Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint r...Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint recognition methods,which rely on preannotated feature matching,face inherent limitations due to the ever-evolving nature and diverse landscape of web applications.In response to these challenges,this work proposes an innovative web application fingerprint recognition method founded on clustering techniques.The method involves extensive data collection from the Tranco List,employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction.The core of the methodology lies in the application of the unsupervised OPTICS clustering algorithm,eliminating the need for preannotated labels.By transforming web applications into feature vectors and leveraging clustering algorithms,our approach accurately categorizes diverse web applications,providing comprehensive and precise fingerprint recognition.The experimental results,which are obtained on a dataset featuring various web application types,affirm the efficacy of the method,demonstrating its ability to achieve high accuracy and broad coverage.This novel approach not only distinguishes between different web application types effectively but also demonstrates superiority in terms of classification accuracy and coverage,offering a robust solution to the challenges of web application fingerprint recognition.展开更多
This work leveraged predictive modeling techniques in machine learning (ML) to predict heart disease using a dataset sourced from the Center for Disease Control and Prevention in the US. The dataset was preprocessed a...This work leveraged predictive modeling techniques in machine learning (ML) to predict heart disease using a dataset sourced from the Center for Disease Control and Prevention in the US. The dataset was preprocessed and used to train five machine learning models: random forest, support vector machine, logistic regression, extreme gradient boosting and light gradient boosting. The goal was to use the best performing model to develop a web application capable of reliably predicting heart disease based on user-provided data. The extreme gradient boosting classifier provided the most reliable results with precision, recall and F1-score of 97%, 72%, and 83% respectively for Class 0 (no heart disease) and 21% (precision), 81% (recall) and 34% (F1-score) for Class 1 (heart disease). The model was further deployed as a web application.展开更多
This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data ...This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities ...To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.展开更多
Ajax is really several technologies,each flourishing in its own right,coming together in powerful new ways,which consists of HTML,JavaScript^(TM)technology,DHTML,and DOM,is an outstanding approach that helps to transf...Ajax is really several technologies,each flourishing in its own right,coming together in powerful new ways,which consists of HTML,JavaScript^(TM)technology,DHTML,and DOM,is an outstanding approach that helps to transform clunky Web interfaces into interactive Ajax applications.After the definition to Ajax,how to make asynchronous requests with JavaScript and Ajax was introduced.At the end,advanced requests and responses in Ajax were put forward.展开更多
Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to ca...Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to carry out the form testing by different methods in the related testing phases. Namely, at first, automatically abstracting forms in the Web pages by parsing the HTML documents; then, ohtai ning the testing data with a certain strategies, such as by requirement specifications, by mining users' hefore input informarion or by recording meehanism; and next executing the testing actions automatically due to the well formed test cases; finally, a case study is given to illustrate the convenient and effective of these methods.展开更多
A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagra...A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagram as the object model is employed to describe the object structure of a Web application design and can be translated into the behavior model. A key problem of model checking-based test generation for a Web application is how to construct a set of trap properties that intend to cause the violations of model checking against the behavior model and output of counterexamples used to construct the test sequences. We give an algorithm that derives trap properties from the object model with respect to node and edge coverage criteria.展开更多
This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessment...This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.展开更多
Multiple customer data management has become a focus of attention in big organizations.Although much information is available,it does not translate into significant profitable value-added services.We present a design ...Multiple customer data management has become a focus of attention in big organizations.Although much information is available,it does not translate into significant profitable value-added services.We present a design of a commercial web application based on business intelligence that generates information on social and financial behavior of clients in an organization;with the purpose of obtain additional information that allows to get more profits.This app will provide a broader perspective for making strategic decisions to increase profits and reduce internal investment costs.A case in point is the financial sector,a group of financial entities were used to make measurements and test them.A design to build a web application aimed at achieving a large and ambitious goal by means of defined tools reflecting clients’business needs is proposed.In this research,different techniques and technologies are explored,such as diagrams,frameworks,design,architecture,model entity-relationship,tables,equations,mental maps and development tools.Through the Personal Software Process methodology and with the help of information extraction,consolidation,and visualization,the implementation can be carried out.This article provides the importance of implementing business intelligence in an organization and expands on the steps needed for the implementation of this valuable technology.展开更多
Transformation from conventional business management systems to smart digital systems is a recurrent trend in the current era.This has led to digital revolution,and in this context,the hardwired technologies in the so...Transformation from conventional business management systems to smart digital systems is a recurrent trend in the current era.This has led to digital revolution,and in this context,the hardwired technologies in the software industry play a significant role However,from the beginning,software security remains a serious issue for all levels of stakeholders.Software vulnerabilities lead to intrusions that cause data breaches and result in disclosure of sensitive data,compromising the organizations’reputation that translates into,financial losses as well.Most of the data breaches are financially motivated,especially in the healthcare sector.The cyber invaders continuously penetrate the E-Health data because of the high cost of the data on the dark web.Therefore,security assessment of healthcare web-based applications demands immediate intervention mechanisms to weed out the threats of cyber-attacks.The aim of this work is to provide efficient and effective healthcare web application security assessment.The study has worked with the hybrid computational model of Multi-Criteria Decision Making(MCDM)based on Analytical Hierarchy Process(AHP)and Technique for Order of Preference by Similarity to Ideal-Solutions(TOPSIS)under the Hesitant Fuzzy(HF)environment.Hesitant fuzzy sets provide effective solutions to address decision making problems where experts counter hesitation to make a decision.The proposed research endeavor will support designers and developers in identifying,selecting and prioritizing the best security attributes for web applications’development.The empirical analysis concludes that Robustness got highest priority amongst the assessed security attributes set followed by Encryption,Authentication,Limit Access,Revoke Access,Data Validation,and Maintain Audit Trail.The results of this research endeavor depict that this proposed computational procedure would be the most conversant mechanism for determining the web application security.The study also establishes guidelines which the developers can refer for the identification and prioritization of security attributes to build more secure and trustworthy web-based applications.展开更多
Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source cod...Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.展开更多
Many research indicate a lot of money and time are spent on maintaining and modifying program delivered. So the policies to support program comprehension are very important. Program comprehension is a crucial and diff...Many research indicate a lot of money and time are spent on maintaining and modifying program delivered. So the policies to support program comprehension are very important. Program comprehension is a crucial and difficult task. Insufficient design, illogical code structure, short documents will enhance the comprehensive difficulty. Developing Web application is usually a process with quick implementation and delivery. In addition, generally a Web application is coded by combining mark language statements with some embedded applets. Such programming mode affects comprehension of Web applications disadvantageously. This paper proposes a method to improving understanding Web by dependence analysis and slice technology. Key words Web application comprehension - program dependence - hyper graph - pogram slicing CLC number TP 311 Foundation item: Supported in part by the Young Scientist’s Fund of NSFC (60373066, 60303024). National Grand Fundamental Research 973 Program of China (2002CB312000) and National Research Foundation for the Doctoral Program of Higher Education of ChinaBiography: WU Jun-hua (1965-), female, Ph. D. research direction: software engineering.展开更多
Usability and security are often considered contradictory in nature.One has a negative impact on the other.In order to satisfy the needs of users with the security perspective,the relationship and trade-offs among sec...Usability and security are often considered contradictory in nature.One has a negative impact on the other.In order to satisfy the needs of users with the security perspective,the relationship and trade-offs among security and usability must be distinguished.Security practitioners are working on developing new approaches that would help to secure healthcare web applications as well increase usability of the web applications.In the same league,the present research endeavour is premised on the usable-security of healthcare web applications.For a compatible blend of usability and security that would fulfill the users’requirments,this research proposes an integration of the Fuzzy AHP-TOPSIS method for assessing usable-security of healthcare web applications.Since the estimation of security-usability accrately is also a decision making problem,the study employs Multiple Criteria Decision Analysis(MCDA)for selecting the most decisive attributes of usability as well as security.Furthermore,this study also pinpoints the highest priority attributes that can strengthen the usable-security of the healthcare web applications.The effectiveness of the suggested method has been tested on the healthcare web applications of local hospitals in Mecca,Saudi Arabia.The results corroborate that Fuzzy AHP-TOPSIS is indeed a reliable technique that will help the developers to design a healthcare web applications that delivers optimum usable-security.展开更多
Building an abstract model of the web application is the chief task of software test based on model, which is an efficient way for testing the web application. One problem with current web application test technologie...Building an abstract model of the web application is the chief task of software test based on model, which is an efficient way for testing the web application. One problem with current web application test technologies is the lack of tools for modeling the whole web software, especially the lack of support for describing web application from the view of action and function. This paper is concerned with providing the support for development and test of the web application. The presented novel model, named component-based and tree-oriented web application development model (CBTOWADM), abstracts the web application as a tree based on its system function and business process. CBTOWADM not only simplifies the design and development of the web application, but also acts as the model middleware for software test. The basic model definition, the system framework and the application in software test of CBTOWADM is described.展开更多
The Investigain is a progressive web application to make mutual funds investments through a Systematic Investment Plan.The application utilizes the web’s modern capabilities,such as Asynchronous JavaScript and XML(AJ...The Investigain is a progressive web application to make mutual funds investments through a Systematic Investment Plan.The application utilizes the web’s modern capabilities,such as Asynchronous JavaScript and XML(AJAX),JavaScript,and Hypertext Marker Language(HTML5).The application also uses a powerful relational database management system,such as MySQL,to display asset management information.The application has two portals,one for investors and one for a particular asset manager or asset management company.Each investor has an account in the investor portal.The investor can view his/her profile,current balance,balance history,dividends,the units of mutual funds bought,unit price,the value of each mutual fund,and can pay installments using an embedded online payment gateway.Asset managers can monitor all investments,manage user accounts,and reimburse dividends using the admin portal.This paper also presents the experimental results of using the Investigain application,compares them with existing systems,and details the application’s prospect to improve its socio-economic conditions.The system’s frontend is designed with Bootstrap and jQuery frameworks.The backend is designed using Hypertext Preprocessor(PHP)server-side scripting language.The system demonstrated increased satisfaction from its clients.展开更多
This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standar...This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standard, open, robust and cross-platform architecture. It can guarantee system- independence. Presented framework provides a clean separation of presentation from business logic which meets user's taste by changing user interface frequenctly, and enables more functions to be conventiently added in future.展开更多
The house rental issue is one of the elemental parts of society. Nowadays, it is extremely difficult to find suitable accommodation in city areas if people search for it physically. On the other hand, the land owner a...The house rental issue is one of the elemental parts of society. Nowadays, it is extremely difficult to find suitable accommodation in city areas if people search for it physically. On the other hand, the land owner also needs to rent the house. It can be difficult to find tenants just to hang a lease sign on a building, and as a result, they lose money. An online common platform can play a vital role in this case. The purpose of the study is to develop a common web-based online platform for both tenants and house owners so that both tenants and landowners will mutually benefit from the system. This paper presents the development of web applications for the people of Bangladesh where both house owners and tenants can register and tenants can have houses for rent via sophisticated contact with the house owner. In this paper, a common online-based smart house rental web application has been developed both for tenants and for house owners. This web application is very user-friendly, efficient and it has got many unique features that are not offered by other currently available house rental websites here in Bangladesh. Tenants can register using their phone number, store information about their identity, search for available houses, send messages to house owners, and choose a suitable house using developed web applications. House owners can also register for the system, which will manually verify and authenticate the knowledge provided by the house owner can view a tenant’s information history whenever a tenant makes contact through text and supply house-related information accordingly. The proposed online smart house system has been tested and validated. It works very efficiently with many features. The application provided faster and improved opportunities to get houses, as well as ensuring the availability of houses for rent in the greatest number of areas. The system will help to spread trustworthy services nationwide and supply users with the chance to speak and improve the house rent in Bangladesh. Because it has many smart features, this developed online smart house rental web application will make it very easy for tenants to find a house to rent. House owners, on the other hand, can easily rent out their properties.展开更多
Climate-responsive building design holds immense potential for enhancing comfort,energy efficiency,and environmental sustainability.However,many social,cultural,and economic obstacles might prevent the wide adoption o...Climate-responsive building design holds immense potential for enhancing comfort,energy efficiency,and environmental sustainability.However,many social,cultural,and economic obstacles might prevent the wide adoption of designing climate-adapted buildings.One of these obstacles can be removed by enabling practitioners to easily access,visualize and analyze local climate data.The CBE Clima Tool(Clima)is a free and open-source web application that offers easy access to publicly available weather files and has been created for building energy simulation and design.It provides a series of interactive visualizations of the variables contained in the EnergyPlus Weather Files and several derived ones like the UTCI or the adaptive comfort indices.It is aimed at students,educators,and practitioners in the architecture and engineering fields.Since its inception,Clima’s user base has exhibited robust growth,attracting over 25,000 unique users annually from across 70 countries.Our tool is poised to revolutionize climate-adaptive building design,transcending geographical boundaries and fostering innovation in the architecture and engineering fields.展开更多
基金supported in part by the National Science Foundation of China under Grants U22B2027,62172297,62102262,61902276 and 62272311,Tianjin Intelligent Manufacturing Special Fund Project under Grant 20211097the China Guangxi Science and Technology Plan Project(Guangxi Science and Technology Base and Talent Special Project)under Grant AD23026096(Application Number 2022AC20001)+1 种基金Hainan Provincial Natural Science Foundation of China under Grant 622RC616CCF-Nsfocus Kunpeng Fund Project under Grant CCF-NSFOCUS202207.
文摘Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint recognition methods,which rely on preannotated feature matching,face inherent limitations due to the ever-evolving nature and diverse landscape of web applications.In response to these challenges,this work proposes an innovative web application fingerprint recognition method founded on clustering techniques.The method involves extensive data collection from the Tranco List,employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction.The core of the methodology lies in the application of the unsupervised OPTICS clustering algorithm,eliminating the need for preannotated labels.By transforming web applications into feature vectors and leveraging clustering algorithms,our approach accurately categorizes diverse web applications,providing comprehensive and precise fingerprint recognition.The experimental results,which are obtained on a dataset featuring various web application types,affirm the efficacy of the method,demonstrating its ability to achieve high accuracy and broad coverage.This novel approach not only distinguishes between different web application types effectively but also demonstrates superiority in terms of classification accuracy and coverage,offering a robust solution to the challenges of web application fingerprint recognition.
文摘This work leveraged predictive modeling techniques in machine learning (ML) to predict heart disease using a dataset sourced from the Center for Disease Control and Prevention in the US. The dataset was preprocessed and used to train five machine learning models: random forest, support vector machine, logistic regression, extreme gradient boosting and light gradient boosting. The goal was to use the best performing model to develop a web application capable of reliably predicting heart disease based on user-provided data. The extreme gradient boosting classifier provided the most reliable results with precision, recall and F1-score of 97%, 72%, and 83% respectively for Class 0 (no heart disease) and 21% (precision), 81% (recall) and 34% (F1-score) for Class 1 (heart disease). The model was further deployed as a web application.
文摘This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
文摘To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.
文摘Ajax is really several technologies,each flourishing in its own right,coming together in powerful new ways,which consists of HTML,JavaScript^(TM)technology,DHTML,and DOM,is an outstanding approach that helps to transform clunky Web interfaces into interactive Ajax applications.After the definition to Ajax,how to make asynchronous requests with JavaScript and Ajax was introduced.At the end,advanced requests and responses in Ajax were put forward.
基金Supported by the National Natural Science Foun-dation of China (60425206 ,90412003 ,60503033)the National Bas-ic Research Program of China (973 Program 2002CB312000 ) Opening Foundation of State Key Laboratory of Software Engineeringin Wuhan University, High Technology Research Project of JiangsuProvince (BG2005032)
文摘Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to carry out the form testing by different methods in the related testing phases. Namely, at first, automatically abstracting forms in the Web pages by parsing the HTML documents; then, ohtai ning the testing data with a certain strategies, such as by requirement specifications, by mining users' hefore input informarion or by recording meehanism; and next executing the testing actions automatically due to the well formed test cases; finally, a case study is given to illustrate the convenient and effective of these methods.
基金Supported by the National Natural Science Foundation of China (60673115)the National Basic Research Program of China (973 Program) (2002CB312001)the Open Foundation of State Key Laboratory of Soft-ware Engineering (SKLSE05-13)
文摘A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagram as the object model is employed to describe the object structure of a Web application design and can be translated into the behavior model. A key problem of model checking-based test generation for a Web application is how to construct a set of trap properties that intend to cause the violations of model checking against the behavior model and output of counterexamples used to construct the test sequences. We give an algorithm that derives trap properties from the object model with respect to node and edge coverage criteria.
文摘This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.
基金supported by the General Research Direction of the Universidad Santiago de Cali,which financed a research project to the COMBA I+D research group.URL:https://www.usc.edu.co/。
文摘Multiple customer data management has become a focus of attention in big organizations.Although much information is available,it does not translate into significant profitable value-added services.We present a design of a commercial web application based on business intelligence that generates information on social and financial behavior of clients in an organization;with the purpose of obtain additional information that allows to get more profits.This app will provide a broader perspective for making strategic decisions to increase profits and reduce internal investment costs.A case in point is the financial sector,a group of financial entities were used to make measurements and test them.A design to build a web application aimed at achieving a large and ambitious goal by means of defined tools reflecting clients’business needs is proposed.In this research,different techniques and technologies are explored,such as diagrams,frameworks,design,architecture,model entity-relationship,tables,equations,mental maps and development tools.Through the Personal Software Process methodology and with the help of information extraction,consolidation,and visualization,the implementation can be carried out.This article provides the importance of implementing business intelligence in an organization and expands on the steps needed for the implementation of this valuable technology.
基金This Project was funded by the Taif University Researchers Supporting Projects at Taif University,Kingdom of Saudi Arabia,under Grant Number:TURSP-2020/211.
文摘Transformation from conventional business management systems to smart digital systems is a recurrent trend in the current era.This has led to digital revolution,and in this context,the hardwired technologies in the software industry play a significant role However,from the beginning,software security remains a serious issue for all levels of stakeholders.Software vulnerabilities lead to intrusions that cause data breaches and result in disclosure of sensitive data,compromising the organizations’reputation that translates into,financial losses as well.Most of the data breaches are financially motivated,especially in the healthcare sector.The cyber invaders continuously penetrate the E-Health data because of the high cost of the data on the dark web.Therefore,security assessment of healthcare web-based applications demands immediate intervention mechanisms to weed out the threats of cyber-attacks.The aim of this work is to provide efficient and effective healthcare web application security assessment.The study has worked with the hybrid computational model of Multi-Criteria Decision Making(MCDM)based on Analytical Hierarchy Process(AHP)and Technique for Order of Preference by Similarity to Ideal-Solutions(TOPSIS)under the Hesitant Fuzzy(HF)environment.Hesitant fuzzy sets provide effective solutions to address decision making problems where experts counter hesitation to make a decision.The proposed research endeavor will support designers and developers in identifying,selecting and prioritizing the best security attributes for web applications’development.The empirical analysis concludes that Robustness got highest priority amongst the assessed security attributes set followed by Encryption,Authentication,Limit Access,Revoke Access,Data Validation,and Maintain Audit Trail.The results of this research endeavor depict that this proposed computational procedure would be the most conversant mechanism for determining the web application security.The study also establishes guidelines which the developers can refer for the identification and prioritization of security attributes to build more secure and trustworthy web-based applications.
文摘Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.
文摘Many research indicate a lot of money and time are spent on maintaining and modifying program delivered. So the policies to support program comprehension are very important. Program comprehension is a crucial and difficult task. Insufficient design, illogical code structure, short documents will enhance the comprehensive difficulty. Developing Web application is usually a process with quick implementation and delivery. In addition, generally a Web application is coded by combining mark language statements with some embedded applets. Such programming mode affects comprehension of Web applications disadvantageously. This paper proposes a method to improving understanding Web by dependence analysis and slice technology. Key words Web application comprehension - program dependence - hyper graph - pogram slicing CLC number TP 311 Foundation item: Supported in part by the Young Scientist’s Fund of NSFC (60373066, 60303024). National Grand Fundamental Research 973 Program of China (2002CB312000) and National Research Foundation for the Doctoral Program of Higher Education of ChinaBiography: WU Jun-hua (1965-), female, Ph. D. research direction: software engineering.
基金grant number 12-INF2970-10 from the National Science,Technology and Innovation Plan(MAARIFAH),the King Abdul-Aziz City for Science and Technology(KACST),Kingdom of Saudi Arabia.We thank the Science and Technology Unit at Umm Al-Qura University for their continued logistics support.
文摘Usability and security are often considered contradictory in nature.One has a negative impact on the other.In order to satisfy the needs of users with the security perspective,the relationship and trade-offs among security and usability must be distinguished.Security practitioners are working on developing new approaches that would help to secure healthcare web applications as well increase usability of the web applications.In the same league,the present research endeavour is premised on the usable-security of healthcare web applications.For a compatible blend of usability and security that would fulfill the users’requirments,this research proposes an integration of the Fuzzy AHP-TOPSIS method for assessing usable-security of healthcare web applications.Since the estimation of security-usability accrately is also a decision making problem,the study employs Multiple Criteria Decision Analysis(MCDA)for selecting the most decisive attributes of usability as well as security.Furthermore,this study also pinpoints the highest priority attributes that can strengthen the usable-security of the healthcare web applications.The effectiveness of the suggested method has been tested on the healthcare web applications of local hospitals in Mecca,Saudi Arabia.The results corroborate that Fuzzy AHP-TOPSIS is indeed a reliable technique that will help the developers to design a healthcare web applications that delivers optimum usable-security.
基金Project supported by the National High-Technology Research and Development Program of China(Grant No.2007AA01Z144)the Shanghai Leading Academic Discipline Project(Grant No.J50103)
文摘Building an abstract model of the web application is the chief task of software test based on model, which is an efficient way for testing the web application. One problem with current web application test technologies is the lack of tools for modeling the whole web software, especially the lack of support for describing web application from the view of action and function. This paper is concerned with providing the support for development and test of the web application. The presented novel model, named component-based and tree-oriented web application development model (CBTOWADM), abstracts the web application as a tree based on its system function and business process. CBTOWADM not only simplifies the design and development of the web application, but also acts as the model middleware for software test. The basic model definition, the system framework and the application in software test of CBTOWADM is described.
基金Taif University Researchers Supporting Project number(TURSP-2020/98),Taif University,Taif,Saudi Arabia.
文摘The Investigain is a progressive web application to make mutual funds investments through a Systematic Investment Plan.The application utilizes the web’s modern capabilities,such as Asynchronous JavaScript and XML(AJAX),JavaScript,and Hypertext Marker Language(HTML5).The application also uses a powerful relational database management system,such as MySQL,to display asset management information.The application has two portals,one for investors and one for a particular asset manager or asset management company.Each investor has an account in the investor portal.The investor can view his/her profile,current balance,balance history,dividends,the units of mutual funds bought,unit price,the value of each mutual fund,and can pay installments using an embedded online payment gateway.Asset managers can monitor all investments,manage user accounts,and reimburse dividends using the admin portal.This paper also presents the experimental results of using the Investigain application,compares them with existing systems,and details the application’s prospect to improve its socio-economic conditions.The system’s frontend is designed with Bootstrap and jQuery frameworks.The backend is designed using Hypertext Preprocessor(PHP)server-side scripting language.The system demonstrated increased satisfaction from its clients.
文摘This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standard, open, robust and cross-platform architecture. It can guarantee system- independence. Presented framework provides a clean separation of presentation from business logic which meets user's taste by changing user interface frequenctly, and enables more functions to be conventiently added in future.
文摘The house rental issue is one of the elemental parts of society. Nowadays, it is extremely difficult to find suitable accommodation in city areas if people search for it physically. On the other hand, the land owner also needs to rent the house. It can be difficult to find tenants just to hang a lease sign on a building, and as a result, they lose money. An online common platform can play a vital role in this case. The purpose of the study is to develop a common web-based online platform for both tenants and house owners so that both tenants and landowners will mutually benefit from the system. This paper presents the development of web applications for the people of Bangladesh where both house owners and tenants can register and tenants can have houses for rent via sophisticated contact with the house owner. In this paper, a common online-based smart house rental web application has been developed both for tenants and for house owners. This web application is very user-friendly, efficient and it has got many unique features that are not offered by other currently available house rental websites here in Bangladesh. Tenants can register using their phone number, store information about their identity, search for available houses, send messages to house owners, and choose a suitable house using developed web applications. House owners can also register for the system, which will manually verify and authenticate the knowledge provided by the house owner can view a tenant’s information history whenever a tenant makes contact through text and supply house-related information accordingly. The proposed online smart house system has been tested and validated. It works very efficiently with many features. The application provided faster and improved opportunities to get houses, as well as ensuring the availability of houses for rent in the greatest number of areas. The system will help to spread trustworthy services nationwide and supply users with the chance to speak and improve the house rent in Bangladesh. Because it has many smart features, this developed online smart house rental web application will make it very easy for tenants to find a house to rent. House owners, on the other hand, can easily rent out their properties.
基金We would like to acknowledge the work of the authors who contributed to the development of the CBE Clima Tool(https://github.com/Center For The Built Environment/clima/graphs/contributors).This research has been supported by the Center for the Built Environment at the University of California Berkeley and the Republic of Singapore’s National Research Foundation through a grant to the Berkeley Education Alliance for Research in Singapore(BEARS)for the Singapore-Berkeley Building Efficiency and Sustainability in the Tropics(SinBerBEST)Program.
文摘Climate-responsive building design holds immense potential for enhancing comfort,energy efficiency,and environmental sustainability.However,many social,cultural,and economic obstacles might prevent the wide adoption of designing climate-adapted buildings.One of these obstacles can be removed by enabling practitioners to easily access,visualize and analyze local climate data.The CBE Clima Tool(Clima)is a free and open-source web application that offers easy access to publicly available weather files and has been created for building energy simulation and design.It provides a series of interactive visualizations of the variables contained in the EnergyPlus Weather Files and several derived ones like the UTCI or the adaptive comfort indices.It is aimed at students,educators,and practitioners in the architecture and engineering fields.Since its inception,Clima’s user base has exhibited robust growth,attracting over 25,000 unique users annually from across 70 countries.Our tool is poised to revolutionize climate-adaptive building design,transcending geographical boundaries and fostering innovation in the architecture and engineering fields.