Web Services Security - Implementation and Evaluation Issues

Science.gov (United States)

Pimenidis, Elias; Georgiadis, Christos K.; Bako, Peter; Zorkadis, Vassilis

Web services development is a key theme in the utilization the commercial exploitation of the semantic web. Paramount to the development and offering of such services is the issue of security features and they way these are applied in instituting trust amongst participants and recipients of the service. Implementing such security features is a major challenge to developers as they need to balance these with performance and interoperability requirements. Being able to evaluate the level of security offered is a desirable feature for any prospective participant. The authors attempt to address the issues of security requirements and evaluation criteria, while they discuss the challenges of security implementation through a simple web service application case.

AN INSECURE WILD WEB: A LARGE-SCALE STUDY OF EFFECTIVENESS OF WEB SECURITY MECHANISMS

Directory of Open Access Journals (Sweden)

Kailas Patil

2017-03-01

Full Text Available This research work presents a large-scale study of the problems in real-world web applications and widely-used mobile browsers. Through a large-scale experiment, we find inconsistencies in Secure Socket Layer (SSL warnings among popular mobile web browsers (over a billion users download. The majority of popular mobile browsers on the Google Play Store either provide incomplete information in SSL warnings shown to users or failed to provide SSL warnings in the presence of security certificate errors, thus making it a difficult task even for a security savvy user to make an informed decision. In addition, we find that 28% of websites are using mixed content. Mixed content means a secure website (https loads a sub resource using insecure HTTP protocol. The mixed content weakens the security of entire website and vulnerable to man-in-the-middle (MITM attacks. Furthermore, we inspected the default behavior of mobile web browsers and report that majority of mobile web browsers allow execution of mixed content in web applications, which implies billions of mobile browser users are vulnerable to eavesdropping and MITM attacks. Based on our findings, we make recommendations for website developers, users and browser vendors.

To Study and Explain the Different Methods to Built a Secure Web Application

OpenAIRE

Parveen Kumar

2012-01-01

The secure web application is the most important thing for any type of transaction or similar things. Information security should enable, to the extent possible, a business to take the risks it is prepared to take on, by designing and deploying countermeasuresthat allow for sensible business risk. Additionally, seemingly small exposures should be dealt with if there is a business case. The role of the security architecture is not to steer the business away from risk, but rather to educate the...

RESTful Java web services security

CERN Document Server

Enríquez, René

2014-01-01

A sequential and easy-to-follow guide which allows you to understand the concepts related to securing web apps/services quickly and efficiently, since each topic is explained and described with the help of an example and in a step-by-step manner, helping you to easily implement the examples in your own projects. This book is intended for web application developers who use RESTful web services to power their websites. Prior knowledge of RESTful is not mandatory, but would be advisable.

Web Application Obfuscation '-WAFsEvasionFiltersalert(Obfuscation)-'

CERN Document Server

Heiderich, Mario; Heyes, Gareth; Lindsay, David

2010-01-01

Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new ty

Web Security, Privacy & Commerce

CERN Document Server

Garfinkel, Simson

2011-01-01

Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites. Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Exp

Security Guidelines for the Development of Accessible Web Applications through the implementation of intelligent systems

Directory of Open Access Journals (Sweden)

Luis Joyanes Aguilar

2009-12-01

Full Text Available Due to the significant increase in threats, attacks and vulnerabilities that affect the Web in recent years has resulted the development and implementation of pools and methods to ensure security measures in the privacy, confidentiality and data integrity of users and businesses. Under certain circumstances, despite the implementation of these tools do not always get the flow of information which is passed in a secure manner. Many of these security tools and methods cannot be accessed by people who have disabilities or assistive technologies which enable people to access the Web efficiently. Among these security tools that are not accessible are the virtual keyboard, the CAPTCHA and other technologies that help to some extent to ensure safety on the Internet and are used in certain measures to combat malicious code and attacks that have been increased in recent times on the Web. Through the implementation of intelligent systems can detect, recover and receive information on the characteristics and properties of the different tools and hardware devices or software with which the user is accessing a web application and through analysis and interpretation of these intelligent systems can infer and automatically adjust the characteristics necessary to have these tools to be accessible by anyone regardless of disability or navigation context. This paper defines a set of guidelines and specific features that should have the security tools and methods to ensure the Web accessibility through the implementation of intelligent systems.

Secure Web System in a Cloud Environment

OpenAIRE

Pokherl, Bibesh

2013-01-01

Advent of cloud computing has brought a lot of benefits for users based on its essential characteristics. Users are attracted by its costs per use service and rapidly deploy their applications in the cloud and scale by using virtualization technology without investing in their own IT infrastructure. These applications can be accessed through web based technology, such as web browsers or mobile apps. However, security becomes a major challenge when user’s data and applications are stored in a ...

Secure Sessions for Web Services

NARCIS (Netherlands)

Reiter, M.; Bhargavan, K.; Corin, R.J.; Fournet, C.; Gordon, A.D.

2007-01-01

We address the problem of securing sequences of SOAP messages exchanged between web services and their clients. The WS-Security standard defines basic mechanisms to secure SOAP traffic, one message at a time. For typical web services, however, using WS-Security independently for each message is

Web security a whitehat perspective

CERN Document Server

Wu, Hanqing

2015-01-01

MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

On the security of SSL/TLS-enabled applications

Directory of Open Access Journals (Sweden)

Manik Lal Das

2014-01-01

Full Text Available SSL/TLS (Secure Socket Layer/Transport Layer Security-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM attack, has been exploited by attackers of SSL/TLS-enabled web applications, particularly when naive users want to connect to an SSL/TLS-enabled web server. In this paper, we discuss about the MITM threat to SSL/TLS-enabled web applications. We review the existing space of solutions to counter the MITM attack on SSL/TLS-enabled applications, and then, we provide an effective solution which can resist the MITM attack on SSL/TLS-enabled applications. The proposed solution uses a soft-token based approach for user authentication on top of the SSL/TLS’s security features. We show that the proposed solution is secure, efficient and user friendly in comparison to other similar approaches.

Modification of CAS-protocol for improvement of security web-applications from unauthorized access

Directory of Open Access Journals (Sweden)

Alexey I Igorevich Alexandrov

2017-07-01

Full Text Available Dissemination of information technologies and the expansion of their application demand constantly increasing security level for users, operating with confidential information and personal data. The problem of setting up secure user identification is probably one of the most common tasks, which occur in the process of software development. Today, despite the availability of a large amount of authentication tools, new solutions, mechanisms and technologies are being introduced regularly. Primarily, it is done to increase the security level of data protection against unauthorized access. This article describes the experience of using central user authentication service based on CAS-protocol (CAS – Central Authentication Service and free open source software, analyzing its main advantages and disadvantages and describing the possibility of its modification, which would increase security of web-based information systems from being accessed illegally. The article contains recommendations for setting a maximum time limit for users working on services, integrated with central authentication; and, analyses the research of implementing modern web-technologies while using user authentication system based on CAS-protocol. In addition, it describes the ways of CAS-server modernization for developing additional modules: a module for collecting and analyzing the use of information systems, and another one, for a user management system. Furthermore, CAS-protocol can be used at universities and other organizations for creating a unified information environment in education.

Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications

OpenAIRE

Dalai, Asish Kumar; Jena, Sanjay Kumar

2017-01-01

Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevent...

A security modeling approach for web-service-based business processes

DEFF Research Database (Denmark)

Jensen, Meiko; Feja, Sven

2009-01-01

a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology.......The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality...... of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide...

X-Switch: An Efficient , Multi-User, Multi-Language Web Application Server

Directory of Open Access Journals (Sweden)

Mayumbo Nyirenda

2010-07-01

Full Text Available Web applications are usually installed on and accessed through a Web server. For security reasons, these Web servers generally provide very few privileges to Web applications, defaulting to executing them in the realm of a guest ac- count. In addition, performance often is a problem as Web applications may need to be reinitialised with each access. Various solutions have been designed to address these security and performance issues, mostly independently of one another, but most have been language or system-specic. The X-Switch system is proposed as an alternative Web application execution environment, with more secure user-based resource management, persistent application interpreters and support for arbitrary languages/interpreters. Thus it provides a general-purpose environment for developing and deploying Web applications. The X-Switch system's experimental results demonstrated that it can achieve a high level of performance. Further- more it was shown that X-Switch can provide functionality matching that of existing Web application servers but with the added benet of multi-user support. Finally the X-Switch system showed that it is feasible to completely separate the deployment platform from the application code, thus ensuring that the developer does not need to modify his/her code to make it compatible with the deployment platform.

Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications

Directory of Open Access Journals (Sweden)

Asish Kumar Dalai

2017-01-01

Full Text Available Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application, and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

Design and Analysis of Web Application Frameworks

DEFF Research Database (Denmark)

Schwarz, Mathias Romme

-state manipulation vulnerabilities. The hypothesis of this dissertation is that we can design frameworks and static analyses that aid the programmer to avoid such errors. First, we present the JWIG web application framework for writing secure and maintainable web applications. We discuss how this framework solves...... some of the common errors through an API that is designed to be safe by default. Second, we present a novel technique for checking HTML validity for output that is generated by web applications. Through string analysis, we approximate the output of web applications as context-free grammars. We model......Numerous web application frameworks have been developed in recent years. These frameworks enable programmers to reuse common components and to avoid typical pitfalls in web application development. Although such frameworks help the programmer to avoid many common errors, we nd...

A Secure Web Application Providing Public Access to High-Performance Data Intensive Scientific Resources - ScalaBLAST Web Application

International Nuclear Information System (INIS)

Curtis, Darren S.; Peterson, Elena S.; Oehmen, Chris S.

2008-01-01

This work presents the ScalaBLAST Web Application (SWA), a web based application implemented using the PHP script language, MySQL DBMS, and Apache web server under a GNU/Linux platform. SWA is an application built as part of the Data Intensive Computer for Complex Biological Systems (DICCBS) project at the Pacific Northwest National Laboratory (PNNL). SWA delivers accelerated throughput of bioinformatics analysis via high-performance computing through a convenient, easy-to-use web interface. This approach greatly enhances emerging fields of study in biology such as ontology-based homology, and multiple whole genome comparisons which, in the absence of a tool like SWA, require a heroic effort to overcome the computational bottleneck associated with genome analysis. The current version of SWA includes a user account management system, a web based user interface, and a backend process that generates the files necessary for the Internet scientific community to submit a ScalaBLAST parallel processing job on a dedicated cluster

Web Server Security on Open Source Environments

Science.gov (United States)

Gkoutzelis, Dimitrios X.; Sardis, Manolis S.

Administering critical resources has never been more difficult that it is today. In a changing world of software innovation where major changes occur on a daily basis, it is crucial for the webmasters and server administrators to shield their data against an unknown arsenal of attacks in the hands of their attackers. Up until now this kind of defense was a privilege of the few, out-budgeted and low cost solutions let the defender vulnerable to the uprising of innovating attacking methods. Luckily, the digital revolution of the past decade left its mark, changing the way we face security forever: open source infrastructure today covers all the prerequisites for a secure web environment in a way we could never imagine fifteen years ago. Online security of large corporations, military and government bodies is more and more handled by open source application thus driving the technological trend of the 21st century in adopting open solutions to E-Commerce and privacy issues. This paper describes substantial security precautions in facing privacy and authentication issues in a totally open source web environment. Our goal is to state and face the most known problems in data handling and consequently propose the most appealing techniques to face these challenges through an open solution.

A Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Applications

Directory of Open Access Journals (Sweden)

Silvia TRIF

2011-01-01

Full Text Available This paper present and implement a Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Application. In the developing process is used a Windows Phone 7 application that interact with a WCF Web Service and a database. The types of Business Intelligence Mobile Applications are presented. The Windows mobile devices security and restrictions are presented. The namespaces and security algorithms used in .NET Compact Framework for assuring the application security are presented. The proposed architecture is showed underlying the flows between the application and the web service.

Developing web applications with Oracle ADF essentials

CERN Document Server

Vesterli, Sten E

2013-01-01

Developing Web Applications with Oracle ADF Essentials covers the basics of Oracle ADF and then works through more complex topics such as debugging and logging features and JAAS Security in JDeveloper as the reader gains more skills. This book will follow a tutorial approach, using a practical example, with the content and tasks getting harder throughout.""Developing Web Applications with Oracle ADF Essentials"" is for you if you want to build modern, user-friendly web applications for all kinds of data gathering, analysis, and presentations. You do not need to know any advanced HTML or JavaSc

DIRAC: Secure web user interface

International Nuclear Information System (INIS)

Casajus Ramo, A; Sapunov, M

2010-01-01

Traditionally the interaction between users and the Grid is done with command line tools. However, these tools are difficult to use by non-expert users providing minimal help and generating outputs not always easy to understand especially in case of errors. Graphical User Interfaces are typically limited to providing access to the monitoring or accounting information and concentrate on some particular aspects failing to cover the full spectrum of grid control tasks. To make the Grid more user friendly more complete graphical interfaces are needed. Within the DIRAC project we have attempted to construct a Web based User Interface that provides means not only for monitoring the system behavior but also allows to steer the main user activities on the grid. Using DIRAC's web interface a user can easily track jobs and data. It provides access to job information and allows performing actions on jobs such as killing or deleting. Data managers can define and monitor file transfer activity as well as check requests set by jobs. Production managers can define and follow large data productions and react if necessary by stopping or starting them. The Web Portal is build following all the grid security standards and using modern Web 2.0 technologies which allow to achieve the user experience similar to the desktop applications. Details of the DIRAC Web Portal architecture and User Interface will be presented and discussed.

SAMP: Application Messaging for Desktop and Web Applications

Science.gov (United States)

Taylor, M. B.; Boch, T.; Fay, J.; Fitzpatrick, M.; Paioro, L.

2012-09-01

SAMP, the Simple Application Messaging Protocol, is a technology which allows tools to communicate. It is deployed in a number of desktop astronomy applications including ds9, Aladin, TOPCAT, World Wide Telescope and numerous others, and makes it straightforward for a user to treat a selection of these tools as a loosely-integrated suite, combining the most powerful features of each. It has been widely used within Virtual Observatory contexts, but is equally suitable for non-VO use. Enabling SAMP communication from web-based content has long been desirable. An obvious use case is arranging for a click on a web page link to deliver an image, table or spectrum to a desktop viewer, but more sophisticated two-way interaction with rich internet applications would also be possible. Use from the web however presents some problems related to browser sandboxing. We explain how the SAMP Web Profile, introduced in version 1.3 of the SAMP protocol, addresses these issues, and discuss the resulting security implications.

On the security of SSL/TLS-enabled applications

OpenAIRE

Das, Manik Lal; Samdaria, Navkar

2014-01-01

SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of...

Image-based electronic patient records for secured collaborative medical applications.

Science.gov (United States)

Zhang, Jianguo; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Yao, Yihong; Cai, Weihua; Jin, Jin; Zhang, Guozhen; Sun, Kun

2005-01-01

We developed a Web-based system to interactively display image-based electronic patient records (EPR) for secured intranet and Internet collaborative medical applications. The system consists of four major components: EPR DICOM gateway (EPR-GW), Image-based EPR repository server (EPR-Server), Web Server and EPR DICOM viewer (EPR-Viewer). In the EPR-GW and EPR-Viewer, the security modules of Digital Signature and Authentication are integrated to perform the security processing on the EPR data with integrity and authenticity. The privacy of EPR in data communication and exchanging is provided by SSL/TLS-based secure communication. This presentation gave a new approach to create and manage image-based EPR from actual patient records, and also presented a way to use Web technology and DICOM standard to build an open architecture for collaborative medical applications.

Robust image obfuscation for privacy protection in Web 2.0 applications

Science.gov (United States)

Poller, Andreas; Steinebach, Martin; Liu, Huajian

2012-03-01

We present two approaches to robust image obfuscation based on permutation of image regions and channel intensity modulation. The proposed concept of robust image obfuscation is a step towards end-to-end security in Web 2.0 applications. It helps to protect the privacy of the users against threats caused by internet bots and web applications that extract biometric and other features from images for data-linkage purposes. The approaches described in this paper consider that images uploaded to Web 2.0 applications pass several transformations, such as scaling and JPEG compression, until the receiver downloads them. In contrast to existing approaches, our focus is on usability, therefore the primary goal is not a maximum of security but an acceptable trade-off between security and resulting image quality.

Security Guards for the Future Web

National Research Council Canada - National Science Library

Reed, Nancy; Bryson, Dave; Garriss, James; Gosnell, Steve; Heaton, Brook; Huber, Gary; Jacobs, David; Pulvermacher, Mary; Semy, Salim; Smith, Chad; Standard, John

2004-01-01

.... Guard technology needs to keep pace with the evolving Web environment. The authors conjectured that a family of security guard services would be needed to provide the full range of functionality necessary to support the future Web...

General Aspects of some Causes of Web Application Vulnerabilities

Directory of Open Access Journals (Sweden)

Mironela Pîrnău

2015-10-01

Full Text Available Because web applications are complex software systems in constant evolution, they become real targets for hackers as they provide direct access to corporate or personal data. Web application security is supposed to represent an essential priority for organizations in order to protect sensitive customer data, or those of the employees of a company. Worldwide, there are many organizations that report the most common types of attacks on Web applications and methods for their prevention. While the paper is an overview, it puts forward several typical examples of web application vulnerabilities that are due to programming errors; these may be used by attackers to take unauthorized control over computers.

Securing the Application Layer in eCommerce

OpenAIRE

Bala Musa S; Norita Md Norwawi; Mohd Hasan Selamat

2012-01-01

As e-commerce transaction is evolving, security is becoming a paramount issue since a great deal of credit cards, fund transfer, web shopping and public retirements are involved. Therefore, an appropriate development process is necessary for such security critical application. Also, handling security issues at early stage of software development is paramount to avoiding vulnerabilities from scaling through production environment unnoticed. This paper proposes a comprehensive security requirem...

Web application development with Laravel PHP Framework version 4

OpenAIRE

Armel, Jamal

2014-01-01

The purpose of this thesis work was to learn a new PHP framework and use it efficiently to build an eCommerce web application for a small start-up freelancing company that will let potential customers check products by category and pass orders securely. To fulfil this set of requirements, a system consisting of a web application with a backend was designed and implemented using built in Laravel features such as Composer, Eloquent, Blade and Artisan and a WAMP stack. The web application wa...

Access Control of Web- and Java-Based Applications

Science.gov (United States)

Tso, Kam S.; Pajevski, Michael J.

2013-01-01

Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems

Science.gov (United States)

Barabanov, A. V.; Markov, A. S.; Tsirlov, V. L.

2018-05-01

This paper presents statistical results and their consolidation, which were received in the study into security of various web-application against cross-site request forgery attacks. Some of the results were received in the study carried out within the framework of certification for compliance with information security requirements. The paper provides the results of consolidating information about the attack and protection measures, which are currently used by the developers of web-applications. It specifies results of the study, which demonstrate various distribution types: distribution of identified vulnerabilities as per the developer type (Russian and foreign), distribution of the security measures used in web-applications, distribution of the identified vulnerabilities as per the programming languages, data on the number of security measures that are used in the studied web-applications. The results of the study show that in most cases the developers of web-applications do not pay due attention to protection against cross-site request forgery attacks. The authors give recommendations to the developers that are planning to undergo a certification process for their software applications.

Web application security analysis using the Kali Linux operating system

OpenAIRE

BABINCEV IVAN M.; VULETIC DEJAN V.

2016-01-01

The Kali Linux operating system is described as well as its purpose and possibilities. There are listed groups of tools that Kali Linux has together with the methods of their functioning, as well as a possibility to install and use tools that are not an integral part of Kali. The final part shows a practical testing of web applications using the tools from the Kali Linux operating system. The paper thus shows a part of the possibilities of this operating system in analaysing web applications ...

Reliability, compliance, and security in web-based course assessments

Directory of Open Access Journals (Sweden)

Scott Bonham

2008-04-01

Full Text Available Pre- and postcourse assessment has become a very important tool for education research in physics and other areas. The web offers an attractive alternative to in-class paper administration, but concerns about web-based administration include reliability due to changes in medium, student compliance rates, and test security, both question leakage and utilization of web resources. An investigation was carried out in introductory astronomy courses comparing pre- and postcourse administration of assessments using the web and on paper. Overall no difference was seen in performance due to the medium. Compliance rates fluctuated greatly, and factors that seemed to produce higher rates are identified. Notably, email reminders increased compliance by 20%. Most of the 559 students complied with requests to not copy, print, or save questions nor use web resources; about 1% did copy some question text and around 2% frequently used other windows or applications while completing the assessment.

Designing, Implementing, and Evaluating Secure Web Browsers

Science.gov (United States)

Grier, Christopher L.

2009-01-01

Web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems using browser-based attacks. Efforts that retrofit existing browsers have had limited success since modern browsers are not designed to withstand attack. To enable more secure web browsing, we design and implement new web browsers from the ground…

Web-Services Development in Secure Way for Highload Systems

Directory of Open Access Journals (Sweden)

V. M. Nichiporchouk

2011-12-01

Full Text Available This paper describes approach to design of web-services in secure, high load and fault tolerant implementation for mass message processing. The multicomponent architecture of web-service with possibility for high security zone is provided as well as scalability evaluation of the architecture.

Data mining approach to web application intrusions detection

Science.gov (United States)

Kalicki, Arkadiusz

2011-10-01

Web applications became most popular medium in the Internet. Popularity, easiness of web application script languages and frameworks together with careless development results in high number of web application vulnerabilities and high number of attacks performed. There are several types of attacks possible because of improper input validation: SQL injection Cross-site scripting, Cross-Site Request Forgery (CSRF), web spam in blogs and others. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. This paper presents data mining based algorithm for anomaly detection. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the "normal" or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Previously presented detection method was rewritten and improved. Some tests show that the software catches malicious requests, especially long attack sequences, results quite good with medium length sequences, for short length sequences must be complemented with other methods.

Primer on client-side web security

CERN Document Server

De Ryck, Philippe; Piessens, Frank; Johns, Martin

2014-01-01

This volume illustrates the continuous arms race between attackers and defenders of the Web ecosystem by discussing a wide variety of attacks. In the first part of the book, the foundation of the Web ecosystem is briefly recapped and discussed. Based on this model, the assets of the Web ecosystem are identified, and the set of capabilities an attacker may have are enumerated. In the second part, an overview of the web security vulnerability landscape is constructed. Included are selections of the most representative attack techniques reported in great detail. In addition to descriptions of the

A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)

OpenAIRE

De Meo, Federico; Viganò, Luca

2017-01-01

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole application. Moreover, the analysis should take into consideration how file-system vulnerabilities might in- teract with other vulnerabilities leading an attacker to breach into the web application. In this paper, we first propose a classification of file-...

Web Application Software for Ground Operations Planning Database (GOPDb) Management

Science.gov (United States)

Lanham, Clifton; Kallner, Shawn; Gernand, Jeffrey

2013-01-01

A Web application facilitates collaborative development of the ground operations planning document. This will reduce costs and development time for new programs by incorporating the data governance, access control, and revision tracking of the ground operations planning data. Ground Operations Planning requires the creation and maintenance of detailed timelines and documentation. The GOPDb Web application was created using state-of-the-art Web 2.0 technologies, and was deployed as SaaS (Software as a Service), with an emphasis on data governance and security needs. Application access is managed using two-factor authentication, with data write permissions tied to user roles and responsibilities. Multiple instances of the application can be deployed on a Web server to meet the robust needs for multiple, future programs with minimal additional cost. This innovation features high availability and scalability, with no additional software that needs to be bought or installed. For data governance and security (data quality, management, business process management, and risk management for data handling), the software uses NAMS. No local copy/cloning of data is permitted. Data change log/tracking is addressed, as well as collaboration, work flow, and process standardization. The software provides on-line documentation and detailed Web-based help. There are multiple ways that this software can be deployed on a Web server to meet ground operations planning needs for future programs. The software could be used to support commercial crew ground operations planning, as well as commercial payload/satellite ground operations planning. The application source code and database schema are owned by NASA.

Spring security 3.x cookbook

CERN Document Server

Mankale, Anjana

2013-01-01

This book follows a cookbook style exploring various security solutions provided by Spring Security for various vulnerabilities and threat scenarios that web applications may be exposed to at the authentication and session level layers.This book is for all Spring-based application developers as well as Java web developers who wish to implement robust security mechanisms into web application development using Spring Security.Readers are assumed to have a working knowledge of Java web application development, a basic understanding of the Spring framework, and some knowledge of the fundamentals o

Web-based control application using WebSocket

International Nuclear Information System (INIS)

Furukawa, Y.

2012-01-01

The WebSocket allows asynchronous full-duplex communication between a Web-based (i.e. Java Script-based) application and a Web-server. WebSocket started as a part of HTML5 standardization but has now been separated from HTML5 and has been developed independently. Using WebSocket, it becomes easy to develop platform independent presentation layer applications for accelerator and beamline control software. In addition, a Web browser is the only application program that needs to be installed on client computer. The WebSocket-based applications communicate with the WebSocket server using simple text-based messages, so WebSocket is applicable message-based control system like MADOCA, which was developed for the SPring-8 control system. A simple WebSocket server for the MADOCA control system and a simple motor control application were successfully made as a first trial of the WebSocket control application. Using Google-Chrome (version 13.0) on Debian/Linux and Windows 7, Opera (version 11.0) on Debian/Linux and Safari (version 5.0.3) on Mac OS X as clients, the motors can be controlled using a WebSocket-based Web-application. Diffractometer control application use in synchrotron radiation diffraction experiment was also developed. (author)

Security in a Web 2.0+ World A Standards Based Approach

CERN Document Server

Solari , Carlos Curtis

2010-01-01

Discover how technology is affecting your business, and why typical security mechanisms are failing to address the issue of risk and trust. Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems - a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol. Many companies are currently applying security mo

A case for avoiding security-enhanced HTTP tools to improve security for Web-based applications

Energy Technology Data Exchange (ETDEWEB)

Wood, B.

1996-03-01

This paper describes some of the general weaknesses of the current popular Hypertext Transmission Protocol (HTTP) security standards and products in an effort to show that these standards are not appealing for many applications. The author will then show how one can treat HTTP browsers and servers as untrusted elements in the network so that one can rely on other mechanisms to achieve better overall security than can be attained through today`s security-enhanced HTTP tools.

IT Security: Target: The Web

Science.gov (United States)

Waters, John K.

2009-01-01

In December, Microsoft announced a major security flaw affecting its Internet Explorer web browser. The flaw allowed hackers to use hidden computer code they had already injected into legitimate websites to steal the passwords of visitors to those sites. Reportedly, more than 10,000 websites were infected with the destructive code by the time…

Access Control of Web and Java Based Applications

Science.gov (United States)

Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

2011-01-01

Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

Web Interface Security Vulnerabilities of European Academic Repositories

Directory of Open Access Journals (Sweden)

Matus Formanek

2017-02-01

Full Text Available The given analysis summarizes the status quo of the level of security of web interfaces of selected European academic repositories in the field of library and information science. It focuses on the presence and qualities of the secure HTTPS protocol via SSL/TLS protocols. The security of the transmitted data is particularly important in the network environment of the Internet, especially if log-in user data is transmitted. Disclosure may have a direct impact on saved digital objects and their metadata which together represent the most valuable parts of systems of digital libraries and repositories. Furthermore, the paper points to the most noticeable vulnerabilities of protocols of web interfaces and presents practical recommendations for the expert public. These may contribute to the increase of the level of security of the discussed systems. The authors base their proposals on the currently available scientific publications and scientific articles about the given topic.

Secure e-mail and Web browsing

CERN Multimedia

CERN. Geneva

2009-01-01

This is an entry-level 1.5-hour training course aimed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. Register at CTA

Anonymous Web Browsing and Hosting

OpenAIRE

MANOJ KUMAR; ANUJ RANI

2013-01-01

In today’s high tech environment every organization, individual computer users use internet for accessing web data. To maintain high confidentiality and security of the data secure web solutions are required. In this paper we described dedicated anonymous web browsing solutions which makes our browsing faster and secure. Web application which play important role for transferring our secret information including like email need more and more security concerns. This paper also describes that ho...

Secured web-based video repository for multicenter studies.

Science.gov (United States)

Yan, Ling; Hicks, Matt; Winslow, Korey; Comella, Cynthia; Ludlow, Christy; Jinnah, H A; Rosen, Ami R; Wright, Laura; Galpern, Wendy R; Perlmutter, Joel S

2015-04-01

We developed a novel secured web-based dystonia video repository for the Dystonia Coalition, part of the Rare Disease Clinical Research network funded by the Office of Rare Diseases Research and the National Institute of Neurological Disorders and Stroke. A critical component of phenotypic data collection for all projects of the Dystonia Coalition includes a standardized video of each participant. We now describe our method for collecting, serving and securing these videos that is widely applicable to other studies. Each recruiting site uploads standardized videos to a centralized secured server for processing to permit website posting. The streaming technology used to view the videos from the website does not allow downloading of video files. With appropriate institutional review board approval and agreement with the hosting institution, users can search and view selected videos on the website using customizable, permissions-based access that maintains security yet facilitates research and quality control. This approach provides a convenient platform for researchers across institutions to evaluate and analyze shared video data. We have applied this methodology for quality control, confirmation of diagnoses, validation of rating scales, and implementation of new research projects. We believe our system can be a model for similar projects that require access to common video resources. Copyright © 2015 Elsevier Ltd. All rights reserved.

Supporting secure programming in web applications through interactive static analysis.

Science.gov (United States)

Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

2014-07-01

Many security incidents are caused by software developers' failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Design of the XML Security System for Electronic Commerce Application

Institute of Scientific and Technical Information of China (English)

无

2003-01-01

The invocation of World Wide Web (www) first triggered mass adoption of the Internet for public access to digital information exchanges across the globe. To get a big market on the Web, a special security infrastructure would need to be put into place transforming the wild-and-woolly Internet into a network with end-to-end protections. XML (extensible Markup Language) is widely accepted as powerful data representation standard for electronic documents, so a security mechanism for XML documents must be provided in the first place to secure electronic commerce over Internet. In this paper the authors design and implement a secure framework that provides XML signature function, XML Element-wise Encryption function, smart card based crypto API library and Public Key Infrastructure (PKI) security functions to achieve confidentiality, integrity, message authentication, and/or signer authentication services for XML documents and existing non-XML documents that are exchanged by Internet for E-commerce application.

Frame of reference of software architecture for web applications and mobile

Directory of Open Access Journals (Sweden)

Carlos Alberto Maliza Martinez

2016-08-01

Full Text Available Given the need to have a guide for the implementation of informatics applications, and thus achieve automate tasks improving response times of users, designed the framework of reference the architecture software for web and mobile applications with technology free software and open source. The technology to be used is the Object Oriented Programming (OOP with JAVA programming language, a client / server architecture and style of multitier architecture, which will allow us to create scalable, robust and stable systems, together of Java Platform Enterprise Edition (JEE that helps us to implement business applications thanks to the JPA and EJB APIs. By the server for handling transactions, security, scalability and concurrency we have Wildfly application server. And on the client side, for creating graphical interfaces we use the ExtJS and Sencha Touch Framework, which are lightweight, high-performance libraries based on HTML5, JavaScript and CSS3. The report generator is JasperReports, because it has the ability to deliver rich content display and printer. The database engine is MySQL, because its connectivity, speed, and security make it a very appropriate server for access from the web. Finally, as editor of web and mobile applications, we have the integrated development environment Eclipse IDE platform of open source. In this paper we make a critical analysis of such applications and formulate the Framework of Software Architecture for the development and implementation of Web and Mobile Applications, which were implemented in the ECU911 Babahoyo and at the Instituto Tecnologico Superior Babahoyo, proving through its application their effectiveness and efficiency in the implementation of integrated systems

Correct software in web applications and web services

CERN Document Server

Thalheim, Bernhard; Prinz, Andreas; Buchberger, Bruno

2015-01-01

The papers in this volume aim at obtaining a common understanding of the challenging research questions in web applications comprising web information systems, web services, and web interoperability; obtaining a common understanding of verification needs in web applications; achieving a common understanding of the available rigorous approaches to system development, and the cases in which they have succeeded; identifying how rigorous software engineering methods can be exploited to develop suitable web applications; and at developing a European-scale research agenda combining theory, methods a

Supporting secure programming in web applications through interactive static analysis

Science.gov (United States)

Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

2013-01-01

Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases. PMID:25685513

Supporting secure programming in web applications through interactive static analysis

Directory of Open Access Journals (Sweden)

Jun Zhu

2014-07-01

Full Text Available Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Virtual real-time inspection of nuclear material via VRML and secure web pages

International Nuclear Information System (INIS)

Nilsen, C.; Jortner, J.; Damico, J.; Friesen, J.; Schwegel, J.

1996-01-01

Sandia National Laboratories'' Straight-Line project is working to provide the right sensor information to the right user to enhance the safety, security, and international accountability of nuclear material. One of Straight-Line''s efforts is to create a system to securely disseminate this data on the Internet''s World-Wide-Web. To make the user interface more intuitive, Sandia has generated a three dimensional VRML (virtual reality modeling language) interface for a secure web page. This paper will discuss the implementation of the Straight-Line secure 3-D web page. A discussion of the pros and cons of a 3-D web page is also presented. The public VRML demonstration described in this paper can be found on the Internet at this address, http://www.ca.sandia.gov/NMM/. A Netscape browser, version 3 is strongly recommended

Virtual real-time inspection of nuclear material via VRML and secure web pages

International Nuclear Information System (INIS)

Nilsen, C.; Jortner, J.; Damico, J.; Friesen, J.; Schwegel, J.

1997-04-01

Sandia National Laboratories' Straight Line project is working to provide the right sensor information to the right user to enhance the safety, security, and international accountability of nuclear material. One of Straight Line's efforts is to create a system to securely disseminate this data on the Internet's World-Wide-Web. To make the user interface more intuitive, Sandia has generated a three dimensional VRML (virtual reality modeling language) interface for a secure web page. This paper will discuss the implementation of the Straight Line secure 3-D web page. A discussion of the ''pros and cons'' of a 3-D web page is also presented. The public VRML demonstration described in this paper can be found on the Internet at the following address: http://www.ca.sandia.gov/NMM/. A Netscape browser, version 3 is strongly recommended

Engineering Web Applications

DEFF Research Database (Denmark)

Casteleyn, Sven; Daniel, Florian; Dolog, Peter

Nowadays, Web applications are almost omnipresent. The Web has become a platform not only for information delivery, but also for eCommerce systems, social networks, mobile services, and distributed learning environments. Engineering Web applications involves many intrinsic challenges due...... to their distributed nature, content orientation, and the requirement to make them available to a wide spectrum of users who are unknown in advance. The authors discuss these challenges in the context of well-established engineering processes, covering the whole product lifecycle from requirements engineering through...... design and implementation to deployment and maintenance. They stress the importance of models in Web application development, and they compare well-known Web-specific development processes like WebML, WSDM and OOHDM to traditional software development approaches like the waterfall model and the spiral...

Toward Exposing Timing-Based Probing Attacks in Web Applications

Directory of Open Access Journals (Sweden)

Jian Mao

2017-02-01

Full Text Available Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users’ browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach.

Toward Exposing Timing-Based Probing Attacks in Web Applications.

Science.gov (United States)

Mao, Jian; Chen, Yue; Shi, Futian; Jia, Yaoqi; Liang, Zhenkai

2017-02-25

Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users' browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach.

Computer Security: the security marathon

CERN Multimedia

Computer Security Team

2014-01-01

If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

Enc-DNS-HTTP: Utilising DNS Infrastructure to Secure Web Browsing

Directory of Open Access Journals (Sweden)

Mohammed Abdulridha Hussain

2017-01-01

Full Text Available Online information security is a major concern for both users and companies, since data transferred via the Internet is becoming increasingly sensitive. The World Wide Web uses Hypertext Transfer Protocol (HTTP to transfer information and Secure Sockets Layer (SSL to secure the connection between clients and servers. However, Hypertext Transfer Protocol Secure (HTTPS is vulnerable to attacks that threaten the privacy of information sent between clients and servers. In this paper, we propose Enc-DNS-HTTP for securing client requests, protecting server responses, and withstanding HTTPS attacks. Enc-DNS-HTTP is based on the distribution of a web server public key, which is transferred via a secure communication between client and a Domain Name System (DNS server. This key is used to encrypt client-server communication. The scheme is implemented in the C programming language and tested on a Linux platform. In comparison with Apache HTTPS, this scheme is shown to have more effective resistance to attacks and improved performance since it does not involve a high number of time-consuming operations.

A Specialized Framework for Data Retrieval Web Applications

Directory of Open Access Journals (Sweden)

Jerzy Nogiec

2005-06-01

Full Text Available Although many general-purpose frameworks have been developed to aid in web application development, they typically tend to be both comprehensive and complex. To address this problem, a specialized server-side Java framework designed specifically for data retrieval and visualization has been developed. The framework's focus is on maintainability and data security. The functionality is rich with features necessary for simplifying data display design, deployment, user management and application debugging, yet the scope is deliberately kept limited to allow for easy comprehension and rapid application development. The system clearly decouples the application processing and visualization, which in turn allows for clean separation of layout and processing development. Duplication of standard web page features such as toolbars and navigational aids is therefore eliminated. The framework employs the popular Model-View-Controller (MVC architecture, but it also uses the filter mechanism for several of its base functionalities, which permits easy extension of the provided core functionality of the system.

A specialized framework for data retrieval Web applications

International Nuclear Information System (INIS)

Jerzy Nogiec; Kelley Trombly-Freytag; Dana Walbridge

2004-01-01

Although many general-purpose frameworks have been developed to aid in web application development, they typically tend to be both comprehensive and complex. To address this problem, a specialized server-side Java framework designed specifically for data retrieval and visualization has been developed. The framework's focus is on maintainability and data security. The functionality is rich with features necessary for simplifying data display design, deployment, user management and application debugging, yet the scope is deliberately kept limited to allow for easy comprehension and rapid application development. The system clearly decouples the application processing and visualization, which in turn allows for clean separation of layout and processing development. Duplication of standard web page features such as toolbars and navigational aids is therefore eliminated. The framework employs the popular Model-View-Controller (MVC) architecture, but it also uses the filter mechanism for several of its base functionalities, which permits easy extension of the provided core functionality of the system

The GridSite Web/Grid security system

International Nuclear Information System (INIS)

McNab, Andrew; Li Yibiao

2010-01-01

We present an overview of the current status of the GridSite toolkit, describing the security model for interactive and programmatic uses introduced in the last year. We discuss our experiences of implementing these internal changes and how they and previous rounds of improvements have been prompted by requirements from users and wider security trends in Grids (such as CSRF). Finally, we explain how these have improved the user experience of GridSite-based websites, and wider implications for portals and similar web/grid sites.

A novel methodology towards a trusted environment in mashup web applications

DEFF Research Database (Denmark)

Patel, Ahmed; Al-Janabi, Samaher; AlShourbaji, Ibrahim

2015-01-01

A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring se...

Automated Security Testing of Web Widget Interactions

NARCIS (Netherlands)

Bezemer, C.P.; Mesbah, A.; Van Deursen, A.

2009-01-01

This paper is a pre-print of: Cor-Paul Bezemer, Ali Mesbah, and Arie van Deursen. Automated Security Testing of Web Widget Interactions. In Proceedings of the 7th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering

Recent advancements on the development of web-based applications for the implementation of seismic analysis and surveillance systems

Science.gov (United States)

Friberg, P. A.; Luis, R. S.; Quintiliani, M.; Lisowski, S.; Hunter, S.

2014-12-01

Recently, a novel set of modules has been included in the Open Source Earthworm seismic data processing system, supporting the use of web applications. These include the Mole sub-system, for storing relevant event data in a MySQL database (see M. Quintiliani and S. Pintore, SRL, 2013), and an embedded webserver, Moleserv, for serving such data to web clients in QuakeML format. These modules have enabled, for the first time using Earthworm, the use of web applications for seismic data processing. These can greatly simplify the operation and maintenance of seismic data processing centers by having one or more servers providing the relevant data as well as the data processing applications themselves to client machines running arbitrary operating systems.Web applications with secure online web access allow operators to work anywhere, without the often cumbersome and bandwidth hungry use of secure shell or virtual private networks. Furthermore, web applications can seamlessly access third party data repositories to acquire additional information, such as maps. Finally, the usage of HTML email brought the possibility of specialized web applications, to be used in email clients. This is the case of EWHTMLEmail, which produces event notification emails that are in fact simple web applications for plotting relevant seismic data.Providing web services as part of Earthworm has enabled a number of other tools as well. One is ISTI's EZ Earthworm, a web based command and control system for an otherwise command line driven system; another is a waveform web service. The waveform web service serves Earthworm data to additional web clients for plotting, picking, and other web-based processing tools. The current Earthworm waveform web service hosts an advanced plotting capability for providing views of event-based waveforms from a Mole database served by Moleserve.The current trend towards the usage of cloud services supported by web applications is driving improvements in Java

Toward Exposing Timing-Based Probing Attacks in Web Applications †

Science.gov (United States)

Mao, Jian; Chen, Yue; Shi, Futian; Jia, Yaoqi; Liang, Zhenkai

2017-01-01

Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users’ browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach. PMID:28245610

Web application security: a beginner's guide

National Research Council Canada - National Science Library

Sullivan, Bryan; Liu, Vincent

2012-01-01

.... This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security--all supported by true stories from industry...

Potential influence of Web 2.0 usage and security practices of online users on information management

Directory of Open Access Journals (Sweden)

R.J. Rudman

2009-02-01

Full Text Available The proliferation of Web 2.0 applications was the impetus for this survey-based research into practices that online users currently employ when using Web 2.0 sites. As part of the study, the popularity of Web 2.0 technologies and sites among online users at a university was investigated to determine the extent of the potential threat to corporate security, arising from Web 2.0 use and access. The results of this study indicate that the use of Web 2.0 sites is very popular among students, as a proxy for the potential future business users, and that users are not necessarily aware of the risks associated with these sites. The respondents indicated that they regularly visit Web 2.0 sites, and that they post personal information on these sites. This is of concern in protecting arguably the most valuable asset of a business.

Pro Spring security

CERN Document Server

Scarioni, Carlo

2013-01-01

Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

MedlinePlus Connect: Web Application

Science.gov (United States)

... MedlinePlus Connect → Web Application URL of this page: https://medlineplus.gov/connect/application.html MedlinePlus Connect: Web ... will change.) Old URLs New URLs Web Application https://apps.nlm.nih.gov/medlineplus/services/mpconnect.cfm? ...

Engineering Adaptive Web Applications

DEFF Research Database (Denmark)

Dolog, Peter

2007-01-01

suit the user profile the most. This paper summarizes the domain engineering framework for such adaptive web applications. The framework provides guidelines to develop adaptive web applications as members of a family. It suggests how to utilize the design artifacts as knowledge which can be used......Information and services on the web are accessible for everyone. Users of the web differ in their background, culture, political and social environment, interests and so on. Ambient intelligence was envisioned as a concept for systems which are able to adapt to user actions and needs....... With the growing amount of information and services, the web applications become natural candidates to adopt the concepts of ambient intelligence. Such applications can deal with divers user intentions and actions based on the user profile and can suggest the combination of information content and services which...

Building Social Web Applications

CERN Document Server

Bell, Gavin

2009-01-01

Building a web application that attracts and retains regular visitors is tricky enough, but creating a social application that encourages visitors to interact with one another requires careful planning. This book provides practical solutions to the tough questions you'll face when building an effective community site -- one that makes visitors feel like they've found a new home on the Web. If your company is ready to take part in the social web, this book will help you get started. Whether you're creating a new site from scratch or reworking an existing site, Building Social Web Applications

Cyber security

CERN Document Server

Voeller, John G

2014-01-01

Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

Maintenance-Ready Web Application Development

Directory of Open Access Journals (Sweden)

Ion IVAN

2016-01-01

Full Text Available The current paper tackles the subject of developing maintenance-ready web applications. Maintenance is presented as a core stage in a web application’s lifecycle. The concept of maintenance-ready is defined in the context of web application development. Web application maintenance tasks types are enunciated and suitable task types are identified for further analysis. The research hypothesis is formulated based on a direct link between tackling maintenance in the development stage and reducing overall maintenance costs. A live maintenance-ready web application is presented and maintenance related aspects are highlighted. The web application’s features, that render it maintenance-ready, are emphasize. The cost of designing and building the web-application to be maintenance-ready are disclosed. The savings in maintenance development effort facilitated by maintenance ready features are also disclosed. Maintenance data is collected from 40 projects implemented by a web development company. Homogeneity and diversity of collected data is evaluated. A data sample is presented and the size and comprehensive nature of the entire dataset is depicted. Research hypothesis are validated and conclusions are formulated on the topic of developing maintenance-ready web applications. The limits of the research process which represented the basis for the current paper are enunciated. Future research topics are submitted for debate.

Computer Security: How to succeed in software deployment

CERN Multimedia

Computer Security Team

2014-01-01

The summer student period has ended and we would like to congratulate all those who successfully accomplished their project! In particular, well done to those who managed to develop and deploy sophisticated web applications in the short summer season. Unfortunately, not all web applications made the final cut, moved into production and became visible on the Internet. We had to reject some... let me explain why.   Making a web application visible on the Internet requires an opening in the CERN outer perimeter firewall. Such a request is usually made through the CERN WebReq web interface. As standard procedure, the CERN Computer Security team reviews every request and performs a security assessment. This is where you, your supervisee and the Computer Security team all start to get frustrated. Many summer students delivered awesome web applications with great new functions and a good “look and feel” following precise use cases, using modern web technologies, dashboards, integr...

MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

OpenAIRE

Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

2011-01-01

Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

FASH: A web application for nucleotides sequence search

Directory of Open Access Journals (Sweden)

Chew Paul

2008-05-01

Full Text Available Abstract FASH (Fourier Alignment Sequence Heuristics is a web application, based on the Fast Fourier Transform, for finding remote homologs within a long nucleic acid sequence. Given a query sequence and a long text-sequence (e.g, the human genome, FASH detects subsequences within the text that are remotely-similar to the query. FASH offers an alternative approach to Blast/Fasta for querying long RNA/DNA sequences. FASH differs from these other approaches in that it does not depend on the existence of contiguous seed-sequences in its initial detection phase. The FASH web server is user friendly and very easy to operate. Availability FASH can be accessed at https://fash.bgu.ac.il:8443/fash/default.jsp (secured website

How to Use Web 2.0 and Social Networking Sites Securely

CERN Document Server

Team, ITG Research

2009-01-01

Given the widespread use of Web 2.0 technologies and their impact in terms of the number and types of incidents and the cost of them, controlling Web 2.0 risks needs to be a high priority for all organisations. This pocket guide provides recommendations for organisations that will help them ensure that their employees are using Web 2.0 sites in a secure manner, and that their personal and confidential corporate data is protected.

The Efficiency of Requesting Process for Formal Business-Documents in Indonesia: An Implementation of Web Application Base on Secure and Encrypted Sharing Process

Directory of Open Access Journals (Sweden)

Aris Budi Setyawan

2014-12-01

Full Text Available In recent business practices, the need of the formal document for business, such as the business license documents, business domicile letters, halal certificates, and other formal documents, is desperately needed and becomes its own problems for businesses, especially for small and medium enterprises. One stop service unit that was conceived and implemented by the government today, has not been fully integrated yet. Not all permits (related with formal document for business can be completed and finished in one place, businesses are still have to move from one government department to another government department to get a formal document for their business. With these practices, not only a lot of the time and cost will be sacrificed, but also businesses must always fill out a form with the same field. This study aims to assess and identify the problem, especially on applying the formal document for business, and use it as inputs for the development of a web application based on secure and encrypted sharing process. The study starts with a survey of 200 businesses that have applied the formal document for their business, to map the initial conditions of applying the formal document for business in Indonesia . With these applications that are built based on these needs, it is expected that not only the time, cost, and physical effort from both parties are becoming more efficient, but also the negative practices of bureaucratic and economic obstacles in business activities can be minimized, so the competitiveness of business and their contribution for national economy will increase.Keywords : Formal documents, Efficiencies, Web application, Secure and encrypted sharing process, SMEs

Express web application development

CERN Document Server

Yaapa, Hage

2013-01-01

Express Web Application Development is a practical introduction to learning about Express. Each chapter introduces you to a different area of Express, using screenshots and examples to get you up and running as quickly as possible.If you are looking to use Express to build your next web application, ""Express Web Application Development"" will help you get started and take you right through to Express' advanced features. You will need to have an intermediate knowledge of JavaScript to get the most out of this book.

Cyber Security Applications: Freeware & Shareware

Science.gov (United States)

Rogers, Gary; Ashford, Tina

2015-01-01

This paper will discuss some assignments using freeware/shareware instructors can find on the Web to use to provide students with hands-on experience in this arena. Also, the college, Palm Beach State College, via a grant with the U.S. Department of Labor, has recently purchased a unique cyber security device that simulates cyber security attacks…

Secure Web-based Ground System User Interfaces over the Open Internet

Science.gov (United States)

Langston, James H.; Murray, Henry L.; Hunt, Gary R.

1998-01-01

A prototype has been developed which makes use of commercially available products in conjunction with the Java programming language to provide a secure user interface for command and control over the open Internet. This paper reports successful demonstration of: (1) Security over the Internet, including encryption and certification; (2) Integration of Java applets with a COTS command and control product; (3) Remote spacecraft commanding using the Internet. The Java-based Spacecraft Web Interface to Telemetry and Command Handling (Jswitch) ground system prototype provides these capabilities. This activity demonstrates the use and integration of current technologies to enable a spacecraft engineer or flight operator to monitor and control a spacecraft from a user interface communicating over the open Internet using standard World Wide Web (WWW) protocols and commercial off-the-shelf (COTS) products. The core command and control functions are provided by the COTS Epoch 2000 product. The standard WWW tools and browsers are used in conjunction with the Java programming technology. Security is provided with the current encryption and certification technology. This system prototype is a step in the direction of giving scientist and flight operators Web-based access to instrument, payload, and spacecraft data.

WAPTT - Web Application Penetration Testing Tool

Directory of Open Access Journals (Sweden)

DURIC, Z.

2014-02-01

Full Text Available Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data. The number of reported web application vulnerabilities in last decade is increasing dramatically. The most of vulnerabilities result from improper input validation and sanitization. The most important of these vulnerabilities based on improper input validation and sanitization are: SQL injection (SQLI, Cross-Site Scripting (XSS and Buffer Overflow (BOF. In order to address these vulnerabilities we designed and developed the WAPTT (Web Application Penetration Testing Tool tool - web application penetration testing tool. Unlike other web application penetration testing tools, this tool is modular, and can be easily extended by end-user. In order to improve efficiency of SQLI vulnerability detection, WAPTT uses an efficient algorithm for page similarity detection. The proposed tool showed promising results as compared to six well-known web application scanners in detecting various web application vulnerabilities.

CERN Web Application Detection. Refactoring and release as open source software

CERN Document Server

Lizonczyk, Piotr

2015-01-01

This paper covers my work during my assignment as participant of CERN Summer Students 2015 programme. The project was aimed at refactoring and publication of the Web Application Detection tool, which was developed at CERN and priorly used internally by the Computer Security team. The range of tasks performed include initial refactoring of code, which was developed like a script rather than a Python package, through extracting components that were not specific to CERN usage, the subsequent final release of the source code on GitHub and the integration with third-party software i.e. the w3af tool. Ultimately, Web Application Detection software received positive responses, being downloaded ca. 1500 times at the time of writing this report.

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions ...

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Center. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour training aimed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

Professional Cocoa Application Security

CERN Document Server

Lee, Graham J

2010-01-01

The first comprehensive security resource for Mac and iPhone developers. The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.: While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first

Beginning ASPNET Security

CERN Document Server

Dorrans, Barry

2010-01-01

Beginning ASP.NET 3.5 Security is geared for novice to intermediate ASP.NET programmers who wish to protect and defend their web sites against attack and exploitation. Beginning with a discussion of why we need security and the things that may occur when it is ignored and an overview of how ASP.NET works, readers are taken through the common steps in developing a web site, the security problems each area exposes and how these can be exploited. Visual Studio Security MVP Barry Dorrans teaches readers how they can defend their applications using the standard .NET framework, industry patterns and

Comparing Web Applications with Desktop Applications: An Empirical Study

DEFF Research Database (Denmark)

Pop, Paul

2002-01-01

In recent years, many desktop applications have been ported to the world wide web in order to reduce (multiplatform) development, distribution and maintenance costs. However, there is little data concerning the usability of web applications, and the impact of their usability on the total cost...... of developing and using such applications. In this paper we present a comparison of web and desktop applications from the usability point of view. The comparison is based on an empirical study that investigates the performance of a group of users on two calendaring applications: Yahoo!Calendar and Microsoft...... Calendar. The study shows that in the case of web applications the performance of the users is significantly reduced, mainly because of the restricted interaction mechanisms provided by current web browsers....

Security concept in 'MyAngelWeb' a website for the individual patient at risk of emergency.

Science.gov (United States)

Pinciroli, F; Nahaissi, D; Boschini, M; Ferrari, R; Meloni, G; Camnasio, M; Spaggiari, P; Carnerone, G

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

Security Vulnerabilities of the Web Based Open Source Information ...

African Journals Online (AJOL)

This paper exposes security vulnerabilities of the web based Open Source Information Systems (OSIS) from both system angle and human perspectives.It shows the extent of risk that can likely hinder adopting organization from attaning full intended benefits of using OSIS software. To undertake this study, a case study ...

Secure, web-accessible call rosters for academic radiology departments.

Science.gov (United States)

Nguyen, A V; Tellis, W M; Avrin, D E

2000-05-01

Traditionally, radiology department call rosters have been posted via paper and bulletin boards. Frequently, changes to these lists are made by multiple people independently, but often not synchronized, resulting in confusion among the house staff and technical staff as to who is on call and when. In addition, multiple and disparate copies exist in different sections of the department, and changes made would not be propagated to all the schedules. To eliminate such difficulties, a paperless call scheduling application was developed. Our call scheduling program allowed Java-enabled web access to a database by designated personnel from each radiology section who have privileges to make the necessary changes. Once a person made a change, everyone accessing the database would see the modification. This eliminates the chaos resulting from people swapping shifts at the last minute and not having the time to record or broadcast the change. Furthermore, all changes to the database were logged. Users are given a log-in name and password and can only edit their section; however, all personnel have access to all sections' schedules. Our applet was written in Java 2 using the latest technology in database access. We access our Interbase database through the DataExpress and DB Swing (Borland, Scotts Valley, CA) components. The result is secure access to the call rosters via the web. There are many advantages to the web-enabled access, mainly the ability for people to make changes and have the changes recorded and propagated in a single virtual location and available to all who need to know.

Security Technologies for Open Networking Environments (STONE)

Energy Technology Data Exchange (ETDEWEB)

Muftic, Sead

2005-03-31

Under this project SETECS performed research, created the design, and the initial prototype of three groups of security technologies: (a) middleware security platform, (b) Web services security, and (c) group security system. The results of the project indicate that the three types of security technologies can be used either individually or in combination, which enables effective and rapid deployment of a number of secure applications in open networking environments. The middleware security platform represents a set of object-oriented security components providing various functions to handle basic cryptography, X.509 certificates, S/MIME and PKCS No.7 encapsulation formats, secure communication protocols, and smart cards. The platform has been designed in the form of security engines, including a Registration Engine, Certification Engine, an Authorization Engine, and a Secure Group Applications Engine. By creating a middleware security platform consisting of multiple independent components the following advantages have been achieved - Object-oriented, Modularity, Simplified Development, and testing, Portability, and Simplified extensions. The middleware security platform has been fully designed and a preliminary Java-based prototype has been created for the Microsoft Windows operating system. The Web services security system, designed in the project, consists of technologies and applications that provide authentication (i.e., single sign), authorization, and federation of identities in an open networking environment. The system is based on OASIS SAML and XACML standards for secure Web services. Its topology comprises three major components: Domain Security Server (DSS) is the main building block of the system Secure Application Server (SAS) Secure Client In addition to the SAML and XACML engines, the authorization system consists of two sets of components An Authorization Administration System An Authorization Enforcement System Federation of identities in multi

Android Applications Security

Directory of Open Access Journals (Sweden)

Paul POCATILU

2011-01-01

Full Text Available The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how users can prevent these malicious attacks and propose some prevention measures, including the architecture of a mobile security system for Android devices.

Database and applications security integrating information security and data management

CERN Document Server

Thuraisingham, Bhavani

2005-01-01

This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

Security concept in 'MyAngelWeb((R))' a website for the individual patient at risk of emergency.

Science.gov (United States)

Pinciroli; Nahaissi; Boschini; Ferrari; Meloni; Camnasio; Spaggiari; Carnerone

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

The Role of the Web Server in a Capstone Web Application Course

Science.gov (United States)

Umapathy, Karthikeyan; Wallace, F. Layne

2010-01-01

Web applications have become commonplace in the Information Systems curriculum. Much of the discussion about Web development for capstone courses has centered on the scripting tools. Very little has been discussed about different ways to incorporate the Web server into Web application development courses. In this paper, three different ways of…

Opal web services for biomedical applications.

Science.gov (United States)

Ren, Jingyuan; Williams, Nadya; Clementi, Luca; Krishnan, Sriram; Li, Wilfred W

2010-07-01

Biomedical applications have become increasingly complex, and they often require large-scale high-performance computing resources with a large number of processors and memory. The complexity of application deployment and the advances in cluster, grid and cloud computing require new modes of support for biomedical research. Scientific Software as a Service (sSaaS) enables scalable and transparent access to biomedical applications through simple standards-based Web interfaces. Towards this end, we built a production web server (http://ws.nbcr.net) in August 2007 to support the bioinformatics application called MEME. The server has grown since to include docking analysis with AutoDock and AutoDock Vina, electrostatic calculations using PDB2PQR and APBS, and off-target analysis using SMAP. All the applications on the servers are powered by Opal, a toolkit that allows users to wrap scientific applications easily as web services without any modification to the scientific codes, by writing simple XML configuration files. Opal allows both web forms-based access and programmatic access of all our applications. The Opal toolkit currently supports SOAP-based Web service access to a number of popular applications from the National Biomedical Computation Resource (NBCR) and affiliated collaborative and service projects. In addition, Opal's programmatic access capability allows our applications to be accessed through many workflow tools, including Vision, Kepler, Nimrod/K and VisTrails. From mid-August 2007 to the end of 2009, we have successfully executed 239,814 jobs. The number of successfully executed jobs more than doubled from 205 to 411 per day between 2008 and 2009. The Opal-enabled service model is useful for a wide range of applications. It provides for interoperation with other applications with Web Service interfaces, and allows application developers to focus on the scientific tool and workflow development. Web server availability: http://ws.nbcr.net.

Wordpress web application development

CERN Document Server

Ratnayake, Rakhitha Nimesh

2015-01-01

This book is intended for WordPress developers and designers who want to develop quality web applications within a limited time frame and for maximum profit. Prior knowledge of basic web development and design is assumed.

Information security threats in web-portals on the open journal systems platform

Directory of Open Access Journals (Sweden)

Anton A. Abramov

2018-05-01

Full Text Available This article addresses the problem of security threats while working with web portals built on the Open Journal Systems platform. The Open Journal Systems (OJS platform was originally developed as part of the Public Knowledge Project and it is one of the most popular open-source platforms for web journals today. Based on the data available in the Public Knowledge Project, there were more than 10,000 active journals using the open journal systems platform by the end of 2016. A migration of a journal to such advanced and complex platform helps to handle the entire workflow over a single web portal. Therefore it is an important move and only peer-reviewed journals that are part of Russian and Worldwide citation systems go for it. At the same time the problem of keeping privacy for a manuscript before it is published is very important for these journals and for authors who submit it to the journal. The paper describes the most common threats for the web portals on the OJS platform as well as a particular model of the security threats, and suggests the measures that could help to neutralize these threats.

Project Assessment Skills Web Application

Science.gov (United States)

Goff, Samuel J.

2013-01-01

The purpose of this project is to utilize Ruby on Rails to create a web application that will replace a spreadsheet keeping track of training courses and tasks. The goal is to create a fast and easy to use web application that will allow users to track progress on training courses. This application will allow users to update and keep track of all of the training required of them. The training courses will be organized by group and by user, making readability easier. This will also allow group leads and administrators to get a sense of how everyone is progressing in training. Currently, updating and finding information from this spreadsheet is a long and tedious task. By upgrading to a web application, finding and updating information will be easier than ever as well as adding new training courses and tasks. Accessing this data will be much easier in that users just have to go to a website and log in with NDC credentials rather than request the relevant spreadsheet from the holder. In addition to Ruby on Rails, I will be using JavaScript, CSS, and jQuery to help add functionality and ease of use to my web application. This web application will include a number of features that will help update and track progress on training. For example, one feature will be to track progress of a whole group of users to be able to see how the group as a whole is progressing. Another feature will be to assign tasks to either a user or a group of users. All of these together will create a user friendly and functional web application.

Using secure web services to visualize poison center data for nationwide biosurveillance: a case study.

Science.gov (United States)

Savel, Thomas G; Bronstein, Alvin; Duck, William; Rhodes, M Barry; Lee, Brian; Stinn, John; Worthen, Katherine

2010-01-01

Real-time surveillance systems are valuable for timely response to public health emergencies. It has been challenging to leverage existing surveillance systems in state and local communities, and, using a centralized architecture, add new data sources and analytical capacity. Because this centralized model has proven to be difficult to maintain and enhance, the US Centers for Disease Control and Prevention (CDC) has been examining the ability to use a federated model based on secure web services architecture, with data stewardship remaining with the data provider. As a case study for this approach, the American Association of Poison Control Centers and the CDC extended an existing data warehouse via a secure web service, and shared aggregate clinical effects and case counts data by geographic region and time period. To visualize these data, CDC developed a web browser-based interface, Quicksilver, which leveraged the Google Maps API and Flot, a javascript plotting library. Two iterations of the NPDS web service were completed in 12 weeks. The visualization client, Quicksilver, was developed in four months. This implementation of web services combined with a visualization client represents incremental positive progress in transitioning national data sources like BioSense and NPDS to a federated data exchange model. Quicksilver effectively demonstrates how the use of secure web services in conjunction with a lightweight, rapidly deployed visualization client can easily integrate isolated data sources for biosurveillance.

WordPress web application development

CERN Document Server

Ratnayake, Rakhitha Nimesh

2013-01-01

An extensive, practical guide that explains how to adapt WordPress features, both conventional and trending, for web applications.This book is intended for WordPress developers and designers who have the desire to go beyond conventional website development to develop quality web applications within a limited time frame and for maximum profit. Experienced web developers who are looking for a framework for rapid application development will also find this to be a useful resource. Prior knowledge with of WordPress is preferable as the main focus will be on explaining methods for adapting WordPres

Secure remote service execution for web media streaming

OpenAIRE

Mikityuk, Alexandra

2017-01-01

Through continuous advancements in streaming and Web technologies over the past decade, the Web has become a platform for media delivery. Web standards like HTML5 have been designed accordingly, allowing for the delivery of applications, high-quality streaming video, and hooks for interoperable content protection. Efficient video encoding algorithms such as AVC/HEVC and streaming protocols such as MPEG-DASH have served as additional triggers for this evolution. Users now employ...

Web Application Development Utilizing Cloud Virtual Machine

OpenAIRE

Muukka, Olli

2014-01-01

The thesis goes through a development project where a web application was implemented to support the start-up company business operations. The main reason to implement a web application was the company needed a system where business data is centrally managed with cost-efficient, simple and easy tool. The deployed cloud service provided a platform for the web application. The alternative to the web application development was to deploy commercial customer relationship management tool, but the ...

Developing Large Web Applications

CERN Document Server

Loudon, Kyle

2010-01-01

How do you create a mission-critical site that provides exceptional performance while remaining flexible, adaptable, and reliable 24/7? Written by the manager of a UI group at Yahoo!, Developing Large Web Applications offers practical steps for building rock-solid applications that remain effective even as you add features, functions, and users. You'll learn how to develop large web applications with the extreme precision required for other types of software. Avoid common coding and maintenance headaches as small websites add more pages, more code, and more programmersGet comprehensive soluti

Estimating Maintenance Cost for Web Applications

Directory of Open Access Journals (Sweden)

Ion IVAN

2016-01-01

Full Text Available The current paper tackles the issue of determining a method for estimating maintenance costs for web applications. The current state of research in the field of web application maintenance is summarized and leading theories and results are highlighted. The cost of web maintenance is determined by the number of man-hours invested in maintenance tasks. Web maintenance tasks are categorized into content maintenance and technical maintenance. Research is centered on analyzing technical maintenance tasks. The research hypothesis is formulated on the assumption that the number of man-hours invested in maintenance tasks can be assessed based on the web application’s user interaction level, complexity and content update effort. Data regarding the costs of maintenance tasks is collected from 24 maintenance projects implemented by a web development company that tackles a wide area of web applications. Homogeneity and diversity of collected data is submitted for debate by presenting a sample of the data and depicting the overall size and comprehensive nature of the entire dataset. A set of metrics dedicated to estimating maintenance costs in web applications is defined based on conclusions formulated by analyzing the collected data and the theories and practices dominating the current state of research. Metrics are validated with regards to the initial research hypothesis. Research hypothesis are validated and conclusions are formulated on the topic of estimating the maintenance cost of web applications. The limits of the research process which represented the basis for the current paper are enunciated. Future research topics are submitted for debate.

Progressive Web applications

CERN Multimedia

CERN. Geneva

2017-01-01

Progressive Web Applications are native-like applications running inside of a browser context. In my presentation I would like describe their characteristics, benchmarks and building process using a quick and simple case study example with focus on Service Workers api.

A survey on web modeling approaches for ubiquitous web applications

NARCIS (Netherlands)

Schwinger, W.; Retschitzegger, W.; Schauerhuber, A.; Kappel, G.; Wimmer, M.; Pröll, B.; Cachero Castro, C.; Casteleyn, S.; De Troyer, O.; Fraternali, P.; Garrigos, I.; Garzotto, F.; Ginige, A.; Houben, G.J.P.M.; Koch, N.; Moreno, N.; Pastor, O.; Paolini, P.; Pelechano Ferragud, V.; Rossi, G.; Schwabe, D.; Tisi, M.; Vallecillo, A.; Sluijs, van der K.A.M.; Zhang, G.

2008-01-01

Purpose – Ubiquitous web applications (UWA) are a new type of web applications which are accessed in various contexts, i.e. through different devices, by users with various interests, at anytime from anyplace around the globe. For such full-fledged, complex software systems, a methodologically sound

Just-in-time Database-Driven Web Applications

Science.gov (United States)

2003-01-01

"Just-in-time" database-driven Web applications are inexpensive, quickly-developed software that can be put to many uses within a health care organization. Database-driven Web applications garnered 73873 hits on our system-wide intranet in 2002. They enabled collaboration and communication via user-friendly Web browser-based interfaces for both mission-critical and patient-care-critical functions. Nineteen database-driven Web applications were developed. The application categories that comprised 80% of the hits were results reporting (27%), graduate medical education (26%), research (20%), and bed availability (8%). The mean number of hits per application was 3888 (SD = 5598; range, 14-19879). A model is described for just-in-time database-driven Web application development and an example given with a popular HTML editor and database program. PMID:14517109

Web vulnerability study of online pharmacy sites.

Science.gov (United States)

Kuzma, Joanne

2011-01-01

Consumers are increasingly using online pharmacies, but these sites may not provide an adequate level of security with the consumers' personal data. There is a gap in this research addressing the problems of security vulnerabilities in this industry. The objective is to identify the level of web application security vulnerabilities in online pharmacies and the common types of flaws, thus expanding on prior studies. Technical, managerial and legal recommendations on how to mitigate security issues are presented. The proposed four-step method first consists of choosing an online testing tool. The next steps involve choosing a list of 60 online pharmacy sites to test, and then running the software analysis to compile a list of flaws. Finally, an in-depth analysis is performed on the types of web application vulnerabilities. The majority of sites had serious vulnerabilities, with the majority of flaws being cross-site scripting or old versions of software that have not been updated. A method is proposed for the securing of web pharmacy sites, using a multi-phased approach of technical and managerial techniques together with a thorough understanding of national legal requirements for securing systems.

Web Services in Mobile Applications

Directory of Open Access Journals (Sweden)

Octavian DOSPINESCU

2013-01-01

Full Text Available Information and communication technologies are designed to support and anticipate the continuing changes of the information society, while outlining new economic, social and cultural dimensions. We see the growth of new business models whose aim is to remove traditional barriers and improve the value of goods and services. Information is a strategic resource and its manipulation raises new problems for all entities involved in the process. Information and communication technologies should be a stable support in managing the flow of data and support the integrity, confidentiality and availability. Concepts such as eBusiness, eCommerce, Software as a Service, Cloud Computing and Social Media are based on web technologies consisting of complex languages, protocols and standards, built around client-server architecture. One of the most used technologies in mobile applications are the Web Services defined as an application model supported by any operating system able to provide certain functionalities using Internet technologies to promote interoperability between various appli-cations and platforms. Web services use HTTP, XML, SSL, SMTP and SOAP, because their stability has proven over the years. Their functionalities are highly variable, with Web services applications exchange type, weather, arithmetic or authentication services. In this article we will talk about SOAP and REST architectures for web services in mobile applications and we will also provide some practical examples based on Android platform.

Android Applications Security

OpenAIRE

Paul POCATILU

2011-01-01

The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how users can prevent these malicious attacks and propose some prevention measures, including the a...

WebViz: A web browser based application for collaborative analysis of 3D data

Science.gov (United States)

Ruegg, C. S.

2011-12-01

In the age of high speed Internet where people can interact instantly, scientific tools have lacked technology which can incorporate this concept of communication using the web. To solve this issue a web application for geological studies has been created, tentatively titled WebViz. This web application utilizes tools provided by Google Web Toolkit to create an AJAX web application capable of features found in non web based software. Using these tools, a web application can be created to act as piece of software from anywhere in the globe with a reasonably speedy Internet connection. An application of this technology can be seen with data regarding the recent tsunami from the major japan earthquakes. After constructing the appropriate data to fit a computer render software called HVR, WebViz can request images of the tsunami data and display it to anyone who has access to the application. This convenience alone makes WebViz a viable solution, but the option to interact with this data with others around the world causes WebViz to be taken as a serious computational tool. WebViz also can be used on any javascript enabled browser such as those found on modern tablets and smart phones over a fast wireless connection. Due to the fact that WebViz's current state is built using Google Web Toolkit the portability of the application is in it's most efficient form. Though many developers have been involved with the project, each person has contributed to increase the usability and speed of the application. In the project's most recent form a dramatic speed increase has been designed as well as a more efficient user interface. The speed increase has been informally noticed in recent uses of the application in China and Australia with the hosting server being located at the University of Minnesota. The user interface has been improved to not only look better but the functionality has been improved. Major functions of the application are rotating the 3D object using buttons

Protecting Database Centric Web Services against SQL/XPath Injection Attacks

Science.gov (United States)

Laranjeiro, Nuno; Vieira, Marco; Madeira, Henrique

Web services represent a powerful interface for back-end database systems and are increasingly being used in business critical applications. However, field studies show that a large number of web services are deployed with security flaws (e.g., having SQL Injection vulnerabilities). Although several techniques for the identification of security vulnerabilities have been proposed, developing non-vulnerable web services is still a difficult task. In fact, security-related concerns are hard to apply as they involve adding complexity to already complex code. This paper proposes an approach to secure web services against SQL and XPath Injection attacks, by transparently detecting and aborting service invocations that try to take advantage of potential vulnerabilities. Our mechanism was applied to secure several web services specified by the TPC-App benchmark, showing to be 100% effective in stopping attacks, non-intrusive and very easy to use.

Building Grid applications using Web Services

CERN Multimedia

CERN. Geneva

2004-01-01

There has been a lot of discussion within the Grid community about the use of Web Services technologies in building large-scale, loosely-coupled, cross-organisation applications. In this talk we are going to explore the principles that govern Service-Oriented Architectures and the promise of Web Services technologies for integrating applications that span administrative domains. We are going to see how existing Web Services specifications and practices could provide the necessary infrastructure for implementing Grid applications. Biography Dr. Savas Parastatidis is a Principal Research Associate at the School of Computing Science, University of Newcastle upon Tyne, UK. Savas is one of the authors of the "Grid Application Framework based on Web Services Specifications and Practices" document that was influential in the convergence between Grid and Web Services and the move away from OGSI (more information can be found at http://www.neresc.ac.uk/ws-gaf). He has done research on runtime support for distributed-m...

Web technology for emergency medicine and secure transmission of electronic patient records.

Science.gov (United States)

Halamka, J D

1998-01-01

The American Heritage dictionary defines the word "web" as "something intricately contrived, especially something that ensnares or entangles." The wealth of medical resources on the World Wide Web is now so extensive, yet disorganized and unmonitored, that such a definition seems fitting. In emergency medicine, for example, a field in which accurate and complete information, including patients' records, is urgently needed, more than 5000 Web pages are available today, whereas fewer than 50 were available in December 1994. Most sites are static Web pages using the Internet to publish textbook material, but new technology is extending the scope of the Internet to include online medical education and secure exchange of clinical information. This article lists some of the best Web sites for use in emergency medicine and then describes a project in which the Web is used for transmission and protection of electronic medical records.

The Enterprise 2.0 Concept: Challenges on Data and Information Security

Science.gov (United States)

Silva, Ana; Moreira, Fernando; Varajão, João

The Web 2.0 wave has "hit" businesses all over the world, with companies taking advantage of the 2.0 concept and new applications stimulating collaboration between employees, and also with external partners (suppliers, contractors, universities, R&D organizations and others). However, the use of Web 2.0 applications inside organizations has created additional security challenges, especially regarding data and information security. Companies need to be aware of these risks when deploying the 2.0 concept and take a proactive approach on security. In this paper are identified and discussed some of the challenges and risks of the use of Web 2.0 tools, namely when it comes to securing companies' intellectual property.

Geant4 application in a Web browser

International Nuclear Information System (INIS)

Garnier, Laurent

2014-01-01

Geant4 is a toolkit for the simulation of the passage of particles through matter. The Geant4 visualization system supports many drivers including OpenGL[1], OpenInventor, HepRep[2], DAWN[3], VRML, RayTracer, gMocren[4] and ASCIITree, with diverse and complementary functionalities. Web applications have an increasing role in our work, and thanks to emerging frameworks such as Wt [5], building a web application on top of a C++ application without rewriting all the code can be done. Because the Geant4 toolkit's visualization and user interface modules are well decoupled from the rest of Geant4, it is straightforward to adapt these modules to render in a web application instead of a computer's native window manager. The API of the Wt framework closely matches that of Qt [6], our experience in building Qt driver will benefit for Wt driver. Porting a Geant4 application to a web application is easy, and with minimal effort, Geant4 users can replicate this process to share their own Geant4 applications in a web browser.

Applications for cyber security - System and application monitoring

International Nuclear Information System (INIS)

Marron, J. E.

2006-01-01

Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

WebTag: Web browsing into sensor tags over NFC.

Science.gov (United States)

Echevarria, Juan Jose; Ruiz-de-Garibay, Jonathan; Legarda, Jon; Alvarez, Maite; Ayerbe, Ana; Vazquez, Juan Ignacio

2012-01-01

Information and Communication Technologies (ICTs) continue to overcome many of the challenges related to wireless sensor monitoring, such as for example the design of smarter embedded processors, the improvement of the network architectures, the development of efficient communication protocols or the maximization of the life cycle autonomy. This work tries to improve the communication link of the data transmission in wireless sensor monitoring. The upstream communication link is usually based on standard IP technologies, but the downstream side is always masked with the proprietary protocols used for the wireless link (like ZigBee, Bluetooth, RFID, etc.). This work presents a novel solution (WebTag) for a direct IP based access to a sensor tag over the Near Field Communication (NFC) technology for secure applications. WebTag allows a direct web access to the sensor tag by means of a standard web browser, it reads the sensor data, configures the sampling rate and implements IP based security policies. It is, definitely, a new step towards the evolution of the Internet of Things paradigm.

RESTful Web Services Cookbook

CERN Document Server

Allamaraju, Subbu

2010-01-01

While the REST design philosophy has captured the imagination of web and enterprise developers alike, using this approach to develop real web services is no picnic. This cookbook includes more than 100 recipes to help you take advantage of REST, HTTP, and the infrastructure of the Web. You'll learn ways to design RESTful web services for client and server applications that meet performance, scalability, reliability, and security goals, no matter what programming language and development framework you use. Each recipe includes one or two problem statements, with easy-to-follow, step-by-step i

Do You Ignore Information Security in Your Journal Website?

Science.gov (United States)

Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad

2017-08-01

Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.

T-Check in Technologies for Interoperability: Web Services and Security--Single Sign-On

National Research Council Canada - National Science Library

Wrage, Lutz; Simanta, Soumya; Lewis, Grace A; Jaspan, Saul

2007-01-01

.... This technical note presents the results of applying the T-Check approach in an initial investigation of two Web services standards, WS-Security and SAML, to create an SSO solution that works inside...

Capturing Trust in Social Web Applications

Science.gov (United States)

O'Donovan, John

The Social Web constitutes a shift in information flow from the traditional Web. Previously, content was provided by the owners of a website, for consumption by the end-user. Nowadays, these websites are being replaced by Social Web applications which are frameworks for the publication of user-provided content. Traditionally, Web content could be `trusted' to some extent based on the site it originated from. Algorithms such as Google's PageRank were (and still are) used to compute the importance of a website, based on analysis of underlying link topology. In the Social Web, analysis of link topology merely tells us about the importance of the information framework which hosts the content. Consumers of information still need to know about the importance/reliability of the content they are reading, and therefore about the reliability of the producers of that content. Research into trust and reputation of the producers of information in the Social Web is still very much in its infancy. Every day, people are forced to make trusting decisions about strangers on the Web based on a very limited amount of information. For example, purchasing a product from an eBay seller with a `reputation' of 99%, downloading a file from a peer-to-peer application such as Bit-Torrent, or allowing Amazon.com tell you what products you will like. Even something as simple as reading comments on a Web-blog requires the consumer to make a trusting decision about the quality of that information. In all of these example cases, and indeed throughout the Social Web, there is a pressing demand for increased information upon which we can make trusting decisions. This chapter examines the diversity of sources from which trust information can be harnessed within Social Web applications and discusses a high level classification of those sources. Three different techniques for harnessing and using trust from a range of sources are presented. These techniques are deployed in two sample Social Web

Designing Adaptive Web Applications

DEFF Research Database (Denmark)

Dolog, Peter

2008-01-01

Learning system to study a discipline. In business to business interaction, different requirements and parameters of exchanged business requests might be served by different services from third parties. Such applications require certain intelligence and a slightly different approach to design. Adpative web......The unique characteristic of web applications is that they are supposed to be used by much bigger and diverse set of users and stakeholders. An example application area is e-Learning or business to business interaction. In eLearning environment, various users with different background use the e......-based applications aim to leave some of their features at the design stage in the form of variables which are dependent on several criteria. The resolution of the variables is called adaptation and can be seen from two perspectives: adaptation by humans to the changed requirements of stakeholders and dynamic system...

A Web Service Framework for Economic Applications

Directory of Open Access Journals (Sweden)

Dan BENTA

2010-01-01

Full Text Available The Internet offers multiple solutions to linkcompanies with their partners, customers or suppliersusing IT solutions, including a special focus on Webservices. Web services are able to solve the problem relatedto the exchange of data between business partners, marketsthat can use each other's services, problems ofincompatibility between IT applications. As web servicesare described, discovered and accessed programs based onXML vocabularies and Web protocols, Web servicesrepresents solutions for Web-based technologies for smalland medium-sized enterprises (SMEs. This paper presentsa web service framework for economic applications. Also, aprototype of this IT solution using web services waspresented and implemented in a few companies from IT,commerce and consulting fields measuring the impact ofthe solution in the business environment development.

IBM WebSphere Application Server 80 Administration Guide

CERN Document Server

Robinson, Steve

2011-01-01

IBM WebSphere Application Server 8.0 Administration Guide is a highly practical, example-driven tutorial. You will be introduced to WebSphere Application Server 8.0, and guided through configuration, deployment, and tuning for optimum performance. If you are an administrator who wants to get up and running with IBM WebSphere Application Server 8.0, then this book is not to be missed. Experience with WebSphere and Java would be an advantage, but is not essential.

APFEL Web a web-based application for the graphical visualization of parton distribution functions

CERN Document Server

Carrazza, Stefano; Palazzo, Daniele; Rojo, Juan

2015-01-01

We present APFEL Web, a web-based application designed to provide a flexible user-friendly tool for the graphical visualization of parton distribution functions (PDFs). In this note we describe the technical design of the APFEL Web application, motivating the choices and the framework used for the development of this project. We document the basic usage of APFEL Web and show how it can be used to provide useful input for a variety of collider phenomenological studies. Finally we provide some examples showing the output generated by the application.

APFEL Web: a web-based application for the graphical visualization of parton distribution functions

International Nuclear Information System (INIS)

Carrazza, Stefano; Ferrara, Alfio; Palazzo, Daniele; Rojo, Juan

2015-01-01

We present APFEL Web, a Web-based application designed to provide a flexible user-friendly tool for the graphical visualization of parton distribution functions. In this note we describe the technical design of the APFEL Web application, motivating the choices and the framework used for the development of this project. We document the basic usage of APFEL Web and show how it can be used to provide useful input for a variety of collider phenomenological studies. Finally we provide some examples showing the output generated by the application. (note)

Value of Information Web Application

Science.gov (United States)

2015-04-01

their understanding of VoI attributes (source reliable, information content, and latency). The VoI web application emulates many features of a...only when using the Firefox web browser on those computers (Internet Explorer was not viable due to unchangeable user settings). During testing, the

An application of TOPSIS for ranking internet web browsers

Directory of Open Access Journals (Sweden)

Shahram Rostampour

2012-07-01

Full Text Available Web browser is one of the most important internet facilities for surfing the internet. A good web browser must incorporate literally tens of features such as integrated search engine, automatic updates, etc. Each year, ten web browsers are formally introduced as top best reviewers by some organizations. In this paper, we propose the implementation of TOPSIS technique to rank ten web browsers. The proposed model of this paper uses five criteria including speed, features, security, technical support and supported configurations. In terms of speed, Safari is the best web reviewer followed by Google Chrome and Internet Explorer while Opera is the best web reviewer when we look into 20 different features. We have also ranked these web browsers using all five categories together and the results indicate that Opera, Internet explorer, Firefox and Google Chrome are the best web browsers to be chosen.

reCAPTCHA: human-based character recognition via Web security measures.

Science.gov (United States)

von Ahn, Luis; Maurer, Benjamin; McMillen, Colin; Abraham, David; Blum, Manuel

2008-09-12

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are widespread security measures on the World Wide Web that prevent automated programs from abusing online services. They do so by asking humans to perform a task that computers cannot yet perform, such as deciphering distorted characters. Our research explored whether such human effort can be channeled into a useful purpose: helping to digitize old printed material by asking users to decipher scanned words from books that computerized optical character recognition failed to recognize. We showed that this method can transcribe text with a word accuracy exceeding 99%, matching the guarantee of professional human transcribers. Our apparatus is deployed in more than 40,000 Web sites and has transcribed over 440 million words.

A new measurement of workload in Web application reliability assessment

Directory of Open Access Journals (Sweden)

CUI Xia

2015-02-01

Full Text Available Web application has been popular in various fields of social life.It becomes more and more important to study the reliability of Web application.In this paper the definition of Web application failure is firstly brought out,and then the definition of Web application reliability.By analyzing data in the IIS server logs and selecting corresponding usage and information delivery failure data,the paper study the feasibility of Web application reliability assessment from the perspective of Web software system based on IIS server logs.Because the usage for a Web site often has certain regularity,a new measurement of workload in Web application reliability assessment is raised.In this method,the unit is removed by weighted average technique;and the weights are assessed by setting objective function and optimization.Finally an experiment was raised for validation.The experiment result shows the assessment of Web application reliability base on the new workload is better.

An intelligent framework for dynamic web services composition in the semantic web

OpenAIRE

Thakker, D

2008-01-01

As Web services are being increasingly adopted as the distributed computing technology of choice to securely publish application services beyond the firewall, the importance of composing them to create new, value-added service, is increasing. Thus far, the most successful practical approach to Web services composition, largely endorsed by the industry falls under the static composition category where the service selection and flow management are done a priori and manually. The second approach...

Virtualization of open-source secure web services to support data exchange in a pediatric critical care research network.

Science.gov (United States)

Frey, Lewis J; Sward, Katherine A; Newth, Christopher J L; Khemani, Robinder G; Cryer, Martin E; Thelen, Julie L; Enriquez, Rene; Shaoyu, Su; Pollack, Murray M; Harrison, Rick E; Meert, Kathleen L; Berg, Robert A; Wessel, David L; Shanley, Thomas P; Dalton, Heidi; Carcillo, Joseph; Jenkins, Tammara L; Dean, J Michael

2015-11-01

To examine the feasibility of deploying a virtual web service for sharing data within a research network, and to evaluate the impact on data consistency and quality. Virtual machines (VMs) encapsulated an open-source, semantically and syntactically interoperable secure web service infrastructure along with a shadow database. The VMs were deployed to 8 Collaborative Pediatric Critical Care Research Network Clinical Centers. Virtual web services could be deployed in hours. The interoperability of the web services reduced format misalignment from 56% to 1% and demonstrated that 99% of the data consistently transferred using the data dictionary and 1% needed human curation. Use of virtualized open-source secure web service technology could enable direct electronic abstraction of data from hospital databases for research purposes. © The Author 2015. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

Application Security in the ISO27001 Environment

CERN Document Server

Vinod, Vasudevan; Firosh, Ummer

2008-01-01

Application Security in the ISO27001 Environment demonstrates how to secure software applications within a best practice ISO/IEC 27001 environment and supports implementation of the PCI DSS Payment Application Security Standard.

Life Cycle Project Plan Outline: Web Sites and Web-based Applications

Science.gov (United States)

This tool is a guideline for planning and checking for 508 compliance on web sites and web based applications. Determine which EIT components are covered or excepted, which 508 standards and requirements apply, and how to implement them.

Determining Data Entry Points For Javascript-rich Web applications

Directory of Open Access Journals (Sweden)

George Maksimovich Noseevich

2013-02-01

Full Text Available The paper is devoted the task of automatic crawling of javascript-rich web applications for data entry points. A new technique is proposed, which combines dynamic and static javascript code analysis. Testing the proposed technique on real world web applications such as Twitter, Youtube and Reddit has confirmed its applicability for analysis of modern web applications.

THE DEVELOPMENT OF A WEB BASED DATABASE APPLICATIONS OF PROCUREMENT, INVENTORY, AND SALES AT PT. INTERJAYA SURYA MEGAH

Directory of Open Access Journals (Sweden)

Choirul Huda

2011-10-01

Full Text Available The objective of this research is to develop a web based database application for the procurement, inventory and sales at PT. Interjaya Surya Megah. The current system at PT. Interjaya Surya Megah is running manually, so the company has difficulty in carrying out its activities. The methodology, that is used in this research, includes interviews, observation, literature review, conceptual database design, logical database design and physical database design. The results are the establishment of a web-based database application at PT. Interjaya Surya Megah. The conclusion is the company can be easier to run the day-to-day activities because data processing becomes faster and more accurate, faster report generation and more accurate, more secure data storage.Keywords: database; application; procurement; inventory; sales

Development of a Secure Mobile GPS Tracking and Management System

Science.gov (United States)

Liu, Anyi

2012-01-01

With increasing demand of mobile devices and cloud computing, it becomes increasingly important to develop efficient mobile application and its secured backend, such as web applications and virtualization environment. This dissertation reports a systematic study of mobile application development and the security issues of its related backend. …

A demanding web-based PACS supported by web services technology

Science.gov (United States)

Costa, Carlos M. A.; Silva, Augusto; Oliveira, José L.; Ribeiro, Vasco G.; Ribeiro, José

2006-03-01

During the last years, the ubiquity of web interfaces have pushed practically all PACS suppliers to develop client applications in which clinical practitioners can receive and analyze medical images, using conventional personal computers and Web browsers. However, due to security and performance issues, the utilization of these software packages has been restricted to Intranets. Paradigmatically, one of the most important advantages of digital image systems is to simplify the widespread sharing and remote access of medical data between healthcare institutions. This paper analyses the traditional PACS drawbacks that contribute to their reduced usage in the Internet and describes a PACS based on Web Services technology that supports a customized DICOM encoding syntax and a specific compression scheme providing all historical patient data in a unique Web interface.

Modelling Safe Interface Interactions in Web Applications

Science.gov (United States)

Brambilla, Marco; Cabot, Jordi; Grossniklaus, Michael

Current Web applications embed sophisticated user interfaces and business logic. The original interaction paradigm of the Web based on static content pages that are browsed by hyperlinks is, therefore, not valid anymore. In this paper, we advocate a paradigm shift for browsers and Web applications, that improves the management of user interaction and browsing history. Pages are replaced by States as basic navigation nodes, and Back/Forward navigation along the browsing history is replaced by a full-fledged interactive application paradigm, supporting transactions at the interface level and featuring Undo/Redo capabilities. This new paradigm offers a safer and more precise interaction model, protecting the user from unexpected behaviours of the applications and the browser.

Development of Content Management System-based Web Applications

OpenAIRE

Souer, J.

2012-01-01

Web engineering is the application of systematic and quantifiable approaches (concepts, methods, techniques, tools) to cost-effective requirements analysis, design, implementation, testing, operation, and maintenance of high quality web applications. Over the past years, Content Management Systems (CMS) have emerged as an important foundation for the web engineering process. CMS can be defined as a tool for the creation, editing and management of web information in an integral way. A CMS appe...

Automatic invariant detection in dynamic web applications

NARCIS (Netherlands)

Groeneveld, F.; Mesbah, A.; Van Deursen, A.

2010-01-01

The complexity of modern web applications increases as client-side JavaScript and dynamic DOM programming are used to offer a more interactive web experience. In this paper, we focus on improving the dependability of such applications by automatically inferring invariants from the client-side and

A web services choreography scenario for interoperating bioinformatics applications

Directory of Open Access Journals (Sweden)

Cheung David W

2004-03-01

Full Text Available Abstract Background Very often genome-wide data analysis requires the interoperation of multiple databases and analytic tools. A large number of genome databases and bioinformatics applications are available through the web, but it is difficult to automate interoperation because: 1 the platforms on which the applications run are heterogeneous, 2 their web interface is not machine-friendly, 3 they use a non-standard format for data input and output, 4 they do not exploit standards to define application interface and message exchange, and 5 existing protocols for remote messaging are often not firewall-friendly. To overcome these issues, web services have emerged as a standard XML-based model for message exchange between heterogeneous applications. Web services engines have been developed to manage the configuration and execution of a web services workflow. Results To demonstrate the benefit of using web services over traditional web interfaces, we compare the two implementations of HAPI, a gene expression analysis utility developed by the University of California San Diego (UCSD that allows visual characterization of groups or clusters of genes based on the biomedical literature. This utility takes a set of microarray spot IDs as input and outputs a hierarchy of MeSH Keywords that correlates to the input and is grouped by Medical Subject Heading (MeSH category. While the HTML output is easy for humans to visualize, it is difficult for computer applications to interpret semantically. To facilitate the capability of machine processing, we have created a workflow of three web services that replicates the HAPI functionality. These web services use document-style messages, which means that messages are encoded in an XML-based format. We compared three approaches to the implementation of an XML-based workflow: a hard coded Java application, Collaxa BPEL Server and Taverna Workbench. The Java program functions as a web services engine and interoperates

Security Aspects of an Enterprise-Wide Network Architecture.

Science.gov (United States)

Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan

1999-01-01

Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…

Android application security essentials

CERN Document Server

Rai, Pragati

2013-01-01

Android Application Security Essentials is packed with examples, screenshots, illustrations, and real world use cases to secure your apps the right way.If you are looking for guidance and detailed instructions on how to secure app data, then this book is for you. Developers, architects, managers, and technologists who wish to enhance their knowledge of Android security will find this book interesting. Some prior knowledge of development on the Android stack is desirable but not required.

Computer security

CERN Document Server

Gollmann, Dieter

2011-01-01

A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

Technical Note: On The Usage and Development of the AWAKE Web Server and Web Applications

CERN Document Server

Berger, Dillon Tanner

2017-01-01

The purpose of this technical note is to give a brief explanation of the AWAKE Web Server, the current web applications it serves, and how to edit, maintain, and update the source code. The majority of this paper is dedicated to the development of the server and its web applications.

Security Testing Handbook for Banking Applications

CERN Document Server

Doraiswamy, Arvind; Kapoor, Nilesh

2009-01-01

Security Testing Handbook for Banking Applications is a specialised guide to testing a wide range of banking applications. The book is intended as a companion to security professionals, software developers and QA professionals who work with banking applications.

The definitive guide to HTML5 WebSocket

CERN Document Server

Wang, Vanessa; Moskovits, Peter

2013-01-01

The Definitive Guide to HTML5 WebSocket is the ultimate insider's WebSocket resource. This revolutionary new web technology enables you to harness the power of true real-time connectivity and build responsive, modern web applications.   This book contains everything web developers and architects need to know about WebSocket. It discusses how WebSocket-based architectures provide a dramatic reduction in unnecessary network overhead and latency compared to older HTTP (Ajax) architectures, how to layer widely used protocols such as XMPP and STOMP on top of WebSocket, and how to secure WebSocket c

Two Algorithms for Web Applications Assessment

Directory of Open Access Journals (Sweden)

Stavros Ioannis Valsamidis

2011-09-01

Full Text Available The usage of web applications can be measured with the use of metrics. In a LMS, a typical web application, there are no appropriate metrics which would facilitate their qualitative and quantitative measurement. The purpose of this paper is to propose the use of existing techniques with a different way, in order to analyze the log file of a typical LMS and deduce useful conclusions. Three metrics for course usage measurement are used. It also describes two algorithms for course classification and suggestion actions. The metrics and the algorithms and were in Open eClass LMS tracking data of an academic institution. The results from 39 courses presented interest insights. Although the case study concerns a LMS it can also be applied to other web applications such as e-government, e-commerce, e-banking, blogs e.t.c.

Information security foundations, technologies and applications

CERN Document Server

Awad, Ali Ismail; Fairhurst, Michael

2018-01-01

This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

Do you write secure code?

CERN Multimedia

Computer Security Team

2011-01-01

At CERN, we are excellent at producing software, such as complex analysis jobs, sophisticated control programs, extensive monitoring tools, interactive web applications, etc. This software is usually highly functional, and fulfils the needs and requirements as defined by its author. However, due to time constraints or unintentional ignorance, security aspects are often neglected. Subsequently, it was even more embarrassing for the author to find out that his code flawed and was used to break into CERN computers, web pages or to steal data…   Thus, if you have the pleasure or task of producing software applications, take some time before and familiarize yourself with good programming practices. They should not only prevent basic security flaws in your code, but also improve its readability, maintainability and efficiency. Basic rules for good programming, as well as essential books on proper software development, can be found in the section for software developers on our security we...

Secure Architectures for Mobile Applications

OpenAIRE

Cristian TOMA

2007-01-01

The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet)

ANALYSIS OF WEB MINING APPLICATIONS AND BENEFICIAL AREAS

Directory of Open Access Journals (Sweden)

Khaleel Ahmad

2011-10-01

Full Text Available The main purpose of this paper is to study the process of Web mining techniques, features, application ( e-commerce and e-business and its beneficial areas. Web mining has become more popular and its widely used in varies application areas (such as business intelligent system, e-commerce and e-business. The e-commerce or e-business results are bettered by the application of the mining techniques such as data mining and text mining, among all the mining techniques web mining is better.

Bifröst: debugging web applications as a whole

NARCIS (Netherlands)

K.B. van der Vlist (Kevin)

2013-01-01

htmlabstractEven though web application development is supported by professional tooling, debugging support is lacking. If one starts to debug a web application, hardly any tooling support exists. Only the core components like server processes and a web browser are exposed. Developers need to

Development of Content Management System-based Web Applications

NARCIS (Netherlands)

Souer, J.

2012-01-01

Web engineering is the application of systematic and quantifiable approaches (concepts, methods, techniques, tools) to cost-effective requirements analysis, design, implementation, testing, operation, and maintenance of high quality web applications. Over the past years, Content Management Systems

Secure Architectures for Mobile Applications

Directory of Open Access Journals (Sweden)

2007-01-01

Full Text Available The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet

Migrating Multi-page Web Applications to Single-page AJAX Interfaces

NARCIS (Netherlands)

Mesbah, A.; Van Deursen, A.

2006-01-01

Recently, a new web development technique for creating interactive web applications, dubbed AJAX, has emerged. In this new model, the single-page web interface is composed of individual components which can be updated/replaced independently. With the rise of AJAX web applications classical

Usage Of Asp.Net Ajax for Binus School Serpong Web Applications

Directory of Open Access Journals (Sweden)

Karto Iskandar

2016-03-01

Full Text Available Today web applications have become a necessity and many companies use them as a communication tool to keep in touch with their customers. The usage of Web Application in current time increases as the numberof internet users has been rised. For reason of Rich Internet Application, the desktop application developer wasmoved to web application developer with AJAX technology. BINUS School Serpong is a Cambridge Curriculum base International School that uses web application for access every information about the school. By usingAJAX, performance of web application should be improved and the bandwidth usage is decreased. Problems thatoccur at BINUS School Serpong is not all part of the web application that uses AJAX. This paper introducesusage of AJAX in ASP.NET with C# programming language in web application BINUS School Serpong. It is expected by using ASP.NET AJAX, BINUS School Serpong website performance will be faster because of reducing web page reload. The methodology used in this paper is literature study. Results from this study are to prove that the ASP.NET AJAX can be used easily and improve BINUS School Serpong website performance. Conclusion of this paper is the implementation of ASP.NET AJAX improves performance of web application in BINUS School Serpong.

Multimedia Security System for Security and Medical Applications

Science.gov (United States)

Zhou, Yicong

2010-01-01

This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

Application Security Automation

Science.gov (United States)

Malaika, Majid A.

2011-01-01

With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

Investigating weaknesses in Android certificate security

Science.gov (United States)

Krych, Daniel E.; Lange-Maney, Stephen; McDaniel, Patrick; Glodek, William

2015-05-01

Android's application market relies on secure certificate generation to establish trust between applications and their users; yet, cryptography is often not a priority for application developers and many fail to take the necessary security precautions. Indeed, there is cause for concern: several recent high-profile studies have observed a pervasive lack of entropy on Web-systems leading to the factorization of private keys.1 Sufficient entropy, or randomness, is essential to generate secure key pairs and combat predictable key generation. In this paper, we analyze the security of Android certificates. We investigate the entropy present in 550,000 Android application certificates using the Quasilinear GCD finding algorithm.1 Our results show that while the lack of entropy does not appear to be as ubiquitous in the mobile markets as on Web-systems, there is substantial reuse of certificates only one third of the certificates in our dataset were unique. In other words, we find that organizations frequently reuse certificates for different applications. While such a practice is acceptable under Google's specifications for a single developer, we find that in some cases the same certificates are used for a myriad of developers, potentially compromising Android's intended trust relationships. Further, we observed duplicate certificates being used by both malicious and non-malicious applications. The top 3 repeated certificates present in our dataset accounted for a total of 11,438 separate APKs. Of these applications, 451, or roughly 4%, were identified as malicious by antivirus services.

PaaS for web applications with OpenShift Origin

OpenAIRE

Lossent, A; Rodriguez Peon, A; Wagner, A

2017-01-01

The CERN Web Frameworks team has deployed OpenShift Origin to facilitate deployment of web applications and to improving efficiency in terms of computing resource usage. OpenShift leverages Docker containers and Kubernetes orchestration to provide a Platform-as-a-service solution oriented for web applications. We will review use cases and how OpenShift was integrated with other services such as source control, web site management and authentication services.

PaaS for web applications with OpenShift Origin

Science.gov (United States)

Lossent, A.; Rodriguez Peon, A.; Wagner, A.

2017-10-01

The CERN Web Frameworks team has deployed OpenShift Origin to facilitate deployment of web applications and to improving efficiency in terms of computing resource usage. OpenShift leverages Docker containers and Kubernetes orchestration to provide a Platform-as-a-service solution oriented for web applications. We will review use cases and how OpenShift was integrated with other services such as source control, web site management and authentication services.

JavaScript Web Applications

CERN Document Server

MacCaw, Alex

2011-01-01

Building rich JavaScript applications that bring a desktop experience to the Web requires moving state from the server to the client side-not a simple task. This hands-on book takes proficient JavaScript developers through all the steps necessary to create state-of-the-art applications, including structure, templating, frameworks, communicating with the server, and many other issues. Throughout the book, you'll work with real-world example applications to help you grasp the concepts involved. Learn how to create JavaScript applications that offer a more responsive and improved experience. U

Network security with openSSL cryptography for secure communications

CERN Document Server

Viega, John; Chandra, Pravir

2002-01-01

Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

Web application for monitoring mainframe computer, Linux operating systems and application servers

OpenAIRE

Dimnik, Tomaž

2016-01-01

This work presents the idea and the realization of web application for monitoring the operation of the mainframe computer, servers with Linux operating system and application servers. Web application is intended for administrators of these systems, as an aid to better understand the current state, load and operation of the individual components of the server systems.

Security in Computer Applications

CERN Multimedia

CERN. Geneva

2004-01-01

Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

Engineering semantic-based interactive multi-device web applications

NARCIS (Netherlands)

Bellekens, P.A.E.; Sluijs, van der K.A.M.; Aroyo, L.M.; Houben, G.J.P.M.; Baresi, L.; Fraternali, P.; Houben, G.J.

2007-01-01

To build high-quality personalized Web applications developers have to deal with a number of complex problems. We look at the growing class of personalized Web Applications that share three characteristic challenges. Firstly, the semantic problem of how to enable content reuse and integration.

The Informatics Security Cost of Distributed Applications

Directory of Open Access Journals (Sweden)

Ion IVAN

2010-01-01

Full Text Available The objective, necessity, means and estimated efficiency of information security cost modeling are presented. The security requirements of distributed informatics applications are determined. Aspects regarding design, development and implementation are established. Influence factors for informatics security are presented and their correlation is analyzed. The costs associated to security processes are studied. Optimal criteria for informatics security are established. The security cost of the informatics application for validating organizational identifiers is determined using theoretical assumptions made for cost models. The conclusions highlight the validity of research results and offer perspectives for future research.

07051 Working Group Outcomes -- Programming Paradigms for the Web: Web Programming and Web Services

OpenAIRE

Hull, Richard; Thiemann, Peter; Wadler, Philip

2007-01-01

Participants in the seminar broke into groups on ``Patterns and Paradigms'' for web programming, ``Web Services,'' ``Data on the Web,'' ``Software Engineering'' and ``Security.'' Here we give the raw notes recorded during these sessions.

Securing a web-based teleradiology platform according to German law and "best practices".

Science.gov (United States)

Spitzer, Michael; Ullrich, Tobias; Ueckert, Frank

2009-01-01

The Medical Data and Picture Exchange platform (MDPE), as a teleradiology system, facilitates the exchange of digital medical imaging data among authorized users. It features extensive support of the DICOM standard including networking functions. Since MDPE is designed as a web service, security and confidentiality of data and communication pose an outstanding challenge. To comply with demands of German laws and authorities, a generic data security concept considered as "best practice" in German health telematics was adapted to the specific demands of MDPE. The concept features strict logical and physical separation of diagnostic and identity data and thus an all-encompassing pseudonymization throughout the system. Hence, data may only be merged at authorized clients. MDPE's solution of merging data from separate sources within a web browser avoids technically questionable techniques such as deliberate cross-site scripting. Instead, data is merged dynamically by JavaScriptlets running in the user's browser. These scriptlets are provided by one server, while content and method calls are generated by another server. Additionally, MDPE uses encrypted temporary IDs for communication and merging of data.

Integrating Web Services into Map Image Applications

National Research Council Canada - National Science Library

Tu, Shengru

2003-01-01

Web services have been opening a wide avenue for software integration. In this paper, we have reported our experiments with three applications that are built by utilizing and providing web services for Geographic Information Systems (GIS...

Invariant-Based Automatic Testing of Modern Web Applications

NARCIS (Netherlands)

Mesbah, A.; Van Deursen, A.; Roest, D.

2011-01-01

AJAX-based Web 2.0 applications rely on stateful asynchronous client/server communication, and client-side run-time manipulation of the DOM tree. This not only makes them fundamentally different from traditional web applications, but also more error-prone and harder to test. We propose a method for

Techniques Used in String Matching for Network Security

OpenAIRE

Jamuna Bhandari

2014-01-01

String matching also known as pattern matching is one of primary concept for network security. In this area the effectiveness and efficiency of string matching algorithms is important for applications in network security such as network intrusion detection, virus detection, signature matching and web content filtering system. This paper presents brief review on some of string matching techniques used for network security.

BOF4WSS : a business-oriented framework for enhancing web services security for e-business

OpenAIRE

Nurse, Jason R. C.; Sinclair, Jane

2009-01-01

When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in def...

Developing Web Applications

CERN Document Server

Moseley, Ralph

2007-01-01

Building applications for the Internet is a complex and fast-moving field which utilizes a variety of continually evolving technologies. Whether your perspective is from the client or server side, there are many languages to master - X(HTML), JavaScript, PHP, XML and CSS to name but a few. These languages have to work together cleanly, logically and in harmony with the systems they run on, and be compatible with any browsers with which they interact. Developing Web Applications presents script writing and good programming practice but also allows students to see how the individual technologi

A Web Based Financial and Accounting Software Application

Directory of Open Access Journals (Sweden)

Doru E. TILIUTE

2010-01-01

Full Text Available The Client-server applications become more attractivein comparison with their counterpart desktop-type due to someincontestable advantages. Among the client-server applicationssome uses the Web environment providing full access fromanywhere and anytime to all application features. The presentwork presents the fist results in the achievement of a web basedfinancial and accounting application using open-sourcestechnologies and programming languages (Apache, MySQL,PHP and JavaScript

Development of a Web-based financial application System

Science.gov (United States)

Hasan, M. R.; Ibrahimy, M. I.; Motakabber, S. M. A.; Ferdaus, M. M.; Khan, M. N. H.; Mostafa, M. G.

2013-12-01

The paper describes a technique to develop a web based financial system, following latest technology and business needs. In the development of web based application, the user friendliness and technology both are very important. It is used ASP .NET MVC 4 platform and SQL 2008 server for development of web based financial system. It shows the technique for the entry system and report monitoring of the application is user friendly. This paper also highlights the critical situations of development, which will help to develop the quality product.

A Low-cost Vehicle Tracking Platform using Secure SMS

DEFF Research Database (Denmark)

Jacobsen, Rune Hylsberg; Aliu, Drini; Ebeid, Emad Samuel Malki

2017-01-01

as the in-vehicle device. Furthermore, a cloud web-platform is built involving the de-facto modern web-applications standards and carefully tailored concerning the security aspects. The cost-effectiveness of our solution results from the use of COTS components, open source software, and cheap SMS...

Secure coprocessing applications and research issues

Energy Technology Data Exchange (ETDEWEB)

Smith, S.W.

1996-08-01

The potential of secure coprocessing to address many emerging security challenges and to enable new applications has been a long-standing interest of many members of the Computer Research and Applications Group, including this author. The purpose of this paper is to summarize this thinking, by presenting a taxonomy of some potential applications and by summarizing what we regard as some particularly interesting research questions.

Continuous Integration in PHP web applications development

OpenAIRE

Hujer, Martin

2011-01-01

This work deals with continuous integration of web applications, especially those in PHP language. The main objective is the selection of the server for continuous integration, its deployment and configuration for continuous integration of PHP web applications. The first chapter describes the concept of continuous integration and its individual techniques. The second chapter deals with the choice of server for continuous integration and its basic settings. The third chapter contains an overvi...

Real-time web application development with Vert.x 2.0

CERN Document Server

Parviainen, Tero

2013-01-01

A quick, clear, and concise tutorial-guide-based approach that helps you to develop a web application based on Vert.x.Real-time Web Application Development with Vert.x is written for web developers who want to take the next step and dive into real-time web application development.This book uses JavaScript (and some Java) to introduce the Vert.x platform, so basic JavaScript knowledge is expected. If you're planning to write your applications using some of the other Vert.x languages, all the techniques and concepts will translate to them directly. All you need to do is refer to the Vert.x API r

SPIDERGL: A GRAPHICS LIBRARY FOR 3D WEB APPLICATIONS

Directory of Open Access Journals (Sweden)

M. Di Benedetto

2012-09-01

Full Text Available The recent introduction of the WebGL API for leveraging the power of 3D graphics accelerators within Web browsers opens the possibility to develop advanced graphics applications without the need for an ad-hoc plug-in. There are several contexts in which this new technology can be exploited to enhance user experience and data fruition, like e-commerce applications, games and, in particular, Cultural Heritage. In fact, it is now possible to use the Web platform to present a virtual reconstruction hypothesis of ancient pasts, to show detailed 3D models of artefacts of interests to a wide public, and to create virtual museums. We introduce SpiderGL, a JavaScript library for developing 3D graphics Web applications. SpiderGL provides data structures and algorithms to ease the use of WebGL, to define and manipulate shapes, to import 3D models in various formats, and to handle asynchronous data loading. We show the potential of this novel library with a number of demo applications and give details about its future uses in the context of Cultural Heritage applications.

COEUS: "semantic web in a box" for biomedical applications.

Science.gov (United States)

Lopes, Pedro; Oliveira, José Luís

2012-12-17

As the "omics" revolution unfolds, the growth in data quantity and diversity is bringing about the need for pioneering bioinformatics software, capable of significantly improving the research workflow. To cope with these computer science demands, biomedical software engineers are adopting emerging semantic web technologies that better suit the life sciences domain. The latter's complex relationships are easily mapped into semantic web graphs, enabling a superior understanding of collected knowledge. Despite increased awareness of semantic web technologies in bioinformatics, their use is still limited. COEUS is a new semantic web framework, aiming at a streamlined application development cycle and following a "semantic web in a box" approach. The framework provides a single package including advanced data integration and triplification tools, base ontologies, a web-oriented engine and a flexible exploration API. Resources can be integrated from heterogeneous sources, including CSV and XML files or SQL and SPARQL query results, and mapped directly to one or more ontologies. Advanced interoperability features include REST services, a SPARQL endpoint and LinkedData publication. These enable the creation of multiple applications for web, desktop or mobile environments, and empower a new knowledge federation layer. The platform, targeted at biomedical application developers, provides a complete skeleton ready for rapid application deployment, enhancing the creation of new semantic information systems. COEUS is available as open source at http://bioinformatics.ua.pt/coeus/.

Security of social network credentials for accessing course portal: Users' experience

Science.gov (United States)

Katuk, Norliza; Fong, Choo Sok; Chun, Koo Lee

2015-12-01

Social login (SL) has recently emerged as a solution for single sign-on (SSO) within the web and mobile environments. It allows users to use their existing social network credentials (SNC) to login to third party web applications without the need to create a new identity in the intended applications' database. Although it has been used by many web application providers, its' applicability in accessing learning materials is not yet fully investigated. Hence, this research aims to explore users' (i.e., instructors' and students') perception and experience on the security of SL for accessing learning contents. A course portal was developed for students at a higher learning institution and it provides two types of user authentications (i) traditional user authentication, and (ii) SL facility. Users comprised instructors and students evaluated the login facility of the course portal through a controlled lab experimental study following the within-subject design. The participants provided their feedback in terms of the security of SL for accessing learning contents. The study revealed that users preferred to use SL over the traditional authentication, however, they concerned on the security of SL and their privacy.

Web services as applications' integration tool: QikProp case study.

Science.gov (United States)

Laoui, Abdel; Polyakov, Valery R

2011-07-15

Web services are a new technology that enables to integrate applications running on different platforms by using primarily XML to enable communication among different computers over the Internet. Large number of applications was designed as stand alone systems before the concept of Web services was introduced and it is a challenge to integrate them into larger computational networks. A generally applicable method of wrapping stand alone applications into Web services was developed and is described. To test the technology, it was applied to the QikProp for DOS (Windows). Although performance of the application did not change when it was delivered as a Web service, this form of deployment had offered several advantages like simplified and centralized maintenance, smaller number of licenses, and practically no training for the end user. Because by using the described approach almost any legacy application can be wrapped as a Web service, this form of delivery may be recommended as a global alternative to traditional deployment solutions. Copyright © 2011 Wiley Periodicals, Inc.

Web Application Design Using Server-Side JavaScript

Energy Technology Data Exchange (ETDEWEB)

Hampton, J.; Simons, R.

1999-02-01

This document describes the application design philosophy for the Comprehensive Nuclear Test Ban Treaty Research & Development Web Site. This design incorporates object-oriented techniques to produce a flexible and maintainable system of applications that support the web site. These techniques will be discussed at length along with the issues they address. The overall structure of the applications and their relationships with one another will also be described. The current problems and future design changes will be discussed as well.

CC-based Design of Secure Application Systems

DEFF Research Database (Denmark)

Sharp, Robin

2009-01-01

This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secu...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.......This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure...

Development and challenges of using web-based GIS for health applications

DEFF Research Database (Denmark)

Gao, Sheng; Mioc, Darka; Boley, Harold

2011-01-01

Web-based GIS is increasingly used in health applications. It has the potential to provide critical information in a timely manner, support health care policy development, and educate decision makers and the general public. This paper describes the trends and recent development of health...... applications using a Web-based GIS. Recent progress on the database storage and geospatial Web Services has advanced the use of Web-based GIS for health applications, with various proprietary software, open source software, and Application Programming Interfaces (APIs) available. Current challenges in applying...... care planning, and public health participation....

web cellHTS2: A web-application for the analysis of high-throughput screening data

Directory of Open Access Journals (Sweden)

Boutros Michael

2010-04-01

Full Text Available Abstract Background The analysis of high-throughput screening data sets is an expanding field in bioinformatics. High-throughput screens by RNAi generate large primary data sets which need to be analyzed and annotated to identify relevant phenotypic hits. Large-scale RNAi screens are frequently used to identify novel factors that influence a broad range of cellular processes, including signaling pathway activity, cell proliferation, and host cell infection. Here, we present a web-based application utility for the end-to-end analysis of large cell-based screening experiments by cellHTS2. Results The software guides the user through the configuration steps that are required for the analysis of single or multi-channel experiments. The web-application provides options for various standardization and normalization methods, annotation of data sets and a comprehensive HTML report of the screening data analysis, including a ranked hit list. Sessions can be saved and restored for later re-analysis. The web frontend for the cellHTS2 R/Bioconductor package interacts with it through an R-server implementation that enables highly parallel analysis of screening data sets. web cellHTS2 further provides a file import and configuration module for common file formats. Conclusions The implemented web-application facilitates the analysis of high-throughput data sets and provides a user-friendly interface. web cellHTS2 is accessible online at http://web-cellHTS2.dkfz.de. A standalone version as a virtual appliance and source code for platforms supporting Java 1.5.0 can be downloaded from the web cellHTS2 page. web cellHTS2 is freely distributed under GPL.

Secure electronic commerce communication system based on CA

Science.gov (United States)

Chen, Deyun; Zhang, Junfeng; Pei, Shujun

2001-07-01

In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

U.S. Geological Survey (USGS) Earthquake Web Applications

Science.gov (United States)

Fee, J.; Martinez, E.

2015-12-01

USGS Earthquake web applications provide access to earthquake information from USGS and other Advanced National Seismic System (ANSS) contributors. One of the primary goals of these applications is to provide a consistent experience for accessing both near-real time information as soon as it is available and historic information after it is thoroughly reviewed. Millions of people use these applications every month including people who feel an earthquake, emergency responders looking for the latest information about a recent event, and scientists researching historic earthquakes and their effects. Information from multiple catalogs and contributors is combined by the ANSS Comprehensive Catalog into one composite catalog, identifying the most preferred information from any source for each event. A web service and near-real time feeds provide access to all contributed data, and are used by a number of users and software packages. The Latest Earthquakes application displays summaries of many events, either near-real time feeds or custom searches, and the Event Page application shows detailed information for each event. Because all data is accessed through the web service, it can also be downloaded by users. The applications are maintained as open source projects on github, and use mobile-first and responsive-web-design approaches to work well on both mobile devices and desktop computers. http://earthquake.usgs.gov/earthquakes/map/

Semantic-Web Technology: Applications at NASA

Science.gov (United States)

Ashish, Naveen

2004-01-01

We provide a description of work at the National Aeronautics and Space Administration (NASA) on building system based on semantic-web concepts and technologies. NASA has been one of the early adopters of semantic-web technologies for practical applications. Indeed there are several ongoing 0 endeavors on building semantics based systems for use in diverse NASA domains ranging from collaborative scientific activity to accident and mishap investigation to enterprise search to scientific information gathering and integration to aviation safety decision support We provide a brief overview of many applications and ongoing work with the goal of informing the external community of these NASA endeavors.

Efficient development of web applications for remote participation using Ruby on Rails

International Nuclear Information System (INIS)

Emoto, M.; Yoshida, M.; Iwata, C.; Inagaki, S.; Nagayama, Y.

2010-01-01

Large-scale experiments such as ITER require international collaboration, and remote participation plays an important role in carrying out such experiments. Web-based applications are useful tools for scientists participating in experiments remotely using personal computers. Since the participants typically download web-based applications to their computer each time they access the web servers, they do not need to install extra software in order to use these applications. In addition, the application developers do not need to distribute the latest program files each time they are modified, thus reducing maintenance costs for remote participation systems. For these reasons, we have been developing web-based applications for the LHD experiments at NIFS. In a previous study, we showed the benefits of using Ruby on Rails (RoR) to develop web-based applications for analysis code. We thought this approach would also be useful for developing applications for remote participation. Therefore, we have developed several web-based applications using RoR for participating in the LHD experiments. These applications include a data viewer and a scheduler of experiments. The main reason to adopt RoR for this purpose is its efficiency for developing web-based applications. For example, to develop a data viewer, we used an existing program running on an X-Windows System. Using RoR, we could minimize the modifications of the existing programs to add web interfaces. In this paper, we will report a web-based application developed using RoR for the LHD experiment. We will also discuss the benefits of using RoR in developing remote participation tools.

Research of web application based on B/S structure testing

International Nuclear Information System (INIS)

Ou Ge; Zhang Hongmei; Song Liming

2007-01-01

Software testing is very important method used to assure the quality of Web application. With the fast development of Web application, the old testing techniques can not satisfied the require any more. Because of this people begin to classify different part of the application, find out the content that can be tested by the test tools and studies the structure of testing to enhance his efficiency. This paper analyses the testing based on the feature of Web application, sums up the testing method and gives some improvements of them. (authors)

DEVELOPING WEB MAPPING APPLICATION USING ARCGIS SERVER WEB APPLICATION DEVELOPMEN FRAMEWORK (ADF FOR GEOSPATIAL DATA GENERATED DURING REHABILITATION AND RECONSTRUCTION PROCESS OF POST-TSUNAMI 2004 DISASTER IN ACEH

Directory of Open Access Journals (Sweden)

Nizamuddin Nizamuddin

2014-04-01

Full Text Available ESRI ArcGIS Server is equipped with ArcGIS Server Web Application Development Framework (ADF and ArcGIS Web Controls integration for Visual Studio.NET. Both the ArcGIS Server Manager for .NET and ArcGIS Web Controls can be easily utilized for developing the ASP.NET based ESRI Web mapping application. In  this study we implemented both tools for developing the ASP.NET based ESRI Web mapping application for geospatial data generated dring rehabilitation and reconstruction process of post-tsunami 2004 disaster in Aceh province. Rehabilitation and reconstruction process has produced a tremendous amount of geospatial data. This method was chosen in this study because in the process of developing  a web mapping application, one can easily and quickly create Mapping Services of huge geospatial data and also develop Web mapping application without writing any code. However, when utilizing Visual Studio.NET 2008, one needs to have some coding ability.

An Offline-Online Android Application for Hazard Event Mapping Using WebGIS Open Source Technologies

Science.gov (United States)

Olyazadeh, Roya; Jaboyedoff, Michel; Sudmeier-Rieux, Karen; Derron, Marc-Henri; Devkota, Sanjaya

2016-04-01

Nowadays, Free and Open Source Software (FOSS) plays an important role in better understanding and managing disaster risk reduction around the world. National and local government, NGOs and other stakeholders are increasingly seeking and producing data on hazards. Most of the hazard event inventories and land use mapping are based on remote sensing data, with little ground truthing, creating difficulties depending on the terrain and accessibility. Open Source WebGIS tools offer an opportunity for quicker and easier ground truthing of critical areas in order to analyse hazard patterns and triggering factors. This study presents a secure mobile-map application for hazard event mapping using Open Source WebGIS technologies such as Postgres database, Postgis, Leaflet, Cordova and Phonegap. The objectives of this prototype are: 1. An Offline-Online android mobile application with advanced Geospatial visualisation; 2. Easy Collection and storage of events information applied services; 3. Centralized data storage with accessibility by all the service (smartphone, standard web browser); 4. Improving data management by using active participation in hazard event mapping and storage. This application has been implemented as a low-cost, rapid and participatory method for recording impacts from hazard events and includes geolocation (GPS data and Internet), visualizing maps with overlay of satellite images, viewing uploaded images and events as cluster points, drawing and adding event information. The data can be recorded in offline (Android device) or online version (all browsers) and consequently uploaded through the server whenever internet is available. All the events and records can be visualized by an administrator and made public after approval. Different user levels can be defined to access the data for communicating the information. This application was tested for landslides in post-earthquake Nepal but can be used for any other type of hazards such as flood, avalanche

Introduction to the Special Issue on Recent Advances in Web Services

Directory of Open Access Journals (Sweden)

Eduardo B. Fernandez

2012-06-01

Full Text Available We have collected five papers describing different aspects of web services and cloud computing. Cloud computing is the next stage of application interoperability and it is a logical extension of web services, both approaches being a variety of Service-Oriented Architecture. The papers cover security, migration, certification, and application development. Together, these papers provide a useful panorama of some of the issues of these two technologies.

Project Management Methodology for the Development of M-Learning Web Based Applications

Directory of Open Access Journals (Sweden)

Adrian VISOIU

2010-01-01

Full Text Available M-learning web based applications are a particular case of web applications designed to be operated from mobile devices. Also, their purpose is to implement learning aspects. Project management of such applications takes into account the identified peculiarities. M-learning web based application characteristics are identified. M-learning functionality covers the needs of an educational process. Development is described taking into account the mobile web and its influences over the analysis, design, construction and testing phases. Activities building up a work breakdown structure for development of m-learning web based applications are presented. Project monitoring and control techniques are proposed. Resources required for projects are discussed.

Secure grid-based computing with social-network based trust management in the semantic web

Czech Academy of Sciences Publication Activity Database

Špánek, Roman; Tůma, Miroslav

2006-01-01

Roč. 16, č. 6 (2006), s. 475-488 ISSN 1210-0552 R&D Projects: GA AV ČR 1ET100300419; GA MŠk 1M0554 Institutional research plan: CEZ:AV0Z10300504 Keywords : semantic web * grid computing * trust management * reconfigurable networks * security * hypergraph model * hypergraph algorithms Subject RIV: IN - Informatics, Computer Science

Wireless network security theories and applications

CERN Document Server

Chen, Lei; Zhang, Zihong

2013-01-01

Wireless Network Security Theories and Applications discusses the relevant security technologies, vulnerabilities, and potential threats, and introduces the corresponding security standards and protocols, as well as provides solutions to security concerns. Authors of each chapter in this book, mostly top researchers in relevant research fields in the U.S. and China, presented their research findings and results about the security of the following types of wireless networks: Wireless Cellular Networks, Wireless Local Area Networks (WLANs), Wireless Metropolitan Area Networks (WMANs), Bluetooth

Automated Functional Testing based on the Navigation of Web Applications

Directory of Open Access Journals (Sweden)

Boni García

2011-08-01

Full Text Available Web applications are becoming more and more complex. Testing such applications is an intricate hard and time-consuming activity. Therefore, testing is often poorly performed or skipped by practitioners. Test automation can help to avoid this situation. Hence, this paper presents a novel approach to perform automated software testing for web applications based on its navigation. On the one hand, web navigation is the process of traversing a web application using a browser. On the other hand, functional requirements are actions that an application must do. Therefore, the evaluation of the correct navigation of web applications results in the assessment of the specified functional requirements. The proposed method to perform the automation is done in four levels: test case generation, test data derivation, test case execution, and test case reporting. This method is driven by three kinds of inputs: i UML models; ii Selenium scripts; iii XML files. We have implemented our approach in an open-source testing framework named Automatic Testing Platform. The validation of this work has been carried out by means of a case study, in which the target is a real invoice management system developed using a model-driven approach.

AN AUTOMATIC AND METHODOLOGICAL APPROACH FOR ACCESSIBLE WEB APPLICATIONS

Directory of Open Access Journals (Sweden)

Lourdes Moreno

2007-06-01

Full Text Available Semantic Web approaches try to get the interoperability and communication among technologies and organizations. Nevertheless, sometimes it is forgotten that the Web must be useful for every user, consequently it is necessary to include tools and techniques doing Semantic Web be accessible. Accessibility and usability are two usually joined concepts widely used in web application development, however their meaning are different. Usability means the way to make easy the use but accessibility is referred to the access possibility. For the first one, there are many well proved approaches in real cases. However, accessibility field requires a deeper research that will make feasible the access to disable people and also the access to novel non-disable people due to the cost to automate and maintain accessible applications. In this paper, we propose one architecture to achieve the accessibility in web-environments dealing with the WAI accessibility standard and the Universal Design paradigm. This architecture tries to control the accessibility in web applications development life-cycle following a methodology starting from a semantic conceptual model and leans on description languages and controlled vocabularies.

Crawl-Based Analysis of Web Applications : Prospects and Challenges

NARCIS (Netherlands)

Van Deursen, A.; Mesbah, A.; Nederlof, A.

2014-01-01

In this paper we review five years of research in the field of automated crawling and testing of web applications. We describe the open source Crawljax tool, and the various extensions that have been proposed in order to address such issues as cross-browser compatibility testing, web application

a Web Api and Web Application Development for Dissemination of Air Quality Information

Science.gov (United States)

Şahin, K.; Işıkdağ, U.

2017-11-01

Various studies have been carried out since 2005 under the leadership of Ministry of Environment and Urbanism of Turkey, in order to observe the quality of air in Turkey, to develop new policies and to develop a sustainable air quality management strategy. For this reason, a national air quality monitoring network has been developed providing air quality indices. By this network, the quality of the air has been continuously monitored and an important information system has been constructed in order to take precautions for preventing a dangerous situation. The biggest handicap in the network is the data access problem for instant and time series data acquisition and processing because of its proprietary structure. Currently, there is no service offered by the current air quality monitoring system for exchanging information with third party applications. Within the context of this work, a web service has been developed to enable location based querying of the current/past air quality data in Turkey. This web service is equipped with up-todate and widely preferred technologies. In other words, an architecture is chosen in which applications can easily integrate. In the second phase of the study, a web-based application was developed to test the developed web service and this testing application can perform location based acquisition of air-quality data. This makes it possible to easily carry out operations such as screening and examination of the area in the given time-frame which cannot be done with the national monitoring network.

The Semantics of Web Services: An Examination in GIScience Applications

Directory of Open Access Journals (Sweden)

Xuan Shi

2013-09-01

Full Text Available Web service is a technological solution for software interoperability that supports the seamless integration of diverse applications. In the vision of web service architecture, web services are described by the Web Service Description Language (WSDL, discovered through Universal Description, Discovery and Integration (UDDI and communicate by the Simple Object Access Protocol (SOAP. Such a divination has never been fully accomplished yet. Although it was criticized that WSDL only has a syntactic definition of web services, but was not semantic, prior initiatives in semantic web services did not establish a correct methodology to resolve the problem. This paper examines the distinction and relationship between the syntactic and semantic definitions for web services that characterize different purposes in service computation. Further, this paper proposes that the semantics of web service are neutral and independent from the service interface definition, data types and platform. Such a conclusion can be a universal law in software engineering and service computing. Several use cases in the GIScience application are examined in this paper, while the formalization of geospatial services needs to be constructed by the GIScience community towards a comprehensive ontology of the conceptual definitions and relationships for geospatial computation. Advancements in semantic web services research will happen in domain science applications.

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

Science.gov (United States)

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

Peningkatan Efisiensi dan Efektifitas Layanan Dosen dalam Pemanfaatan Web Application

Directory of Open Access Journals (Sweden)

Reina Reina

2013-06-01

Full Text Available This study aims to determine the benefits of a web application in improving the efficiency and effectiveness of services to lecturers. The research method consists of literature study and data collection analysis based on observations. Implementing a web application, an observation is conducted followed by a comparison on data prior to the implementation. The evaluation results show that the implementation of a web application improves efficiency and effectiveness in the use of time and resources in providing services to lecturers in information access.

System Testing of Desktop and Web Applications

Science.gov (United States)

Slack, James M.

2011-01-01

We want our students to experience system testing of both desktop and web applications, but the cost of professional system-testing tools is far too high. We evaluate several free tools and find that AutoIt makes an ideal educational system-testing tool. We show several examples of desktop and web testing with AutoIt, starting with simple…

QuickEval: a web application for psychometric scaling experiments

Science.gov (United States)

Van Ngo, Khai; Storvik, Jehans J.; Dokkeberg, Christopher A.; Farup, Ivar; Pedersen, Marius

2015-01-01

QuickEval is a web application for carrying out psychometric scaling experiments. It offers the possibility of running controlled experiments in a laboratory, or large scale experiment over the web for people all over the world. It is a unique one of a kind web application, and it is a software needed in the image quality field. It is also, to the best of knowledge, the first software that supports the three most common scaling methods; paired comparison, rank order, and category judgement. It is also the first software to support rank order. Hopefully, a side effect of this newly created software is that it will lower the threshold to perform psychometric experiments, improve the quality of the experiments being carried out, make it easier to reproduce experiments, and increase research on image quality both in academia and industry. The web application is available at www.colourlab.no/quickeval.

Computer-aided diagnosis workstation and teleradiology network system for chest diagnosis using the web medical image conference system with a new information security solution

Science.gov (United States)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaro; Moriyama, Noriyuki

2010-03-01

Diagnostic MDCT imaging requires a considerable number of images to be read. Moreover, the doctor who diagnoses a medical image is insufficient in Japan. Because of such a background, we have provided diagnostic assistance methods to medical screening specialists by developing a lung cancer screening algorithm that automatically detects suspected lung cancers in helical CT images, a coronary artery calcification screening algorithm that automatically detects suspected coronary artery calcification and a vertebra body analysis algorithm for quantitative evaluation of osteoporosis. We also have developed the teleradiology network system by using web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. Our teleradiology network system can perform Web medical image conference in the medical institutions of a remote place using the web medical image conference system. We completed the basic proof experiment of the web medical image conference system with information security solution. We can share the screen of web medical image conference system from two or more web conference terminals at the same time. An opinion can be exchanged mutually by using a camera and a microphone that are connected with the workstation that builds in some diagnostic assistance methods. Biometric face authentication used on site of teleradiology makes "Encryption of file" and "Success in login" effective. Our Privacy and information security technology of information security solution ensures compliance with Japanese regulations. As a result, patients' private information is protected. Based on these diagnostic assistance methods, we have developed a new computer-aided workstation and a new teleradiology network that can display suspected lesions three-dimensionally in a short time. The results of this study indicate that our radiological information system without film by using computer-aided diagnosis

A WEB API AND WEB APPLICATION DEVELOPMENT FOR DISSEMINATION OF AIR QUALITY INFORMATION

Directory of Open Access Journals (Sweden)

K. Şahin

2017-11-01

Full Text Available Various studies have been carried out since 2005 under the leadership of Ministry of Environment and Urbanism of Turkey, in order to observe the quality of air in Turkey, to develop new policies and to develop a sustainable air quality management strategy. For this reason, a national air quality monitoring network has been developed providing air quality indices. By this network, the quality of the air has been continuously monitored and an important information system has been constructed in order to take precautions for preventing a dangerous situation. The biggest handicap in the network is the data access problem for instant and time series data acquisition and processing because of its proprietary structure. Currently, there is no service offered by the current air quality monitoring system for exchanging information with third party applications. Within the context of this work, a web service has been developed to enable location based querying of the current/past air quality data in Turkey. This web service is equipped with up-todate and widely preferred technologies. In other words, an architecture is chosen in which applications can easily integrate. In the second phase of the study, a web-based application was developed to test the developed web service and this testing application can perform location based acquisition of air-quality data. This makes it possible to easily carry out operations such as screening and examination of the area in the given time-frame which cannot be done with the national monitoring network.

Pro PHP Security From Application Security Principles to the Implementation of XSS Defenses

CERN Document Server

Snyder, Chris; Southwell, Michael

2010-01-01

PHP security, just like PHP itself, has advanced. Updated for PHP 5.3, the second edition of this authoritative PHP security book covers foundational PHP security topics like SQL injection, XSS, user authentication, and secure PHP development. Chris Snyder and Tom Myer also dive into recent developments like mobile security, the impact of Javascript, and the advantages of recent PHP hardening efforts. Pro PHP Security, Second Edition will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. Beginners in secure programming will find a l

Ultrabroadband spectroscopy for security applications

DEFF Research Database (Denmark)

Engelbrecht, Sunniva; Berge, Luc; Skupin, Stefan

2015-01-01

Ultrabroadband spectroscopy is a promising novel approach to overcome two major hurdles which have so far limited the application of THz spectroscopy for security applications: the increased bandwidth enables to record several characteristic spectroscopic features and the technique allows...

Medication-use evaluation with a Web application.

Science.gov (United States)

Burk, Muriel; Moore, Von; Glassman, Peter; Good, Chester B; Emmendorfer, Thomas; Leadholm, Thomas C; Cunningham, Francesca

2013-12-15

A Web-based application for coordinating medication-use evaluation (MUE) initiatives within the Veterans Affairs (VA) health care system is described. The MUE Tracker (MUET) software program was created to improve VA's ability to conduct national medication-related interventions throughout its network of 147 medical centers. MUET initiatives are centrally coordinated by the VA Center for Medication Safety (VAMedSAFE), which monitors the agency's integrated databases for indications of suboptimal prescribing or drug therapy monitoring and adverse treatment outcomes. When a pharmacovigilance signal is detected, VAMedSAFE identifies "trigger groups" of at-risk veterans and uploads patient lists to the secure MUET application, where locally designated personnel (typically pharmacists) can access and use the data to target risk-reduction efforts. Local data on patient-specific interventions are stored in a centralized database and regularly updated to enable tracking and reporting for surveillance and quality-improvement purposes; aggregated data can be further analyzed for provider education and benchmarking. In a three-year pilot project, the MUET program was found effective in promoting improved prescribing of erythropoiesis-stimulating agents (ESAs) and enhanced laboratory monitoring of ESA-treated patients in all specified trigger groups. The MUET initiative has since been expanded to target other high-risk drugs, and efforts are underway to refine the tool for broader utility. The MUET application has enabled the increased standardization of medication safety initiatives across the VA system and may serve as a useful model for the development of pharmacovigilance tools by other large integrated health care systems.

Lift application development cookbook

CERN Document Server

Garcia, Gilberto T

2013-01-01

Lift Application Development Cookbook contains practical recipes on everything you will need to create secure web applications using this amazing framework.The book first teaches you basic topics such as starting a new application and gradually moves on to teach you advanced topics to achieve a certain task. Then, it explains every step in detail so that you can build your knowledge about how things work.This book is for developers who have at least some basic knowledge about Scala and who are looking for a functional, secure, and modern web framework. Prior experience with HTML and JavaScript

Clinical software development for the Web: lessons learned from the BOADICEA project.

Science.gov (United States)

Cunningham, Alex P; Antoniou, Antonis C; Easton, Douglas F

2012-04-10

In the past 20 years, society has witnessed the following landmark scientific advances: (i) the sequencing of the human genome, (ii) the distribution of software by the open source movement, and (iii) the invention of the World Wide Web. Together, these advances have provided a new impetus for clinical software development: developers now translate the products of human genomic research into clinical software tools; they use open-source programs to build them; and they use the Web to deliver them. Whilst this open-source component-based approach has undoubtedly made clinical software development easier, clinical software projects are still hampered by problems that traditionally accompany the software process. This study describes the development of the BOADICEA Web Application, a computer program used by clinical geneticists to assess risks to patients with a family history of breast and ovarian cancer. The key challenge of the BOADICEA Web Application project was to deliver a program that was safe, secure and easy for healthcare professionals to use. We focus on the software process, problems faced, and lessons learned. Our key objectives are: (i) to highlight key clinical software development issues; (ii) to demonstrate how software engineering tools and techniques can facilitate clinical software development for the benefit of individuals who lack software engineering expertise; and (iii) to provide a clinical software development case report that can be used as a basis for discussion at the start of future projects. We developed the BOADICEA Web Application using an evolutionary software process. Our approach to Web implementation was conservative and we used conventional software engineering tools and techniques. The principal software development activities were: requirements, design, implementation, testing, documentation and maintenance. The BOADICEA Web Application has now been widely adopted by clinical geneticists and researchers. BOADICEA Web

Developing BP-driven web application through the use of MDE techniques

OpenAIRE

Torres Bosch, Maria Victoria; Giner Blasco, Pau; Pelechano Ferragud, Vicente

2012-01-01

Model driven engineering (MDE) is a suitable approach for performing the construction of software systems (in particular in the Web application domain). There are different types of Web applications depending on their purpose (i.e., document-centric, interactive, transactional, workflow/business process-based, collaborative, etc). This work focusses on business process-based Web applications in order to be able to understand business processes in a broad sense, from the lightweight business p...

Ontology-Based Information Visualization: Toward Semantic Web Applications

NARCIS (Netherlands)

Fluit, Christiaan; Sabou, Marta; Harmelen, Frank van

2006-01-01

The Semantic Web is an extension of the current World Wide Web, based on the idea of exchanging information with explicit, formal, and machine-accessible descriptions of meaning. Providing information with such semantics will enable the construction of applications that have an increased awareness

Computer Security: Computer security threats, vulnerabilities and attacks (3/4)

CERN Document Server

CERN. Geneva

2012-01-01

Antonio Perez Perez works in the Computer Security Team doing software development, sysadmin tasks and operations. He is also involved on grid security and does 1st line security support at CERN on ROTA. With the prevalence of modern information technologies and its increasing integration into our daily live, digital systems become more and more playground for evil people. While in the past, attacks were driven by fame& kudos, nowadays money is the motivating factor. Just the recent months have shown several successful attacks against e.g. Sony, PBS, UNESCO, RSAsecurity, Citibank, and others. Credit card information of hundreds of thousands of people got exposed. Affected companies not only lost their assets and data, also their reputation has suffered. Thus, proper computer security measures are essential. Without question, security must even more become an inherent ingredient when developing, deploying, and operating applications, web sites, and computing services. These lectures shall give an ove...

Programming Collective Intelligence Building Smart Web 2.0 Applications

CERN Document Server

Segaran, Toby

2008-01-01

This fascinating book demonstrates how you can build web applications to mine the enormous amount of data created by people on the Internet. With the sophisticated algorithms in this book, you can write smart programs to access interesting datasets from other web sites, collect data from users of your own applications, and analyze and understand the data once you've found it.

Situational Requirements Engineering for the Development of Content Management System-based Web Applications

NARCIS (Netherlands)

Souer, J.; van de Weerd, I.; Versendaal, J.M.; Brinkkemper, S.

2005-01-01

Web applications are evolving towards strong content-centered Web applications. The development processes and implementation of these applications are unlike the development and implementation of traditional information systems. In this paper we propose WebEngineering Method; a method for developing

Teaching web application development: Microsoft proprietary or open systems?

Directory of Open Access Journals (Sweden)

Stephen Corich

Full Text Available This paper revisits the debate concerning which development environment should be used to teach server-side Web Application Development courses to undergraduate students. In 2002, following an industry-based survey of Web developers, a decision was made to adopt an open source platform consisting of PHP and MySQL rather than a Microsoft platform utilising Access and Active Server Pages. Since that date there have been a number of significant changes within the computing industry that suggest that perhaps it is appropriate to revisit the original decision. This paper investigates expert opinion by reviewing current literature regarding web development environments, it looks at the results of a survey of web development companies and it examines the current employment trends in the web development area. The paper concludes by examining the impact of making a decision to change the development environment used to teach Web Application Development to a third year computing degree class and describes the impact on course delivery that the change has brought about.

Creation of web applications by Rich Internet Application Adobe Flex

OpenAIRE

PEKA, Karel

2011-01-01

Bachelor work focuses on explaining the functions and development of interactive applications in Adobe Flex RIA also compared to similar web technologies such as AJAX, Microsoft Silverlight or Adobe Flash. Explain the difference between "ordinary" sites and Rich Internet Application (RIA) and the difference shows a series of demonstration examples were processed in Adobe Flash Builder (environment for building Flex applications). Also will be created large-scale application for comprehensive ...

Evaluation of a Web-based Online Grant Application Review Solution

Directory of Open Access Journals (Sweden)

Marius Daniel PETRISOR

2013-12-01

Full Text Available This paper focuses on the evaluation of a web-based application used in grant application evaluations, software developed in our university, and underlines the need for simple solutions, based on recent technology, specifically tailored to one’s needs. We asked the reviewers to answer a short questionnaire, in order to assess their satisfaction with such a web-based grant application evaluation solution. All 20 reviewers accepted to answer the questionnaire, which contained 8 closed items (YES/NO answers related to reviewer’s previous experience in evaluating grant applications, previous use of such software solutions and his familiarity in using computer systems. The presented web-based application, evaluated by the users, shown a high level of acceptance and those respondents stated that they are willing to use such a solution in the future.

Secure smart embedded devices, platforms and applications

CERN Document Server

Markantonakis, Konstantinos

2013-01-01

New generations of IT users are increasingly abstracted from the underlying devices and platforms that provide and safeguard their services. As a result they may have little awareness that they are critically dependent on the embedded security devices that are becoming pervasive in daily modern life. Secure Smart Embedded Devices, Platforms and Applications provides a broad overview of the many security and practical issues of embedded devices, tokens, and their operation systems, platforms and main applications. It also addresses a diverse range of industry/government initiatives and consider

THREE-DIMENSIONAL WEB-BASED PHYSICS SIMULATION APPLICATION FOR PHYSICS LEARNING TOOL

Directory of Open Access Journals (Sweden)

William Salim

2012-10-01

Full Text Available The purpose of this research is to present a multimedia application for doing simulation in Physics. The application is a web based simulator that implementing HTML5, WebGL, and JavaScript. The objects and the environment will be in three dimensional views. This application is hoped will become the substitute for practicum activity. The current development is the application only covers Newtonian mechanics. Questionnaire and literature study is used as the data collecting method. While Waterfall Method used as the design method. The result is Three-DimensionalPhysics Simulator as online web application. Three-Dimensionaldesign and mentor-mentee relationship is the key features of this application. The conclusion made is Three-DimensionalPhysics Simulator already fulfilled in both design and functionality according to user. This application also helps them to understand Newtonian mechanics by simulation. Improvements are needed, because this application only covers Newtonian Mechanics. There is a lot possibility in the future that this simulation can also covers other Physics topic, such as optic, energy, or electricity.Keywords: Simulation, Physic, Learning Tool, HTML5, WebGL

1st International Workshop on Search and Mining Terrorist Online Content and Advances in Data Science for Cyber Security and Risk on the Web

OpenAIRE

Tsikrika, T.; Vrochidis, S.; Akhgar, B.; Burnap, P.; Katos, Vasilis; Williams, M.L.

2017-01-01

The deliberate misuse of technical infrastructure (including the Web and social media) for cyber deviant and cybercriminal behaviour, ranging from the spreading of extremist and terrorism-related material to online fraud and cyber security attacks, is on the rise. This workshop aims to better understand such phenomena and develop methods for tackling them in an effective and efficient manner. The workshop brings together interdisciplinary researchers and experts in Web search, security inform...

Analyse the risks of ad hoc programming in web development and develop a metrics of appropriate tools

OpenAIRE

Gubhaju, Manish; Al-Sherbaz, Ali

2013-01-01

Today the World Wide Web has become one of the most powerful tools for business promotion and social networking. As the use of websites and web applications to promote the businesses has increased drastically over the past few years, the complexity of managing them and protecting them from security threats has become a complicated task for the organizations. On the other hand, most of the web projects are at risk and less secure due to lack of quality programming. Although there are plenty of...

Computer Security: Introduction to information and computer security (1/4)

CERN Multimedia

CERN. Geneva

2012-01-01

Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...

Building rich and interactive web applications with CoverageJSON

OpenAIRE

Blower, Jon; Riechert, Maik; Griffiths, Guy; Kumar, Mridul; Williams, Riley

2017-01-01

Web browsers are becoming increasingly capable as visualisation and analysis platformsLots of tools and libraries are built around images and “simple features”GeoJSON, KML, OpenLayers, Leaflet ...Formats and tools for scientific / meteorological data are not always web-friendlyComplex, binary, desktop-orientedLarge variety, usually community-specific=> Lots of people building ad-hoc solutions for web applicationsWe want to bring scientific data within the reach of more Web and mobile app deve...

Ajax and Firefox: New Web Applications and Browsers

Science.gov (United States)

Godwin-Jones, Bob

2005-01-01

Alternative browsers are gaining significant market share, and both Apple and Microsoft are releasing OS upgrades which portend some interesting changes in Web development. Of particular interest for language learning professionals may be new developments in the area of Web browser based applications, particularly using an approach dubbed "Ajax."…

A New Unified Intrusion Anomaly Detection in Identifying Unseen Web Attacks

Directory of Open Access Journals (Sweden)

Muhammad Hilmi Kamarudin

2017-01-01

Full Text Available The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification. Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR coupled with Euclidean Distance Analysis (EDA and the Chebyshev Inequality Theorem (CIT to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB is employed alongside Random Forest (RF as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.

DEVELOPMENT OF A WEB-BASED PROXIMITY BASED MEDIA SHARING APPLICATION

OpenAIRE

Erol Ozan

2016-01-01

This article reports the development of Vissou, which is a location based web application that enables media recording and sharing among users who are in close proximity to each other. The application facilitates the automated hand-over of the recorded media files from one user to another. There are many social networking applications and web sites that provide digital media sharing and editing functionalities. What differentiates Vissou from other similar applications is the functions and us...

Beyond grid security

International Nuclear Information System (INIS)

Hoeft, B; Epting, U; Koenig, T

2008-01-01

While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls

A Semantic Sensor Web for Environmental Decision Support Applications

Science.gov (United States)

Gray, Alasdair J. G.; Sadler, Jason; Kit, Oles; Kyzirakos, Kostis; Karpathiotakis, Manos; Calbimonte, Jean-Paul; Page, Kevin; García-Castro, Raúl; Frazer, Alex; Galpin, Ixent; Fernandes, Alvaro A. A.; Paton, Norman W.; Corcho, Oscar; Koubarakis, Manolis; De Roure, David; Martinez, Kirk; Gómez-Pérez, Asunción

2011-01-01

Sensing devices are increasingly being deployed to monitor the physical world around us. One class of application for which sensor data is pertinent is environmental decision support systems, e.g., flood emergency response. For these applications, the sensor readings need to be put in context by integrating them with other sources of data about the surrounding environment. Traditional systems for predicting and detecting floods rely on methods that need significant human resources. In this paper we describe a semantic sensor web architecture for integrating multiple heterogeneous datasets, including live and historic sensor data, databases, and map layers. The architecture provides mechanisms for discovering datasets, defining integrated views over them, continuously receiving data in real-time, and visualising on screen and interacting with the data. Our approach makes extensive use of web service standards for querying and accessing data, and semantic technologies to discover and integrate datasets. We demonstrate the use of our semantic sensor web architecture in the context of a flood response planning web application that uses data from sensor networks monitoring the sea-state around the coast of England. PMID:22164110

MEMS and MOEMS for national security applications

Science.gov (United States)

Scott, Marion W.

2003-01-01

Major opportunities for microsystem insertion into commercial applications, such as telecommunications and medical prosthesis, are well known. Less well known are applications that ensure the security of our nation, the protection of its armed forces, and the safety of its citizens. Microsystems enable entirely new possibilities to meet National Security needs, which can be classed along three lines: anticipating security needs and threats, deterring the efficacy of identified threats, and defending against the application of these threats. In each of these areas, specific products that are enabled by MEMS and MOEMS are discussed. In the area of anticipating needs and threats, sensored microsystems designed for chem/bio/nuclear threats, and sensors for border and asset protection can significantly secure our borders, ports, and transportation systems. Key features for these applications include adaptive optics and spectroscopic capabilities. Microsystems to monitor soil and water quality can be used to secure critical infrastructure, food safety can be improved by in-situ identification of pathogens, and sensored buildings can ensure the architectural safety of our homes and workplaces. A challenge to commercializing these opportunities, and thus making them available for National Security needs, is developing predictable markets and predictable technology roadmaps. The integrated circuit manufacturing industry provides an example of predictable technology maturation and market insertion, primarily due to the existence of a "unit cell" that allows volume manufacturing. It is not clear that microsystems can follow an analogous path. The possible paths to affordable low-volume production, as well as the prospects of a microsystems unit cell, are discussed.

webinos project deliverable: Phase 1 Security Framework

OpenAIRE

webinos consortium

2011-01-01

The webinos project aims to deliver a cross-device web application runtime environment, providing a unified development platform and standardized inter-device communication and interaction. This document contains the first iteration of the technical security and privacy framework designed for the webinos project. It accompanies two other documents - D3.1 System Specification and D3.2 API Specifications - and refers to concepts developed in them. The security and privacy architecture aims to p...

Development of a Web-Based Clinical Decision Support System for Drug Prescription: Non-Interventional Naturalistic Description of the Antipsychotic Prescription Patterns in 4345 Outpatients and Future Applications.

Science.gov (United States)

Berrouiguet, Sofian; Barrigón, Maria Luisa; Brandt, Sara A; Ovejero-García, Santiago; Álvarez-García, Raquel; Carballo, Juan Jose; Lenca, Philippe; Courtet, Philippe; Baca-García, Enrique

2016-01-01

The emergence of electronic prescribing devices with clinical decision support systems (CDSS) is able to significantly improve management pharmacological treatments. We developed a web application available on smartphones in order to help clinicians monitor prescription and further propose CDSS. A web application (www.MEmind.net) was developed to assess patients and collect data regarding gender, age, diagnosis and treatment. We analyzed antipsychotic prescriptions in 4345 patients attended in five Psychiatric Community Mental Health Centers from June 2014 to October 2014. The web-application reported average daily dose prescribed for antipsychotics, prescribed daily dose (PDD), and the PDD to defined daily dose (DDD) ratio. The MEmind web-application reported that antipsychotics were used in 1116 patients out of the total sample, mostly in 486 (44%) patients with schizophrenia related disorders but also in other diagnoses. Second generation antipsychotics (quetiapine, aripiprazole and long-acting paliperidone) were preferably employed. Low doses were more frequently used than high doses. Long acting paliperidone and ziprasidone however, were the only two antipsychotics used at excessive dosing. Antipsychotic polypharmacy was used in 287 (26%) patients with classic depot drugs, clotiapine, amisulpride and clozapine. In this study we describe the first step of the development of a web application that is able to make polypharmacy, high dose usage and off label usage of antipsychotics visible to clinicians. Current development of the MEmind web application may help to improve prescription security via momentary feedback of prescription and clinical decision support system.

Techniques for Finding Vulnerabilities in Web Applications

OpenAIRE

Mihai Sandulescu

2014-01-01

The current trend is to move everything on the Internet. Because a lot of companies store sensitive user information, security has become mandatory. Usually, software developers don’t follow some basic practices in order to secure their applications. This paper will present in the second chapter, the white-box, black-box and gray-box methods which can be used in order to test applications for possible vulnerabilities. It focuses on fuzz testing, which is a black-box testing method, presented ...

An Application for Data Preprocessing and Models Extractions in Web Usage Mining

Directory of Open Access Journals (Sweden)

Claudia Elena DINUCA

2011-11-01

Full Text Available Web servers worldwide generate a vast amount of information on web users’ browsing activities. Several researchers have studied these so-called clickstream or web access log data to better understand and characterize web users. The goal of this application is to analyze user behaviour by mining enriched web access log data. With the continued growth and proliferation of e-commerce, Web services, and Web-based information systems, the volumes of click stream and user data collected by Web-based organizations in their daily operations has reached astronomical proportions. This information can be exploited in various ways, such as enhancing the effectiveness of websites or developing directed web marketing campaigns. The discovered patterns are usually represented as collections of pages, objects, or re-sources that are frequently accessed by groups of users with common needs or interests. In this paper we will focus on displaying the way how it was implemented the application for data preprocessing and extracting different data models from web logs data, finding association as a data mining technique to extract potentially useful knowledge from web usage data. We find different data models navigation patterns by analysing the log files of the web-site. I implemented the application in Java using NetBeans IDE. For exemplification, I used the log files data from a commercial web site www.nice-layouts.com.

Solving Guesstimation Problems Using the Semantic Web:Four Lessons from an Application

OpenAIRE

Bundy, Alan; Sasnauskas, Gintautas; Chan, Michael

2013-01-01

We draw on our experience of implementing a semi-automated guesstimation application of the Semantic Web, gort, to draw four lessons, which we claim are of general applicability. These are:1. Inference can unleash the Semantic Web: The full power of the web will only be realised when we can use it to infer new knowledge from old.2. The Semantic Web does not constrain the inference mechanisms: Since we must anyway curate the knowledge we extract from the web, we can take the opportunity to tra...

Web-based applications for virtual laboratories

NARCIS (Netherlands)

Bier, H.H.

2011-01-01

Web-based applications for academic education facilitate, usually, exchange of multimedia files, while design-oriented domains such as architectural and urban design require additional support in collaborative real-time drafting and modeling. In this context, multi-user interactive interfaces

Design and development of a web-enabled data mining system ...

Indian Academy of Sciences (India)

Abstract. With the advent of cost effective storage systems and high speed net- ... All the other advantages of a web-based application such as security, reliability and ..... Fowler M 2004 Inversion of control containers and the injection pattern.

On enabling secure applications through off-line biometric identification

Energy Technology Data Exchange (ETDEWEB)

Davida, G.I. [Univ. of Wisconsin, Milwaukee, WI (United States); Frankel, Y. [CertCo LLC, New York, NY (United States); Matt, B.J. [Sandia National Labs., Albuquerque, NM (United States)

1998-04-01

In developing secure applications and systems, the designers often must incorporate secure user identification in the design specification. In this paper, the authors study secure off line authenticated user identification schemes based on a biometric system that can measure a user`s biometric accurately (up to some Hamming distance). The schemes presented here enhance identification and authorization in secure applications by binding a biometric template with authorization information on a token such as a magnetic strip. Also developed here are schemes specifically designed to minimize the compromise of a user`s private biometrics data, encapsulated in the authorization information, without requiring secure hardware tokens. In this paper the authors furthermore study the feasibility of biometrics performing as an enabling technology for secure system and application design. The authors investigate a new technology which allows a user`s biometrics to facilitate cryptographic mechanisms.

On enabling secure applications through off-line biometric identification

International Nuclear Information System (INIS)

Davida, G.I.; Frankel, Y.; Matt, B.J.

1998-04-01

In developing secure applications and systems, the designers often must incorporate secure user identification in the design specification. In this paper, the authors study secure off line authenticated user identification schemes based on a biometric system that can measure a user's biometric accurately (up to some Hamming distance). The schemes presented here enhance identification and authorization in secure applications by binding a biometric template with authorization information on a token such as a magnetic strip. Also developed here are schemes specifically designed to minimize the compromise of a user's private biometrics data, encapsulated in the authorization information, without requiring secure hardware tokens. In this paper the authors furthermore study the feasibility of biometrics performing as an enabling technology for secure system and application design. The authors investigate a new technology which allows a user's biometrics to facilitate cryptographic mechanisms

Specification framework for engineering adaptive web applications

NARCIS (Netherlands)

Frasincar, F.; Houben, G.J.P.M.; Vdovják, R.

2002-01-01

The growing demand for data-driven Web applications has led to the need for a structured and controlled approach to the engineering of such applications. Both designers and developers need a framework that in all stages of the engineering process allows them to specify the relevant aspects of the

Raman Spectroscopy for Homeland Security Applications

Directory of Open Access Journals (Sweden)

Gregory Mogilevsky

2012-01-01

Full Text Available Raman spectroscopy is an analytical technique with vast applications in the homeland security and defense arenas. The Raman effect is defined by the inelastic interaction of the incident laser with the analyte molecule’s vibrational modes, which can be exploited to detect and identify chemicals in various environments and for the detection of hazards in the field, at checkpoints, or in a forensic laboratory with no contact with the substance. A major source of error that overwhelms the Raman signal is fluorescence caused by the background and the sample matrix. Novel methods are being developed to enhance the Raman signal’s sensitivity and to reduce the effects of fluorescence by altering how the hazard material interacts with its environment and the incident laser. Basic Raman techniques applicable to homeland security applications include conventional (off-resonance Raman spectroscopy, surface-enhanced Raman spectroscopy (SERS, resonance Raman spectroscopy, and spatially or temporally offset Raman spectroscopy (SORS and TORS. Additional emerging Raman techniques, including remote Raman detection, Raman imaging, and Heterodyne imaging, are being developed to further enhance the Raman signal, mitigate fluorescence effects, and monitor hazards at a distance for use in homeland security and defense applications.

THE DIFFERENCE BETWEEN DEVELOPING SINGLE PAGE APPLICATION AND TRADITIONAL WEB APPLICATION BASED ON MECHATRONICS ROBOT LABORATORY ONAFT APPLICATION

Directory of Open Access Journals (Sweden)

V. Solovei

2018-04-01

Full Text Available Today most of desktop and mobile applications have analogues in the form of web-based applications.  With evolution of development technologies and web technologies web application increased in functionality to desktop applications. The Web application consists of two parts of the client part and the server part. The client part is responsible for providing the user with visual information through the browser. The server part is responsible for processing and storing data.MPA appeared simultaneously with the Internet. Multiple-page applications work in a "traditional" way. Every change eg. display the data or submit data back to the server. With the advent of AJAX, MPA learned to load not the whole page, but only a part of it, which eventually led to the appearance of the SPA. SPA is the principle of development when only one page is transferred to the client part, and the content is downloaded only to a certain part of the page, without rebooting it, which allows to speed up the application and simplify the user experience of using the application to the level of desktop applications.Based on the SPA, the Mechatronics Robot Laboratory ONAFT application was designed to automate the management process. The application implements the client-server architecture. The server part consists of a RESTful API, which allows you to get unified access to the application functionality, and a database for storing information. Since the client part is a spa, this allows you to reduce the load on the connection to the server and improve the user experience

Secure Service Proxy: A CoAP(s) Intermediary for a Securer and Smarter Web of Things.

Science.gov (United States)

Van den Abeele, Floris; Moerman, Ingrid; Demeester, Piet; Hoebeke, Jeroen

2017-07-11

As the IoT continues to grow over the coming years, resource-constrained devices and networks will see an increase in traffic as everything is connected in an open Web of Things. The performance- and function-enhancing features are difficult to provide in resource-constrained environments, but will gain importance if the WoT is to be scaled up successfully. For example, scalable open standards-based authentication and authorization will be important to manage access to the limited resources of constrained devices and networks. Additionally, features such as caching and virtualization may help further reduce the load on these constrained systems. This work presents the Secure Service Proxy (SSP): a constrained-network edge proxy with the goal of improving the performance and functionality of constrained RESTful environments. Our evaluations show that the proposed design reaches its goal by reducing the load on constrained devices while implementing a wide range of features as different adapters. Specifically, the results show that the SSP leads to significant savings in processing, network traffic, network delay and packet loss rates for constrained devices. As a result, the SSP helps to guarantee the proper operation of constrained networks as these networks form an ever-expanding Web of Things.

Secure Service Proxy: A CoAP(s Intermediary for a Securer and Smarter Web of Things

Directory of Open Access Journals (Sweden)

Floris Van den Abeele

2017-07-01

Full Text Available As the IoT continues to grow over the coming years, resource-constrained devices and networks will see an increase in traffic as everything is connected in an open Web of Things. The performance- and function-enhancing features are difficult to provide in resource-constrained environments, but will gain importance if the WoT is to be scaled up successfully. For example, scalable open standards-based authentication and authorization will be important to manage access to the limited resources of constrained devices and networks. Additionally, features such as caching and virtualization may help further reduce the load on these constrained systems. This work presents the Secure Service Proxy (SSP: a constrained-network edge proxy with the goal of improving the performance and functionality of constrained RESTful environments. Our evaluations show that the proposed design reaches its goal by reducing the load on constrained devices while implementing a wide range of features as different adapters. Specifically, the results show that the SSP leads to significant savings in processing, network traffic, network delay and packet loss rates for constrained devices. As a result, the SSP helps to guarantee the proper operation of constrained networks as these networks form an ever-expanding Web of Things.

Development of a web application for water resources based on open source software

Science.gov (United States)

Delipetrev, Blagoj; Jonoski, Andreja; Solomatine, Dimitri P.

2014-01-01

This article presents research and development of a prototype web application for water resources using latest advancements in Information and Communication Technologies (ICT), open source software and web GIS. The web application has three web services for: (1) managing, presenting and storing of geospatial data, (2) support of water resources modeling and (3) water resources optimization. The web application is developed using several programming languages (PhP, Ajax, JavaScript, Java), libraries (OpenLayers, JQuery) and open source software components (GeoServer, PostgreSQL, PostGIS). The presented web application has several main advantages: it is available all the time, it is accessible from everywhere, it creates a real time multi-user collaboration platform, the programing languages code and components are interoperable and designed to work in a distributed computer environment, it is flexible for adding additional components and services and, it is scalable depending on the workload. The application was successfully tested on a case study with concurrent multi-users access.

Hacking web intelligence open source intelligence and web reconnaissance concepts and techniques

CERN Document Server

Chauhan, Sudhanshu

2015-01-01

Open source intelligence (OSINT) and web reconnaissance are rich topics for infosec professionals looking for the best ways to sift through the abundance of information widely available online. In many cases, the first stage of any security assessment-that is, reconnaissance-is not given enough attention by security professionals, hackers, and penetration testers. Often, the information openly present is as critical as the confidential data. Hacking Web Intelligence shows you how to dig into the Web and uncover the information many don't even know exists. The book takes a holistic approach

Restricted access processor - An application of computer security technology

Science.gov (United States)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

A Policy Based Approach for the Management of Web Browser Resources to Prevent Anonymity Attacks in Tor

Science.gov (United States)

Navarro-Arribas, Guillermo; Garcia-Alfaro, Joaquin

Web browsers are becoming the universal interface to reach applications and services related with these systems. Different browsing contexts may be required in order to reach them, e.g., use of VPN tunnels, corporate proxies, anonymisers, etc. By browsing context we mean how the user browsers the Web, including mainly the concrete configuration of its browser. When the context of the browser changes, its security requirements also change. In this work, we present the use of authorisation policies to automatise the process of controlling the resources of a Web browser when its context changes. The objective of our proposal is oriented towards easing the adaptation to the security requirements of the new context and enforce them in the browser without the need for user intervention. We present a concrete application of our work as a plug-in for the adaption of security requirements in Mozilla/Firefox browser when a context of anonymous navigation through the Tor network is enabled.

Mastering web application development with Express

CERN Document Server

Vlăduțu, Alexandru

2014-01-01

If you are a Node.js developer who wants to take your Express skills to the next level and develop high performing, reliable web applications using best practices, this book is ideal for you. The only prerequisite is knowledge of Node.js.

WebViz:A Web-based Collaborative Interactive Visualization System for large-Scale Data Sets

Science.gov (United States)

Yuen, D. A.; McArthur, E.; Weiss, R. M.; Zhou, J.; Yao, B.

2010-12-01

WebViz is a web-based application designed to conduct collaborative, interactive visualizations of large data sets for multiple users, allowing researchers situated all over the world to utilize the visualization services offered by the University of Minnesota’s Laboratory for Computational Sciences and Engineering (LCSE). This ongoing project has been built upon over the last 3 1/2 years .The motivation behind WebViz lies primarily with the need to parse through an increasing amount of data produced by the scientific community as a result of larger and faster multicore and massively parallel computers coming to the market, including the use of general purpose GPU computing. WebViz allows these large data sets to be visualized online by anyone with an account. The application allows users to save time and resources by visualizing data ‘on the fly’, wherever he or she may be located. By leveraging AJAX via the Google Web Toolkit (http://code.google.com/webtoolkit/), we are able to provide users with a remote, web portal to LCSE's (http://www.lcse.umn.edu) large-scale interactive visualization system already in place at the University of Minnesota. LCSE’s custom hierarchical volume rendering software provides high resolution visualizations on the order of 15 million pixels and has been employed for visualizing data primarily from simulations in astrophysics to geophysical fluid dynamics . In the current version of WebViz, we have implemented a highly extensible back-end framework built around HTTP "server push" technology. The web application is accessible via a variety of devices including netbooks, iPhones, and other web and javascript-enabled cell phones. Features in the current version include the ability for users to (1) securely login (2) launch multiple visualizations (3) conduct collaborative visualization sessions (4) delegate control aspects of a visualization to others and (5) engage in collaborative chats with other users within the user interface

Grid-optimized Web 3D applications on wide area network

Science.gov (United States)

Wang, Frank; Helian, Na; Meng, Lingkui; Wu, Sining; Zhang, Wen; Guo, Yike; Parker, Michael Andrew

2008-08-01

Geographical information system has come into the Web Service times now. In this paper, Web3D applications have been developed based on our developed Gridjet platform, which provides a more effective solution for massive 3D geo-dataset sharing in distributed environments. Web3D services enabling web users could access the services as 3D scenes, virtual geographical environment and so on. However, Web3D services should be shared by thousands of essential users that inherently distributed on different geography locations. Large 3D geo-datasets need to be transferred to distributed clients via conventional HTTP, NFS and FTP protocols, which often encounters long waits and frustration in distributed wide area network environments. GridJet was used as the underlying engine between the Web 3D application node and geo-data server that utilizes a wide range of technologies including the one of paralleling the remote file access, which is a WAN/Grid-optimized protocol and provides "local-like" accesses to remote 3D geo-datasets. No change in the way of using software is required since the multi-streamed GridJet protocol remains fully compatible with existing IP infrastructures. Our recent progress includes a real-world test that Web3D applications as Google Earth over the GridJet protocol beats those over the classic ones by a factor of 2-7 where the transfer distance is over 10,000 km.

Chemical Sniffing Instrumentation for Security Applications.

Science.gov (United States)

Giannoukos, Stamatios; Brkić, Boris; Taylor, Stephen; Marshall, Alan; Verbeck, Guido F

2016-07-27

Border control for homeland security faces major challenges worldwide due to chemical threats from national and/or international terrorism as well as organized crime. A wide range of technologies and systems with threat detection and monitoring capabilities has emerged to identify the chemical footprint associated with these illegal activities. This review paper investigates artificial sniffing technologies used as chemical sensors for point-of-use chemical analysis, especially during border security applications. This article presents an overview of (a) the existing available technologies reported in the scientific literature for threat screening, (b) commercially available, portable (hand-held and stand-off) chemical detection systems, and (c) their underlying functional and operational principles. Emphasis is given to technologies that have been developed for in-field security operations, but laboratory developed techniques are also summarized as emerging technologies. The chemical analytes of interest in this review are (a) volatile organic compounds (VOCs) associated with security applications (e.g., illegal, hazardous, and terrorist events), (b) chemical "signatures" associated with human presence, and (c) threat compounds (drugs, explosives, and chemical warfare agents).

Advances in Electronic Commerce, Web Application and Communication v.1

CERN Document Server

Lin, Sally; Second International Conference on Electronic Commerce, Web Application and Communication (ECWAC 2012)

2012-01-01

ECWAC2012 is an integrated conference devoted to Electronic Commerce, Web Application and Communication. In the this proceedings you can find the carefully reviewed scientific outcome of the second International Conference on Electronic Commerce, Web Application and Communication (ECWAC 2012) held at March 17-18,2012  in Wuhan, China, bringing together researchers from all around the world in the field.

Advances in Electronic Commerce, Web Application and Communication v.2

CERN Document Server

Lin, Sally; Second International Conference on Electronic Commerce, Web Application and Communication (ECWAC 2012)

2012-01-01

ECWAC2012 is an integrated conference devoted to Electronic Commerce, Web Application and Communication. In the this proceedings you can find the carefully reviewed scientific outcome of the second International Conference on Electronic Commerce, Web Application and Communication (ECWAC 2012) held at March 17-18,2012  in Wuhan, China, bringing together researchers from all around the world in the field.

Displaying R spatial statistics on Google dynamic maps with web applications created by Rwui

Science.gov (United States)

2012-01-01

Background The R project includes a large variety of packages designed for spatial statistics. Google dynamic maps provide web based access to global maps and satellite imagery. We describe a method for displaying directly the spatial output from an R script on to a Google dynamic map. Methods This is achieved by creating a Java based web application which runs the R script and then displays the results on the dynamic map. In order to make this method easy to implement by those unfamiliar with programming Java based web applications, we have added the method to the options available in the R Web User Interface (Rwui) application. Rwui is an established web application for creating web applications for running R scripts. A feature of Rwui is that all the code for the web application being created is generated automatically so that someone with no knowledge of web programming can make a fully functional web application for running an R script in a matter of minutes. Results Rwui can now be used to create web applications that will display the results from an R script on a Google dynamic map. Results may be displayed as discrete markers and/or as continuous overlays. In addition, users of the web application may select regions of interest on the dynamic map with mouse clicks and the coordinates of the region of interest will automatically be made available for use by the R script. Conclusions This method of displaying R output on dynamic maps is designed to be of use in a number of areas. Firstly it allows statisticians, working in R and developing methods in spatial statistics, to easily visualise the results of applying their methods to real world data. Secondly, it allows researchers who are using R to study health geographics data, to display their results directly onto dynamic maps. Thirdly, by creating a web application for running an R script, a statistician can enable users entirely unfamiliar with R to run R coded statistical analyses of health geographics

Analysis and Design of Web-Based Database Application for Culinary Community

Directory of Open Access Journals (Sweden)

Choirul Huda

2017-03-01

Full Text Available This research is based on the rapid development of the culinary and information technology. The difficulties in communicating with the culinary expert and on recipe documentation make a proper support for media very important. Therefore, a web-based database application for the public is important to help the culinary community in communication, searching and recipe management. The aim of the research was to design a web-based database application that could be used as social media for the culinary community. This research used literature review, user interviews, and questionnaires. Moreover, the database system development life cycle was used as a guide for designing a database especially for conceptual database design, logical database design, and physical design database. Web-based application design used eight golden rules for user interface design. The result of this research is the availability of a web-based database application that can fulfill the needs of users in the culinary field related to communication and recipe management.

ASP.NET web API build RESTful web applications and services on the .NET framework

CERN Document Server

Kanjilal, Joydip

2013-01-01

This book is a step-by-step, practical tutorial with a simple approach to help you build RESTful web applications and services on the .NET framework quickly and efficiently.This book is for ASP.NET web developers who want to explore REST-based services with C# 5. This book contains many real-world code examples with explanations whenever necessary. Some experience with C# and ASP.NET 4 is expected.

Crawling Ajax-based Web Applications through Dynamic Analysis of User Interface State Changes

NARCIS (Netherlands)

Mesbah, A.; Van Deursen, A.; Lenselink, S.

2011-01-01

Using JavaScript and dynamic DOM manipulation on the client-side of web applications is becoming a widespread approach for achieving rich interactivity and responsiveness in modern web applications. At the same time, such techniques, collectively known as Ajax, shatter the metaphor of web ‘pages’

A security model for saas in cloud computing

International Nuclear Information System (INIS)

Abbas, R.; Farooq, A.

2016-01-01

Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. It has many service modes like Software as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS). In SaaS model, service providers install and activate the applications in cloud and cloud customers access the software from cloud. So, the user does not have the need to purchase and install a particular software on his/her machine. While using SaaS model, there are multiple security issues and problems like Data security, Data breaches, Network security, Authentication and authorization, Data integrity, Availability, Web application security and Backup which are faced by users. Many researchers minimize these security problems by putting in hard work. A large work has been done to resolve these problems but there are a lot of issues that persist and need to overcome. In this research work, we have developed a security model that improves the security of data according to the desire of the End-user. The proposed model for different data security options can be helpful to increase the data security through which trade-off between functionalities can be optimized for private and public data. (author)

Artificial immune system applications in computer security

CERN Document Server

Tan, Ying

2016-01-01

This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues. Artificial Immune System: Applications in Computer Security focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security. The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networ s, and Support Vector Machines (SVM), Danger theory, ...

User Interface Design in Medical Distributed Web Applications.

Science.gov (United States)

Serban, Alexandru; Crisan-Vida, Mihaela; Mada, Leonard; Stoicu-Tivadar, Lacramioara

2016-01-01

User interfaces are important to facilitate easy learning and operating with an IT application especially in the medical world. An easy to use interface has to be simple and to customize the user needs and mode of operation. The technology in the background is an important tool to accomplish this. The present work aims to creating a web interface using specific technology (HTML table design combined with CSS3) to provide an optimized responsive interface for a complex web application. In the first phase, the current icMED web medical application layout is analyzed, and its structure is designed using specific tools, on source files. In the second phase, a new graphic adaptable interface to different mobile terminals is proposed, (using HTML table design (TD) and CSS3 method) that uses no source files, just lines of code for layout design, improving the interaction in terms of speed and simplicity. For a complex medical software application a new prototype layout was designed and developed using HTML tables. The method uses a CSS code with only CSS classes applied to one or multiple HTML table elements, instead of CSS styles that can be applied to just one DIV tag at once. The technique has the advantage of a simplified CSS code, and a better adaptability to different media resolutions compared to DIV-CSS style method. The presented work is a proof that adaptive web interfaces can be developed just using and combining different types of design methods and technologies, using HTML table design, resulting in a simpler to learn and use interface, suitable for healthcare services.

Web Extensible Display Manager

Energy Technology Data Exchange (ETDEWEB)

Slominski, Ryan [Thomas Jefferson National Accelerator Facility (TJNAF), Newport News, VA (United States); Larrieu, Theodore L. [Thomas Jefferson National Accelerator Facility (TJNAF), Newport News, VA (United States)

2018-02-01

Jefferson Lab's Web Extensible Display Manager (WEDM) allows staff to access EDM control system screens from a web browser in remote offices and from mobile devices. Native browser technologies are leveraged to avoid installing and managing software on remote clients such as browser plugins, tunnel applications, or an EDM environment. Since standard network ports are used firewall exceptions are minimized. To avoid security concerns from remote users modifying a control system, WEDM exposes read-only access and basic web authentication can be used to further restrict access. Updates of monitored EPICS channels are delivered via a Web Socket using a web gateway. The software translates EDM description files (denoted with the edl suffix) to HTML with Scalable Vector Graphics (SVG) following the EDM's edl file vector drawing rules to create faithful screen renderings. The WEDM server parses edl files and creates the HTML equivalent in real-time allowing existing screens to work without modification. Alternatively, the familiar drag and drop EDM screen creation tool can be used to create optimized screens sized specifically for smart phones and then rendered by WEDM.

Development of grid-like applications for public health using Web 2.0 mashup techniques.

Science.gov (United States)

Scotch, Matthew; Yip, Kevin Y; Cheung, Kei-Hoi

2008-01-01

Development of public health informatics applications often requires the integration of multiple data sources. This process can be challenging due to issues such as different file formats, schemas, naming systems, and having to scrape the content of web pages. A potential solution to these system development challenges is the use of Web 2.0 technologies. In general, Web 2.0 technologies are new internet services that encourage and value information sharing and collaboration among individuals. In this case report, we describe the development and use of Web 2.0 technologies including Yahoo! Pipes within a public health application that integrates animal, human, and temperature data to assess the risk of West Nile Virus (WNV) outbreaks. The results of development and testing suggest that while Web 2.0 applications are reasonable environments for rapid prototyping, they are not mature enough for large-scale public health data applications. The application, in fact a "systems of systems," often failed due to varied timeouts for application response across web sites and services, internal caching errors, and software added to web sites by administrators to manage the load on their servers. In spite of these concerns, the results of this study demonstrate the potential value of grid computing and Web 2.0 approaches in public health informatics.

Scalable Transactions for Web Applications in the Cloud

NARCIS (Netherlands)

Zhou, W.; Pierre, G.E.O.; Chi, C.-H.

2009-01-01

Cloud Computing platforms provide scalability and high availability properties for web applications but they sacrifice data consistency at the same time. However, many applications cannot afford any data inconsistency. We present a scalable transaction manager for NoSQL cloud database services to

Video motion detection for physical security applications

International Nuclear Information System (INIS)

Matter, J.C.

1990-01-01

Physical security specialists have been attracted to the concept of video motion detection for several years. Claimed potential advantages included additional benefit from existing video surveillance systems, automatic detection, improved performance compared to human observers, and cost-effectiveness. In recent years, significant advances in image-processing dedicated hardware and image analysis algorithms and software have accelerated the successful application of video motion detection systems to a variety of physical security applications. Early video motion detectors (VMDs) were useful for interior applications of volumetric sensing. Success depended on having a relatively well-controlled environment. Attempts to use these systems outdoors frequently resulted in an unacceptable number of nuisance alarms. Currently, Sandia National Laboratories (SNL) is developing several advanced systems that employ image-processing techniques for a broader set of safeguards and security applications. The Target Cueing and Tracking System (TCATS), the Video Imaging System for Detection, Tracking, and Assessment (VISDTA), the Linear Infrared Scanning Array (LISA); the Mobile Intrusion Detection and Assessment System (MIDAS), and the Visual Artificially Intelligent Surveillance (VAIS) systems are described briefly

VennDiagramWeb: a web application for the generation of highly customizable Venn and Euler diagrams.

Science.gov (United States)

Lam, Felix; Lalansingh, Christopher M; Babaran, Holly E; Wang, Zhiyuan; Prokopec, Stephenie D; Fox, Natalie S; Boutros, Paul C

2016-10-03

Visualization of data generated by high-throughput, high-dimensionality experiments is rapidly becoming a rate-limiting step in computational biology. There is an ongoing need to quickly develop high-quality visualizations that can be easily customized or incorporated into automated pipelines. This often requires an interface for manual plot modification, rapid cycles of tweaking visualization parameters, and the generation of graphics code. To facilitate this process for the generation of highly-customizable, high-resolution Venn and Euler diagrams, we introduce VennDiagramWeb: a web application for the widely used VennDiagram R package. VennDiagramWeb is hosted at http://venndiagram.res.oicr.on.ca/ . VennDiagramWeb allows real-time modification of Venn and Euler diagrams, with parameter setting through a web interface and immediate visualization of results. It allows customization of essentially all aspects of figures, but also supports integration into computational pipelines via download of R code. Users can upload data and download figures in a range of formats, and there is exhaustive support documentation. VennDiagramWeb allows the easy creation of Venn and Euler diagrams for computational biologists, and indeed many other fields. Its ability to support real-time graphics changes that are linked to downloadable code that can be integrated into automated pipelines will greatly facilitate the improved visualization of complex datasets. For application support please contact Paul.Boutros@oicr.on.ca.

Usage of Web Service in Mobile Application for Parents and Students in Binus School Serpong

Directory of Open Access Journals (Sweden)

Karto Iskandar

2016-09-01

Full Text Available A web service is a service offered by a device electronically to communicate with other electronic device using the World wide web. Smartphone is an electronic device that almost everyone has, especially student and parent for getting information about the school. In BINUS School Serpong mobile application, web services used for getting data from web server like student and menu data. Problem faced by BINUS School Serpong today is the time-consuming application update when using the native application while the application updates are very frequent. To resolve this problem, BINUS School Serpong mobile application will use the web service. This article showed the usage of web services with XML for retrieving data of student. The result from this study is that by using web service, smartphone can retrieve data consistently between multiple platforms. 

Relational Constraint Driven Test Case Synthesis for Web Applications

Directory of Open Access Journals (Sweden)

Xiang Fu

2010-09-01

Full Text Available This paper proposes a relational constraint driven technique that synthesizes test cases automatically for web applications. Using a static analysis, servlets can be modeled as relational transducers, which manipulate backend databases. We present a synthesis algorithm that generates a sequence of HTTP requests for simulating a user session. The algorithm relies on backward symbolic image computation for reaching a certain database state, given a code coverage objective. With a slight adaptation, the technique can be used for discovering workflow attacks on web applications.

HTML5 web application development by example

CERN Document Server

Gustafson, JM

2013-01-01

The best way to learn anything is by doing. The author uses a friendly tone and fun examples to ensure that you learn the basics of application development. Once you have read this book, you should have the necessary skills to build your own applications.If you have no experience but want to learn how to create applications in HTML5, this book is the only help you'll need. Using practical examples, HTML5 Web Application Development by Example will develop your knowledge and confidence in application development.

Understanding Application Behaviours for Android Security: A Systematic Characterization

OpenAIRE

Cai, Haipeng; Ryder, Barbara

2016-01-01

In contrast to most existing research on Android focusing on specific security issues, there is little broad understanding of Android application run-time characteristics and their security implications. To mitigate this gap, we present the first dynamic characterization study of Android applications that targets such a broad understanding for Android security. Through lightweight method-level profiling, we have collected 33GB traces of method calls and inter-component communication (ICC) fro...

Computer Security: Competing Concepts

OpenAIRE

Nissenbaum, Helen; Friedman, Batya; Felten, Edward

2001-01-01

This paper focuses on a tension we discovered in the philosophical part of our multidisciplinary project on values in web-browser security. Our project draws on the methods and perspectives of empirical social science, computer science, and philosophy to identify values embodied in existing web-browser security and also to prescribe changes to existing systems (in particular, Mozilla) so that values relevant to web-browser systems are better served than presently they are. The tension, which ...

Achieving Security Assurance with Assertion-based Application Construction

Directory of Open Access Journals (Sweden)

Carlos E. Rubio-Medrano

2015-12-01

Full Text Available Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs, which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

Application Security for the Android Platform Processes, Permissions, and Other Safeguards

CERN Document Server

Six, Jeff

2011-01-01

This book will educate readers on the need for application security and secure coding practices when designing any app. No prior knowledge of security or secure programming techniques is assumed. The book will discuss the need for such practices, how the Android environment is structured with respect to security considerations, what services and techniques are available on the platform to protect data, and how developers can build and code applications that address the risk to their applications and the data processed by them. This text is especially important now, as Android is fast becoming

Server Interface Descriptions for Automated Testing of JavaScript Web Applications

DEFF Research Database (Denmark)

Jensen, Casper Svenning; Møller, Anders; Su, Zhendong

2013-01-01

Automated testing of JavaScript web applications is complicated by the communication with servers. Specifically, it is difficult to test the JavaScript code in isolation from the server code and database contents. We present a practical solution to this problem. First, we demonstrate that formal...... server interface descriptions are useful in automated testing of JavaScript web applications for separating the concerns of the client and the server. Second, to support the construction of server interface descriptions for existing applications, we introduce an effective inference technique that learns...... communication patterns from sample data. By incorporating interface descriptions into the testing tool Artemis, our experimental results show that we increase the level of automation for high-coverage testing on a collection of JavaScript web applications that exchange JSON data between the clients and servers...

Penetration Testing Model for Web sites Hosted in Nuclear Malaysia

International Nuclear Information System (INIS)

Mohd Dzul Aiman Aslan; Mohamad Safuan Sulaiman; Siti Nurbahyah Hamdan; Saaidi Ismail; Mohd Fauzi Haris; Norzalina Nasiruddin; Raja Murzaferi Mokhtar

2012-01-01

Nuclear Malaysia web sites has been very crucial in providing important and useful information and services to the clients as well as the users worldwide. Furthermore, a web site is important as it reflects the organisation image. To ensure the integrity of the content of web site, a study has been made and a penetration testing model has been implemented to test the security of several web sites hosted at Nuclear Malaysia for malicious attempts. This study will explain how the security was tested in the detailed condition and measured. The result determined the security level and the vulnerability of several web sites. This result is important for improving and hardening the security of web sites in Nuclear Malaysia. (author)

Review on Cyber Security Programs for NPP Application

Energy Technology Data Exchange (ETDEWEB)

Oh, Eung Se [KEPRI, Daejeon (Korea, Republic of)

2010-10-15

Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS; CFR; RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

Review on Cyber Security Programs for NPP Application

International Nuclear Information System (INIS)

Oh, Eung Se

2010-01-01

Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS] [CFR] [RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

A Sample WebQuest Applicable in Teaching Topological Concepts

Science.gov (United States)

Yildiz, Sevda Goktepe; Korpeoglu, Seda Goktepe

2016-01-01

In recent years, WebQuests have received a great deal of attention and have been used effectively in teaching-learning process in various courses. In this study, a WebQuest that can be applicable in teaching topological concepts for undergraduate level students was prepared. A number of topological concepts, such as countability, infinity, and…

Penerapan Pengujian Keamanan Web Server Menggunakan Metode OWASP versi 4 (Studi Kasus Web Server Ujian Online

Directory of Open Access Journals (Sweden)

Mohammad Muhsin

2016-05-01

Full Text Available Fakultas Teknik Universitas Muhammadiyah Ponorogo telah menerapkan Ujian Tengah Semester dan Ujian Akhir Semester menggunakan aplikasi Si Ujo (Sistem Ujian Online berbasis web. Sejak tahun 2012 sampai tahun 2014, Si Ujo telah beberapa kali mengalami pengembangan baik dari sisi fitur maupun data yang disimpan. Data tersebut menyimpan data nilai matakuliah setiap mahasiswa teknik Universitas Muhammadiyah Ponorogo. Mengingat pentingnya data yang tersimpan maka perlu diterapkan pengujian keamanan dari aplikasi Si Ujo. Pengujian keamanan tersebut dilakukan untuk mengetahui tingkat kerentanan agar terhindar dari serangan dari pihak yang tidak bertanggung jawab. Salah satu metode untuk menguji aplikasi berbasis web adalah metode OWASP (Open Web Application Security Project versi 4 yang dikeluarkan oleh owasp.org sebuah organisasi non profit yang berdedikasi pada keamanan aplikasi berbasis web. Hasil pengujian menggunakan OWASP versi 4 menunjukkan bahwa manajemen otentifikasi, otorisasi dan manajemen sesi belum diimplementasikan dengan baik sehingga perlu dilakukan perbaikan lebih lanjut oleh pihak stake holder Fakul tas Teknik Universitas Muhammadiyah Ponorogo

A web application for poloidal field analysis on HL-2M

International Nuclear Information System (INIS)

Song, X.M.; Pan, W.; Chen, L.Y.; Song, X.; Li, X.D.

2014-01-01

Highlights: • An original way to develop web application with a new framework (jQuery + PHP + Matlab) is introduced. • A convenient but powerful application for electromagnetic calculation is implemented. • The web application can run in any popular browser, on any hardware and in any operating system. • No any plugin is needed; no any maintenance is required. - Abstract: Recently, many web tools [1–3] in fusion society have been designed and demonstrated, which has been proved to be powerful and convenient to fusion researchers. Many physicists and engineers need a tool to compute the poloidal magnetic field for some purposes (for example, the calibration of magnetic probes for EFIT, the field null structure analysis for control, the design of some plasma diagnostic systems), so to develop a powerful and convenient web application for the calculation of magnetic field and magnetic flux produced by PF coils is very important. In this paper, a web application tool for poloidal field analysis on HL-2M with a totally original framework is presented. This web application is full of dynamic and interactive interface, and can run in any popular browser (IE, safari, firefox, opera), on any hardware (smart phone, PC, ipad, Mac) and operating system (ios, android, windows, linux, Mac OS). No any plugins is needed. The three layers (jQuery + PHP + Matlab) of this framework are introduced. The front top client layer is developed by jQuery code. The middle layer, which plays a role of a bridge to connect the server and client through socket communication, is developed by PHP code. The behind server layer is developed by Matlab, which compute the magnetic field or magnetic flux through a Special Function called Complete Elliptic Integral, and returns the results in the client favorite way, either by table or by JPG image. The field null structure and the vertical and radial field structure calculated by this tool are introduced with details. The idea to design a web

A web application for poloidal field analysis on HL-2M

Energy Technology Data Exchange (ETDEWEB)

Song, X.M., E-mail: songxm@swip.ac.cn; Pan, W.; Chen, L.Y.; Song, X.; Li, X.D.

2014-05-15

Highlights: • An original way to develop web application with a new framework (jQuery + PHP + Matlab) is introduced. • A convenient but powerful application for electromagnetic calculation is implemented. • The web application can run in any popular browser, on any hardware and in any operating system. • No any plugin is needed; no any maintenance is required. - Abstract: Recently, many web tools [1–3] in fusion society have been designed and demonstrated, which has been proved to be powerful and convenient to fusion researchers. Many physicists and engineers need a tool to compute the poloidal magnetic field for some purposes (for example, the calibration of magnetic probes for EFIT, the field null structure analysis for control, the design of some plasma diagnostic systems), so to develop a powerful and convenient web application for the calculation of magnetic field and magnetic flux produced by PF coils is very important. In this paper, a web application tool for poloidal field analysis on HL-2M with a totally original framework is presented. This web application is full of dynamic and interactive interface, and can run in any popular browser (IE, safari, firefox, opera), on any hardware (smart phone, PC, ipad, Mac) and operating system (ios, android, windows, linux, Mac OS). No any plugins is needed. The three layers (jQuery + PHP + Matlab) of this framework are introduced. The front top client layer is developed by jQuery code. The middle layer, which plays a role of a bridge to connect the server and client through socket communication, is developed by PHP code. The behind server layer is developed by Matlab, which compute the magnetic field or magnetic flux through a Special Function called Complete Elliptic Integral, and returns the results in the client favorite way, either by table or by JPG image. The field null structure and the vertical and radial field structure calculated by this tool are introduced with details. The idea to design a web

Workflow and web application for annotating NCBI BioProject transcriptome data.

Science.gov (United States)

Vera Alvarez, Roberto; Medeiros Vidal, Newton; Garzón-Martínez, Gina A; Barrero, Luz S; Landsman, David; Mariño-Ramírez, Leonardo

2017-01-01

The volume of transcriptome data is growing exponentially due to rapid improvement of experimental technologies. In response, large central resources such as those of the National Center for Biotechnology Information (NCBI) are continually adapting their computational infrastructure to accommodate this large influx of data. New and specialized databases, such as Transcriptome Shotgun Assembly Sequence Database (TSA) and Sequence Read Archive (SRA), have been created to aid the development and expansion of centralized repositories. Although the central resource databases are under continual development, they do not include automatic pipelines to increase annotation of newly deposited data. Therefore, third-party applications are required to achieve that aim. Here, we present an automatic workflow and web application for the annotation of transcriptome data. The workflow creates secondary data such as sequencing reads and BLAST alignments, which are available through the web application. They are based on freely available bioinformatics tools and scripts developed in-house. The interactive web application provides a search engine and several browser utilities. Graphical views of transcript alignments are available through SeqViewer, an embedded tool developed by NCBI for viewing biological sequence data. The web application is tightly integrated with other NCBI web applications and tools to extend the functionality of data processing and interconnectivity. We present a case study for the species Physalis peruviana with data generated from BioProject ID 67621. URL: http://www.ncbi.nlm.nih.gov/projects/physalis/. Published by Oxford University Press 2017. This work is written by US Government employees and is in the public domain in the US.

Use and utility of Web-based residency program information: a survey of residency applicants.

Science.gov (United States)

Embi, Peter J; Desai, Sima; Cooney, Thomas G

2003-01-01

The Internet has become essential to the residency application process. In recent years, applicants and residency programs have used the Internet-based tools of the National Residency Matching Program (NRMP, the Match) and the Electronic Residency Application Service (ERAS) to process and manage application and Match information. In addition, many residency programs have moved their recruitment information from printed brochures to Web sites. Despite this change, little is known about how applicants use residency program Web sites and what constitutes optimal residency Web site content, information that is critical to developing and maintaining such sites. To study the use and perceived utility of Web-based residency program information by surveying applicants to an internal medicine program. Our sample population was the applicants to the Oregon Health & Science University Internal Medicine Residency Program who were invited for an interview. We solicited participation using the group e-mail feature available through the Electronic Residency Application Service Post-Office application. To minimize the possibility for biased responses, the study was confined to the period between submission of National Residency Matching Program rank-order lists and release of Match results. Applicants could respond using an anonymous Web-based form or by reply to the e-mail solicitation. We tabulated responses, calculated percentages for each, and performed a qualitative analysis of comments. Of the 431 potential participants, 218 responded (51%) during the study period. Ninety-nine percent reported comfort browsing the Web; 52% accessed the Web primarily from home. Sixty-nine percent learned about residency Web sites primarily from residency-specific directories while 19% relied on general directories. Eighty percent found these sites helpful when deciding where to apply, 69% when deciding where to interview, and 36% when deciding how to rank order programs for the Match. Forty

Security issues in healthcare applications using wireless medical sensor networks: a survey.

Science.gov (United States)

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

Directory of Open Access Journals (Sweden)

Hoon-Jae Lee

2011-12-01

Full Text Available Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs. Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

Ultrabroadband photonic Internet: data mining approach to security aspects

Science.gov (United States)

Kalicki, Arkadiusz

2009-06-01

Web applications became most popular medium in the Internet. Popularity, easiness of web application frameworks together with careless development results in high number of vulnerabilities and attacks. There are several types of attacks possible because of improper input validation. SQL injection is ability to execute arbitrary SQL queries in a database through an existing application. Cross-site scripting is the vulnerability which allows malicious web users to inject code into the web pages viewed by other users. Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains malicious request. Web spam in blogs. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. Misuse detection systems are signature based, have high accuracy in detecting many kinds of known attacks but cannot detect unknown and emerging attacks. This can be complemented with anomaly based intrusion detection and prevention systems. This paper presents anomaly driven proxy as an IPS and data mining based algorithm which was used to detecting anomalies. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the "normal" or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Some basic tests show that the software catches malicious requests.

Method of Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks

Science.gov (United States)

Roy-Chowdhury, Ayan (Inventor); Baras, John S. (Inventor)

2014-01-01

A method and apparatus utilizes Layered IPSEC (LES) protocol as an alternative to IPSEC for network-layer security including a modification to the Internet Key Exchange protocol. For application-level security of web browsing with acceptable end-to-end delay, the Dual-mode SSL protocol (DSSL) is used instead of SSL. The LES and DSSL protocols achieve desired end-to-end communication security while allowing the TCP and HTTP proxy servers to function correctly.

Development of an Web Service Architecture for Enterprise Application Integration

International Nuclear Information System (INIS)

Kim, Ji-Hyeon; Jung, Jae-Cheon; Chang, Young-Woo; Chang, Hoon-Seon; Kim, Jae-Cheol; Kim, Hang-Bae; Kim, Kyu-Ho; Lee, Dong-Chul

2007-01-01

The purpose of Enterprise Application Integration (EAI) is to enable the interoperability between two or more enterprise software systems. These systems, for example, can be an Enterprise Resource Planning (ERP) system, an Enterprise Asset Management (EAM) system or a Condition Monitoring system. Traditional EAI approach, based on point-to-point connection, is expensive, vendor specific with limited modules and restricted interoperability with other ERPs and applications. To overcome these drawbacks, the Web Service based EAI has emerged. It allows the integration without point to point linking and with less costs. Many approaches of Web service based EAI are combined with ORACLE, SAP, PeopleSoft, WebSphere, SIEBEL etc. as a system integration platform. The approach still has the restriction that only predefined clients can access the services. This means clients must know exactly the protocol for calling the services and if they don't have the access information they never can get the services. This is because these Web services are based on syntactic service description. In this paper, a semantic based EAI approach, that allows the uninformed clients to access the services, is introduced. The semantic EAI is designed with the Web services that have semantic service descriptions. The Semantic Web Services(SWS) are described in Web Ontology Language for Services(OWL-S), a semantic service ontology language, and advertised in Universal Description, Discovery and Integration (UDDI). Clients find desired services through the UDDI and get services from service providers through Web Service Description Language(WSDL)

Advanced express web application development

CERN Document Server

Keig, Andrew

2013-01-01

A practical book, guiding the reader through the development of a single page application using a feature-driven approach.If you are an experienced JavaScript developer who wants to build highly scalable, real-world applications using Express, this book is ideal for you. This book is an advanced title and assumes that the reader has some experience with node, Javascript MVC web development frameworks, and has heard of Express before, or is familiar with it. You should also have a basic understanding of Redis and MongoDB. This book is not a tutorial on Node, but aims to explore some of the more

AN INNOVATIVE WEB MINING APPLICATION ON BLOGS - A LAYOUT

Directory of Open Access Journals (Sweden)

S. Prakash

2012-01-01

Full Text Available Blogs and Web services agree to express user’s opinions and interests, in the form of small text messages which gives abbreviated and highly personalized remarks in real-time. Recognizing emotion is really significant for a text-based communication tool such as blogs. Nowadays, user opinions in the structure of comments, reviews in blogs have been utilized by researchers for various purposes. Among them the application of sentiment analysis techniques to these opinions is an interesting one. This paper deals with a proposal of a software structural design for constructing Web mining applications in the blog world. The design includes blog crawling and data mining algorithms, to offer a full-fledged and flexible key for constructing general-purpose Web mining applications. The structural design allocates some significant customizations, such as the construction of adapters for reading text from different blogs, and the utilization of different pre-processing methods and data mining procedures. The core of this paper is on explaining the innovative software structural design of the general framework offering thorough information about the data mining sub-framework.

Cloud Security and Privacy An Enterprise Perspective on Risks and Compliance

CERN Document Server

Mather, Tim; Latif, Shahed

2009-01-01

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure. Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn deta

AMP: a science-driven web-based application for the TeraGrid

Science.gov (United States)

Woitaszek, M.; Metcalfe, T.; Shorrock, I.

The Asteroseismic Modeling Portal (AMP) provides a web-based interface for astronomers to run and view simulations that derive the properties of Sun-like stars from observations of their pulsation frequencies. In this paper, we describe the architecture and implementation of AMP, highlighting the lightweight design principles and tools used to produce a functional fully-custom web-based science application in less than a year. Targeted as a TeraGrid science gateway, AMP's architecture and implementation are intended to simplify its orchestration of TeraGrid computational resources. AMP's web-based interface was developed as a traditional standalone database-backed web application using the Python-based Django web development framework, allowing us to leverage the Django framework's capabilities while cleanly separating the user interface development from the grid interface development. We have found this combination of tools flexible and effective for rapid gateway development and deployment.

Web Engineering

Energy Technology Data Exchange (ETDEWEB)

White, Bebo

2003-06-23

Web Engineering is the application of systematic, disciplined and quantifiable approaches to development, operation, and maintenance of Web-based applications. It is both a pro-active approach and a growing collection of theoretical and empirical research in Web application development. This paper gives an overview of Web Engineering by addressing the questions: (a) why is it needed? (b) what is its domain of operation? (c) how does it help and what should it do to improve Web application development? and (d) how should it be incorporated in education and training? The paper discusses the significant differences that exist between Web applications and conventional software, the taxonomy of Web applications, the progress made so far and the research issues and experience of creating a specialization at the master's level. The paper reaches a conclusion that Web Engineering at this stage is a moving target since Web technologies are constantly evolving, making new types of applications possible, which in turn may require innovations in how they are built, deployed and maintained.

Web application for marketing of digital art works and services

OpenAIRE

Vatovec, Jan

2016-01-01

The aim of the diploma thesis is to create a web application for digital artworks and services marketing. The decision to undertake this task is based on the authors’ understanding of the field and assessment that current solutions do not satisfy completely the needs of digital artists who work on the market of online subcultures built on fantasy characters (commercial and artists’ own creations). The final application comprises an interactive web gallery, auction-based marketing system for s...

A Semantic Sensor Web for Environmental Decision Support Applications

Directory of Open Access Journals (Sweden)

Raúl García-Castro

2011-09-01

Full Text Available Sensing devices are increasingly being deployed to monitor the physical world around us. One class of application for which sensor data is pertinent is environmental decision support systems, e.g., flood emergency response. For these applications, the sensor readings need to be put in context by integrating them with other sources of data about the surrounding environment. Traditional systems for predicting and detecting floods rely on methods that need significant human resources. In this paper we describe a semantic sensor web architecture for integrating multiple heterogeneous datasets, including live and historic sensor data, databases, and map layers. The architecture provides mechanisms for discovering datasets, defining integrated views over them, continuously receiving data in real-time, and visualising on screen and interacting with the data. Our approach makes extensive use of web service standards for querying and accessing data, and semantic technologies to discover and integrate datasets. We demonstrate the use of our semantic sensor web architecture in the context of a flood response planning web application that uses data from sensor networks monitoring the sea-state around the coast of England.

Web Platform Application

Energy Technology Data Exchange (ETDEWEB)

Paulsworth, Ashley [Sunvestment Group, Frederick, MD (United States); Kurtz, Jim [Sunvestment Group, Frederick, MD (United States); Brun de Pontet, Stephanie [Sunvestment Group, Frederick, MD (United States)

2016-06-15

Sunvestment Energy Group (previously called Sunvestment Group) was established to create a web application that brings together site hosts, those who will obtain the energy from the solar array, with project developers and funders, including affinity investors. Sunvestment Energy Group (SEG) uses a community-based model that engages with investors who have some affinity with the site host organization. In addition to a financial return, these investors receive non-financial value from their investments and are therefore willing to offer lower cost capital. This enables the site host to enjoy more savings from solar through these less expensive Community Power Purchase Agreements (CPPAs). The purpose of this award was to develop an online platform to bring site hosts and investors together virtually.

A Component-Based Approach for Securing Indoor Home Care Applications.

Science.gov (United States)

Agirre, Aitor; Armentia, Aintzane; Estévez, Elisabet; Marcos, Marga

2017-12-26

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public's confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.

Sistem Informasi Perpustakaan Berbasis Web Application

Directory of Open Access Journals (Sweden)

Yudie Irawan

2014-01-01

Full Text Available Digital  library  system  contributes  the  development  of  digital  resource  digital  resource  that  can  be accessed  via the  Internet.  Librarymanagement system contributed to the development of automation membership data processing, circulation and cataloging. In this thesisis  to develop  a new  concept of  digital  library  systems  and  library  management  system  by  integrating  these  two systems  architecture. Integration  architecture  implemented  by  inserting  component  library  management  system  into  the  digital  library  system  architecture. Web application technology required for these components in order to be integrated with the digital library system components.  The newsystem  has  the advantage  of  this  development  application  utilization  of  borrowing,  membership  and  kataloging  to  a  sharable  over the internet,  so  applications  that  can  be used  together.  Information  can be  delivered  between the  library  catalog,  without  leaving the  digitallibrary function in the utilization of shared digital resources derived from uploading by each librarian.Keywords : Digital library system; Library management system; Web application

Exploring the concept of web site customization : applications and antecedents

NARCIS (Netherlands)

Teerling, M.L.; Huizingh, Eelko K.R.E.

2006-01-01

While mass customization is the tailoring of products and services to the needs and wants of individual customers, web site customization is the tailoring of web sites to individual customers’ preferences. Based on a review of site customization applications, the authors propose a model with four

Designing and developing portable large-scale JavaScript web applications within the Experiment Dashboard framework

Science.gov (United States)

Andreeva, J.; Dzhunov, I.; Karavakis, E.; Kokoszkiewicz, L.; Nowotka, M.; Saiz, P.; Tuckett, D.

2012-12-01

Improvements in web browser performance and web standards compliance, as well as the availability of comprehensive JavaScript libraries, provides an opportunity to develop functionally rich yet intuitive web applications that allow users to access, render and analyse data in novel ways. However, the development of such large-scale JavaScript web applications presents new challenges, in particular with regard to code sustainability and team-based work. We present an approach that meets the challenges of large-scale JavaScript web application design and development, including client-side model-view-controller architecture, design patterns, and JavaScript libraries. Furthermore, we show how the approach leads naturally to the encapsulation of the data source as a web API, allowing applications to be easily ported to new data sources. The Experiment Dashboard framework is used for the development of applications for monitoring the distributed computing activities of virtual organisations on the Worldwide LHC Computing Grid. We demonstrate the benefits of the approach for large-scale JavaScript web applications in this context by examining the design of several Experiment Dashboard applications for data processing, data transfer and site status monitoring, and by showing how they have been ported for different virtual organisations and technologies.

Designing and developing portable large-scale JavaScript web applications within the Experiment Dashboard framework

International Nuclear Information System (INIS)

Andreeva, J; Dzhunov, I; Karavakis, E; Kokoszkiewicz, L; Nowotka, M; Saiz, P; Tuckett, D

2012-01-01

Improvements in web browser performance and web standards compliance, as well as the availability of comprehensive JavaScript libraries, provides an opportunity to develop functionally rich yet intuitive web applications that allow users to access, render and analyse data in novel ways. However, the development of such large-scale JavaScript web applications presents new challenges, in particular with regard to code sustainability and team-based work. We present an approach that meets the challenges of large-scale JavaScript web application design and development, including client-side model-view-controller architecture, design patterns, and JavaScript libraries. Furthermore, we show how the approach leads naturally to the encapsulation of the data source as a web API, allowing applications to be easily ported to new data sources. The Experiment Dashboard framework is used for the development of applications for monitoring the distributed computing activities of virtual organisations on the Worldwide LHC Computing Grid. We demonstrate the benefits of the approach for large-scale JavaScript web applications in this context by examining the design of several Experiment Dashboard applications for data processing, data transfer and site status monitoring, and by showing how they have been ported for different virtual organisations and technologies.

Development of an Web Service Architecture for Enterprise Application Integration

Energy Technology Data Exchange (ETDEWEB)

Kim, Ji-Hyeon; Jung, Jae-Cheon; Chang, Young-Woo; Chang, Hoon-Seon; Kim, Jae-Cheol; Kim, Hang-Bae [Korea Power Engineering Company, Daejeon (Korea, Republic of); Kim, Kyu-Ho; Lee, Dong-Chul [Korea Electric Power Data Network, Daejeon (Korea, Republic of)

2007-07-01

The purpose of Enterprise Application Integration (EAI) is to enable the interoperability between two or more enterprise software systems. These systems, for example, can be an Enterprise Resource Planning (ERP) system, an Enterprise Asset Management (EAM) system or a Condition Monitoring system. Traditional EAI approach, based on point-to-point connection, is expensive, vendor specific with limited modules and restricted interoperability with other ERPs and applications. To overcome these drawbacks, the Web Service based EAI has emerged. It allows the integration without point to point linking and with less costs. Many approaches of Web service based EAI are combined with ORACLE, SAP, PeopleSoft, WebSphere, SIEBEL etc. as a system integration platform. The approach still has the restriction that only predefined clients can access the services. This means clients must know exactly the protocol for calling the services and if they don't have the access information they never can get the services. This is because these Web services are based on syntactic service description. In this paper, a semantic based EAI approach, that allows the uninformed clients to access the services, is introduced. The semantic EAI is designed with the Web services that have semantic service descriptions. The Semantic Web Services(SWS) are described in Web Ontology Language for Services(OWL-S), a semantic service ontology language, and advertised in Universal Description, Discovery and Integration (UDDI). Clients find desired services through the UDDI and get services from service providers through Web Service Description Language(WSDL)

SBMLmod: a Python-based web application and web service for efficient data integration and model simulation.

Science.gov (United States)

Schäuble, Sascha; Stavrum, Anne-Kristin; Bockwoldt, Mathias; Puntervoll, Pål; Heiland, Ines

2017-06-24

Systems Biology Markup Language (SBML) is the standard model representation and description language in systems biology. Enriching and analysing systems biology models by integrating the multitude of available data, increases the predictive power of these models. This may be a daunting task, which commonly requires bioinformatic competence and scripting. We present SBMLmod, a Python-based web application and service, that automates integration of high throughput data into SBML models. Subsequent steady state analysis is readily accessible via the web service COPASIWS. We illustrate the utility of SBMLmod by integrating gene expression data from different healthy tissues as well as from a cancer dataset into a previously published model of mammalian tryptophan metabolism. SBMLmod is a user-friendly platform for model modification and simulation. The web application is available at http://sbmlmod.uit.no , whereas the WSDL definition file for the web service is accessible via http://sbmlmod.uit.no/SBMLmod.wsdl . Furthermore, the entire package can be downloaded from https://github.com/MolecularBioinformatics/sbml-mod-ws . We envision that SBMLmod will make automated model modification and simulation available to a broader research community.

Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.

Science.gov (United States)

Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

2014-02-01

Hybrid mobile applications (apps) combine the features of Web applications and "native" mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources-file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies "bridges" that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources-the ability to read and write contacts list, local files, etc.-to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign-origin Web content

Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks

Science.gov (United States)

Georgiev, Martin; Jana, Suman; Shmatikov, Vitaly

2014-01-01

Hybrid mobile applications (apps) combine the features of Web applications and “native” mobile apps. Like Web applications, they are implemented in portable, platform-independent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources—file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app's Web code. Second, it supplies “bridges” that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the access-control policies governing Web code and local code, respectively. Web code is governed by the same origin policy, whereas local code is governed by the access-control policy of the operating system (for example, user-granted permissions in Android). The bridges added by the framework to the browser have the same local access rights as the entire application, but are not correctly protected by the same origin policy. This opens the door to fracking attacks, which allow foreign-origin Web content included into a hybrid app (e.g., ads confined in iframes) to drill through the layers and directly access device resources. Fracking vulnerabilities are generic: they affect all hybrid frameworks, all embedded Web browsers, all bridge mechanisms, and all platforms on which these frameworks are deployed. We study the prevalence of fracking vulnerabilities in free Android apps based on the PhoneGap framework. Each vulnerability exposes sensitive local resources—the ability to read and write contacts list, local files, etc.—to dozens of potentially malicious Web domains. We also analyze the defenses deployed by hybrid frameworks to prevent resource access by foreign

Designing and developing portable large-scale JavaScript web applications within the Experiment Dashboard framework

CERN Document Server

Andreeva, J; Karavakis, E; Kokoszkiewicz, L; Nowotka, M; Saiz, P; Tuckett, D

2012-01-01

Improvements in web browser performance and web standards compliance, as well as the availability of comprehensive JavaScript libraries, provides an opportunity to develop functionally rich yet intuitive web applications that allow users to access, render and analyse data in novel ways. However, the development of such large-scale JavaScript web applications presents new challenges, in particular with regard to code sustainability and team-based work. We present an approach that meets the challenges of large-scale JavaScript web application design and development, including client-side model-view-controller architecture, design patterns, and JavaScript libraries. Furthermore, we show how the approach leads naturally to the encapsulation of the data source as a web API, allowing applications to be easily ported to new data sources. The Experiment Dashboard framework is used for the development of applications for monitoring the distributed computing activities of virtual organisations on the Worldwide LHC Comp...

Designing and developing portable large-scale JavaScript web applications within the Experiment Dashboard framework

CERN Multimedia

CERN. Geneva

2012-01-01

Improvements in web browser performance and web standards compliance, as well as the availability of comprehensive JavaScript libraries, provides an opportunity to develop functionally rich yet intuitive web applications that allow users to access, render and analyse data in novel ways. However, the development of such large-scale JavaScript web applications presents new challenges, in particular with regard to code sustainability and team-based work. We present an approach that meets the challenges of large-scale JavaScript web application design and development, including client-side model-view-controller architecture, design patterns, and JavaScript libraries. Furthermore, we show how the approach leads naturally to the encapsulation of the data source as a web API, allowing applications to be easily ported to new data sources. The Experiment Dashboard framework is used for the development of applications for monitoring the distributed computing activities of virtual organisations on the Worldwide LHC Co...

Efficient Image Blur in Web-Based Applications

DEFF Research Database (Denmark)

Kraus, Martin

2010-01-01

Scripting languages require the use of high-level library functions to implement efficient image processing; thus, real-time image blur in web-based applications is a challenging task unless specific library functions are available for this purpose. We present a pyramid blur algorithm, which can ...

A web implementation: the good and the not-so-good.

Science.gov (United States)

Bergsneider, C; Piraino, D; Fuerst, M

2001-06-01

E-commerce, e-mail, e-greeting, e-this, and e-that everywhere you turn there is a new "e" word for an internet or Web application. We, at the Cleveland Clinic Foundation, have been "e-nlightened" and will discuss in this report the implementation of a web-based radiology information system (RIS) in our radiology division or "e-radiology" division. The application, IDXRad Version 10.0 from IDX Corp, Burlington, VT, is in use at the Cleveland Clinic Foundation and has both intranet (for use in Radiology) and internet (referring physician viewing) modules. We will concentrate on the features of using a web browser for the application's front-end, including easy prototyping for screen review, easier mock-ups of demonstrations by vendors and developers, and easier training as more people become web-addicted. Project communication can be facilitated with an internal project web page, and use of the web browser can accommodate quicker turnaround of software upgrades as the software code is centrally located. Compared with other technologies, including client/server, there is a smaller roll out cost when using a standard web browser. However, the new technology requires a change and changes are never implemented without challenges. A seasoned technologist using a legacy system can enter data quicker using function keys than using a graphical user interface and pointing and clicking through a series of pop-up windows. Also, effective use of a web browser depends on intuitive design for it to be easily implemented and accepted by the user. Some software packages will not work on both of the popular web browsers and then are tailored to specific release levels. As computer-based patient records become a standard, patient confidentiality must be enforced. The technical design and application security features that support the web-based software package will be discussed. Also web technologies have their own implementation issues.

Regional Geology Web Map Application Development: Javascript v2.0

International Nuclear Information System (INIS)

Russell, Glenn

2017-01-01

This is a milestone report for the FY2017 continuation of the Spent Fuel, Storage, and Waste, Technology (SFSWT) program (formerly Used Fuel Disposal (UFD) program) development of the Regional Geology Web Mapping Application by the Idaho National Laboratory Geospatial Science and Engineering group. This application was developed for general public use and is an interactive web-based application built in Javascript to visualize, reference, and analyze US pertinent geological features of the SFSWT program. This tool is a version upgrade from Adobe FLEX technology. It is designed to facilitate informed decision making of the geology of continental US relevant to the SFSWT program.

Regional Geology Web Map Application Development: Javascript v2.0

Energy Technology Data Exchange (ETDEWEB)

Russell, Glenn [Idaho National Lab. (INL), Idaho Falls, ID (United States)

2017-06-19

This is a milestone report for the FY2017 continuation of the Spent Fuel, Storage, and Waste, Technology (SFSWT) program (formerly Used Fuel Disposal (UFD) program) development of the Regional Geology Web Mapping Application by the Idaho National Laboratory Geospatial Science and Engineering group. This application was developed for general public use and is an interactive web-based application built in Javascript to visualize, reference, and analyze US pertinent geological features of the SFSWT program. This tool is a version upgrade from Adobe FLEX technology. It is designed to facilitate informed decision making of the geology of continental US relevant to the SFSWT program.

Practical Pocket PC Application w/Biometric Security

Science.gov (United States)

Logan, Julian

2004-01-01

I work in the Flight Software Engineering Branch, where we provide design and development of embedded real-time software applications for flight and supporting ground systems to support the NASA Aeronautics and Space Programs. In addition, this branch evaluates, develops and implements new technologies for embedded real-time systems, and maintains a laboratory for applications of embedded technology. The majority of microchips that are used in modern society have been programmed using embedded technology. These small chips can be found in microwaves, calculators, home security systems, cell phones and more. My assignment this summer entails working with an iPAQ HP 5500 Pocket PC. This top-of-the-line hand-held device is one of the first mobile PC's to introduce biometric security capabilities. Biometric security, in this case a fingerprint authentication system, is on the edge of technology as far as securing information. The benefits of fingerprint authentication are enormous. The most significant of them are that it is extremely difficult to reproduce someone else's fingerprint, and it is equally difficult to lose or forget your own fingerprint as opposed to a password or pin number. One of my goals for this summer is to integrate this technology with another Pocket PC application. The second task for the summer is to develop a simple application that provides an Astronaut EVA (Extravehicular Activity) Log Book capability. The Astronaut EVA Log Book is what an astronaut would use to report the status of field missions, crew physical health, successes, future plans, etc. My goal is to develop a user interface into which these data fields can be entered and stored. The applications that I am developing are created using eMbedded Visual C++ 4.0 with the Pocket PC 2003 Software Development Kit provided by Microsoft.

Modern tools for development of interactive web map applications for visualization spatial data on the internet

Directory of Open Access Journals (Sweden)

Horáková Bronislava

2009-11-01

Full Text Available In the last few years has begun the development of dynamic web applications, often called Web2.0. From this development wascreated a technology called Mashups. Mashups may easily combine huge amounts of data sources and functionalities of existing as wellas future web applications and services. Therefore they are used to develop a new device, which offers new possibilities of informationusage. This technology provides possibilities of developing basic as well as robust web applications not only for IT or GIS specialists,but also for common users. Software companies have developed web projects for building mashup application also called mashupeditors.

A Method to Ease the Deployment of Web Applications that Involve Database Systems A Method to Ease the Deployment of Web Applications that Involve Database Systems

Directory of Open Access Journals (Sweden)

Antonio Vega Corona

2012-02-01

Full Text Available El crecimiento continuo de la Internet ha permitido a las personas, alrededor de todo mundo, realizar transacciones en línea, buscar información o navegar usando el explorador de la Web. A medida que más gente se siente cómoda usando los exploradores de Web, más empresas productoras de software tratan de ofrecer interfaces Web como una forma alternativa para proporcionar acceso a sus aplicaciones. La naturaleza de la conexión Web y las restricciones impuestas por el ancho de banda disponible, hacen la integración de aplicaciones Web y los sistemas de bases de datos críticas. Debido a que las aplicaciones que usan bases de datos proporcionan una interfase gráfica para editar la información en la base de datos y debido a que cada columna en una tabla de una base de datos corresponde a un control en una interfase gráfica, el desarrollo de estas aplicaciones puede consumirun tiempo considerable, ya que la validación de campos y reglas de integridad referencial deben ser respetadas. Se propone un diseño orientado a objetos para así facilitar el desarrollo de aplicaciones que usan sistemas de bases de datos.The continuous growth of the Internet has driven people, all around the globe, to performtransactions on-line, search information or navigate using a browser. As more people feelcomfortable using a Web browser, more software companies are trying to alternatively offerWeb interfaces to provide access to their applications. The consequent nature of the Webconnection and the restrictions imposed by the available bandwidth make the successfulintegration of Web applications and database systems critical. Because popular databaseapplications provide a user interface to edit and maintain the information in the databaseand because each column in the database table maps to a graphic user interface control,the deployment of these applications can be time consuming; appropriate fi eld validationand referential integrity rules must be observed

Requirements of a security framework for the semantic web

CSIR Research Space (South Africa)

Mbaya, IR

2009-02-01

Full Text Available The vision of the Semantic Web is to provide the World Wide Web the ability to automate interoperate and reason about resources and services on the Web. However, the autonomous dynamic open distributed and heterogeneous nature of the Semantic Web...

Web Science emerges

OpenAIRE

Shadbolt, Nigel; Berners-Lee, Tim

2008-01-01

The relentless rise in Web pages and links is creating emergent properties, from social networks to virtual identity theft, that are transforming society. A new discipline, Web Science, aims to discover how Web traits arise and how they can be harnessed or held in check to benefit society. Important advances are beginning to be made; more work can solve major issues such as securing privacy and conveying trust.

Enhancing the AliEn Web Service Authentication

International Nuclear Information System (INIS)

Zhu Jianlin; Zhou Daicui; Zhang Guoping; Saiz, Pablo; Carminati, Federico; Betev, Latchezar; Lorenzo, Patricia Mendez; Grigoras, Alina Gabriela; Grigoras, Costin; Furano, Fabrizio; Schreiner, Steffen; Datskova, Olga Vladimirovna; Banerjee, Subho Sankar

2011-01-01

Web Services are an XML based technology that allow applications to communicate with each other across disparate systems. Web Services are becoming the de facto standard that enable inter operability between heterogeneous processes and systems. AliEn2 is a grid environment based on web services. The AliEn2 services can be divided in three categories: Central services, deployed once per organization; Site services, deployed on each of the participating centers; Job Agents running on the worker nodes automatically. A security model to protect these services is essential for the whole system. Current implementations of web server, such as Apache, are not suitable to be used within the grid environment. Apache with the mod s sl and OpenSSL only supports the X.509 certificates. But in the grid environment, the common credential is the proxy certificate for the purpose of providing restricted proxy and delegation. An Authentication framework was taken for AliEn2 web services to add the ability to accept X.509 certificates and proxy certificates from client-side to Apache Web Server. The authentication framework could also allow the generation of access control policies to limit access to the AliEn2 web services.

A Component-Based Approach for Securing Indoor Home Care Applications

Science.gov (United States)

Estévez, Elisabet

2017-01-01

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public’s confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home. PMID:29278370

A Component-Based Approach for Securing Indoor Home Care Applications

Directory of Open Access Journals (Sweden)

Aitor Agirre

2017-12-01

Full Text Available eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history, any security threat would damage the public’s confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.

A web-based application for initial screening of living kidney donors: development, implementation and evaluation.

Science.gov (United States)

Moore, D R; Feurer, I D; Zavala, E Y; Shaffer, D; Karp, S; Hoy, H; Moore, D E

2013-02-01

Most centers utilize phone or written surveys to screen candidates who self-refer to be living kidney donors. To increase efficiency and reduce resource utilization, we developed a web-based application to screen kidney donor candidates. The aim of this study was to evaluate the use of this web-based application. Method and time of referral were tabulated and descriptive statistics summarized demographic characteristics. Time series analyses evaluated use over time. Between January 1, 2011 and March 31, 2012, 1200 candidates self-referred to be living kidney donors at our center. Eight hundred one candidates (67%) completed the web-based survey and 399 (33%) completed a phone survey. Thirty-nine percent of donors accessed the application on nights and weekends. Postimplementation of the web-based application, there was a statistically significant increase (p web-based application as opposed to telephone contact. Also, there was a significant increase (p = 0.025) in the total number of self-referrals post-implementation from 61 to 116 per month. An interactive web-based application is an effective strategy for the initial screening of donor candidates. The web-based application increased the ability to interface with donors, process them efficiently and ultimately increased donor self-referral at our center. © Copyright 2012 The American Society of Transplantation and the American Society of Transplant Surgeons.

A User-centered Model for Web Site Design

Science.gov (United States)

Kinzie, Mable B.; Cohn, Wendy F.; Julian, Marti F.; Knaus, William A.

2002-01-01

As the Internet continues to grow as a delivery medium for health information, the design of effective Web sites becomes increasingly important. In this paper, the authors provide an overview of one effective model for Web site design, a user-centered process that includes techniques for needs assessment, goal/task analysis, user interface design, and rapid prototyping. They detail how this approach was employed to design a family health history Web site, Health Heritage . This Web site helps patients record and maintain their family health histories in a secure, confidential manner. It also supports primary care physicians through analysis of health histories, identification of potential risks, and provision of health care recommendations. Visual examples of the design process are provided to show how the use of this model resulted in an easy-to-use Web site that is likely to meet user needs. The model is effective across diverse content arenas and is appropriate for applications in varied media. PMID:12087113

Generating WS-SecurityPolicy documents via security model transformation

DEFF Research Database (Denmark)

Jensen, Meiko

2009-01-01

When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

Optical Imaging Sensors and Systems for Homeland Security Applications

CERN Document Server

Javidi, Bahram

2006-01-01

Optical and photonic systems and devices have significant potential for homeland security. Optical Imaging Sensors and Systems for Homeland Security Applications presents original and significant technical contributions from leaders of industry, government, and academia in the field of optical and photonic sensors, systems and devices for detection, identification, prevention, sensing, security, verification and anti-counterfeiting. The chapters have recent and technically significant results, ample illustrations, figures, and key references. This book is intended for engineers and scientists in the relevant fields, graduate students, industry managers, university professors, government managers, and policy makers. Advanced Sciences and Technologies for Security Applications focuses on research monographs in the areas of -Recognition and identification (including optical imaging, biometrics, authentication, verification, and smart surveillance systems) -Biological and chemical threat detection (including bios...

A sensor monitoring system for telemedicine, safety and security applications

Science.gov (United States)

Vlissidis, Nikolaos; Leonidas, Filippos; Giovanis, Christos; Marinos, Dimitrios; Aidinis, Konstantinos; Vassilopoulos, Christos; Pagiatakis, Gerasimos; Schmitt, Nikolaus; Pistner, Thomas; Klaue, Jirka

2017-02-01

A sensor system capable of medical, safety and security monitoring in avionic and other environments (e.g. homes) is examined. For application inside an aircraft cabin, the system relies on an optical cellular network that connects each seat to a server and uses a set of database applications to process data related to passengers' health, safety and security status. Health monitoring typically encompasses electrocardiogram, pulse oximetry and blood pressure, body temperature and respiration rate while safety and security monitoring is related to the standard flight attendance duties, such as cabin preparation for take-off, landing, flight in regions of turbulence, etc. In contrast to previous related works, this article focuses on the system's modules (medical and safety sensors and associated hardware), the database applications used for the overall control of the monitoring function and the potential use of the system for security applications. Further tests involving medical, safety and security sensing performed in an real A340 mock-up set-up are also described and reference is made to the possible use of the sensing system in alternative environments and applications, such as health monitoring within other means of transport (e.g. trains or small passenger sea vessels) as well as for remotely located home users, over a wired Ethernet network or the Internet.

iOS application security analysis

OpenAIRE

Βλάχος, Κωνσταντίνος Γ.; Vlachos, Konstantinos G.

2017-01-01

The purpose of this research is to explain the nature of the Apple iOS applications and provide all the available Open Source tools for analyzing them, starting from decrypting any application’s binary downloaded from the AppStore to reverse engineering it and even altering the flow of its running process on the actual device. We start introducing the basic theory of the iOS operating system and its applications including the security mechanisms incorporated by Apple that are a...

Specification and Verification of Web Applications in Rewriting Logic

Science.gov (United States)

Alpuente, María; Ballis, Demis; Romero, Daniel

This paper presents a Rewriting Logic framework that formalizes the interactions between Web servers and Web browsers through a communicating protocol abstracting HTTP. The proposed framework includes a scripting language that is powerful enough to model the dynamics of complex Web applications by encompassing the main features of the most popular Web scripting languages (e.g. PHP, ASP, Java Servlets). We also provide a detailed characterization of browser actions (e.g. forward/backward navigation, page refresh, and new window/tab openings) via rewrite rules, and show how our models can be naturally model-checked by using the Linear Temporal Logic of Rewriting (LTLR), which is a Linear Temporal Logic specifically designed for model-checking rewrite theories. Our formalization is particularly suitable for verification purposes, since it allows one to perform in-depth analyses of many subtle aspects related to Web interaction. Finally, the framework has been completely implemented in Maude, and we report on some successful experiments that we conducted by using the Maude LTLR model-checker.

Usable Security and E-Banking: ease of use vis-a-vis security

Directory of Open Access Journals (Sweden)

Morten Hertzum

2004-05-01

Full Text Available Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems.

Towards New Web Application Development Practices

Directory of Open Access Journals (Sweden)

Angeliki Poulymenakou

1998-11-01

Full Text Available Electronic Commerce over the Internet, aims to become a global conveyor belt of business transactions. Web applications of increasing sophistication emerge in almost every business sector, reflecting a variety of technical and technological approaches. In this paper we argue that system developers need to reconsider their professional practices in the context of these new technologies by taking advantage of opportunities like short response cycles and easy diffusion of systems results, while they recognise the limitations of traditional practice. We discuss a framework of IS development issues for Internet based applications and propose guidelines towards new development practices.

The EarthScope Array Network Facility: application-driven low-latency web-based tools for accessing high-resolution multi-channel waveform data

Science.gov (United States)

Newman, R. L.; Lindquist, K. G.; Clemesha, A.; Vernon, F. L.

2008-12-01

Since April 2004 the EarthScope USArray seismic network has grown to over 400 broadband stations that stream multi-channel data in near real-time to the Array Network Facility in San Diego. Providing secure, yet open, access to real-time and archived data for a broad range of audiences is best served by a series of platform agnostic low-latency web-based applications. We present a framework of tools that interface between the world wide web and Boulder Real Time Technologies Antelope Environmental Monitoring System data acquisition and archival software. These tools provide audiences ranging from network operators and geoscience researchers, to funding agencies and the general public, with comprehensive information about the experiment. This ranges from network-wide to station-specific metadata, state-of-health metrics, event detection rates, archival data and dynamic report generation over a stations two year life span. Leveraging open source web-site development frameworks for both the server side (Perl, Python and PHP) and client-side (Flickr, Google Maps/Earth and jQuery) facilitates the development of a robust extensible architecture that can be tailored on a per-user basis, with rapid prototyping and development that adheres to web-standards.

Analysis and Design of Web-Based Database Application for Culinary Community

OpenAIRE

Huda, Choirul; Awang, Osel Dharmawan; Raymond, Raymond; Raynaldi, Raynaldi

2017-01-01

This research is based on the rapid development of the culinary and information technology. The difficulties in communicating with the culinary expert and on recipe documentation make a proper support for media very important. Therefore, a web-based database application for the public is important to help the culinary community in communication, searching and recipe management. The aim of the research was to design a web-based database application that could be used as social media for the cu...

RxPATROL: a Web-based tool for combating pharmacy theft.

Science.gov (United States)

Smith, Meredith Y; Graham, J Aaron; Haddox, J David; Steffey, Amy

2009-01-01

To report the incidence of pharmacy-related burglaries and robberies and characteristics of pharmacies where such crimes have occurred using recent data from Rx Pattern Analysis Tracking Robberies & Other Losses (RxPATROL), a national Web-based information clearinghouse on pharmacy-related theft of prescription medications and over-the-counter products. Descriptive, nonexperimental study. United States between 2005 and 2006. Not applicable. Not applicable. Number of pharmacy theft reports received; incident type, date, and location; point of entry; and pharmacy security features. Between 2005 and 2006, 202 pharmacy burglary and 299 pharmacy robbery reports from 45 different states were filed with RxPATROL. More than 70% of pharmacies reporting such crimes lacked a security camera. Among those reporting a burglary, 60% lacked dead bolt locks, a solid exterior door, a motion detector device, or a safe or vault for storage of controlled substances. Burglars most often obtained access to the pharmacy via the front door. RxPATROL is a Web-based tool that can assist pharmacies and law enforcement in collaborating more effectively to combat and prevent pharmacy-related crimes.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

Energy Technology Data Exchange (ETDEWEB)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

Un sistema de discusión seguro con participación anónima a través de servicios Web A secure discussion system with anonymous participation through Web services

Directory of Open Access Journals (Sweden)

Daniel Vásquez

2013-04-01

Full Text Available Un desafío para la deliberación democrática en un entorno informático es proveer seguridad en el proceso, tanto para el ciudadano individual como para el grupo social. En este sentido, es importante ofrecer garantías de protección a los ciudadanos de forma que no se vea afectada su libertad de expresión y de seguridad en el intercambio de mensajes, de manera que estos sean confiables para todos los participantes. Como parte de este proyecto se ha diseñado y construido un sistema informático de discusión que permite a los usuarios intercambiar opiniones de forma segura, a través de la aplicación de técnicas de criptografía. El sistema permite varios niveles de seguridad e identificación. Se permite la participación identificada a través del uso de firma digital y certificados. Además, se implementa un esquema de participación anónima a través de la firma de mensajes utilizando una credencial obtenida mediante un procedimiento de firma ciega. También se aplican atributos de seguridad para asegurar la integridad, confidencialidad y no repudio de estos. El sistema de discusión se ha construido inmerso en una plataforma de servicios Web orientada a proveer funcionalidades de apoyo a la democracia digital.A challenge for democratic deliberation in a computing environment is to provide security in the process, both for the individual citizen and the social group. In this regard, it is important to provide guarantees of protection to the citizens so as not to affect their freedom of expression and security on the exchange of messages, so they are reliable for all participants. As part of this project a discussion system has been designed and built that allows users to exchange opinions safely, through the application of cryptographic techniques. The system allows multiple levels of security and identification. It allows the participation identified through the use of digital signatures and certificates. Furthermore, it implements

Fully simulatable quantum-secure coin-flipping and applications

DEFF Research Database (Denmark)

Lunemann, Carolin; Nielsen, Jesper Buus

2011-01-01

schemes which we show how to construct in the given setting. We then show that the interactive generation of random coins at the beginning or during outer protocols allows for quantum-secure realizations of classical schemes, again without any set-up assumptions. As example applications we discuss quantum...... zero-knowledge proofs of knowledge and quantum-secure two-party function evaluation. Both applications assume only fully simulatable coin-flipping and mixed commitments. Since our framework allows to construct fully simulatable coin-flipping from mixed commitments, this in particular shows that mixed...

Composition of Web Services Using Wrappers

Science.gov (United States)

Haidar, Ali Nasrat; Abdallah, Ali E.

Web services (WSs) compositions deal with specifying how to assemble a complex WS system from elementary services. These services can be provided on the Web by third parties as WSs, COTS, or bespoke components. Wrappers are becoming the norm for customising existing components in order to integrate them into larger WS systems. In many cases, using a component "as-is" is very unlikely to occur. A component has to be customized because of, for example, incompatibilities between the interfaces of components that need to communicate with one another, need for extra security features, or, blocking unneeded functionality. This paper presents an approach for modeling several wrapping techniques that can be used for composing WS application using Hoare's CSP process algebra.

THz and Security Applications

CERN Document Server

Sizov, Fedir; Detectors, Sources and Associated Electronics for THz Applications

2014-01-01

These proceedings comprise invited papers from highly experienced researchers in THz technology and security applications. THz detection of explosives represents one of the most appealing technologies to have recently emerged in dealing with terrorist attacks encountered by civil security and military forces throughout the world. Discussed are the most advanced technologies and developments, the various points of operational strength and weaknesses as well as are suggestions and predictions the best technological solutions to  overcome current operational limits.  The current status of various levels of cooling in THz detectors, sources and associated electronics are also addressed. The goal was to provide a clear view on the current technologies available and the required advances needed in order to achieve more efficient systems. This goal was outlined in part by establishing the baseline of current uncertainty estimations in physics-based modelling and the identification of key areas which require additi...

Developing Dynamic Single Page Web Applications Using Meteor : Comparing JavaScript Frameworks: Blaze and React

OpenAIRE

Yetayeh, Asabeneh

2017-01-01

This paper studies Meteor which is a JavaScript full-stack framework to develop interactive single page web applications. Meteor allows building web applications entirely in JavaScript. Meteor uses Blaze, React or AngularJS as a view layer and Node.js and MongoDB as a back-end. The main purpose of this study is to compare the performance of Blaze and React. A multi-user Blaze and React web applications with similar HTML and CSS were developed. Both applications were deployed on Heroku’s w...

Great Basin land managers provide detailed feedback about usefulness of two climate information web applications

Directory of Open Access Journals (Sweden)

Chad Zanocco

Full Text Available Land managers in the Great Basin are working to maintain or restore sagebrush ecosystems as climate change exacerbates existing threats. Web applications delivering climate change and climate impacts information have the potential to assist their efforts. Although many web applications containing climate information currently exist, few have been co-produced with land managers or have incorporated information specifically focused on land managers’ needs. Through surveys and interviews, we gathered detailed feedback from federal, state, and tribal sagebrush land managers in the Great Basin on climate information web applications targeting land management. We found that a managers are searching for weather and climate information they can incorporate into their current management strategies and plans; b they are willing to be educated on how to find and understand climate related web applications; c both field and administrative-type managers want data for timescales ranging from seasonal to decadal; d managers want multiple levels of climate information, from simple summaries, to detailed descriptions accessible through the application; and e managers are interested in applications that evaluate uncertainty and provide projected climate impacts. Keywords: Great Basin, Sagebrush, Land management, Climate change, Web application, Co-production

Web API Fragility : How Robust is Your Web API Client

NARCIS (Netherlands)

Espinha, T.; Zaidman, A.; Gross, H.G.

2014-01-01

Web APIs provide a systematic and extensible approach for application-to-application interaction. A large number of mobile applications makes use of web APIs to integrate services into apps. Each Web API’s evolution pace is determined by their respective developer and mobile application developers

Overview of Accelerator Applications for Security and Defense

Science.gov (United States)

Antolak, Arlyn J.

Particle accelerators play a key role in a broad set of defense and security applications, including war-fighter and asset protection, cargo inspection, nonproliferation, materials characterization, and stockpile stewardship. Accelerators can replace the high activity radioactive sources that pose a security threat to developing a radiological dispersal device, and, can be used to produce isotopes for medical, industrial, and research purposes. An overview of current and emerging accelerator technologies relevant to addressing the needs of defense and security is presented.

Web Page Recommendation Using Web Mining

OpenAIRE

Modraj Bhavsar; Mrs. P. M. Chavan

2014-01-01

On World Wide Web various kind of content are generated in huge amount, so to give relevant result to user web recommendation become important part of web application. On web different kind of web recommendation are made available to user every day that includes Image, Video, Audio, query suggestion and web page. In this paper we are aiming at providing framework for web page recommendation. 1) First we describe the basics of web mining, types of web mining. 2) Details of each...

Grid Enabled Geospatial Catalogue Web Service

Science.gov (United States)

Chen, Ai-Jun; Di, Li-Ping; Wei, Ya-Xing; Liu, Yang; Bui, Yu-Qi; Hu, Chau-Min; Mehrotra, Piyush

2004-01-01

Geospatial Catalogue Web Service is a vital service for sharing and interoperating volumes of distributed heterogeneous geospatial resources, such as data, services, applications, and their replicas over the web. Based on the Grid technology and the Open Geospatial Consortium (0GC) s Catalogue Service - Web Information Model, this paper proposes a new information model for Geospatial Catalogue Web Service, named as GCWS which can securely provides Grid-based publishing, managing and querying geospatial data and services, and the transparent access to the replica data and related services under the Grid environment. This information model integrates the information model of the Grid Replica Location Service (RLS)/Monitoring & Discovery Service (MDS) with the information model of OGC Catalogue Service (CSW), and refers to the geospatial data metadata standards from IS0 19115, FGDC and NASA EOS Core System and service metadata standards from IS0 191 19 to extend itself for expressing geospatial resources. Using GCWS, any valid geospatial user, who belongs to an authorized Virtual Organization (VO), can securely publish and manage geospatial resources, especially query on-demand data in the virtual community and get back it through the data-related services which provide functions such as subsetting, reformatting, reprojection etc. This work facilitates the geospatial resources sharing and interoperating under the Grid environment, and implements geospatial resources Grid enabled and Grid technologies geospatial enabled. It 2!so makes researcher to focus on science, 2nd not cn issues with computing ability, data locztic, processir,g and management. GCWS also is a key component for workflow-based virtual geospatial data producing.

Developing security tools of WSN and WBAN networks applications

CERN Document Server

A M El-Bendary, Mohsen

2015-01-01

This book focuses on two of the most rapidly developing areas in wireless technology (WT) applications, namely, wireless sensors networks (WSNs) and wireless body area networks (WBANs). These networks can be considered smart applications of the recent WT revolutions. The book presents various security tools and scenarios for the proposed enhanced-security of WSNs, which are supplemented with numerous computer simulations. In the computer simulation section, WSN modeling is addressed using MATLAB programming language.

Usage of Web Service in Mobile Application for Parents and Students in Binus School Serpong

OpenAIRE

Karto Iskandar; Andrew Thejo Putrantob

2016-01-01

A web service is a service offered by a device electronically to communicate with other electronic device using the World wide web. Smartphone is an electronic device that almost everyone has, especially student and parent for getting information about the school. In BINUS School Serpong mobile application, web services used for getting data from web server like student and menu data. Problem faced by BINUS School Serpong today is the time-consuming application update when using the native ap...

Designing iCanFit: A Mobile-Enabled Web Application to Promote Physical Activity for Older Cancer Survivors.

Science.gov (United States)

Hong, Yan; Dahlke, Deborah Vollmer; Ory, Marcia; Hochhalter, Angela; Reynolds, Jana; Purcell, Ninfa Pena; Talwar, Divya; Eugene, Nola

2013-02-14

Most older cancer survivors (OCS) do not engage in regular physical activity (PA) despite well-known health benefits. With the increased use of mobile technologies among older adults, mobile tools may be an effective method to deliver PA promotion programs for OCS. To document the process of designing an OCS-friendly mobile-enabled Web application of PA promotion program. Mixed methods encompassing group discussions, individual interviews, and brief surveys with community leaders, OCS, cancer care providers, and software professionals were used in this formative research. The varied stakeholders welcomed the idea of developing an online tool to promote PA in OCS. Our formative research revealed several major barriers to regular PA including limited access to senior-friendly PA resources, lack of motivation and social support, and insufficient knowledge and skills on building safe and appropriate workout plans. This feedback was incorporated into the development of iCanFit, a mobile-enabled Web application, designed specifically for OCS. The iCanFit online tools allow users to locate PA resources, set and track goals for PA, network with peer OCS in a secure online space, and receive practical and evidence-informed healthy tips. Our mixed-method formative research led to the design of iCanFit protocol to promote PA and well-being of OCS. The involvement of stakeholders is critical in the planning and design of the mobile application in order to enhance program relevance, appeal, and match with the needs of target users.

Adopting and adapting a commercial view of web services for the Navy

Science.gov (United States)

Warner, Elizabeth; Ladner, Roy; Katikaneni, Uday; Petry, Fred

2005-05-01

Web Services are being adopted as the enabling technology to provide net-centric capabilities for many Department of Defense operations. The Navy Enterprise Portal, for example, is Web Services-based, and the Department of the Navy is promulgating guidance for developing Web Services. Web Services, however, only constitute a baseline specification that provides the foundation on which users, under current approaches, write specialized applications in order to retrieve data over the Internet. Application development may increase dramatically as the number of different available Web Services increases. Reasons for specialized application development include XML schema versioning differences, adoption/use of diverse business rules, security access issues, and time/parameter naming constraints, among others. We are currently developing for the US Navy a system which will improve delivery of timely and relevant meteorological and oceanographic (MetOc) data to the warfighter. Our objective is to develop an Advanced MetOc Broker (AMB) that leverages Web Services technology to identify, retrieve and integrate relevant MetOc data in an automated manner. The AMB will utilize a Mediator, which will be developed by applying ontological research and schema matching techniques to MetOc forms of data. The AMB, using the Mediator, will support a new, advanced approach to the use of Web Services; namely, the automated identification, retrieval and integration of MetOc data. Systems based on this approach will then not require extensive end-user application development for each Web Service from which data can be retrieved. Users anywhere on the globe will be able to receive timely environmental data that fits their particular needs.