Heuristic and Knowledge-Based Security Checks of Source Code Artifacts Using Community Knowledge

Β· Logos Verlag Berlin GmbH
5,0
1Β ΠΎΡ‚Π·ΠΈΠ²
Π•Π»Π΅ΠΊΡ‚Ρ€ΠΎΠ½Π½Π° ΠΊΠ½ΠΈΠ³Π°
225
Π‘Ρ‚Ρ€Π°Π½ΠΈΡ†ΠΈ
ΠžΡ‚Π³ΠΎΠ²Π°Ρ€Ρ Π½Π° условията

Всичко Π·Π° Ρ‚Π°Π·ΠΈ Π΅Π»Π΅ΠΊΡ‚Ρ€ΠΎΠ½Π½Π° ΠΊΠ½ΠΈΠ³Π°

The goal of this dissertation is to support developers in applying security checks using community knowledge. Artificial intelligence approaches combined with natural language processing techniques are employed to identify security-related information from community websites such as Stack Overflow or GitHub. All security-related information is stored in a security knowledge base. This knowledge base provides code fragments that represent the communityΒ΄s knowledge about vulnerabilities, security-patches, and exploits.

Comprehensive knowledge is required to carry out security checks on software artifacts, such as data covering known vulnerabilities and their manifestation in the source code as well as possible attack strategies. Approaches that check software libraries and source code fragments are provided for the automated use of the data.

Insecure software libraries can be detected using the NVD combined with metadata and library file hash approaches introduced in this dissertation. Vulnerable source code fragments can be identified using community knowledge represented by code fragments extracted from the largest coding community websites: Stack Overflow and GitHub. A state-of-the-art clone detection approach is modified and enriched by several heuristics to enable vulnerability detection and leverage community knowledge while maintaining good performance. Using various case studies, the approaches implemented in Eclipse plugins and a JIRA plugin are adapted to the usersΒ΄ needs and evaluated.

ΠžΡ†Π΅Π½ΠΊΠΈ ΠΈ ΠΎΡ‚Π·ΠΈΠ²ΠΈ

5,0
1Β ΠΎΡ‚Π·ΠΈΠ²

ΠžΡ†Π΅Π½Π΅Ρ‚Π΅ Ρ‚Π°Π·ΠΈ Π΅Π»Π΅ΠΊΡ‚Ρ€ΠΎΠ½Π½Π° ΠΊΠ½ΠΈΠ³Π°

ΠšΠ°ΠΆΠ΅Ρ‚Π΅ Π½ΠΈ ΠΊΠ°ΠΊΠ²ΠΎ мислитС.

Π˜Π½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΡ Π·Π° Ρ‡Π΅Ρ‚Π΅Π½Π΅Ρ‚ΠΎ

Π‘ΠΌΠ°Ρ€Ρ‚Ρ„ΠΎΠ½ΠΈ ΠΈ Ρ‚Π°Π±Π»Π΅Ρ‚ΠΈ
Π˜Π½ΡΡ‚Π°Π»ΠΈΡ€Π°ΠΉΡ‚Π΅ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅Ρ‚ΠΎ Google Play Книги Π·Π° Android ΠΈ iPad/iPhone. Π’ΠΎ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΡ‡Π½ΠΎ сС синхронизира с ΠΏΡ€ΠΎΡ„ΠΈΠ»Π° Π²ΠΈ ΠΈ Π²ΠΈ позволява Π΄Π° Ρ‡Π΅Ρ‚Π΅Ρ‚Π΅ ΠΎΠ½Π»Π°ΠΉΠ½ ΠΈΠ»ΠΈ ΠΎΡ„Π»Π°ΠΉΠ½, ΠΊΡŠΠ΄Π΅Ρ‚ΠΎ ΠΈ Π΄Π° стС.
Π›Π°ΠΏΡ‚ΠΎΠΏΠΈ ΠΈ ΠΊΠΎΠΌΠΏΡŽΡ‚Ρ€ΠΈ
ΠœΠΎΠΆΠ΅Ρ‚Π΅ Π΄Π° ΡΠ»ΡƒΡˆΠ°Ρ‚Π΅ Π·Π°ΠΊΡƒΠΏΠ΅Π½ΠΈΡ‚Π΅ ΠΎΡ‚ Google Play Π°ΡƒΠ΄ΠΈΠΎΠΊΠ½ΠΈΠ³ΠΈ посрСдством ΡƒΠ΅Π± Π±Ρ€Π°ΡƒΠ·ΡŠΡ€Π° Π½Π° ΠΊΠΎΠΌΠΏΡŽΡ‚ΡŠΡ€Π° си.
Π•Π»Π΅ΠΊΡ‚Ρ€ΠΎΠ½Π½ΠΈ Ρ‡Π΅Ρ‚Ρ†ΠΈ ΠΈ Π΄Ρ€ΡƒΠ³ΠΈ устройства
Π—Π° Π΄Π° Ρ‡Π΅Ρ‚Π΅Ρ‚Π΅ Π½Π° устройства с Π΅Π»Π΅ΠΊΡ‚Ρ€ΠΎΠ½Π½ΠΎ мастило, ΠΊΠ°Ρ‚ΠΎ Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€ Π΅Π»Π΅ΠΊΡ‚Ρ€ΠΎΠ½Π½ΠΈΡ‚Π΅ Ρ‡Π΅Ρ‚Ρ†ΠΈ ΠΎΡ‚ Kobo, трябва Π΄Π° ΠΈΠ·Ρ‚Π΅Π³Π»ΠΈΡ‚Π΅ Ρ„Π°ΠΉΠ» ΠΈ Π΄Π° Π³ΠΎ ΠΏΡ€Π΅Ρ…Π²ΡŠΡ€Π»ΠΈΡ‚Π΅ Π½Π° устройството си. Π˜Π·ΠΏΡŠΠ»Π½Π΅Ρ‚Π΅ ΠΏΠΎΠ΄Ρ€ΠΎΠ±Π½ΠΈΡ‚Π΅ инструкции Π² ΠŸΠΎΠΌΠΎΡ‰Π½ΠΈΡ Ρ†Π΅Π½Ρ‚ΡŠΡ€, Π·Π° Π΄Π° ΠΏΡ€Π΅Ρ…Π²ΡŠΡ€Π»ΠΈΡ‚Π΅ Ρ„Π°ΠΉΠ»ΠΎΠ²Π΅Ρ‚Π΅ Π² ΠΏΠΎΠ΄Π΄ΡŠΡ€ΠΆΠ°Π½ΠΈΡ‚Π΅ Π΅Π»Π΅ΠΊΡ‚Ρ€ΠΎΠ½Π½ΠΈ Ρ‡Π΅Ρ‚Ρ†ΠΈ.

Подобни Π΅Π»Π΅ΠΊΡ‚Ρ€ΠΎΠ½Π½ΠΈ ΠΊΠ½ΠΈΠ³ΠΈ

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
Kevin Mitnick
Π‘ΠΈΠΎΠ³Ρ€Π°Ρ„ΠΈΠΈ ΠΈ ΠΌΠ΅ΠΌΠΎΠ°Ρ€ΠΈ
4,5
12,99Β Ρ‰.Π΄.
Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations
Nicole Forsgren, PhD
БизнСс ΠΈ инвСстиранС
4,4
12,99Β Ρ‰.Π΄.2,99Β Ρ‰.Π΄.
The Art of Hacking
Anto.Y
ΠšΠΎΠΌΠΏΡŽΡ‚Ρ€ΠΈ ΠΈ Ρ‚Π΅Ρ…Π½ΠΎΠ»ΠΎΠ³ΠΈΠΈ
4,9
18,00Β Ρ‰.Π΄.7,81Β Ρ‰.Π΄.
Underground Mobile Phone Hacking
Anto.Y
ΠšΠΎΠΌΠΏΡŽΡ‚Ρ€ΠΈ ΠΈ Ρ‚Π΅Ρ…Π½ΠΎΠ»ΠΎΠ³ΠΈΠΈ
4,9
15,00Β Ρ‰.Π΄.6,01Β Ρ‰.Π΄.