AWeb Application Fingerprint Recognition Method Based on Machine Learning

Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint recognition methods,which rely on preannotated feature matching,face inherent limitations due to the ever-evolving nature and diverse landscape of web applications.In response to these challenges,this work proposes an innovative web application fingerprint recognition method founded on clustering techniques.The method involves extensive data collection from the Tranco List,employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction.The core of the methodology lies in the application of the unsupervised OPTICS clustering algorithm,eliminating the need for preannotated labels.By transforming web applications into feature vectors and leveraging clustering algorithms,our approach accurately categorizes diverse web applications,providing comprehensive and precise fingerprint recognition.The experimental results,which are obtained on a dataset featuring various web application types,affirm the efficacy of the method,demonstrating its ability to achieve high accuracy and broad coverage.This novel approach not only distinguishes between different web application types effectively but also demonstrates superiority in terms of classification accuracy and coverage,offering a robust solution to the challenges of web application fingerprint recognition.

A Machine Learning-Based Web Application for Heart Disease Prediction

This work leveraged predictive modeling techniques in machine learning (ML) to predict heart disease using a dataset sourced from the Center for Disease Control and Prevention in the US. The dataset was preprocessed and used to train five machine learning models: random forest, support vector machine, logistic regression, extreme gradient boosting and light gradient boosting. The goal was to use the best performing model to develop a web application capable of reliably predicting heart disease based on user-provided data. The extreme gradient boosting classifier provided the most reliable results with precision, recall and F1-score of 97%, 72%, and 83% respectively for Class 0 (no heart disease) and 21% (precision), 81% (recall) and 34% (F1-score) for Class 1 (heart disease). The model was further deployed as a web application.

Portable and Efficient Implementation of CRYSTALS-Kyber Based on WebAssembly

With the rapid development of quantum computers capable of realizing Shor’s algorithm,existing public key-based algorithms face a significant security risk.Crystals-Kyber has been selected as the only key encapsulation mechanism(KEM)algorithm in the National Institute of Standards and Technology(NIST)Post-Quantum Cryptography(PQC)competition.In this study,we present a portable and efficient implementation of a Crystals-Kyber post-quantum KEM based on WebAssembly(Wasm),a recently released portable execution framework for high-performance web applications.Until now,most Kyber implementations have been developed with native programming languages such as C and Assembly.Although there are a few previous Kyber implementations based on JavaScript for portability,their performance is significantly lower than that of implementations based on native programming languages.Therefore,it is necessary to develop a portable and efficient Kyber implementation to secure web applications in the quantum computing era.Our Kyber software is based on JavaScript and Wasm to provide portability and efficiency while ensuring quantum security.Namely,the overall software is written in JavaScript,and the performance core parts(secure hash algorithm-3-based operations and polynomial multiplication)are written in Wasm.Furthermore,we parallelize the number theoretic transform(NTT)-based polynomial multiplication using single instruction multiple data(SIMD)functionality,which is available in Wasm.The three steps in the NTT-based polynomial multiplication have been parallelized with Wasm SIMD intrinsic functions.Our software outperforms the latest reference implementation of Kyber developed in JavaScript by×4.02(resp.×4.32 and×4.1),×3.42(resp.×3.52 and×3.44),and×3.41(resp.×3.44 and×3.38)in terms of key generation,encapsulation,and decapsulation on Google Chrome(resp.Firefox,and Microsoft Edge).As far as we know,this is the first software implementation of Kyber with Wasm technology in the web environment.

JShellDetector: A Java FilelessWebshell Detector Based on Program Analysis

Fileless webshell attacks against Java web applications have becomemore frequent in recent years as Java has gained market share. Webshell is amalicious script that can remotely execute commands and invade servers. Itis widely used in attacks against web applications. In contrast to traditionalfile-based webshells, fileless webshells leave no traces on the hard drive, whichmeans they are invisible to most antivirus software. To make matters worse,although there are some studies on fileless webshells, almost all of themare aimed at web applications developed in the PHP language. The complexmechanism of Java makes researchers face more challenges. To mitigate thisattack, this paper proposes JShellDetector, a fileless webshell detector forJava web applications based on program analysis. JShellDetector uses methodprobes to capture dynamic characteristics of web applications in the JavaVirtual Machine (JVM). When a suspicious class tries to call a specificsensitive method, JShellDetector catches it and converts it from the JVMto a bytecode file. Then, JShellDetector builds a Jimple-based control flowgraph and processes it using taint analysis techniques. A suspicious classis considered malicious if there is a valid path from sources to sinks. Todemonstrate the effectiveness of the proposed approach, we manually collect35 test cases (all open source on GitHub) and test JShellDetector and onlytwo other Java fileless webshell detection tools. The experimental results showthat the detection rate of JShellDetector reaches 77.1%, which is about 11%higher than the other two tools.

Securing Stock Transactions Using Blockchain Technology: Architecture for Identifying and Reducing Vulnerabilities Linked to the Web Applications Used (MAHV-BC)

This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.

Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques

This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.

Method for test case selection and execution of web application regression testing

In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case selection method for web application regression testing based on the control flow graph.This method is safe enough to the test case selection.On the base of features of request sequence in web application,the minimization technique and the priority of test cases are taken into consideration in the process of execution of test cases in regression testing for web application.The improved greedy algorithm is also raised resulting in optimization of execution of test cases.The experiments indicate that the number of test cases which need to be retested is reduced,and the efficiency of execution of test cases is also improved.

Coverage criteria and test requirement reduction for component-based web application

In order to analyze and test the component-based web application and decide when to stop the testing process, the concept of coverage criteria and test requirement reduction approach are proposed. First, four adequacy criteria are defined and subsumption relationships among them are proved. Then, a translation algorithm is presented to transfer the test model into a web application decision-to-decision graph（WADDGraph）which is used to reduce testing requirements. Finally, different sets of test requirements can be generated from WADDGraph by analyzing subsumption and equivalence relationships among edges based on different coverage criteria, and testers can select different test requirements according to different testing environments. The case study indicates that coverage criteria follow linear subsumption relationships in real web applications. Test requirements can be reduced more than 55% on average based on different coverage criteria and the size of test requirements increases with the increase in the complexity of the coverage criteria.

Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities

To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.

A New Approach to Web Applications with Ajax

Ajax is really several technologies,each flourishing in its own right,coming together in powerful new ways,which consists of HTML,JavaScript^(TM)technology,DHTML,and DOM,is an outstanding approach that helps to transform clunky Web interfaces into interactive Ajax applications.After the definition to Ajax,how to make asynchronous requests with JavaScript and Ajax was introduced.At the end,advanced requests and responses in Ajax were put forward.

Testing Forms in Web Applications Automatically

Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to carry out the form testing by different methods in the related testing phases. Namely, at first, automatically abstracting forms in the Web pages by parsing the HTML documents; then, ohtai ning the testing data with a certain strategies, such as by requirement specifications, by mining users＇ hefore input informarion or by recording meehanism; and next executing the testing actions automatically due to the well formed test cases; finally, a case study is given to illustrate the convenient and effective of these methods.

Model Checking-Based Testing of Web Applications

A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagram as the object model is employed to describe the object structure of a Web application design and can be translated into the behavior model. A key problem of model checking-based test generation for a Web application is how to construct a set of trap properties that intend to cause the violations of model checking against the behavior model and output of counterexamples used to construct the test sequences. We give an algorithm that derives trap properties from the object model with respect to node and edge coverage criteria.

Managing Security-Risks for Improving Security-Durability of Institutional Web-Applications: Design Perspective

The advanced technological need,exacerbated by the flexible time constraints,leads to several more design level unexplored vulnerabilities.Security is an extremely vital component in software development;we must take charge of security and therefore analysis of software security risk assumes utmost significance.In order to handle the cyber-security risk of the web application and protect individuals,information and properties effectively,one must consider what needs to be secured,what are the perceived threats and the protection of assets.Security preparation plans,implements,tracks,updates and consistently develops safety risk management activities.Risk management must be interpreted as the major component for tackling security efficiently.In particular,during application development,security is considered as an add-on but not the main issue.It is important for the researchers to stress on the consideration of protection right from the earlier developmental stages of the software.This approach will help in designing software which can itself combat threats and does not depend on external security programs.Therefore,it is essential to evaluate the impact of security risks during software design.In this paper the researchers have used the hybrid Fuzzy AHPTOPSIS method to evaluate the risks for improving security durability of different Institutional Web Applications.In addition,the e-component of security risk is measured on software durability,and vice versa.The paper’s findings will prove to be valuable for enhancing the security durability of different web applications.

Web Application Commercial Design for Financial Entities Based on Business Intelligence

Multiple customer data management has become a focus of attention in big organizations.Although much information is available,it does not translate into significant profitable value-added services.We present a design of a commercial web application based on business intelligence that generates information on social and financial behavior of clients in an organization;with the purpose of obtain additional information that allows to get more profits.This app will provide a broader perspective for making strategic decisions to increase profits and reduce internal investment costs.A case in point is the financial sector,a group of financial entities were used to make measurements and test them.A design to build a web application aimed at achieving a large and ambitious goal by means of defined tools reflecting clients’business needs is proposed.In this research,different techniques and technologies are explored,such as diagrams,frameworks,design,architecture,model entity-relationship,tables,equations,mental maps and development tools.Through the Personal Software Process methodology and with the help of information extraction,consolidation,and visualization,the implementation can be carried out.This article provides the importance of implementing business intelligence in an organization and expands on the steps needed for the implementation of this valuable technology.

Hybrid Computational Modeling for Web Application Security Assessment

Transformation from conventional business management systems to smart digital systems is a recurrent trend in the current era.This has led to digital revolution,and in this context,the hardwired technologies in the software industry play a significant role However,from the beginning,software security remains a serious issue for all levels of stakeholders.Software vulnerabilities lead to intrusions that cause data breaches and result in disclosure of sensitive data,compromising the organizations’reputation that translates into,financial losses as well.Most of the data breaches are financially motivated,especially in the healthcare sector.The cyber invaders continuously penetrate the E-Health data because of the high cost of the data on the dark web.Therefore,security assessment of healthcare web-based applications demands immediate intervention mechanisms to weed out the threats of cyber-attacks.The aim of this work is to provide efficient and effective healthcare web application security assessment.The study has worked with the hybrid computational model of Multi-Criteria Decision Making(MCDM)based on Analytical Hierarchy Process(AHP)and Technique for Order of Preference by Similarity to Ideal-Solutions(TOPSIS)under the Hesitant Fuzzy(HF)environment.Hesitant fuzzy sets provide effective solutions to address decision making problems where experts counter hesitation to make a decision.The proposed research endeavor will support designers and developers in identifying,selecting and prioritizing the best security attributes for web applications’development.The empirical analysis concludes that Robustness got highest priority amongst the assessed security attributes set followed by Encryption,Authentication,Limit Access,Revoke Access,Data Validation,and Maintain Audit Trail.The results of this research endeavor depict that this proposed computational procedure would be the most conversant mechanism for determining the web application security.The study also establishes guidelines which the developers can refer for the identification and prioritization of security attributes to build more secure and trustworthy web-based applications.

Hybrid Security Assessment Methodology for Web Applications

This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.

The Web Application Test Based on Page Coverage Criteria

Software testing coverage criteria play an important role in the whole testing process.The current coverage criteria for web applications are based on program or URL.They are not suitable for black-box test or intuitional to use.This paper defines a kind of test criteria based on page coverage sequences only navigated by web application,including Page_Single,Page_Post,Page_Pre,Page_Seq2,Page_SeqK.The test criteria based on page coverage sequences made by interactions between web application and browser are being under consideration after that.In order to avoid ambiguity of natural language,these coverage criteria are depicted using Z formal language.The empirical result shows that the criteria complement traditional coverage and fault detection capability criteria.

Integration of PSSE Web Application with Power System Simulation Platform

As power systems become larger and more complicated, power system simulation analysis requires more flexibility and faster performance. BPA is simulation software that is widely used in China and thus official power system data are in BPA format. However, BPA＇s flexibility and performance cannot meet the requirement of ultra-large-scale power system. PSSE supports user-def＇med models and can handle large scale power system with up to 150,000 buses. From that perspective, PSSE is much suitable for future network analysis. To take advantages of both BPA and PSSE, it is required to build a simulation platform which is able to combine PSS^E with BPA to meet the requirements of large-scale power system simulation in the future. In this paper, PSS^E and BPA have been integrated into the power system simulation platform to perform power system study together. As data format and models are different between BPA and PSSE, the focus is developing a converter that can convert BPA data to PSSE data and creating dynamic models in PSSE based on the dynamic models in BPA. Simulation results show the accuracy of PSSE user-defined models and high availability of PSSE Web application.

Internet Application Technologies in Web 2.0 Era

The Internet has stepped into Web 2.0 era. Web 2.0 application technologies and services are rapidly developing, accompanied by the innovation and revolution of business models. This article analyzes the development of Web 2.0 technologies and their promotion role in the development of Internet services, discusses the implementation of Web 2.0 core concepts (including user participation, resource sharing and platform) by the multiple Internet application technologies, and gives the development trends of Internet application technologies.

Combinatorial Method with Static Analysis for Source Code Security in Web Applications

Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.