Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps ha...Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps have been found to be less durable in recent years;thus reducing their business continuity.High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability.Hence,there is a necessity to link in the gap between durability and security of the web application.Indeed,security mechanisms must be used to enhance durability as well as the security of the web application.Although durability and security are not related directly,some of their factors influence each other indirectly.Characteristics play an important role in reducing the void between durability and security.In this respect,the present study identifies key characteristics of security and durability that affect each other indirectly and directly,including confidentiality,integrity availability,human trust and trustworthiness.The importance of all the attributes in terms of their weight is essential for their influence on the whole security during the development procedure of web application.To estimate the efficacy of present study,authors employed the Hesitant Fuzzy Analytic Hierarchy Process(H-Fuzzy AHP).The outcomes of our investigations and conclusions will be a useful reference for the web application developers in achieving a more secure and durable web application.展开更多
Inferring the fully qualified names(FQNs)of undeclared receiving objects and non-fully-qualified type names(non-FQNs)in partial code is critical for effectively searching,understanding,and reusing partial code.Existin...Inferring the fully qualified names(FQNs)of undeclared receiving objects and non-fully-qualified type names(non-FQNs)in partial code is critical for effectively searching,understanding,and reusing partial code.Existing type inference tools,such as COSTER and SNR,rely on a symbolic knowledge base and adopt a dictionary-lookup strategy to map simple names of undeclared receiving objects and non-FQNs to FQNs.However,building a symbolic knowledge base requires parsing compilable code files,which limits the collection of APIs and code contexts,resulting in out-of-vocabulary(OOV)failures.To overcome the limitations of a symbolic knowledge base for FQN inference,we implemented Ask Me Any Type(AMAT),a type of inference plugin embedded in web browsers and integrated development environment(IDE).Unlike the dictionary-lookup strategy,AMAT uses a cloze-style fill-in-the-blank strategy for type inference.By treating code as text,AMAT leverages a fine-tuned large language model(LLM)as a neural knowledge base,thereby preventing the need for code compilation.Experimental results show that AMAT outperforms state-of-the-art tools such as COSTER and SNR.In practice,developers can directly reuse partial code by inferring the FQNs of unresolved type names in real time.展开更多
基金funded by the Taif University Researchers Supporting Projects at Taif University,Kingdom of Saudi Arabia,under Grant Number:TURSP-2020/231.
文摘Since the beginning of web applications,security has been a critical study area.There has been a lot of research done to figure out how to define and identify security goals or issues.However,high-security web apps have been found to be less durable in recent years;thus reducing their business continuity.High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability.Hence,there is a necessity to link in the gap between durability and security of the web application.Indeed,security mechanisms must be used to enhance durability as well as the security of the web application.Although durability and security are not related directly,some of their factors influence each other indirectly.Characteristics play an important role in reducing the void between durability and security.In this respect,the present study identifies key characteristics of security and durability that affect each other indirectly and directly,including confidentiality,integrity availability,human trust and trustworthiness.The importance of all the attributes in terms of their weight is essential for their influence on the whole security during the development procedure of web application.To estimate the efficacy of present study,authors employed the Hesitant Fuzzy Analytic Hierarchy Process(H-Fuzzy AHP).The outcomes of our investigations and conclusions will be a useful reference for the web application developers in achieving a more secure and durable web application.
基金Supported by the Key Scientific and Technological Research Projects of the Jiangxi Provincial Department of Education(GJJ2200303)the National Social Science Foundation Major Bidding Project(20&ZD068)。
文摘Inferring the fully qualified names(FQNs)of undeclared receiving objects and non-fully-qualified type names(non-FQNs)in partial code is critical for effectively searching,understanding,and reusing partial code.Existing type inference tools,such as COSTER and SNR,rely on a symbolic knowledge base and adopt a dictionary-lookup strategy to map simple names of undeclared receiving objects and non-FQNs to FQNs.However,building a symbolic knowledge base requires parsing compilable code files,which limits the collection of APIs and code contexts,resulting in out-of-vocabulary(OOV)failures.To overcome the limitations of a symbolic knowledge base for FQN inference,we implemented Ask Me Any Type(AMAT),a type of inference plugin embedded in web browsers and integrated development environment(IDE).Unlike the dictionary-lookup strategy,AMAT uses a cloze-style fill-in-the-blank strategy for type inference.By treating code as text,AMAT leverages a fine-tuned large language model(LLM)as a neural knowledge base,thereby preventing the need for code compilation.Experimental results show that AMAT outperforms state-of-the-art tools such as COSTER and SNR.In practice,developers can directly reuse partial code by inferring the FQNs of unresolved type names in real time.