Rapid and Proactive Approach on Exploration of Database Vulnerabilities

In today's complicated computing environment, managing data has become the primary concern of all industries. Information security is the greatest challenge and it has become essential to secure the enterprise system resources like the databases and the operating systems from the attacks of the unknown outsiders. Our approach plays a major role in detecting and managing vulnerabilities in complex computing systems. It allows enterprises to assess two primary tiers through a single interface as a vulnerability scanner tool which provides a secure system which is also compatible with the security compliance of the industry. It provides an overall view of the vulnerabilities in the database, by automatically scanning them with minimum overhead. It gives a detailed view of the risks involved and their corresponding ratings. Based on these priorities, an appropriate mitigation process can be implemented to ensure a secured system. The results show that our approach could effectively optimize the time and cost involved when compared to the existing systems

Applied web traffic analysis for numerical encoding of SQL Injection attack features.

SQL Injection Attack (SQLIA) remains a technique used by a computer network intruder to pilfer an organisation’s confidential data. This is done by an intruder re-crafting web form’s input and query strings used in web requests with malicious intent to compromise the security of an organisation’s confidential data stored at the back-end database. The database is the most valuable data source, and thus, intruders are unrelenting in constantly evolving new techniques to bypass the signature’s solutions currently provided in Web Application Firewalls (WAF) to mitigate SQLIA. There is therefore a need for an automated scalable methodology in the pre-processing of SQLIA features fit for a supervised learning model. However, obtaining a ready-made scalable dataset that is feature engineered with numerical attributes dataset items to train Artificial Neural Network (ANN) and Machine Leaning (ML) models is a known issue in applying artificial intelligence to effectively address ever evolving novel SQLIA signatures. This proposed approach applies numerical attributes encoding ontology to encode features (both legitimate web requests and SQLIA) to numerical data items as to extract scalable dataset for input to a supervised learning model in moving towards a ML SQLIA detection and prevention model. In numerical attributes encoding of features, the proposed model explores a hybrid of static and dynamic pattern matching by implementing a Non-Deterministic Finite Automaton (NFA). This combined with proxy and SQL parser Application Programming Interface (API) to intercept and parse web requests in transition to the back-end database. In developing a solution to address SQLIA, this model allows processed web requests at the proxy deemed to contain injected query string to be excluded from reaching the target back-end database. This paper is intended for evaluating the performance metrics of a dataset obtained by numerical encoding of features ontology in Microsoft Azure Machine Learning (MAML) studio using Two-Class Support Vector Machines (TCSVM) binary classifier. This methodology then forms the subject of the empirical evaluation.

New evidence of neuroprotection by lactate after transient focal cerebral ischaemia: extended benefit after intracerebroventricular injection and efficacy of intravenous administration.

BACKGROUND: Lactate protects mice against the ischaemic damage resulting from transient middle cerebral artery occlusion (MCAO) when administered intracerebroventricularly at reperfusion, yielding smaller lesion sizes and a better neurological outcome 48 h after ischaemia. We have now tested whether the beneficial effect of lactate is long-lasting and if lactate can be administered intravenously. METHODS: Male ICR-CD1 mice were subjected to 15-min suture MCAO under xylazine + ketamine anaesthesia. Na L-lactate (2 µl of 100 mmol/l) or vehicle was administered intracerebroventricularly at reperfusion. The neurological deficit was evaluated using a composite deficit score based on the neurological score, the rotarod test and the beam walking test. Mice were sacrificed at 14 days. In a second set of experiments, Na L-lactate (1 µmol/g body weight) was administered intravenously into the tail vein at reperfusion. The neurological deficit and the lesion volume were measured at 48 h. RESULTS: Intracerebroventricularly injected lactate induced sustained neuroprotection shown by smaller neurological deficits at 7 days (median = 0, min = 0, max = 3, n = 7 vs. median = 2, min = 1, max = 4.5, n = 5, p < 0.05) and 14 days after ischaemia (median = 0, min = 0, max = 3, n = 7 vs. median = 3, min = 0.5, max = 3, n = 7, p = 0.05). Reduced tissue damage was demonstrated by attenuated hemispheric atrophy at 14 days (1.3 ± 4.0 mm(3), n = 7 vs. 12.1 ± 3.8 mm(3), n = 5, p < 0.05) in lactate-treated animals. Systemic intravenous lactate administration was also neuroprotective and attenuated the deficit (median = 1, min = 0, max = 2.5, n = 12) compared to vehicle treatment (median = 1.5, min = 1, max = 8, n = 12, p < 0.05) as well as the lesion volume at 48 h (13.7 ± 12.2 mm(3), n = 12 vs. 29.6 ± 25.4 mm(3), n = 12, p < 0.05). CONCLUSIONS: The beneficial effect of lactate is long-lasting: lactate protects the mouse brain against ischaemic damage when supplied intracerebroventricularly during reperfusion with behavioural and histological benefits persisting 2 weeks after ischaemia. Importantly, lactate also protects after systemic intravenous administration, a more suitable route of administration in a clinical emergency setting. These findings provide further steps to bring this physiological, commonly available and inexpensive neuroprotectant closer to clinical translation for stroke.

An investigation into PL/SQL Injection.

SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases of Oracle were vulner-able to injection but that the injection technique often differed in the packages that it could be conducted in.

Early analysis of fault-attack effects for cryptographic hardware

International audience

Icatibant, An Inhibitor Of Bradykinin Receptor 2, For Hereditary Angioedema Attacks: Prospective Experimental Single-cohort Study.

Hereditary angioedema (HAE) with C1 inhibitor deficiency manifests as recurrent episodes of edema involving the skin, upper respiratory tract and gastrointestinal tract. It can be lethal due to asphyxia. The aim here was to evaluate the response to therapy for these attacks using icatibant, an inhibitor of the bradykinin receptor, which was recently introduced into Brazil. Prospective experimental single-cohort study on the efficacy and safety of icatibant for HAE patients. Patients with a confirmed HAE diagnosis were enrolled according to symptoms and regardless of the time since onset of the attack. Icatibant was administered in accordance with the protocol that has been approved in Brazil. Symptom severity was assessed continuously and adverse events were monitored. 24 attacks in 20 HAE patients were treated (female/male 19:1; 19-55 years; median 29 years of age). The symptoms were: subcutaneous edema (22/24); abdominal pain (15/24) and upper airway obstruction (10/24). The time taken until onset of relief was: 5-10 minutes (5/24; 20.8%); 10-20 (5/24; 20.8%); 20-30 (8/24; 33.4%); 30-60 (5/24; 20.8%); and 2 hours (1/24; 4.3%). The time taken for complete resolution of symptoms ranged from 4.3 to 33.4 hours. Adverse effects were only reported at injection sites. Mild to moderate erythema and/or feelings of burning were reported by 15/24 patients, itching by 3 and no adverse effects in 6. HAE type I patients who received icatibant responded promptly; most achieved improved symptom severity within 30 minutes. Local adverse events occurred in 75% of the patients.

Flow injection green method for the quantitative analysis of ketoconazole in pharmaceutical preparations

A flow injection method for the quantitative analysis of ketoconazole in tablets, based on the reaction with iron (III) ions, is presented. Ketoconazole forms a red complex with iron ions in an acid medium, with maximum absorbance at 495 nm. The detection limit was estimated to be 1×10--4 mol L-1; the quantitation limit is about 3×10--4 mol L-1 and approximately 30 determinations can be performed in an hour. The results were compared with those obtained with a reference HPLC method. Statistical comparisons were done using the Student's t procedure and the F test. Complete agreement was found at the 0.95 significance level between the proposed flow injection and the HPLC procedures. The two methods present similar precision, i.e., for HPLC the mean relative standard deviation was ca. 1.2% and for FIA ca. 1.6%.

Evaluation of a simple hyphenated system for flow injection solid-phase pre-concentration and capillary electrophoresis

In this work, the development and evaluation of a hyphenated flow injection-capillary electrophoresis system with on-line pre-concentration is described. Preliminary tests were performed to investigate the influence of flow rates over the analytical signals. Results revealed losses in terms of sensitivity of the FIA-CE system when compared to the conventional CE system. To overcome signal decrease and to make the system more efficient, a lower flow rate was set and an anionic resin column was added to the flow manifold in order to pre-concentrate the analyte. The pre-concentration FIA-CE system presented a sensitivity improvement of about 660% and there was only a small increase of 8% in total peak dispersion. These results have confirmed the great potential of the proposed system for many analytical tasks especially for low concentration samples.

Determination of picloram in waters by sequential injection chromatography with UV detection

This paper describes a sequential injection chromatography procedure for determination of picloram in waters exploring the low backpressure of a 2.5 cm long monolithic C18 column. Separation of the analyte from the matrix was achieved in less than 60 s using a mobile phase composed by 20:80 (v v-1) acetonitrile:5.0 mmol L-1 H3PO4 and flow rate of 30 μL s-1. Detection was made at 223 nm with a 40 mm optical path length cell. The limits of detection and quantification were 33 and 137 μg L-1, respectively. The proposed method is sensitive enough to monitor the maximum concentration level for picloram in drinking water (500 μg L-1). The sampling frequency is 60 analyses per hour, consuming only 300 μL of acetonitrile per analysis. The proposed methodology was applied to spiked river water samples and no statistically significant differences were observed in comparison to a conventional HPLC-UV method.

Development of a flow through photo-reactor to study degradation of organic compounds by Sequential Injection Analysis (SIA)

This work describes a photo-reactor to perform in line degradation of organic compounds by photo-Fenton reaction using Sequential Injection Analysis (SIA) system. A copper phthalocyanine-3,4',4²,4²¢-tetrasulfonic acid tetrasodium salt dye solution was used as a model compound for the phthalocyanine family, whose pigments have a large use in automotive coatings industry. Based on preliminary tests, 97% of color removal was obtained from a solution containing 20 µmol L-1 of this dye.

Cell Therapy Attenuates Cardiac Dysfunction Post Myocardial Infarction: Effect of Timing, Routes of Injection and a Fibrin Scaffold

Background: Cell therapy approaches for biologic cardiac repair hold great promises, although basic fundamental issues remain poorly understood. In the present study we examined the effects of timing and routes of administration of bone marrow cells (BMC) post-myocardial infarction (MI) and the efficacy of an injectable biopolymer scaffold to improve cardiac cell retention and function. Methodology/Principal Findings: (99m)Tc-labeled BMC (6x10(6) cells) were injected by 4 different routes in adult rats: intravenous (IV), left ventricular cavity (LV), left ventricular cavity with temporal aorta occlusion (LV(+)) to mimic coronary injection, and intramyocardial (IM). The injections were performed 1, 2, 3, or 7 days post-MI and cell retention was estimated by gamma-emission counting of the organs excised 24 hs after cell injection. IM injection improved cell retention and attenuated cardiac dysfunction, whereas IV, LV or LV* routes were somewhat inefficient (< 1%). Cardiac BMC retention was not influenced by timing except for the IM injection that showed greater cell retention at 7 (16%) vs. 1, 2 or 3 (average of 7%) days post-MI. Cardiac cell retention was further improved by an injectable fibrin scaffold at day 3 post-MI (17 vs. 7%), even though morphometric and function parameters evaluated 4 weeks later displayed similar improvements. Conclusions/Significance: These results show that cells injected post-MI display comparable tissue distribution profile regardless of the route of injection and that there is no time effect for cardiac cell accumulation for injections performed 1 to 3 days post-MI. As expected the IM injection is the most efficient for cardiac cell retention, it can be further improved by co-injection with a fibrin scaffold and it significantly attenuates cardiac dysfunction evaluated 4 weeks post myocardial infarction. These pharmacokinetic data obtained under similar experimental conditions are essential for further development of these novel approaches.

Flow injection analysis of paracetamol using a biomimetic sensor as a sensitive and selective amperometric detector

This work describes the coupling of a biomimetic sensor to a flow injection system for the sensitive determination of paracetamol. The sensor was prepared as previously described in the literature (M. D. P. T. Sotomayor, A. Sigoli, M. R. V. Lanza, A. A. Tanaka and L. T. Kubota, J. Braz. Chem. Soc., 2008, 19, 734) by modifying a glassy carbon electrode surface with a Nafion (R) membrane doped with iron tetrapyridinoporphyrazine (FeTPyPz), a biomimetic catalyst of the P450 enzyme. The performance of the sensor for paracetamol detection was investigated and optimized in a flow injection system (FIA) using a wall jet electrochemical cell. Under optimized conditions a wide linear response range (1.0 x 10(-5) to 5.0 x 10(-2) mol L(-1)) was obtained, with a sensitivity of 2579 (+/- 129) mu A L mu mol(-1). The detection and quantification limits of the sensor for paracetamol in the FIA system were 1.0 and 3.5 mu mol L(-1), respectively. The analytical frequency was 51 samples h(-1), and over a period of five days (320 determinations) the biosensor maintained practically the same response. The system was successfully applied to paracetamol quantification in seven pharmaceutical formulations and in water samples from six rivers in Sao Paulo State, Brazil.

A flow injection procedure based on solenoid micro-pumps for spectrophotometric determination of free glycerol in biodiesel

A flow system designed with solenoid micro-pumps is proposed for fast and greener spectrophotometric determination of free glycerol in biodiesel. Glycerol was extracted from samples without using organic solvents. The determination involves glycerol oxidation by periodate, yielding formaldehyde followed by formation of the colored (3,5-diacetil-1,4-dihidrolutidine) product upon reaction with acetylacetone. The coefficient of variation, sampling rate and detection limit were estimated as 1.5% (20.0 mg L(-1) glycerol, n =10), 34 h(-1), and 1.0 mg L(-1) (99.7% confidence level), respectively. A linear response was observed from 5 to 50 mg L(-1), with reagent consumption estimated as 345 mu g of KIO(4) and 15 mg of acetylacetone per determination. The procedure was successfully applied to the analysis of biodiesel samples and the results agreed with the batch reference method at the 95% confidence level. (C) 2010 Elsevier B.V. All rights reserved.

Downscaling a multicommuted flow injection analysis system for the photometric determination of iodate in table salt

In this work a downscaled multicommuted flow injection analysis setup for photometric determination is described. The setup consists of a flow system module and a LED based photometer, with a total internal volume of about 170 mu L The system was tested by developing an analytical procedure for the photometric determination of iodate in table salt using N,N-diethyl-henylenediamine (DPD) as the chromogenic reagent. Accuracy was accessed by applying the paired r-test between results obtained using the proposed procedure and a reference method, and no significant difference at the 95% confidence level was observed. Other profitable features, such as a low reagent consumption of 7.3 mu g DPD per determination: a linear response ranging from 0.1 up to 3.0 m IO(3)(-), a relative standard deviation of 0.9% (n = 11) for samples containing 0.5 m IO(3)(-), a detection limit of 17 mu g L(-1) IO(3)(-), a sampling throughput of 117 determination per hour, and a waste generation 600 mu L per determination, were also achieved. (C) 2010 Elsevier B.V. All rights reserved.