Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem

2021 ◽  
Author(s):  
Yiming Zhang ◽  
Baojun Liu ◽  
Chaoyi Lu ◽  
Zhou Li ◽  
Haixin Duan ◽  
...  
Keyword(s):  
Side View ◽  
Client Side ◽  
The Web

scholarly journals Web Application Vulnerability Detection Using Hybrid String Matching Algorithm

2018 ◽  
Vol 7 (3.6) ◽  
pp. 106
Author(s):  
B J. Santhosh Kumar ◽  
Kankanala Pujitha
Keyword(s):  
Web Application ◽  
False Negative ◽  
String Matching ◽  
False Negative Rate ◽  
Web Server ◽  
Web Pages ◽  
Matching Algorithm ◽  
White List ◽  
Client Side ◽  
The Web

Application uses URL as contribution for Web Application Vulnerabilities recognition. if the length of URL is too long then it will consume more time to scan the URL (Ain Zubaidah et.al 2014).Existing system can notice the web pages but not overall web application. This application will test for URL of any length using String matching algorithm. To avoid XSS and CSRF and detect attacks that try to sidestep program upheld arrangements by white list and DOM sandboxing techniques (Elias Athanasopoulos et.al.2012). The web application incorporates a rundown of cryptographic hashes of legitimate (trusted) client side contents. In the event that there is a cryptographic hash for the content in the white list. On the off chance that the hash is discovered the content is viewed as trusted or not trusted. This application makes utilization of SHA-1 for making a message process. The web server stores reliable scripts inside div or span HTML components that are attribute as reliable. DOM sandboxing helps in identifying the script or code. Partitioning Program Symbols into Code and Non-code. This helps to identify any hidden code in trusted tag, which bypass web server. Scanning the website for detecting the injection locations and injecting the mischievous XSS assault vectors in such infusion focuses and check for these assaults in the helpless web application( Shashank Gupta et.al 2015).The proposed application improve the false negative rate.  

Design and Implementation of Web Instant Communication System Based on Web 2.0

2013 ◽  
Vol 850-851 ◽  
pp. 533-536
Author(s):  
Wei Chun Gao ◽  
Wu Xue Jiang ◽  
Wei Hai Gao ◽  
Jun Fan Liu ◽  
Jin Chuan Chen
Keyword(s):  
Communication System ◽  
Conversion Rate ◽  
The Self ◽  
Chat Room ◽  
Web Page ◽  
Network Resource ◽  
Design And Implementation ◽  
Instant Communication ◽  
Client Side ◽  
The Web

The self-organizing thought of the network resource based on Web2.0 can innovatively combine the web page and instant communication, realize the function for the normal user to add, find and enter into the chat room for any web page at the client side, and the users browsing the same URL and website can enter into the same chat room to communication, thus providing the communication place for all users visiting the same web page and achieving the aim to improve the visitor activity, user viscosity and visitor conversion rate of the site.

scholarly journals Serverless OpenHealth at data commons scale—traversing the 20 million patient records of New York’s SPARCS dataset in real-time

PeerJ ◽  
2019 ◽  
Vol 7 ◽  
pp. e6230 ◽  
Author(s):  
Jonas S. Almeida ◽  
Janos Hajagos ◽  
Joel Saltz ◽  
Mary Saltz
Keyword(s):  
Real Time ◽  
Web Application ◽  
Open Data ◽  
Patient Records ◽  
Public Health Agencies ◽  
P4 Medicine ◽  
Population Science ◽  
Data Layer ◽  
Client Side ◽  
The Web

In a previous report, we explored the serverless OpenHealth approach to the Web as a Global Compute space. That approach relies on the modern browser full stack, and, in particular, its configuration for application assembly by code injection. The opportunity, and need, to expand this approach has since increased markedly, reflecting a wider adoption of Open Data policies by Public Health Agencies. Here, we describe how the serverless scaling challenge can be achieved by the isomorphic mapping between the remote data layer API and a local (client-side, in-browser) operator. This solution is validated with an accompanying interactive web application (bit.ly/loadsparcs) capable of real-time traversal of New York’s 20 million patient records of the Statewide Planning and Research Cooperative System (SPARCS), and is compared with alternative approaches. The results obtained strengthen the argument that the FAIR reproducibility needed for Population Science applications in the age of P4 Medicine is particularly well served by the Web platform.

scholarly journals Prosedur efektif pengembangan aplikasi basis data

2019 ◽  
Vol 2 (1) ◽  
Author(s):  
Zulkarnaen Hatala
Keyword(s):  
Web Application ◽  
Specific Requirement ◽  
Application System ◽  
Web Based ◽  
Database Application ◽  
Server Side ◽  
The Right ◽  
Client Side ◽  
The Web

Abstract—Efficient and quick procedure to build a web application is presented. The steps are intended to build a database application system with hundreds of tables. The procedure can minimize tasks needed to write code and doing manual programming line by line. The intention also to build rapidly web-based database application. In this method security concerning authentification and authorization already built in ensuring the right and eligible access of the user to the system. The end result is ready to use the web-based 3-tier application. Moreover, the application is still flexible to be customized and to be enhanced to suit more specific requirement in part of each module of the software both the server-side and client-side programming codes. Abstrak—Pada penelitian kali ini diusulkan prosedur cepat dan efisien pengembangan aplikasi basis data menggunakan generator aplikasi. Bertujuan untuk meminimalisir penulisan bahasa pemograman. Keuntungan dari prosedur ini adalah bisa digunakan untuk mengembangkan aplikasi basis data secara cepat terutama dengan sistem basis data yang terdiri dari banyak tabel. Hak akses dan prosedur keamanan standar telah disediakan sehingga setiap user terjamin haknya terhadap entitas tertentu di basis data. Hasil generasi adalah aplikasi basis data berbasis web yang siap pakai. Sistem aplikasi yang terbentuk masih sangat lentur untuk untuk dilakukan penyesuaian setiap komponen aplikasi baik di sisi server maupun di sisi client.

scholarly journals Managing a Secure Refresh Token Implementation with JSON Web Token in REST API

2021 ◽  
pp. 01-20
Author(s):  
Ehab .. ◽  
◽  
◽  
◽  
Walid .. ◽  
...  
Keyword(s):  
Security Measures ◽  
Size Limit ◽  
Server Side ◽  
Front End ◽  
Side Component ◽  
Authentication And Authorization ◽  
Security Properties ◽  
Rest Api ◽  
Client Side ◽  
The Web

JSON Web Token (JWT) is a compact and self-contained mechanism, digitally authenticated and trusted, for transmitting data between various parties. They are mainly used for implementing stateless authentication mechanisms. The Open Authorization (OAuth 2.0) implementations are using JWTs for their access tokens. OAuth 2.0 and JWT are used token frameworks or standards for authorizing access to REST APIs because of their statelessness and signature implementation and JWT tokens are based on JSON and used in new authentication and authorization protocols in OAuth 2.0 because of their small size. When refresh tokens are stored in cookies, the size limit of a cookie or URL may be quickly exceeded. There may be refresh tokens for accessing users and getting the refresh token is a bit more complicated and refresh tokens in the browser require additional security measures and the attacker steals a refresh token and attempts to use it after the application has already used it. This implies that the attacker was able to steal a refresh token from the application. If the refresh token can be stolen, then so can the access token, even short token lifetimes can still lead to major abuse scenarios. In this article, we discuss the security properties of refresh tokens in the browser and the pattern to secure JWT tokens in the web front-end better. We propose a Backend for Frontend (BFF) pattern, where the token handling is deferred to the server-side component to a secure token that provides a lot of flexibility to the client-side.

scholarly journals Models and scenarios of implementation of threats for internet resources

2020 ◽  
Vol 8 (6) ◽  
pp. 9-33
Author(s):  
S. A. Lesko
Keyword(s):  
Web Application ◽  
Query Language ◽  
Sql Injection ◽  
Web Resource ◽  
Injection Attacks ◽  
Sql Injections ◽  
Sql Injection Attacks ◽  
Client Side ◽  
Cross Site ◽  
The Web

To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.

scholarly journals Serverless OpenHealth at data commons scale - traversing the 20 million patient records of New York's SPARCS dataset in real-time

2018 ◽  
Author(s):  
Jonas S Almeida ◽  
Janos Hajagos ◽  
Joel Saltz ◽  
Mary Saltz
Keyword(s):  
Real Time ◽  
Web Application ◽  
Open Data ◽  
Patient Records ◽  
Public Health Agencies ◽  
P4 Medicine ◽  
Population Science ◽  
Data Layer ◽  
Client Side ◽  
The Web

In a previous report, we explored the serverless OpenHealth approach to the Web as a Global Compute space. That approach relies on the modern browser full stack, and, in particular, its configuration for application assembly by code injection. The opportunity, and need, to expand this approach has since increased markedly, reflecting a wider adoption of Open Data policies by Public Health Agencies. Here, we describe how the serverless scaling challenge can be achieved by the isomorphic mapping between the remote data layer API and a local (client-side, in-browser) operator. This solution is validated with an accompanying interactive web application (bit.ly/loadsparcs) capable of real-time traversal of New York’s 20 million patient records of the Statewide Planning and Research Cooperative System (SPARCS), and is compared with alternative approaches. The results obtained strengthen the argument that the FAIR reproducibility needed for Population Science applications in the age of P4 Medicine is particularly well served by the Web platform.

The Web as a Platform for e-Research in the Social and Behavioral Sciences

2012 ◽  
pp. 34-61
Author(s):  
Pablo Garaizar ◽  
Miguel A. Vadillo ◽  
Diego López-de-Ipiña ◽  
Helena Matute
Keyword(s):  
Rapid Evolution ◽  
Future Internet ◽  
The Internet ◽  
Social And Behavioral Sciences ◽  
Behavioral Sciences ◽  
Social Scientists ◽  
Social Nature ◽  
The Social ◽  
Client Side ◽  
The Web

As a consequence of the joint and rapid evolution of the Internet and the social and behavioral sciences during the last two decades, the Internet is becoming one of the best possible psychological laboratories and is being used by scientists from all over the world in more and more productive and interesting ways each day. This chapter uses examples from psychology, while reviewing the most recent Web paradigms, like the Social Web, Semantic Web, and Cloud Computing, and their implications for e-research in the social and behavioral sciences, and tries to anticipate the possibilities offered to social science researchers by future Internet proposals. The most recent advancements in the architecture of the Web, both from the server and the client-side, are also discussed in relation to behavioral e-research. Given the increasing social nature of the Web, both social scientists and engineers should benefit from knowledge on how the most recent and future Web developments can provide new and creative ways to advance the understanding of the human nature.

Sign in / Sign up

Export Citation Format

Share Document