Spelling suggestions: "subject:"vulnerability."" "subject:"ulnerability.""
1 |
J-WAVE: A Java Web Application for Vulnerability EducationKyer, Michael Alexander 28 May 2024 (has links)
Static application security testing (SAST) tools are commonly used by professionals to identify security vulnerabilities before deployment. While there are many such tools, they offer competing features and can be difficult and time-consuming to install and configure. To simplify the usage of these services for professors and students alike, this paper describes the Java web application for vulnerability education, or J-WAVE. J-WAVE combines 5 SAST tools into one web application: PMD, FindSecurityBugs, Semgrep, Yasca, and SonarQube.
Making these tools available in an educational context is a proactive application of tools typically used in a reactive manner. J-WAVE offers simplicity to users by handling each tool's setup internally, while offering access to the large, collective rule set contributed by the combined tool suite. These attributes allow students to easily scan their own projects to detect a variety of security issues prior to submission. Likewise, educators can scan their students' code to detect common vulnerabilities present. This process is made easier as J-WAVE can accept batch submissions containing thousands of files. The SAST tools in JWAVE are complementary, and using them together helps detect a wider range of problems.
However, different tools should be prioritized depending on what files are being scanned.
PMD and SonarQube reports should be prioritized within general applications. Whereas, Semgrep and Yasca reports should be prioritized for scans of web applications. This paper reports on experiences from applying J-WAVE's tool suite to student submissions in two courses: an advanced data structures course, and a web application development course. / Master of Science / Static application security testing (SAST) tools are commonly used by professionals to identify security vulnerabilities before deployment. While there are many such tools, they offer competing features and can be difficult and time-consuming to install and configure. To simplify the usage of these services for professors and students alike, this paper describes the Java web application for vulnerability education, or J-WAVE. J-WAVE combines 5 SAST tools into one web application: PMD, FindSecurityBugs, Semgrep, Yasca, and SonarQube.
Making these tools available in an educational context is a proactive application of tools typically used in a reactive manner. J-WAVE offers simplicity to users by handling each tool's setup internally, while offering access to the large, collective rule set contributed by the combined tool suite. These attributes allow students to easily scan their own projects to detect a variety of security issues prior to submission. Likewise, educators can scan their students' code to detect common vulnerabilities present. This process is made easier as J-WAVE can accept batch submissions containing thousands of files. The SAST tools in JWAVE are complementary, and using them together helps detect a wider range of problems.
However, different tools should be prioritized depending on what files are being scanned.
PMD and SonarQube reports should be prioritized within general applications. Whereas, Semgrep and Yasca reports should be prioritized for scans of web applications. This paper reports on experiences from applying J-WAVE's tool suite to student submissions in two courses: an advanced data structures course, and a web application development course.
|
2 |
Localization for Vulnerability ScannerLai, Kun-Ye 15 July 2004 (has links)
With the popularization of Internet, and the vulnerabilities found continuously, network hosts meet more and more risks of being attacked. If we don¡¦t secure them well, they will become the targets of the hackers. In addition to the protection of firewalls, vulnerability scanners can also help us to find out the weekness of our network hosts.
Nessus is an open source freeware which has the capability of vulnerability assessment. Nessus has very powerful scanning ability and is very easy to use. Nessus provides detailed result reports from the messages in the plugins. However, like many other freeware and software, Nessus is an English software. For this reason, Nessus provides English result reports. For those who do not use English as their first language, it costs a lot of time to read a lot of English result reports.
In this research, we develop a localizational system of the Nessus scanner and provide the result reports in users¡¦ local language. We develop an automatic mechanism to extract the messages and infomations in the plugins, and put them into the vulnerability databases. We also develop two subsystems, one of them makes translators translates the message in the vulnerability database into their local language, and the other replaces the English result with those translated messages.
This research proposes the design above and actually implements a localizational system of the Nessus scanner. It attempts to reduce the time and labor consumption while translating, automate the update process of vulnerability database, and avoid the modification of source code as possible.
|
3 |
Evaluating a Method for Measuring Community Vulnerability to Hazards: A Hurricane Case Study in New OrleansAbel, Lyndsey E. 25 September 2008 (has links)
No description available.
|
4 |
The risk of a vulnerable scenarioPinto, Jorge Tiago Q. S. January 2002 (has links)
No description available.
|
5 |
The politics of threat : minuteman vulnerability as an issue in the Carter Reagan administrationsDunn, David Hastings January 1995 (has links)
No description available.
|
6 |
Microcrédit et gestion des risques, une grille de lecture par les capabilités : le cas des ménages ruraux des hautes terres de Madagascar / Microcredit and risk management in Madagascar rural area : a capability approach as a frameworkRandriamanampisoa, Holimalala 22 November 2011 (has links)
Cette thèse contribue aux débats concernant l’efficacité du microcrédit sur la pauvreté ainsi que sur les indicateurs à utiliser lors de ses études d’impact. Notre problématique se présente alors comme suit : Quels sont les rôles du microcrédit dans la gestion des risques afin de permettre aux populations rurales d’améliorer leur capabilité et d’être moins vulnérables ? Pour répondre à cette question, nous considérons que le microcrédit va ainsi bien au-delà d’un simple outil financier pour devenir une politique d’élargissement des opportunités et des moyens à la disposition des pauvres pour améliorer leurs « capabilités ». Notre travail de recherche propose d’examiner le lien entre le microcrédit et la pauvreté multidimensionnelle tout en intégrant à la fois les concepts de risques et de vulnérabilité. Dans cette perspective, les études d’impact du microcrédit devraient considérer la pauvreté non seulement comme insuffisance de revenus et de ressources matérielles, mais également comme le sentiment de vulnérabilité et d’insécurité. Nous analysons la relation entre la pauvreté et le microcrédit à partir de l’approche des capabilités de Sen, en utilisant quatre dimensions : les capabilités de sécurité, les capabilités de production, les capabilités humaines et financières. A partir des données de l’étude d’impact de l’organisme de microfinance « CECAM » à Madagascar, les résultats empiriques avec l’utilisation de l’Analyse Factorielle de Correspondance Multiple montrent que l’approche des capabilités met des aspects de la pauvreté et qui ne sont pas capturés par les méthodes basées uniquement sur les approches monétaires. La régression économétrique nous permet d’établir un lien direct entre le microcrédit et les capabilités. En effet, la principale variable d’intérêt Montant du microcrédit indique une amélioration du niveau de capabilité des ménages. Certaines variables de contrôle telles que le nombre d’année d’adhésion, le genre du chef de ménage et les chocs de production améliorent les capabilités tandis que d’autres variables de contrôle telles que le niveau d’instruction du chef de ménage et les dépenses liées aux chocs de la vie familiale affaiblissent les capabilités des ménages ruraux dans les hautes terres malgaches. / This thesis contributes to debates regarding the effectiveness of microcredit on poverty and on the indicators to be used in its impact assessments. Our problem is then presented as follows: What is the role of microcredit in risk management to enable rural people to improve their capability and be less vulnerable? To answer this question, we consider that microcredit goes well beyond a simple financial tool to become a policy of expanding the opportunities and resources available to the poor to improve their "capabilities". Our research proposes to examine the link between microcredit and multidimensional poverty while integrating both the concepts of risk and vulnerability. In this perspective, the impact of microcredit should not only consider poverty as insufficient income and material resources, but also like the feeling of vulnerability and insecurity. We analyze the relationship between poverty and microcredit by using Sen’s approach of capabilities. We mobilize for this study four dimensions of capabilities: security, production, human and financial. From the data of the impact of the microfinance organization "CECAM" in Madagascar, the empirical results with the use of Multiple Correspondence Factor Analysis shows that the capability approach highlights the some aspects of poverty which are not captured by methods based only on monetary approaches. Econometric regression allows us to establish a direct link between microcredit and capabilities. Indeed, the main variable of interest Amount of microcredit indicates an improved level of capability of households. Some control variables such as number of years of membership, gender of household head and shocks improve production capabilities while other control variables such as level of education of household head and expenditure impact of family life weaken the capabilities of rural households in the Malagasy highlands.
|
7 |
Understanding vulnerability : three papers on ChileTelias Simunovic, Amanda January 2018 (has links)
Poverty eradication has been one of the most important, if not the most important, development goals of recent decades. It still represents one of the major challenges of our time. The first objective of the U.N. Sustainable Development Goals agreed in 2015 states: "End poverty in all its forms everywhere" (United Nations 2015). To meet the main objective of eliminating poverty by 2030, it has been recognized that protection must go not only to those in poverty but also to those who are in danger of falling into poverty in the future. Although vulnerability to poverty can be broadly defined as the likelihood of someone falling into poverty in the future, there is no agreement on how best to measure it or determine its impact on well-being. The main research question addressed in the thesis is: How can vulnerability to poverty be operationalized and measured? It explores this question empirically in three papers covering: (i) what are the shifts in vulnerability to poverty along the distribution of income over time; (ii) what do the measurements of vulnerability to poverty tell us about the sociodemographic characteristics of people in situations of vulnerability to poverty compared with those living in poverty and the middle class; (iii) what is the relationship between poverty, vulnerability and age and what is the role of social assistance in addressing these. The three papers take Chile as a case study to understand and measure vulnerability from three different approaches. Chile is a high-income country with a successful poverty reduction strategy but still facing the challenge of eradicating it. Most of its social programs are designed to reach the 60% most vulnerable sector of the population. The first paper employs a relative understanding of vulnerability. It examines population shifts along the distribution of income from deciles in poverty in an earlier period to deciles of vulnerability in a later period. Methods to analyse relative distribution proposed by Handcock & Morris (1999) are used to perform this analysis. The findings emphasize that poverty reduction can be accompanied by vulnerability reduction. The second paper measures vulnerability to poverty using the approach proposed by Lopez-Calva & Ortiz-Juarez (2014). This paper estimates the probability of falling into poverty and uses this to establish a vulnerability income threshold. The findings underline the differences between the group of people living in vulnerability, those living in poverty and people who belong to middle class. This paper contributes to the recognition of the group of people in vulnerability as a different group to those in poverty and the middle class providing the recommendation of different social programmes for these groups. Poverty reduction strategies should consider these differences. The third paper moves the analysis onto the vulnerable groups. It focuses on children and older people as vulnerable groups in need of state protection. A partial fiscal analysis is carried out following the guidelines of the Commitment to Equity Institute to compare the situation of these groups before and after direct taxes and cash transfers. It shows that current cash transfers have an age bias, being more effective in reducing poverty among the elderly than among children. The findings confirm the view that age bias in welfare institutions creates generational inequity in the allocation of public benefits. In the context of the general lack of agreement regarding what vulnerability to poverty is and how it can be measured, this thesis thus tries out three different ways to conceptualize and measure it.
|
8 |
Robustness and Vulnerability Design for Autonomic ManagementBigdeli, Alireza 20 August 2012 (has links)
This thesis presents network design and operations algorithms suitable for use in
an autonomic management system for communication networks with emphasis on
network robustness. We model a communication network as a weighted graph and
we use graph-theoretical metrics such as network criticality and algebraic connectivity
to quantify robustness. The management system under consideration is composed of
slow and fast control loops, where slow loops manage slow-changing issues of the
network and fast loops react to the events or demands that need quick response.
Both of control loops drive the process of network management towards the most
robust state.
We fist examine the topology design of networks. We compare designs obtained
using different graph metrics. We consider well-known topology classes including
structured and complex networks, and we provide guidelines on the design and simplification of network structures. We also compare robustness properties of several
data center topologies. Next, the Robust Survivable Routing (RSR) algorithm is presented to assign working and backup paths to online demands. RSR guarantees 100%
single-link-failure recovery as a path-based survivable routing method. RSR quanti es each path with a value that represents its sensitivity to incremental changes in
external traffic and topology by evaluating the variations in network criticality of the
network. The path with best robustness (path that causes minimum change in total
network criticality) is chosen as primary (secondary) path.
In the last part of this thesis, we consider the design of robust networks with
emphasis on minimizing vulnerability to single node and link failures. Our focus
in this part is to study the behavior of a communication network in the presence
of node/link failures, and to optimize the network to maximize performance in the
presence of failures. For this purpose, we propose new vulnerability metrics based on
the worst case or the expected value of network criticality or algebraic connectivity
when a single node/link failure happens. We show that these vulnerability metrics
are convex (or concave) functions of link weights and we propose convex optimization problems to optimize each vulnerability metric. In particular, we convert the
optimization problems to SDP formulation which leads to a faster implementation
for large networks.
|
9 |
Robustness and Vulnerability Design for Autonomic ManagementBigdeli, Alireza 20 August 2012 (has links)
This thesis presents network design and operations algorithms suitable for use in
an autonomic management system for communication networks with emphasis on
network robustness. We model a communication network as a weighted graph and
we use graph-theoretical metrics such as network criticality and algebraic connectivity
to quantify robustness. The management system under consideration is composed of
slow and fast control loops, where slow loops manage slow-changing issues of the
network and fast loops react to the events or demands that need quick response.
Both of control loops drive the process of network management towards the most
robust state.
We fist examine the topology design of networks. We compare designs obtained
using different graph metrics. We consider well-known topology classes including
structured and complex networks, and we provide guidelines on the design and simplification of network structures. We also compare robustness properties of several
data center topologies. Next, the Robust Survivable Routing (RSR) algorithm is presented to assign working and backup paths to online demands. RSR guarantees 100%
single-link-failure recovery as a path-based survivable routing method. RSR quanti es each path with a value that represents its sensitivity to incremental changes in
external traffic and topology by evaluating the variations in network criticality of the
network. The path with best robustness (path that causes minimum change in total
network criticality) is chosen as primary (secondary) path.
In the last part of this thesis, we consider the design of robust networks with
emphasis on minimizing vulnerability to single node and link failures. Our focus
in this part is to study the behavior of a communication network in the presence
of node/link failures, and to optimize the network to maximize performance in the
presence of failures. For this purpose, we propose new vulnerability metrics based on
the worst case or the expected value of network criticality or algebraic connectivity
when a single node/link failure happens. We show that these vulnerability metrics
are convex (or concave) functions of link weights and we propose convex optimization problems to optimize each vulnerability metric. In particular, we convert the
optimization problems to SDP formulation which leads to a faster implementation
for large networks.
|
10 |
A case study of social vulnerability mapping: issues of scale and aggregationBurns, Gabriel Ryan 15 May 2009 (has links)
This study uses geographic information systems to determine if the aggregation
of census block data are better than census block group data for analyzing social
vulnerability. This was done by applying a social vulnerability method that used census
block group data for a countywide analysis and converting it to use census blocks for a
countywide analysis and a municipal-wide analysis to determine which level of
aggregation provided a more precise representation of social vulnerability. In addition to
calculating the social vulnerability, the results were overlaid with an evacuation zone for
the threat of a train derailment, determining which aggregation better depicted at-risk
populations.
The results of the study showed that the census blocks enable a more exact
measurement of social vulnerability because they are better at capturing small pockets of
high-risk areas. This study concludes that census block are more advantageous than
census block groups because they are more sensitive and geographically exact in
measuring social vulnerability, allow for a better interpretation of social vulnerability for
smaller areas, and show spatial patterns of vulnerability at a finer spatial scale.
|
Page generated in 0.0491 seconds