scholarly journals Principles of securing RESTful API web services developed with python frameworks

2021 ◽  
Vol 2094 (3) ◽  
pp. 032016
Author(s):  
D V Kornienko ◽  
S V Mishina ◽  
S V Shcherbatykh ◽  
M O Melnikov
Keyword(s):  
Web Services ◽  
Web Service ◽  
Web Application ◽  
Web Applications ◽  
Architectural Styles ◽  
Application Architecture ◽  
Key Points ◽  
Restful Web Service ◽  
Rest Api ◽  
Python Programming

Abstract This article discusses the key points of developing a secure RESTful web service API for keeping a student achievement journal. The relevance of using web services has been analyzed. The classification of web applications is given. The features of the Single Page Application architecture were considered. Comparative characteristics of architectural styles of application programming interfaces are given. Requirements to be met by RESTful API services are considered. The basic principles of API security were analyzed. A list of the main vulnerabilities that may appear during the development of the REST API is given. An overview of popular authentication schemes (methods) is given. Comparative characteristics of web frameworks of the Python programming language are given. The main tools used in the development of web API applications are listed. The process of creating a secure prototype of a RESTful web service API in Python using the Flask microframework and a tool for describing the Swagger specifications is presented. The process of configuring the application was examined in detail. The main recommendations for securing a web application, database and web server settings are listed. The key points of ensuring the protection of the developed web application are considered. The results obtained were analyzed.

scholarly journals The Single Page Application architecture when developing secure Web services

2021 ◽  
Vol 2091 (1) ◽  
pp. 012065
Author(s):  
D V Kornienko ◽  
S V Mishina ◽  
M O Melnikov
Keyword(s):  
Web Services ◽  
Web Service ◽  
Web Application ◽  
Web Applications ◽  
Application Programming Interface ◽  
Comparative Characteristic ◽  
Architectural Styles ◽  
Development Framework ◽  
Application Architecture ◽  
Key Points

Abstract The article is devoted to the development of a prototype of a secure single page-application (SPA) web service for automating user information accounting. The relevance of this study is very high due to the use of web services. The article provides a classification of web applications and shows the features of the architecture of a single page application used in the development of the service. Based on a comparative analysis of the architectural styles of the API, the most appropriate style was selected. Considered and taken into account the key points of the development of a secure application programming interface (API), the requirements that must be met by RESTful API services. The work used popular authentication schemes (methods). A comparative characteristic of web frameworks of the Python programming language is given, on the basis of which a tool for implementing a web service is selected. Shows the main advantages of using Python when developing paged web services and the security tools included in the standard package of the Flask web services development framework. Shows how to securely prototype a Python RESTful SPA Web Service API using Flask. An example of using the Swagger tool to describe the specifications of the developed API is given. The process of setting up the application is considered in detail. The main recommendations for securing a web application, setting up a database and a web server are listed. The key points of ensuring the protection of the developed web application are considered. Conclusions are made regarding the choice of the architectural style of the application API, the most suitable tools and technologies for the software implementation of the service.

Research on Restful Web Services in Java

2011 ◽  
Vol 135-136 ◽  
pp. 806-808 ◽  
Author(s):  
Hong Jun Li
Keyword(s):  
Web Services ◽  
Web Service ◽  
Web Sites ◽  
Web Applications ◽  
Web Development ◽  
Representational State Transfer ◽  
State Transfer ◽  
Restful Web Service ◽  
Restful Web Services ◽  
The Web

In order to make the Web services, web sites in Java more powerful and flexible, building unified web applications is vital important. By introducing a new style─Representational State Transfer (REST), this paper studied the Java RESTful frameworks and the ways to develop Restful Web Service in Java. The RESTful frameworks in Java can effectively simplify the web development in many ways.

SWAP - A Framework for Ontology Support in Semantic Web Applications

2011 ◽  
pp. 309-319
Author(s):  
Arijit Sengupta ◽  
Henry Kim
Keyword(s):  
Quality Management ◽  
Web Services ◽  
Semantic Web ◽  
Web Service ◽  
Web Application ◽  
Data Exchange ◽  
Web Applications ◽  
High Data ◽  
Testbed Implementation ◽  
Xml Web

We present SWAP (Semantic Web application pyramid), a framework for incorporating ontologies in data-oriented semantic Web applications. We have implemented this framework with a measurement ontology for a quality management Web service. This quality management Web service is built on top of a set of XML Web services implementing agents representing quality management clients, quality management servers, and vendors. SWAP facilitates data exchange between these Web services with vendor data stored in databases, and the processing of the data using a combination of RuleML and SQL. The testbed implementation demonstrates the feasibility and scalability of the framework for any type of three-tier ontology-based semantic Web applications involving low to moderate data exchange. We discuss methods for improving this framework for high data exchange volumes as well. The primary contribution of this framework is in the component-based implementation of real-world semantic Web applications.

scholarly journals Secure ASP.NET Web Application by Discovering Broken Authentication and Session Management Vulnerabilities

2017 ◽  
Vol 10 (2) ◽  
pp. 359-363
Author(s):  
Rupal Sharma ◽  
Ravi Sheth
Keyword(s):  
Web Service ◽  
Web Application ◽  
Web Applications ◽  
The Other ◽  
Web Application Security ◽  
Application Security ◽  
Security Vulnerability ◽  
Session Management ◽  
The Given ◽  
The Web

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The owner of web applications can’t see security vulnerability in web application which develops in ASP.NET. This paper explain one algorithm which aim to identify broken authentication and session management vulnerability. The given method of this paper scan the web application files. The created scanner generator relies on studying the source character of the application limited ASP.NET files and the code be beholden files. A program develop for this motive is to bring about a report which describes vulnerabilities types by mentioning the indict name, disclose description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The indicated algorithm will uphold organization and developer to repair the vulnerabilities and recover from one end to the other security.

AUTOMATED VULNERABILITY SEARCH IN A WEB APPLICATION BASED ON REINFORCEMENT LEARNING

2021 ◽  
Vol 53 (1) ◽  
pp. 91-97
Author(s):  
OLGA N. VYBORNOVA ◽  
◽  
ALEKSANDER N. RYZHIKOV ◽  
Keyword(s):  
Reinforcement Learning ◽  
Web Application ◽  
Web Applications ◽  
Subject Area ◽  
Learning Technology ◽  
Web Application Security ◽  
Vulnerability Scanner ◽  
Learning Agent ◽  
Markov Decision ◽  
Python Programming

We analyzed the urgency of the task of creating a more efficient (compared to analogues) means of automated vulnerability search based on modern technologies. We have shown the similarity of the vulnerabilities identifying process with the Markov decision-making process and justified the feasibility of using reinforcement learning technology for solving this problem. Since the analysis of the web application security is currently the highest priority and in demand, within the framework of this work, the application of the mathematical apparatus of reinforcement learning with to this subject area is considered. The mathematical model is presented, the specifics of the training and testing processes for the problem of automated vulnerability search in web applications are described. Based on an analysis of the OWASP Testing Guide, an action space and a set of environment states are identified. The characteristics of the software implementation of the proposed model are described: Q-learning is implemented in the Python programming language; a neural network was created to implement the learning policy using the tensorflow library. We demonstrated the results of the Reinforcement Learning agent on a real web application, as well as their comparison with the report of the Acunetix Vulnerability Scanner. The findings indicate that the proposed solution is promising.

Restful Web Service and Web-Based Data Visualization for Environmental Monitoring

2015 ◽  
Vol 3 (1) ◽  
pp. 75-94 ◽  
Author(s):  
Sungchul Lee ◽  
Ju-Yeon Jo ◽  
Yoohwan Kim
Keyword(s):  
Web Service ◽  
Data Visualization ◽  
Water Environment ◽  
Environmental Data ◽  
Renewable Energy Resources ◽  
Service Architecture ◽  
Web Based ◽  
Research Fields ◽  
Restful Web Service ◽  
Rest Api

The Nevada Solar Energy-Water-Environment Nexus project collects a large amount of environmental data from a variety of sensors such as soil, atmosphere, biology, and ecology. Mostly, the environmental data is related to a development of renewable energy resources in the Nexus project. The environmental data can have an impact on other research fields if it can easily be shared with other researchers, students, teachers, and general users. Therefore, Nevada Climate Change Portal (NCCP) site was created for Nexus project with a purpose of sharing such data. However, there are some challenges to address in utilizing such data, collecting the data, and sharing the data among the users. In this research, the authors propose Extended Web Service Architecture for solving these challenges. The authors implement Arduino instead of CR1000 as a collector due to its cost effectiveness. The authors also use REST API to overcome the limitations of Arduino. Moreover, the authors experiment with popular Web-based data visualization tools such as Google Chart, Flex, OFC, and D3 to visualize NCCP data.

scholarly journals SOADIWA: A Service-oriented Architecture for Data Interoperability in Web Applications

2019 ◽  
pp. 1-15
Author(s):  
Yusuf Lateef Oladimejia
Keyword(s):  
Quality Of Service ◽  
Web Service ◽  
Web Application ◽  
Web Applications ◽  
Service Oriented Architecture ◽  
Essential Elements ◽  
Data Interoperability ◽  
Service Oriented ◽  
Quality Of Service Assurance

The realisation of Service-Oriented Architecture (SOA) to communicate data between systems running on different platforms lack an organised framework to capture the essential elements required for successful interoperability between web applications and their services. In this work, a SOA for Data Interoperability in Web Applications (SOADIWA) was designed. The architecture of SOADIWA was based on five layers, namely Web Application Layer (WAL), Quality of Service Assurance Certifier Layer (QoSACL), Web Service Layer (WSL), Visualization Input Layer (VIL) and Visualization Output Layer (VOL). In WAL, the Service Requester (SR) initiates a request for data from the Service Provider (SP) through the QoSACL to provide appropriate website via WSL for rendering of services which must be accepted, processed and returned for a particular need in VIL. The requested data is filtered in VIL for data exploration and analysis in VOL using context-sensitive visualization techniques. The purpose of QoSACL is to check and verify the claims made by the SP about its quality of service. This enabled the SR to choose the service that satisfied its needs. The implementation comprised of Java Script, Microsoft Visual Studio 2017 and NuGet packages; while the experiment was simulated on LoadUI pro application. Standard metrics such as Optimal Performance (OP) and Phased Effort Distribution (PED) were developed to test SOADIWA. These results conformed to basic web service interoperability. The work led to the integration of a host of techniques towards the creation of a novel tool that is useful in web domain using SOA approach.

scholarly journals Experimental Analysis for Semantic based Large Scale Service Composition using Deep Learning

2019 ◽  
Vol 8 (10) ◽  
pp. 4280-4283
Keyword(s):  
Deep Learning ◽  
Web Services ◽  
Web Service ◽  
Service Composition ◽  
Web Application ◽  
Large Scale ◽  
Learning Algorithm ◽  
Computational Cost ◽  
Web Service Composition ◽  
User Requirement

In Service Oriented Architecture (SOA) web services plays important role. Web services are web application components that can be published, found, and used on the Web. Also machine-to-machine communication over a network can be achieved through web services. Cloud computing and distributed computing brings lot of web services into WWW. Web service composition is the process of combing two or more web services to together to satisfy the user requirements. Tremendous increase in the number of services and the complexity in user requirement specification make web service composition as challenging task. The automated service composition is a technique in which Web Service Composition can be done automatically with minimal or no human intervention. In this paper we propose a approach of web service composition methods for large scale environment by considering the QoS Parameters. We have used stacked autoencoders to learn features of web services. Recurrent Neural Network (RNN) leverages uses the learned features to predict the new composition. Experiment results show the efficiency and scalability. Use of deep learning algorithm in web service composition, leads to high success rate and less computational cost.

scholarly journals INVESTIGATION OF THE WEB SERVICE ACCESS MODEL ASP.NET USING A PROXY ASSEMBLY ON THE EXAMPLE OF DEVELOPING A VIDEO RENTAL SERVICE

2021 ◽  
pp. 23-28
Author(s):  
Н.Д. Маслов ◽  
Е.В. Попова
Keyword(s):  
Web Service ◽  
Web Application ◽  
High Performance ◽  
Web Applications ◽  
Data Transfer ◽  
Service Access ◽  
Mvc Pattern ◽  
Data Transfer Protocol ◽  
Video Rental ◽  
Transfer Protocol

В статье рассматривается исследование модели соединения Web-приложения и Web-службы напрямую и через прокси. Рассматривается кроссплатформенная высокопроизводительная среда ASP.NET. При разработке используется паттерн MVC. Формирование запросов реализуется с помощью архитектурного стиля REST и протокола передачи гипертекста HTTP. Строится модель взаимодействия Web-приложения и Web-службы. Целью данной работы является исследование данной модели взаимодействия напрямую и через прокси. Были разработаны Web-приложение, являющееся сервисом по аренде видеофильмов и Web-служба, функциональное назначение которой – работа с базой данных Web-сервера. Для реализации прокси сборки было создан отдельный проект. В настройках проекта были прописаны протокол передачи данных, хост API, порт и роутинги перенаправления запросов. Исследование модели проводилось с помощью программного обеспечения Postman и инструментов браузера. Результаты исследования показывают плюсы и минусы использования прокси при взаимодействии Web-приложения и Web-службы. Данная статья поможет заказчикам, разработчикам Web-приложений выбрать модель соединения Web-приложения и Web-службы, соответствующую решаемым задачам. The article considers the study of the connection model of a Web application and a Web service directly and through a proxy. A cross-platform high-performance environment is considered ASP.Net. The MVC pattern is used during development. Request generation is implemented using the REST architectural style and the HTTP hypertext transfer protocol. A model of interaction between a Web application and a Web service is being built. The purpose of this work is to study this model of interaction directly and through a proxy. A Web application was developed, which is a video rental service and a Web service, the functional purpose of which is to work with a Web server database. A separate project was created to implement the build proxy. In the project settings, the data transfer protocol, API host, port and request forwarding routings were registered. A previously developed service was used as an API. The model was studied using Postman software and browser tools. The results of the study show the pros and cons of using a proxy when interacting with a Web application and a Web service. This article will help customers, developers of Web applications to choose a model for connecting a Web application and a Web service that corresponds to the tasks being solved.

scholarly journals WEB-SERVICE. RESTFUL ARCHITECTURE

2018 ◽  
Vol 10 (1) ◽  
Author(s):  
M. Melnichuk ◽  
Yu. Kornienko ◽  
O. Boytsova
Keyword(s):  
Web Services ◽  
Web Service ◽  
Data Transfer ◽  
Standard Approach ◽  
Network Technology ◽  
Access To Resources ◽  
Pros And Cons ◽  
Request Processing ◽  
Http Protocol ◽  
Rest Api

Network technology for interaction between two applications via the HTTP protocol was considered in article.When client works with REST API - it means it works with "resources", and in SOAP work is performed with operations. To build REST web services, you must follow certain principles: explicit use of HTTP methods, access to resources by URI, stateless, HATEAOS, caching, transfer of objects in JSON or XML representation. But sometimes some principles are ignored to ensure a higher speed of work and to reduce development time.The pros and cons of using JSON and XML representations were considered, and it can be said that using the JSON format reduces the amount of data transfer, and with the use of XML, the readability of data increases.Also, two main ways of data transfer in REST web services were considered: converting the file to Base64 and transferring it as an object field or transferring the file using the usual HTTP multipart. The Base64 standard approach gives a higher speed for multiple files in a single request, because only one HTTP connection is created, but these files are stored in RAM during request processing, which increases chance of the application crashing.In the conclusion, the advantages of using web services and their wide use in other architectural approaches were considered, which increases the popularity of web services.

Sign in / Sign up

Export Citation Format

Share Document