Danfeng scite author profile

The massive payment card industry (PCI) involves various entities such as merchants, issuer banks, acquirer banks, and card brands. Ensuring security for all entities that process payment card information is a challenging task. The PCI Security Standards Council requires all entities to be compliant with the PCI Data Security Standard (DSS), which specifies a series of security requirements. However, little is known regarding how well PCI DSS is enforced in practice. In this paper, we take a measurement approach to systematically evaluate the PCI DSS certification process for e-commerce websites. We develop an e-commerce web application testbed, Bug-gyCart, which can flexibly add or remove 35 PCI DSS related vulnerabilities. Then we use the testbed to examine the capability and limitations of PCI scanners and the rigor of the certification process. We find that there is an alarming gap between the security standard and its real-world enforcement. None of the 6 PCI scanners we tested are fully compliant with the PCI scanning guidelines, issuing certificates to merchants that still have major vulnerabilities. To further examine the compliance status of real-world e-commerce websites, we build a new lightweight scanning tool named Pci-CheckerLite and scan 1,203 e-commerce websites across various business sectors. The results confirm that 86% of the websites have at least one PCI DSS violation that should have disqualified them as non-compliant. Our in-depth accuracy analysis also shows that PciCheckerLite's output is more precise than w3af. We reached out to the PCI Security Council to share our research results to improve the enforcement in practice.

show abstract

Coding Practices and Recommendations of Spring Security for Enterprise Applications

Islam¹,

Rahaman²,

Meng³

et al. 2020

Preprint

View full text Add to dashboard Cite

Spring security is tremendously popular among practitioners for its ease of use to secure enterprise applications. In this paper, we study the application framework misconfiguration vulnerabilities in the light of Spring security, which is relatively understudied in the existing literature. Towards that goal, we identify 6 types of security anti-patterns and 4 insecure vulnerable defaults by conducting a measurementbased approach on 28 Spring applications. Our analysis shows that security risks associated with the identified security antipatterns and insecure defaults can leave the enterprise application vulnerable to a wide range of high-risk attacks. To prevent these high-risk attacks, we also provide recommendations for practitioners. Consequently, our study has contributed one update to the official Spring security documentation while other security issues identified in this study are being considered for future major releases by Spring security community.

show abstract

Prediction of Ebolavirus Genomes Encoded MicroRNA-Like Small RNAs Using Bioinformatics Approaches

Teng¹,

Xu²,

Yuan³

et al. 2016

View full text Add to dashboard Cite

Recent findings revealed that certain viruses encoded microRNA-like small RNAs using the RNA interference machinery in the host cells. However, the function of these virusencoded microRNA-like small RNAs remained unclear, and whether these microRNAlike small RNAs were involved in the replication of the virus and viral infection was still disputable. In this chapter, the negative-sense RNA genome of Ebola virus (EBOV) was scanned using bioinformatics tools to predict the EBOV-encoded microRNA-like small RNAs. Then, the potential influence of viral microRNA-like small RNAs on the viral immune evasion, host cellular signaling pathway, and epigenetic regulation of antiviral defense mechanism were also detected by the reconstructed regulatory network of target genes associated with viral encoded microRNA-like small RNAs. In this analysis, EBOV-encoded microRNA-like small RNAs were proposed to inhibit the host immune response factors, probably facilitating the evasion of EBOV from the host defense mechanisms. In conclusion, systematic investigation of microRNA-like small RNAs in EBOV genome may shed light on the underlying molecular mechanisms of the pathological process of Ebola virus disease (EVD).

show abstract

Example-based vulnerability detection and repair in Java code

Zhang¹,

Xiao²,

Kabir³

et al. 2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Danfeng

Evaluation of Static Vulnerability Detection Tools With Java Cryptographic API Benchmarks

Security Certification in Payment Card Industry

Coding Practices and Recommendations of Spring Security for Enterprise Applications

Prediction of Ebolavirus Genomes Encoded MicroRNA-Like Small RNAs Using Bioinformatics Approaches

Example-based vulnerability detection and repair in Java code

Contact Info

Product

Resources

About