CRJul 13, 2020
Robin: A Web Security ToolGuilherme Girotto, Avelino Francisco Zorzo
Thanks to the advance of technology, all kinds of applications are becoming more complete and capable of performing complex tasks that save much of our time. But to perform these tasks, applications require that some personal information are shared, for example credit card, bank accounts, email addresses, etc. All these data must be transferred securely between the final user and the institution application. Nonetheless, several applications might contain residual flaws that may be explored by criminals in order to steal users data. Hence, to help information security professionals and developers to perform penetration tests (pentests) on web applications, this paper presents Robin: A Web Security Tool. The tool is also applied to a real case study in which a very dangerous vulnerability was found. This vulnerability is also described in this paper.
CRDec 20, 2019
Performance and Cost Evaluation of Smart Contracts in Collaborative Health Care EnvironmentsRoben Castagna Lunardi, Henry Cabral Nunes, Vinicius da Silva Branco et al.
Blockchain emerged as a solution for data integrity, non-repudiation, and availability in different applications. Data sensitive scenarios, such as Health Care, can also benefit from these blockchain properties. Consequently, different research proposed the adoption of blockchain in Health Care applications. However, few are discussed about incentive methods to attract new users, as well as to motivate the system or application usage by existing end-users. Also, little is discussed about performance during code execution in blockchains. In order to tackle these issues, this work presents the preliminary evaluation of TokenHealth, an application for collaborative health practice monitoring with gamification and token-based incentives. The proposed solution is implemented through smart contracts using Solidity in the Ethereum blockchain. We evaluated the performance of both in Ropsten test network and in a Private instance. The preliminary results show that the execution of smart contracts takes less than a minute for a full cycle of different smart contracts. Also, we present a discussion about costs for using a Private instance and the public Ethereum main network.