Search For:

Displaying 1-7 out of 7 total
Towards a Hybrid Framework for Detecting Input Manipulation Vulnerabilities
Found in: 2013 20th Asia-Pacific Software Engineering Conference (APSEC)
By Sun Ding,Hee Beng Kuan Tan,Lwin Khin Shar,Bindu Madhavi Padmanabhuni
Issue Date:December 2013
pp. 363-370
Input manipulation vulnerabilities such as SQL Injection, Cross-site scripting, Buffer Overflow vulnerabilities are highly prevalent and pose critical security risks. As a result, many methods have been proposed to apply static analysis, dynamic analysis o...
 
Defeating SQL Injection
Found in: Computer
By Lwin Khin Shar,Hee Beng Kuan Tan
Issue Date:March 2013
pp. 69-77
The best strategy for combating SQL injection, which has emerged as the most widespread website security risk, calls for integrating defensive coding practices with both vulnerability detection and runtime attack prevention methods.
 
Predicting common web application vulnerabilities from input validation and sanitization code patterns
Found in: 2012 27th IEEE/ACM International Conference on Automated Software Engineering (ASE)
By Lwin Khin Shar,Hee Beng Kuan Tan
Issue Date:September 2012
pp. 310-313
Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approa...
 
Defending against Cross-Site Scripting Attacks
Found in: Computer
By Lwin Khin Shar,Hee Beng Kuan Tan
Issue Date:March 2012
pp. 55-62
Researchers have proposed multiple solutions to cross-site scripting, but vulnerabilities continue to exist in many Web applications due to developers' lack of understanding of the problem and their unfamiliarity with current defenses' strengths and limita...
 
A Code-Based Input Partitioning Method for Equivalence Class Testing
Found in: Software Engineering, World Congress on
By Lwin Khin Shar, Hee Beng Kuan Tan, Hui Lui
Issue Date:December 2010
pp. 223-227
Equivalence class testing is traditionally a specification-based testing technique that derives test cases through partitioning the input domain of a program into different classes. This technique is widely used for testing all kinds of software systems. H...
 
Scalable malware clustering through coarse-grained behavior modeling
Found in: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE '12)
By Hee Beng Kuan Tan, Lwin Khin Shar, Mahinthan Chandramohan
Issue Date:November 2012
pp. 1-4
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants ...
     
Predicting common web application vulnerabilities from input validation and sanitization code patterns
Found in: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012)
By Hee Beng Kuan Tan, Lwin Khin Shar
Issue Date:September 2012
pp. 310-313
Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approa...
     
 1