scispace - formally typeset
Search or ask a question
Topic

File inclusion vulnerability

About: File inclusion vulnerability is a research topic. Over the lifetime, 104 publications have been published within this topic receiving 1749 citations.


Papers
More filters
Patent
13 Sep 2002
TL;DR: In this article, a document exchange environment for allowing a user to access documents is described, which includes a web server, a document vault database, and a file server, coupled to the web server and stored information regarding whether a user is authorized to access a document file.
Abstract: A document exchange environment for allowing a user to access documents. The document exchange environment includes a web server, a document vault database and a file server. The document vault database is coupled to the web server and stores information regarding whether a user is authorized to access a document file. The file server is coupled to the web server and provides a user access to the document file via the web server based upon the information regarding whether the user is authorized to access the document file.

44 citations

Patent
21 May 2010
TL;DR: In this article, the authors present a method and system for automated risk analysis, which includes accessing host configuration information of a host and querying a vulnerability database based on the host's configuration information.
Abstract: Embodiments of the present invention are directed to a method and system for automated risk analysis. The method includes accessing host configuration information of a host and querying a vulnerability database based on the host configuration information. The method further includes receiving a list of vulnerabilities and accessing a plurality of vulnerability scores. The list of vulnerabilities corresponds to vulnerabilities of the host. Vulnerabilities can be removed from the list based on checking for installed fixes corresponding to vulnerability. A composite risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores. An aggregate risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores.

43 citations

Proceedings ArticleDOI
14 Nov 2007
TL;DR: A new approach for quantitatively modeling the vulnerability discovery process, based on shared source code measurements among multi-version software systems is proposed, which can be used for assessing security risk both before and after the release of a version.
Abstract: The vulnerability discovery process for a program describes the rate at which the security vulnerabilities are discovered. Being able to predict the vulnerability discovery process allows developers to adequately plan for resource allocation needed to develop patches for them. It also enables the users to assess the security risks. Thus there is a need to develop a model of the discovery process that can predict the number of vulnerabilities that are likely to be discovered in a given time frame. Recent studies have produced vulnerability discovery process models that are suitable for a specific version of a software. However, these models may not accurately estimate the vulnerability discovery rates for a software when we consider successive versions, hi this paper, we propose a new approach for quantitatively modeling the vulnerability discovery process, based on shared source code measurements among multi-version software systems. Such a modeling approach can be used for assessing security risk both before and after the release of a version. The applicability of the approach is examined using two open source software systems, viz., Apache HTTP Web server and Mysql DataBase Management System (DBMS). We have examined the relationship between shared code size and shared vulnerabilities between two successive versions. We observe that vulnerabilities continue to be discovered for an older version because part of its code is shared by the newer and more popular later version. Thus, even when the installed base of an older version has declined, vulnerabilities applicable to it are still discovered. Our results are validated using the source code and vulnerability data for two major versions of Apache HTTP Web server and two major versions of Mysql DBMS.

43 citations

Patent
01 Oct 2002
TL;DR: In this article, the authors describe a method that includes executing a vaccine program on a computer, where the program searches for a known vulnerability in software on the computer and triggers execution of code that performs at least one non-malicious activity to effect reducing risk associated with the vulnerability, such as generating a notification or applying a software patch to neutralize the vulnerability.
Abstract: A computer security system and method that includes executing a vaccine program on a computer, where the program searches for a known vulnerability in software on the computer. Upon detecting a vulnerability, the program triggers execution of code that performs at least one non-malicious activity to effect reducing risk associated with the vulnerability, such as generating a notification or applying a software patch to neutralize the vulnerability.

41 citations

Patent
17 Oct 2005
TL;DR: In this article, a test case is created and executed for the web service to determine whether the Web service is vulnerable to a known vulnerability, which is based on at least one vulnerability definition, a web service operation or port, and at least a control request.
Abstract: Disclosed is a computer implemented method for testing a Web service to determine whether the Web service is vulnerable to at least one known vulnerability. A test case is created and executed for the Web service to determine whether the Web service is vulnerable to the vulnerability. The test case is based on at least one vulnerability definition, at least one Web service operation or port, and at least one control request. The vulnerability definition includes information required to create a request and an expected result. Also disclosed is a computer implemented method of testing a Web service to determine whether the Web service complies with a policy, for example a security or vulnerability policy. A test case is created and executed for the Web service to determine if the Web service complies to the policy.

39 citations


Network Information
Related Topics (5)
Intrusion detection system
28.4K papers, 509.5K citations
78% related
Cloud computing security
27.1K papers, 511.8K citations
78% related
Computer security model
18.1K papers, 352.9K citations
77% related
Password
35K papers, 389.6K citations
76% related
Access control
32.6K papers, 475K citations
76% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20211
20201
20191
20184
20173
20169