Penetration testing or pen test is a simulated cyber-attack conducted to find the
vulnerabilities and weaknesses in a computer system. The test is conducted by …

Research pertaining to threat modeling is significant. However, the existing threat modeling
methods suffer from ambiguity, heterogeneity and incompleteness; furthermore, the threat …

The way we travel is changing rapidly, and Cooperative Intelligent Transportation Systems
(C-ITSs) are at the forefront of this evolution. However, the adoption of C-ITSs introduces …

Ontology is a widely used knowledge representation formalism in artificial intelligence area
in recent years. In this paper, we propose an ontology-based automated penetration testing …

The number of services that connect to the Internet is steadily increasing. Applications
integrate with each other more than ever before. As such, the possible attack surface of a …

Penetration Testing (PT) is an offensive method for assessing and evaluating the security of
digital asset by planning, generating, and executing all or some of the possible attacks that …

针对软件缺陷与软件安全漏洞研究中存在的概念混淆问题, 对DevSecOps
框架下的软件安全漏洞生存期进行研究. 基于软件安全漏洞生存期引入漏洞的4 种情况 …

网络安全人才的培养和选拔, 离不开一把衡量人才的“尺子”. 以通用漏洞评分系统作为参考范例,
一个具备可操作性的评价模型, 不能只是一个抽象的思考模型, 而是应当包含准则, 权重 …

Abstract Information security is one of the most important components in any organization.
The disclosure of this information can lead not only to material losses, but also to the loss of …

As technology is becoming a prevalent and ubiquitous part of society, increasing levels of
cybercrime have drawn attention to the need for suitable frameworks for ensuring the …