Skip to search formSkip to main contentSkip to account menu

Security Smells in Ansible and Chef Scripts

This article identifies two security smells not reported in prior work: missing default in case statement and no integrity check and recommends practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using code review, and static analysis tools.
ACM (opens in a new tab)

From Threat Reports to Continuous Threat Intelligence: A Comparison of Attack Technique Extraction Methods from Textual Artifacts

This work identifies ten existing TTP extraction studies from the literature and implements five methods, finding two methods, based on Term Frequency-Inverse Document Frequency and Latent Semantic Indexing, outperform the other three methods with a F1 score of 84\% and 83\%, respectively.
arXiv (opens in a new tab)

What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey

The goal of this article is to aid cybersecurity researchers in understanding the current techniques used for cyberthreat intelligence extraction from text through a survey of relevant studies in the literature, finding 11 types of extraction purposes and 7 types of textual sources for CTI extraction.
ACM (opens in a new tab)

Share, But be Aware: Security Smells in Python Gists

This paper finds 13 types of security smells with 4,403 occurrences in 5,822 publicly-available Python Gists and finds no significance relation between the presence of these security smells and the reputation of the Gist author.
IEEE (opens in a new tab)

Investigating co-occurrences of MITRE ATT\&CK Techniques

This study approximates how adversaries leverage techniques based on publicly reported documents and advocates organizations investigate adversarial techniques in their environment and make the findings available for a more precise and actionable understanding.
arXiv (opens in a new tab)

An investigation of security controls and MITRE ATT&CK techniques

The extent of mitigation of 298 NIST SP800-53 controls over 188 adversarial techniques used in 669 cybercrime groups and malware cataloged in the MITRE ATT\&CK framework is investigated based upon an existing mapping between the controls and techniques.
arXiv (opens in a new tab)

Inferring Bug Patterns for Detecting Bugs in JavaScript By Analyzing Abstract Syntax Tree

This paper has proposed six algorithms to generate six types of bug patterns from JavaScript source code and found out 73 bug patterns by analyzing the commit log messages of 7 GitHub projects.
IEEE (opens in a new tab)

A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts

It is found that the most prominent sources of unstructured threat data are the threat reports, Twitter feeds, and posts from hackers and security experts, and natural language processing (NLP) based approaches: topic classification; keyword identification; and semantic relationship extraction among the keywords are mostly availed in the selected studies to mine CTI information from un Structured threat sources.
IEEE (opens in a new tab)

Mining temporal attack patterns from cyberthreat intelligence reports

The goal of this paper is to aid security practitioners in proactive defense against attacks by automatic information extraction of temporal relations among attack actions from cyberthreat intelligence reports by proposing ChronoCTI, an automated pipeline for extracting temporal relations among attack actions from CTI reports.
Springer Nature (opens in a new tab)

Assessment of natural regeneration status: the case of Durgapur hill forest, Netrokona, Bangladesh

ABSTRACT Enumeration of regeneration status is an authentic tool to know the actual condition of forest ecosystem. The study was conducted to assess the regeneration status of Durgapur hill forest
Taylor & Francis (opens in a new tab)
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)