Server-side web applications are still predominantly implemented in the PHP programming
language. Even nowadays, PHP-based web applications are plagued by many different …

Following advances in machine learning and deep learning processing, cyber security
experts are committed to creating deep intelligent approaches for automatically detecting …

Year over year, modern web applications evolve to cater to the needs of many users and
support various runtime environments. The ever-growing need to appeal to as many users …

Unrestricted file upload (UFU) vulnerabilities, especially unrestricted executable file upload
(UEFU) vulnerabilities, pose severe security risks to web servers. For instance, attackers can …

The last decade has seen a proliferation of codereuse attacks in the context of web
applications. These attacks stem from Object Injection Vulnerabilities (OIV) enabling attacker …

A code property graph (CPG) is a joint representation of syntax, control flows, and data flows
of a target application. Recent studies have demonstrated the promising efficacy of …

Web vulnerabilities, especially injection-related ones, are popular among web application
frameworks (such as Word-Press and Piwigo), which can lead to severe consequences like …

The main aim of this work is to find and explain certain scenarios that can demonstrate the
differences in automated and manual approaches for penetration testing. There are some …

Unrestricted file upload vulnerabilities enable attackers to upload malicious scripts to a web
server for later execution. We have built a system, namely UFuzzer, to effectively and …

An Unrestricted File Upload (UFU) vulnerability is a critical security threat that enables an
adversary to upload her choice of a forged file to a target web server. This bug evolves into …