Food Safety ◽

Focus Groups ◽

Safety Issue ◽

Personal Control ◽

Paralytic Shellfish Poisoning ◽

Spongiform Encephalopathy ◽

Shellfish Poisoning ◽

Safety Issues ◽

The Public ◽

Risk Ranking

The allocation of resources with respect to food safety issues requires that decision makers prioritize these issues, which may conflict with the public's opinions on these matters. The purpose of this study was to compare how Canadian expert and lay respondents rank different food hazards, with a view to better understanding their underlying rationales for making decisions on food safety. A Carnegie Mellon risk ranking model was adapted for use by individuals with different backgrounds to rank six food safety issues: bovine spongiform encephalopathy (BSE), Escherichia coli O157:H7, Salmonella, botulism, paralytic shellfish poisoning (PSP), and acrylamide. Focus groups were conducted using public (n = 29) and expert (n = 21) participants. Key themes were identified from the focus groups as reasons why issues were rated high or low. The most common themes for high rankings were prevalence (of an agent) and/or severity (of a disease) and knowledge and control of a food safety issue. For the lowest rankings, common themes included low prevalence and severity and personal control over an issue. Explanations for why choices were made included availability, affect, numeracy, and optimistic bias. The majority of the rationales used by all participants were similar with the exception of the high ranking given to acrylamide by the public participants. The effect of attribute framing seemed to be the most influential in a participant's choices. Understanding that comparable reasoning is used in food safety decisions by both experts and the public has important implications for developing productive risk communication dialogues about issues and priorities.

Download Full-text

Employees’ knowledge, attitude and practice of food additives; impacts of an educational intervention

Nutrition & Food Science ◽

10.1108/nfs-11-2019-0346 ◽

2020 ◽

Vol 50 (6) ◽

pp. 1199-1212

Author(s):

Amir Reza Moravejolahkami ◽

Zahra Esfandiari ◽

Hadiseh Ebdali ◽

Marjan Ganjali Dashti ◽

Akbar Hassanzadeh ◽

...

Keyword(s):

Food Safety ◽

Food Additives ◽

Content Type ◽

Safety Issues ◽

Attitude And Practice ◽

Significant Difference ◽

Before And After ◽

Knowledge And Attitude ◽

Safety Attitude ◽

Knowledge Attitude And Practice

Purpose Understanding consumers’ food safety practices are helpful in reducing foodborne illnesses. The purpose of this study is to evaluate the influence of education on knowledge, attitude and practices toward food additives. Design/methodology/approach This interventional study was performed by random sampling of 826 employees in Isfahan University of Medical Sciences from January 2018 to March 2019. The knowledge, attitude and practices of the employees toward food additives were assessed by a self-administered and structured questionnaire. Two-month education was conducted visually by using pamphlets, posters and leaflets. Descriptive statistics and paired t-test were done by SPSS24 at significant levels of p < 0.05. Findings The results showed that the respondents were very concerned about preservatives, colorants, and artificial sweeteners in foods. Before the education, the percentages collected for the knowledge, attitude and practice were 79.0, 48.9 and 46.7, respectively. Overall, knowledge scores were improved from 79.0 to 88.9 per cent when the education was offered. Safety attitude scores significantly increased, with a 50 per cent difference between the pre and post values. A significant difference was observed in the percentage of knowledge, attitude and practice of the employers before and after education (p < 0.05). Almost half of the respondents chose leaflets and pamphlets as a preferable tool for learning. Originality/value Education may be needed for improving knowledge and attitude about food additives. It also helped the respondents to select healthier food. This study suggests more communication programs regarding food safety issues.

Download Full-text