WEB MISUSE DETECTION THROUGH TEXT CATEGORISATION OF APPLICATION SERVER LOGS

Security in web-based systems that handle confidential information can be considered a particularly sensitive subject that requires assuming some responsibilities about security. Achieving a secure web application involves tackling several issues such encryption of traffic and certain database information, strictly restricted access control, etc. In this work we focus on detecting misuse of the web application in order to gain unauthorised access. We introduce an Intrusion Detection component that by applying Text Categorisation is capable of learning the characteristics of both normal and malicious user behaviour from the regular, high-level log entries generated by web application through its application server. Therefore, the detection of misuse in the web application is achieved without the need of explicit programming or modification of the existing web application. We applied our Intrusion Detection component to a real web-based telemedicine system in order to offer some evaluation measurements. This articles offers an overview of the model, our experiences, and observations.

Download Full-text

Software Architectures and Requirements for a Web-Based Survey System

Modelling and Analysis of Enterprise Information Systems ◽

10.4018/978-1-59904-477-4.ch004 ◽

2011 ◽

pp. 87-109

Author(s):

Dirk Baldwin ◽

Suresh Chalasani

Keyword(s):

Web Application ◽

Application Server ◽

Web Based ◽

Server Side ◽

Business Partners ◽

University Of Wisconsin ◽

Survey System ◽

Survey Responses ◽

The University ◽

The Web

Many businesses obtain feedback by surveying customers and business partners. Increasingly, these surveys are conducted via the Web. This chapter reviews briefly literature regarding Web-based surveys and describes a software architecture for a Web-based survey system. The architecture for the survey system is based on three-tiers comprised of a Web server, Web application server, and database server. The Web application server hosts the application modules that display and process the surveys. The application software consists of packages for establishing connections to the database and for reading static and dynamic data from the database. The processed surveys are written to the database with the survey responses. This system allows for anonymous survey responses and maintains user confidentiality. At the University of Wisconsin-Parkside, we have implemented this Web-based survey system, and used it to conduct three different surveys. This survey system is easily extensible to new surveys, and is used for instructional purposes to teach server-side programming. In this chapter, we discuss the key ideas behind the design and implementation of the extensible survey system, and provide results on its application.

Download Full-text

An Improved Method for Multi-Lingual News Feed Application

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.a2973.109119 ◽

2019 ◽

Vol 9 (1) ◽

pp. 6758-6760

Keyword(s):

User Interface ◽

Web Application ◽

New Technologies ◽

National Language ◽

The Internet ◽

Improved Method ◽

Daily News ◽

Web Based ◽

Local Newspaper ◽

The Web

In the present era, the internet and new technologies are changing the information behavior of news reader .Instead of reading a copy of the local newspaper or watching the scheduledevening news, people increasingly turn to the internet for daily news updates. A Multi-Lingual news feed application is aimed at developing a web based application named multilingual news feed app. This Application deals with the user who wants to read news from the web application. User can select different countries in which a user is interested, the latest news will be fetched from the selected country. The news will be fetched and displayed based on the country selected in its own national language & the news is categorized into 7 different categories. A user can select any category which they are looking for. When you are done selecting the country & category, then the page will automatically refresh and the news will be displayed on MultiLingual news feed application. This application also supports translation and the news can be translated into any language. This application is fully responsive and has a good-looking user interface. The users will find this application much interesting for reading the news articles.

Download Full-text

SQL Injection Attacks Countermeasures

Threats, Countermeasures, and Advances in Applied Information Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-0978-5.ch010 ◽

2012 ◽

pp. 194-213

Author(s):

Kasra Amirtahmasebi ◽

Seyed Reza Jalalinia

Keyword(s):

Web Application ◽

Web Applications ◽

Confidential Information ◽

Sql Injection ◽

Unauthorized Access ◽

Injection Attacks ◽

Prevention Techniques ◽

Sql Injection Attack ◽

Sql Injection Attacks ◽

The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Download Full-text

Use of Web-Based Portfolios as Tools for Reflection in Preservice Teacher Education

Journal of Teacher Education ◽

10.1177/0022487111416123 ◽

2011 ◽

Vol 62 (5) ◽

pp. 477-492 ◽

Cited By ~ 39

Author(s):

Diler Oner ◽

Emine Adadan

Keyword(s):

Preservice Teachers ◽

Reflective Thinking ◽

Preservice Teacher Education ◽

Mixed Methods Study ◽

Easy Access ◽

Web Based ◽

High Level ◽

Reflective Skills ◽

The Web

This mixed-methods study examined the use of web-based portfolios for developing preservice teachers’ reflective skills. Building on the work of previous research, the authors proposed a set of reflection-based tasks to enrich preservice teachers’ internship experiences. Their purpose was to identify (a) whether preservice teachers demonstrated evidence of reflective thinking throughout a semester and, if so, the types of reflective thinking indicators; (b) whether there was an increase in the number of high-level reflective indicators over time; and (c) the role of the web-based portfolio construction, as perceived by the participants, in developing reflective skills. The findings suggested that preservice teachers demonstrated high- and low-level reflective skills throughout a semester. There was a statistically significant improvement in the number of high-level reflective indicators in the second reflection task compared with the first. In addition, the web-based platform was perceived by participants as a medium that enabled easy access and the development of better portfolio artifacts.

Download Full-text

Cross Site Scripting Attacks in Web-Based Applications

Journal of Advances in Science and Engineering ◽

10.37121/jase.v1i2.19 ◽

2018 ◽

Vol 1 (2) ◽

pp. 25-35

Author(s):

Aliga Paul Aliga ◽

Adetokunbo MacGregor John-Otumu ◽

Rebecca E Imhanhahimi ◽

Atuegbelo Confidence Akpe

Keyword(s):

Web Application ◽

Web Applications ◽

Learning Ability ◽

Security Risk ◽

Web Application Security ◽

Web Based ◽

Architectural Framework ◽

Self Learning ◽

Cross Site ◽

The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

Download Full-text

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2014010102 ◽

2014 ◽

Vol 5 (1) ◽

pp. 19-38

Author(s):

Romaric Ludinard ◽

Éric Totel ◽

Frédéric Tronel ◽

Vincent Nicomette ◽

Mohamed Kaâniche ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Web Application ◽

Web Applications ◽

Detection System ◽

Source Code ◽

Web Attacks ◽

Application Profile ◽

The Web ◽

Ruby On Rails

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

Download Full-text

Prosedur efektif pengembangan aplikasi basis data

JSAI (Journal Scientific and Applied Informatics) ◽

10.36085/jsai.v2i1.104 ◽

2019 ◽

Vol 2 (1) ◽

Author(s):

Zulkarnaen Hatala

Keyword(s):

Web Application ◽

Specific Requirement ◽

Application System ◽

Web Based ◽

Database Application ◽

Server Side ◽

The Right ◽

Client Side ◽

The Web

Abstract—Efficient and quick procedure to build a web application is presented. The steps are intended to build a database application system with hundreds of tables. The procedure can minimize tasks needed to write code and doing manual programming line by line. The intention also to build rapidly web-based database application. In this method security concerning authentification and authorization already built in ensuring the right and eligible access of the user to the system. The end result is ready to use the web-based 3-tier application. Moreover, the application is still flexible to be customized and to be enhanced to suit more specific requirement in part of each module of the software both the server-side and client-side programming codes. Abstrak—Pada penelitian kali ini diusulkan prosedur cepat dan efisien pengembangan aplikasi basis data menggunakan generator aplikasi. Bertujuan untuk meminimalisir penulisan bahasa pemograman. Keuntungan dari prosedur ini adalah bisa digunakan untuk mengembangkan aplikasi basis data secara cepat terutama dengan sistem basis data yang terdiri dari banyak tabel. Hak akses dan prosedur keamanan standar telah disediakan sehingga setiap user terjamin haknya terhadap entitas tertentu di basis data. Hasil generasi adalah aplikasi basis data berbasis web yang siap pakai. Sistem aplikasi yang terbentuk masih sangat lentur untuk untuk dilakukan penyesuaian setiap komponen aplikasi baik di sisi server maupun di sisi client.

Download Full-text

Building a New Semantic Social Network Using Semantic Web-Based Techniques

10.54216/fpa.030201 ◽

2021 ◽

pp. 54-65

Author(s):

admin admin ◽

◽

Khlid M. .. ◽

...

Keyword(s):

Semantic Web ◽

Social Networking ◽

Web Application ◽

Web Search ◽

Public Information ◽

Social Networking Site ◽

Semantic Search ◽

Web Based ◽

Social Community ◽

The Web

Most people are more or less related to the web by participating in a kind of social networking site. Semantic Web technology plays a crucial role in these sites as they contain an enormous amount of data about ‎persons, pages, events, places, corporations, etc. This research is a Semantic Web application designed to create a new ‎semantic social community called Socialpedia. It links the already existing social public information to the newly ‎public ones. This information is linked with different information on the web to construct a new immense ‎data container. The resulting data container can be processed using a variety of Semantic Web techniques to produce ‎machine-understandable content. This content shows the promise of using integrated data to improve Web search and ‎Web-scale data analysis, unlike conventional search engines or social ones. This community involves obtaining data ‎from traditional users known as contributors or participants, linking data from existing social networks, extracting ‎structured data in triples using predefined ontologies, and finally querying and inferring such data to obtain ‎meaningful pieces of information. Socailpedia supports all popular functionalities of social networking websites ‎besides the enhanced features of the Semantic Web, providing advanced semantic search that acts as a semantic ‎search engine.

Download Full-text

Web Server Hacking

Constructing an Ethical Hacking Knowledge Base for Threat Awareness and Prevention ◽

10.4018/978-1-5225-7628-0.ch008 ◽

2019 ◽

pp. 209-243

Keyword(s):

Web Application ◽

Web Applications ◽

Web Server ◽

Dos Attacks ◽

Web Servers ◽

Server Software ◽

Session Hijacking ◽

High Level ◽

Cross Site ◽

The Web

Organizational web servers reflect the public image of an organization and serve web pages/information to organizational clients via web browsers using HTTP protocol. Some of the web server software may contain web applications that enable users to perform high-level tasks, such as querying a database and delivering the output through the web server to the client browser as an HTML file. Hackers always try to exploit the different vulnerabilities or flaws existing in web servers and web applications, which can pose a big threat for an organization. This chapter provides the importance of protecting web servers and applications along with the different tools used for analyzing the security of web servers and web applications. The chapter also introduces different web attacks that are carried out by an attacker either to gain illegal access to the web server data or reduce the availability of web services. The web server attacks includes denial of service (DOS) attacks, buffer overflow exploits, website defacement with sql injection (SQLi) attacks, cross site scripting (XSS) attacks, remote file inclusion (RFI) attacks, directory traversal attacks, phishing attacks, brute force attacks, source code disclosure attacks, session hijacking, parameter form tampering, man-in-the-middle (MITM) attacks, HTTP response splitting attacks, cross-site request forgery (XSRF), lightweight directory access protocol (LDAP) attacks, and hidden field manipulation attacks. The chapter explains different web server and web application testing tools and vulnerability scanners including Nikto, BurpSuite, Paros, IBM AppScan, Fortify, Accunetix, and ZAP. Finally, the chapter also discusses countermeasures to be implemented while designing any web application for any organization in order to reduce the risk.

Download Full-text

Visual Environment for DOM-Based Wrapping and Client-Side Linkage of Web Applications

Intellectual Property Protection for Multimedia Information Technology ◽

10.4018/978-1-59904-762-1.ch010 ◽

2011 ◽

pp. 219-240

Author(s):

Kimihito Ito ◽

Yuzuru Tanaka

Keyword(s):

Web Application ◽

Web Applications ◽

End Users ◽

Web Pages ◽

Web Based ◽

Visual Component ◽

Basic Infrastructure ◽

Legacy Applications ◽

Client Side ◽

The Web

Web applications, which are computer programs ported to the Web, allow end-users to use various remote services and tools through their Web browsers. There are an enormous number of Web applications on the Web, and they are becoming the basic infrastructure of everyday life. In spite of the remarkable development of Web-based infrastructure, it is still difficult for end-users to compose new integrated tools of both existing Web applications and legacy local applications, such as spreadsheets, chart tools, and database. In this chapter, the authors propose a new framework where end-users can wrap remote Web applications into visual components, called pads, and functionally combine them together through drag-and-drop operations. The authors use, as the basis, a meme media architecture IntelligentPad that was proposed by the second author. In the IntelligentPad architecture, each visual component, called a pad, has slots as data I/O ports. By pasting a pad onto another pad, users can integrate their functionalities. The framework presented in this chapter allows users to visually create a wrapper pad for any Web application by defining HTML nodes within the Web application to work as slots. Examples of such a node include input-forms and text strings on Web pages. Users can directly manipulate both wrapped Web applications and wrapped local legacy tools on their desktop screen to define application linkages among them. Since no programming expertise is required to wrap Web applications or to functionally combine them together, end-users can build new integrated tools of both wrapped Web applications and local legacy applications.

Download Full-text