In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementi...In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementing robust security measures in modern web applications and the proof of the Methodology applied to Vue.js,Spring Boot,and MySQL architecture.The proposed approach addresses critical security challenges through a multi-layered framework that encompasses essential security dimensions including multi-factor authentication,fine-grained authorization controls,sophisticated session management,data confidentiality and integrity protection,secure logging mechanisms,comprehensive error handling,high availability strategies,advanced input validation,and security headers implementation.Significant contributions are made to the field of web application security.First,a detailed catalogue of security requirements specifically tailored to protect web applications against contemporary threats,backed by rigorous analysis and industry best practices.Second,the methodology is validated through a carefully designed proof-of-concept implementation in a controlled environment,demonstrating the practical effectiveness of the security measures.The validation process employs cutting-edge static and dynamic analysis tools for comprehensive dependency validation and vulnerability detection,ensuring robust security coverage.The validation results confirm the prevention and avoidance of security vulnerabilities of the methodology.A key innovation of this work is the seamless integration of DevSecOps practices throughout the secure Software Development Life Cycle(SSDLC),creating a security-first mindset from initial design to deployment.By combining proactive secure coding practices with defensive security approaches,a framework is established that not only strengthens application security but also fosters a culture of security awareness within development teams.This hybrid approach ensures that security considerations are woven into every aspect of the development process,rather than being treated as an afterthought.展开更多
To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities ...To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.展开更多
Ajax is really several technologies,each flourishing in its own right,coming together in powerful new ways,which consists of HTML,JavaScript^(TM)technology,DHTML,and DOM,is an outstanding approach that helps to transf...Ajax is really several technologies,each flourishing in its own right,coming together in powerful new ways,which consists of HTML,JavaScript^(TM)technology,DHTML,and DOM,is an outstanding approach that helps to transform clunky Web interfaces into interactive Ajax applications.After the definition to Ajax,how to make asynchronous requests with JavaScript and Ajax was introduced.At the end,advanced requests and responses in Ajax were put forward.展开更多
Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to ca...Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to carry out the form testing by different methods in the related testing phases. Namely, at first, automatically abstracting forms in the Web pages by parsing the HTML documents; then, ohtai ning the testing data with a certain strategies, such as by requirement specifications, by mining users' hefore input informarion or by recording meehanism; and next executing the testing actions automatically due to the well formed test cases; finally, a case study is given to illustrate the convenient and effective of these methods.展开更多
A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagra...A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagram as the object model is employed to describe the object structure of a Web application design and can be translated into the behavior model. A key problem of model checking-based test generation for a Web application is how to construct a set of trap properties that intend to cause the violations of model checking against the behavior model and output of counterexamples used to construct the test sequences. We give an algorithm that derives trap properties from the object model with respect to node and edge coverage criteria.展开更多
The advanced technological need,exacerbated by the flexible time constraints,leads to several more design level unexplored vulnerabilities.Security is an extremely vital component in software development;we must take ...The advanced technological need,exacerbated by the flexible time constraints,leads to several more design level unexplored vulnerabilities.Security is an extremely vital component in software development;we must take charge of security and therefore analysis of software security risk assumes utmost significance.In order to handle the cyber-security risk of the web application and protect individuals,information and properties effectively,one must consider what needs to be secured,what are the perceived threats and the protection of assets.Security preparation plans,implements,tracks,updates and consistently develops safety risk management activities.Risk management must be interpreted as the major component for tackling security efficiently.In particular,during application development,security is considered as an add-on but not the main issue.It is important for the researchers to stress on the consideration of protection right from the earlier developmental stages of the software.This approach will help in designing software which can itself combat threats and does not depend on external security programs.Therefore,it is essential to evaluate the impact of security risks during software design.In this paper the researchers have used the hybrid Fuzzy AHPTOPSIS method to evaluate the risks for improving security durability of different Institutional Web Applications.In addition,the e-component of security risk is measured on software durability,and vice versa.The paper’s findings will prove to be valuable for enhancing the security durability of different web applications.展开更多
This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessment...This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.展开更多
Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query ...Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query language (SQL) statement construction and cannot be applied to the new generation of web applications that use not only structured query language (NoSQL) databases as the storage tier. In this paper, we present Lom, a black-box approach for discovering many categories of logic flaws within MongoDB- based web applications. Our approach introduces a MongoDB operation model to support new features of MongoDB and models the application logic as a mealy finite state machine. During the testing phase, test inputs which emulate state violation attacks are constructed for identifying logic flaws at each application state. We apply Lom to several MongoDB-based web applications and demonstrate its effectiveness.展开更多
Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources.Thus,different approaches to protect web applications have been proposed to date.Of th...Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources.Thus,different approaches to protect web applications have been proposed to date.Of them,the two major approaches are Web Application Firewalls(WAF)and Runtime Application Self Protection(RASP).It is,thus,essential to understand the differences and relative effectiveness of both these approaches for effective decisionmaking regarding the security of web applications.Here we present a comparative study between WAF and RASP simulated settings,with the aim to compare their effectiveness and efficiency against different categories of attacks.For this,we used computation of different metrics and sorted their results using F-Score index.We found that RASP tools scored better than WAF tools.In this study,we also developed a new experimental methodology for the objective evaluation ofweb protection tools since,to the best of our knowledge,nomethod specifically evaluates web protection tools.展开更多
As power systems become larger and more complicated, power system simulation analysis requires more flexibility and faster performance. BPA is simulation software that is widely used in China and thus official power s...As power systems become larger and more complicated, power system simulation analysis requires more flexibility and faster performance. BPA is simulation software that is widely used in China and thus official power system data are in BPA format. However, BPA's flexibility and performance cannot meet the requirement of ultra-large-scale power system. PSSE supports user-def'med models and can handle large scale power system with up to 150,000 buses. From that perspective, PSSE is much suitable for future network analysis. To take advantages of both BPA and PSSE, it is required to build a simulation platform which is able to combine PSS^E with BPA to meet the requirements of large-scale power system simulation in the future. In this paper, PSS^E and BPA have been integrated into the power system simulation platform to perform power system study together. As data format and models are different between BPA and PSSE, the focus is developing a converter that can convert BPA data to PSSE data and creating dynamic models in PSSE based on the dynamic models in BPA. Simulation results show the accuracy of PSSE user-defined models and high availability of PSSE Web application.展开更多
Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source cod...Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.展开更多
Usability and security are often considered contradictory in nature.One has a negative impact on the other.In order to satisfy the needs of users with the security perspective,the relationship and trade-offs among sec...Usability and security are often considered contradictory in nature.One has a negative impact on the other.In order to satisfy the needs of users with the security perspective,the relationship and trade-offs among security and usability must be distinguished.Security practitioners are working on developing new approaches that would help to secure healthcare web applications as well increase usability of the web applications.In the same league,the present research endeavour is premised on the usable-security of healthcare web applications.For a compatible blend of usability and security that would fulfill the users’requirments,this research proposes an integration of the Fuzzy AHP-TOPSIS method for assessing usable-security of healthcare web applications.Since the estimation of security-usability accrately is also a decision making problem,the study employs Multiple Criteria Decision Analysis(MCDA)for selecting the most decisive attributes of usability as well as security.Furthermore,this study also pinpoints the highest priority attributes that can strengthen the usable-security of the healthcare web applications.The effectiveness of the suggested method has been tested on the healthcare web applications of local hospitals in Mecca,Saudi Arabia.The results corroborate that Fuzzy AHP-TOPSIS is indeed a reliable technique that will help the developers to design a healthcare web applications that delivers optimum usable-security.展开更多
This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standar...This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standard, open, robust and cross-platform architecture. It can guarantee system- independence. Presented framework provides a clean separation of presentation from business logic which meets user's taste by changing user interface frequenctly, and enables more functions to be conventiently added in future.展开更多
<div style="text-align:justify;"> <span style="font-family:Verdana;">Average Bangladeshis spend a significant amount of income on medicine. A reliable and fast online medicine delivery ...<div style="text-align:justify;"> <span style="font-family:Verdana;">Average Bangladeshis spend a significant amount of income on medicine. A reliable and fast online medicine delivery system is not ubiquitous. Most people buy medicine from the local Pharmacies. They need to go to medicine stores to buy the specific medicine prescribed by the specialized doctors. Sometimes all prescribed medicines are not available in local Pharmacies therefore people need to go to other areas to buy the medicines. It is very time consuming and people need to spend money as well for this. In our country, traffic jams are a very big problem. People waste longer time on the road due to traffic jams. Here most of the pharmacies are closed at night time but sometimes in an emergency situation medicine is very essential. In this case an online web based e-commerce medicine delivery system is needed very much. In addition, currently the whole world is suffering due to COVID-19 pandemic. Coronavirus is very contagious which we all know. In this pandemic time it is not risk free to go out to buy medicine from the pharmacies. Due to COVID-19, medicine scarcity is also an important issue. In this situation, an online medicine delivery system can play an important role. By considering the above mentioned facts, a reliable and fast online solution is proposed. This paper presents the development of a web based online medicine delivery system. A reliable, fast, safe and user-friendly online based e-commerce web application has been developed in this paper. Medicine delivery system has also been included with this proposed system. This platform is a dynamic web application built in Hypertext Preprocessor (PHP) based Laravel framework with a powerful back end. It is hosted on a dedicated Virtual Private Server (VPS). This system is lightning fast and optimized very well for searching engines. With the help of the developed platform, drugs will be available at one’s doorstep very fast, safely and reliably. In this system, users can choose a medicine section of their choices and go through all the items that the system provides. Users can then select the desired drug items, add them to cart and then proceed to payment. It has payment integration of Cash on Delivery (COD) systems. After developing the system it has been tested and it works fine. It is a one-stop solution where people can find various medicines including COVID-19 related medicines and other items in this online platform. Besides medicine, here you can also find other health care products like food supplements, birth control products, hair care products, skincare products, beauty products, etc. People can order their required medicines or other medical related available items from online and the delivery support will provide the products door to door for the users. Using this system now users can get their needed medicine without leaving home. They can save money and they do not need to go out in this pandemic situation to buy medicine. In this crucial situation, the online medicine delivery system is very helpful and it will act as a blessing for the people.</span> </div>展开更多
This paper presents the design and implementation of a web-based application for an advertising system. There are many places in our country where billboard advertising has not become popular yet. Also, there are many...This paper presents the design and implementation of a web-based application for an advertising system. There are many places in our country where billboard advertising has not become popular yet. Also, there are many companies that don’t prefer to promote their services or products through billboards for not having a proper advertising system. There is also no such platform where vehicles can be used for advertisement purposes. While researching on these issues, there was found no connecting bridge between the vendors and the customers, which is one of the main reasons for not utilizing the billboards properly and kept them empty. To solve the mentioned problem, we came up with an idea to develop a website to allow the vendors to showcase their empty billboards and vehicles which can be used for advertising purposes and it allows the customer to choose any of the available billboards/vehicles for advertising without hassle. The main purpose of this research work is to create a web-based common platform for companies who want to rent advertising space on billboards and on the walls of vehicles, and also for the owners of the billboards and vehicles. The main contribution of this paper is to develop an online web application for companies who want to rent empty space on billboards and the walls of vehicles. In order to maintain the advertising system, the admin of the website has made appropriate rules and regulations which will fulfill the demands of the vendors and customers. Here, the system has discussed all the details, such as the connection between the vendors and customers, the efficiency of the website, transaction method, etc. The proposed web application developed in this paper has been tested and it is found to be user-friendly and very efficient.展开更多
This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data ...This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.展开更多
People get lost every day, which is a very common incidence in our society. In particular, children, the elderly and mentally challenged people go missing all the time. This paper presents the development of web appli...People get lost every day, which is a very common incidence in our society. In particular, children, the elderly and mentally challenged people go missing all the time. This paper presents the development of web applications that can provide information and services to both a lost person’s near and dear ones and also people who find the lost person. Using this developed web application, people who have lost a near and dear one can register via their email address and post all the information about the missing person, including photos, in the lost section. People who find someone can also register via their email addresses and post all the information about the found person, including photos, in the found section. There is a search panel where people can search for a lost or found person using their name, age, height, location, skin color, etc. There is also a contact system which can be used to contact the person who has lost or found someone via phone, email, or by connecting with their social media profile. Nowadays, when people lose someone or find someone, they report it to the police, advertise on television or in newspapers, and post it on all social media sites like Facebook and WhatsApp. But this web application provides a faster and enhanced way to find and connect with lost and found people.展开更多
Optimizing root system architecture(RSA)is essential for plants because of its critical role in acquiring water and nutrients from the soil.However,the subterranean nature of roots complicates the measurement of RSA t...Optimizing root system architecture(RSA)is essential for plants because of its critical role in acquiring water and nutrients from the soil.However,the subterranean nature of roots complicates the measurement of RSA traits.Recently developed rhizobox methods allow for the rapid acquisition of root images.Nevertheless,effective and precise approaches for extracting RSA features from these images remain underdeveloped.Deep learning(DL)technology can enhance image segmentation and facilitate RSA trait extraction.However,comprehensive pipelines that integrate DL technologies into image-based root phenotyping techniques are still scarce,hampering their implementation.To address this challenge,we present a reproducible pipeline(faCRSA)for automated RSA traits analysis,consisting of three modules:(1)the RSA traits extraction module functions to segment soil-root images and calculate RSA traits.A lightweight convolutional neural network(CNN)named RootSeg was proposed for efficient and accurate segmentation;(2)the data storage module,which stores image and text data from other modules;and(3)the web application module,which allows researchers to analyze data online in a user-friendly manner.The correlation coefficients(R^(2))of total root length,root surface area,and root volume calculated from faCRSA and manually measured results were 0.96**,0.97**,and 0.93**,respectively,with root mean square errors(RMSE)of 8.13 cm,1.68 cm^(2),and 0.05 cm^(3),processed at a rate of 9.74 s per image,indicating satisfying accuracy.faCRSA has also demonstrated satisfactory performance in dynamically monitoring root system changes under various stress conditions,such as drought or waterlogging.The detailed code and deployable package of faCRSA are provided for researchers with the potential to replace manual and semi-automated methods.展开更多
Emergency medical services (EMS) are a vital element of the public healthcare system in China,^([1])providing an opportunity to respond to critical medical conditions and save people’s lives.^([2])The accessibility o...Emergency medical services (EMS) are a vital element of the public healthcare system in China,^([1])providing an opportunity to respond to critical medical conditions and save people’s lives.^([2])The accessibility of EMS has received considerable attention in health and transport geography studies.^([3])One of the optimal gauges for evaluating the accessibility of EMS is the response time,which is defined as the time from receiving an emergency call to the arrival of an ambulance.^([4])Beijing has already reduced the response time to approximately12 min,and the next goal is to ensure that the response time across Beijing does not exceed 12 min (the information comes from the Beijing Emergency Medical Center).展开更多
In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case select...In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case selection method for web application regression testing based on the control flow graph.This method is safe enough to the test case selection.On the base of features of request sequence in web application,the minimization technique and the priority of test cases are taken into consideration in the process of execution of test cases in regression testing for web application.The improved greedy algorithm is also raised resulting in optimization of execution of test cases.The experiments indicate that the number of test cases which need to be retested is reduced,and the efficiency of execution of test cases is also improved.展开更多
文摘In today’s rapidly evolving digital landscape,web application security has become paramount as organizations face increasingly sophisticated cyber threats.This work presents a comprehensive methodology for implementing robust security measures in modern web applications and the proof of the Methodology applied to Vue.js,Spring Boot,and MySQL architecture.The proposed approach addresses critical security challenges through a multi-layered framework that encompasses essential security dimensions including multi-factor authentication,fine-grained authorization controls,sophisticated session management,data confidentiality and integrity protection,secure logging mechanisms,comprehensive error handling,high availability strategies,advanced input validation,and security headers implementation.Significant contributions are made to the field of web application security.First,a detailed catalogue of security requirements specifically tailored to protect web applications against contemporary threats,backed by rigorous analysis and industry best practices.Second,the methodology is validated through a carefully designed proof-of-concept implementation in a controlled environment,demonstrating the practical effectiveness of the security measures.The validation process employs cutting-edge static and dynamic analysis tools for comprehensive dependency validation and vulnerability detection,ensuring robust security coverage.The validation results confirm the prevention and avoidance of security vulnerabilities of the methodology.A key innovation of this work is the seamless integration of DevSecOps practices throughout the secure Software Development Life Cycle(SSDLC),creating a security-first mindset from initial design to deployment.By combining proactive secure coding practices with defensive security approaches,a framework is established that not only strengthens application security but also fosters a culture of security awareness within development teams.This hybrid approach ensures that security considerations are woven into every aspect of the development process,rather than being treated as an afterthought.
文摘To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.
文摘Ajax is really several technologies,each flourishing in its own right,coming together in powerful new ways,which consists of HTML,JavaScript^(TM)technology,DHTML,and DOM,is an outstanding approach that helps to transform clunky Web interfaces into interactive Ajax applications.After the definition to Ajax,how to make asynchronous requests with JavaScript and Ajax was introduced.At the end,advanced requests and responses in Ajax were put forward.
基金Supported by the National Natural Science Foun-dation of China (60425206 ,90412003 ,60503033)the National Bas-ic Research Program of China (973 Program 2002CB312000 ) Opening Foundation of State Key Laboratory of Software Engineeringin Wuhan University, High Technology Research Project of JiangsuProvince (BG2005032)
文摘Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to carry out the form testing by different methods in the related testing phases. Namely, at first, automatically abstracting forms in the Web pages by parsing the HTML documents; then, ohtai ning the testing data with a certain strategies, such as by requirement specifications, by mining users' hefore input informarion or by recording meehanism; and next executing the testing actions automatically due to the well formed test cases; finally, a case study is given to illustrate the convenient and effective of these methods.
基金Supported by the National Natural Science Foundation of China (60673115)the National Basic Research Program of China (973 Program) (2002CB312001)the Open Foundation of State Key Laboratory of Soft-ware Engineering (SKLSE05-13)
文摘A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagram as the object model is employed to describe the object structure of a Web application design and can be translated into the behavior model. A key problem of model checking-based test generation for a Web application is how to construct a set of trap properties that intend to cause the violations of model checking against the behavior model and output of counterexamples used to construct the test sequences. We give an algorithm that derives trap properties from the object model with respect to node and edge coverage criteria.
基金the Deanship of Scientific Research(DSR),King Abdulaziz University,Jeddah,under grant No.G-323-611-1441.
文摘The advanced technological need,exacerbated by the flexible time constraints,leads to several more design level unexplored vulnerabilities.Security is an extremely vital component in software development;we must take charge of security and therefore analysis of software security risk assumes utmost significance.In order to handle the cyber-security risk of the web application and protect individuals,information and properties effectively,one must consider what needs to be secured,what are the perceived threats and the protection of assets.Security preparation plans,implements,tracks,updates and consistently develops safety risk management activities.Risk management must be interpreted as the major component for tackling security efficiently.In particular,during application development,security is considered as an add-on but not the main issue.It is important for the researchers to stress on the consideration of protection right from the earlier developmental stages of the software.This approach will help in designing software which can itself combat threats and does not depend on external security programs.Therefore,it is essential to evaluate the impact of security risks during software design.In this paper the researchers have used the hybrid Fuzzy AHPTOPSIS method to evaluate the risks for improving security durability of different Institutional Web Applications.In addition,the e-component of security risk is measured on software durability,and vice versa.The paper’s findings will prove to be valuable for enhancing the security durability of different web applications.
文摘This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.
基金supported by China Scholarship Council,Tianjin Science and Technology Committee(No.12JCZDJC20800)Science and Technology Planning Project of Tianjin(No.13ZCZDGX01098)+2 种基金NSF TRUST(The Team for Research in Ubiquitous Secure Technology)Science and Technology Center(No.CCF-0424422)National High Technology Research and Development Program of Chia(863Program)(No.2013BAH01B05)National Natural Science Foundation of China(No.61402264)
文摘Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query language (SQL) statement construction and cannot be applied to the new generation of web applications that use not only structured query language (NoSQL) databases as the storage tier. In this paper, we present Lom, a black-box approach for discovering many categories of logic flaws within MongoDB- based web applications. Our approach introduces a MongoDB operation model to support new features of MongoDB and models the application logic as a mealy finite state machine. During the testing phase, test inputs which emulate state violation attacks are constructed for identifying logic flaws at each application state. We apply Lom to several MongoDB-based web applications and demonstrate its effectiveness.
文摘Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources.Thus,different approaches to protect web applications have been proposed to date.Of them,the two major approaches are Web Application Firewalls(WAF)and Runtime Application Self Protection(RASP).It is,thus,essential to understand the differences and relative effectiveness of both these approaches for effective decisionmaking regarding the security of web applications.Here we present a comparative study between WAF and RASP simulated settings,with the aim to compare their effectiveness and efficiency against different categories of attacks.For this,we used computation of different metrics and sorted their results using F-Score index.We found that RASP tools scored better than WAF tools.In this study,we also developed a new experimental methodology for the objective evaluation ofweb protection tools since,to the best of our knowledge,nomethod specifically evaluates web protection tools.
文摘As power systems become larger and more complicated, power system simulation analysis requires more flexibility and faster performance. BPA is simulation software that is widely used in China and thus official power system data are in BPA format. However, BPA's flexibility and performance cannot meet the requirement of ultra-large-scale power system. PSSE supports user-def'med models and can handle large scale power system with up to 150,000 buses. From that perspective, PSSE is much suitable for future network analysis. To take advantages of both BPA and PSSE, it is required to build a simulation platform which is able to combine PSS^E with BPA to meet the requirements of large-scale power system simulation in the future. In this paper, PSS^E and BPA have been integrated into the power system simulation platform to perform power system study together. As data format and models are different between BPA and PSSE, the focus is developing a converter that can convert BPA data to PSSE data and creating dynamic models in PSSE based on the dynamic models in BPA. Simulation results show the accuracy of PSSE user-defined models and high availability of PSSE Web application.
文摘Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.
基金grant number 12-INF2970-10 from the National Science,Technology and Innovation Plan(MAARIFAH),the King Abdul-Aziz City for Science and Technology(KACST),Kingdom of Saudi Arabia.We thank the Science and Technology Unit at Umm Al-Qura University for their continued logistics support.
文摘Usability and security are often considered contradictory in nature.One has a negative impact on the other.In order to satisfy the needs of users with the security perspective,the relationship and trade-offs among security and usability must be distinguished.Security practitioners are working on developing new approaches that would help to secure healthcare web applications as well increase usability of the web applications.In the same league,the present research endeavour is premised on the usable-security of healthcare web applications.For a compatible blend of usability and security that would fulfill the users’requirments,this research proposes an integration of the Fuzzy AHP-TOPSIS method for assessing usable-security of healthcare web applications.Since the estimation of security-usability accrately is also a decision making problem,the study employs Multiple Criteria Decision Analysis(MCDA)for selecting the most decisive attributes of usability as well as security.Furthermore,this study also pinpoints the highest priority attributes that can strengthen the usable-security of the healthcare web applications.The effectiveness of the suggested method has been tested on the healthcare web applications of local hospitals in Mecca,Saudi Arabia.The results corroborate that Fuzzy AHP-TOPSIS is indeed a reliable technique that will help the developers to design a healthcare web applications that delivers optimum usable-security.
文摘This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standard, open, robust and cross-platform architecture. It can guarantee system- independence. Presented framework provides a clean separation of presentation from business logic which meets user's taste by changing user interface frequenctly, and enables more functions to be conventiently added in future.
文摘<div style="text-align:justify;"> <span style="font-family:Verdana;">Average Bangladeshis spend a significant amount of income on medicine. A reliable and fast online medicine delivery system is not ubiquitous. Most people buy medicine from the local Pharmacies. They need to go to medicine stores to buy the specific medicine prescribed by the specialized doctors. Sometimes all prescribed medicines are not available in local Pharmacies therefore people need to go to other areas to buy the medicines. It is very time consuming and people need to spend money as well for this. In our country, traffic jams are a very big problem. People waste longer time on the road due to traffic jams. Here most of the pharmacies are closed at night time but sometimes in an emergency situation medicine is very essential. In this case an online web based e-commerce medicine delivery system is needed very much. In addition, currently the whole world is suffering due to COVID-19 pandemic. Coronavirus is very contagious which we all know. In this pandemic time it is not risk free to go out to buy medicine from the pharmacies. Due to COVID-19, medicine scarcity is also an important issue. In this situation, an online medicine delivery system can play an important role. By considering the above mentioned facts, a reliable and fast online solution is proposed. This paper presents the development of a web based online medicine delivery system. A reliable, fast, safe and user-friendly online based e-commerce web application has been developed in this paper. Medicine delivery system has also been included with this proposed system. This platform is a dynamic web application built in Hypertext Preprocessor (PHP) based Laravel framework with a powerful back end. It is hosted on a dedicated Virtual Private Server (VPS). This system is lightning fast and optimized very well for searching engines. With the help of the developed platform, drugs will be available at one’s doorstep very fast, safely and reliably. In this system, users can choose a medicine section of their choices and go through all the items that the system provides. Users can then select the desired drug items, add them to cart and then proceed to payment. It has payment integration of Cash on Delivery (COD) systems. After developing the system it has been tested and it works fine. It is a one-stop solution where people can find various medicines including COVID-19 related medicines and other items in this online platform. Besides medicine, here you can also find other health care products like food supplements, birth control products, hair care products, skincare products, beauty products, etc. People can order their required medicines or other medical related available items from online and the delivery support will provide the products door to door for the users. Using this system now users can get their needed medicine without leaving home. They can save money and they do not need to go out in this pandemic situation to buy medicine. In this crucial situation, the online medicine delivery system is very helpful and it will act as a blessing for the people.</span> </div>
文摘This paper presents the design and implementation of a web-based application for an advertising system. There are many places in our country where billboard advertising has not become popular yet. Also, there are many companies that don’t prefer to promote their services or products through billboards for not having a proper advertising system. There is also no such platform where vehicles can be used for advertisement purposes. While researching on these issues, there was found no connecting bridge between the vendors and the customers, which is one of the main reasons for not utilizing the billboards properly and kept them empty. To solve the mentioned problem, we came up with an idea to develop a website to allow the vendors to showcase their empty billboards and vehicles which can be used for advertising purposes and it allows the customer to choose any of the available billboards/vehicles for advertising without hassle. The main purpose of this research work is to create a web-based common platform for companies who want to rent advertising space on billboards and on the walls of vehicles, and also for the owners of the billboards and vehicles. The main contribution of this paper is to develop an online web application for companies who want to rent empty space on billboards and the walls of vehicles. In order to maintain the advertising system, the admin of the website has made appropriate rules and regulations which will fulfill the demands of the vendors and customers. Here, the system has discussed all the details, such as the connection between the vendors and customers, the efficiency of the website, transaction method, etc. The proposed web application developed in this paper has been tested and it is found to be user-friendly and very efficient.
文摘This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.
文摘People get lost every day, which is a very common incidence in our society. In particular, children, the elderly and mentally challenged people go missing all the time. This paper presents the development of web applications that can provide information and services to both a lost person’s near and dear ones and also people who find the lost person. Using this developed web application, people who have lost a near and dear one can register via their email address and post all the information about the missing person, including photos, in the lost section. People who find someone can also register via their email addresses and post all the information about the found person, including photos, in the found section. There is a search panel where people can search for a lost or found person using their name, age, height, location, skin color, etc. There is also a contact system which can be used to contact the person who has lost or found someone via phone, email, or by connecting with their social media profile. Nowadays, when people lose someone or find someone, they report it to the police, advertise on television or in newspapers, and post it on all social media sites like Facebook and WhatsApp. But this web application provides a faster and enhanced way to find and connect with lost and found people.
基金supported by the projects of the National Key Research and Development Program of China(2024YFD2301305)Jiangsu Innovation Support Program for International Science and Technology Cooperation Project(BZ2023049)+2 种基金the projects of the National Natural Science Foundation of China(32272213)the China Agriculture Research System(CARS-03)Jiangsu Collaborative Innovation Center for Modern Crop Production(JCIC-MCP).
文摘Optimizing root system architecture(RSA)is essential for plants because of its critical role in acquiring water and nutrients from the soil.However,the subterranean nature of roots complicates the measurement of RSA traits.Recently developed rhizobox methods allow for the rapid acquisition of root images.Nevertheless,effective and precise approaches for extracting RSA features from these images remain underdeveloped.Deep learning(DL)technology can enhance image segmentation and facilitate RSA trait extraction.However,comprehensive pipelines that integrate DL technologies into image-based root phenotyping techniques are still scarce,hampering their implementation.To address this challenge,we present a reproducible pipeline(faCRSA)for automated RSA traits analysis,consisting of three modules:(1)the RSA traits extraction module functions to segment soil-root images and calculate RSA traits.A lightweight convolutional neural network(CNN)named RootSeg was proposed for efficient and accurate segmentation;(2)the data storage module,which stores image and text data from other modules;and(3)the web application module,which allows researchers to analyze data online in a user-friendly manner.The correlation coefficients(R^(2))of total root length,root surface area,and root volume calculated from faCRSA and manually measured results were 0.96**,0.97**,and 0.93**,respectively,with root mean square errors(RMSE)of 8.13 cm,1.68 cm^(2),and 0.05 cm^(3),processed at a rate of 9.74 s per image,indicating satisfying accuracy.faCRSA has also demonstrated satisfactory performance in dynamically monitoring root system changes under various stress conditions,such as drought or waterlogging.The detailed code and deployable package of faCRSA are provided for researchers with the potential to replace manual and semi-automated methods.
基金supported by National Key Research & Development Program of China (2022YFC3006201)。
文摘Emergency medical services (EMS) are a vital element of the public healthcare system in China,^([1])providing an opportunity to respond to critical medical conditions and save people’s lives.^([2])The accessibility of EMS has received considerable attention in health and transport geography studies.^([3])One of the optimal gauges for evaluating the accessibility of EMS is the response time,which is defined as the time from receiving an emergency call to the arrival of an ambulance.^([4])Beijing has already reduced the response time to approximately12 min,and the next goal is to ensure that the response time across Beijing does not exceed 12 min (the information comes from the Beijing Emergency Medical Center).
基金The National Natural Science Foundation of China(No.60503020,60503033,60703086)Opening Foundation of Jiangsu Key Laboratory of Computer Information Processing Technology in Soochow University(No.KJS0714)
文摘In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case selection method for web application regression testing based on the control flow graph.This method is safe enough to the test case selection.On the base of features of request sequence in web application,the minimization technique and the priority of test cases are taken into consideration in the process of execution of test cases in regression testing for web application.The improved greedy algorithm is also raised resulting in optimization of execution of test cases.The experiments indicate that the number of test cases which need to be retested is reduced,and the efficiency of execution of test cases is also improved.
