Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications

It is increasingly difficult to manage the user identities (IDs) of rapidly developing and numerous types of online web-based applications in the present era. An innovative ID management system is required for managing the user IDs. The OpenID lightweight protocol is a better solution to manage the user IDs. In an OpenID communication environment, OpenID URL is not secured in a session hijacking situation because in other existing OpenID communication methods such double factor authentication has more chances of valid user session hijacked. The proposed communication protocol secures the OpenID URL with the help of additional innovative parameters such as Special Alphanumeric String (SAS) and Special Security PIN (SSP). The anticipated triple authentication protocol authenticated client unique OpenID URL at OpenID Provider (OP) side once and SAS and SSP field at Relying Party (RP) side. The anticipated protocol provides unique Single-Sign-On (SSO) services to OpenID users. The experimental website is tested by experts of web developers for avoiding session hijacking situation in the presence of hackers. The findings demonstrated that Dense Authentication Authorization and Accounting (DAAA) protocol minimizes the risk of a session hijacking in OpenID communication environment.

Download Full-text

Web Engineering

Software Engineering for Modern Web Applications ◽

10.4018/978-1-59904-492-7.ch001 ◽

2011 ◽

pp. 1-24 ◽

Cited By ~ 3

Author(s):

San Murugesan ◽

Athula Ginige

Keyword(s):

Web Application ◽

Large Scale ◽

Web Applications ◽

Web Development ◽

Application Development ◽

Web Engineering ◽

Web Based ◽

Large Complex ◽

Diverse Groups ◽

Web Developers

Web-based systems and applications now deliver a complex array of functionality to a large number of diverse groups of users. As our dependence and reliance on the Web has increased dramatically over the years, their performance, reliability and quality have become paramount importance. As a result, the development of Web applications has become more complex and challenging than most of us think. In many ways, it is also different and more complex than traditional software development. But, currently, the development and maintenance of most Web applications is chaotic and far from satisfactory. To successfully build and maintain large, complex Web-based systems and applications, Web developers need to adopt a disciplined development process and a sound methodology. The emerging discipline of Web engineering advocates a holistic, disciplined approach to successful Web development. In this chapter, we articulate and raise awareness of the issues and considerations in large, complex Web application development, and introduce Web engineering as a way of managing complexity and diversity of large-scale Web development.

Download Full-text

Web Engineering

Web Engineering ◽

10.4018/978-1-59140-432-3.ch001 ◽

2005 ◽

pp. 1-30 ◽

Cited By ~ 6

Author(s):

San Murugesan ◽

Athula Ginige

Keyword(s):

Web Application ◽

Large Scale ◽

Web Applications ◽

Web Development ◽

Application Development ◽

Web Engineering ◽

Web Based ◽

Large Complex ◽

Diverse Groups ◽

Web Developers

Download Full-text

Analysis and Evaluation of COVID-19 Web Applications for Health Professionals: Challenges and Opportunities

Healthcare ◽

10.3390/healthcare8040466 ◽

2020 ◽

Vol 8 (4) ◽

pp. 466

Author(s):

Hamid Mukhtar ◽

Hafiz Ahmad ◽

Muhammad Khan ◽

Nasim Ullah

Keyword(s):

Health Professionals ◽

Web Applications ◽

Evaluation Framework ◽

Complex Nature ◽

Web Based ◽

Policy Makers ◽

Analysis And Evaluation ◽

Challenges And Opportunities ◽

Increase Productivity ◽

Online Web

The multidisciplinary nature of the work required for research in the COVID-19 pandemic has created new challenges for health professionals in the battle against the virus. They need to be equipped with novel tools, applications, and resources—that have emerged during the pandemic—to gain access to breakthrough findings; know the latest developments; and to address their specific needs for rapid data acquisition, analysis, evaluation, and reporting. Because of the complex nature of the virus, healthcare systems worldwide are severely impacted as the treatment and the vaccine for COVID-19 disease are not yet discovered. This leads to frequent changes in regulations and policies by governments and international organizations. Our analysis suggests that given the abundance of information sources, finding the most suitable application for analysis, evaluation, or reporting, is one of such challenges. However, health professionals and policy-makers need access to the most relevant, reliable, trusted, and latest information and applications that can be used in their day-to-day tasks of COVID-19 research and analysis. In this article, we present our analysis of various novel and important web-based applications that have been specifically developed during the COVID-19 pandemic and that can be used by the health professionals community to help in advancing their analysis and research. These applications comprise search portals and their associated information repositories for literature and clinical trials, data sources, tracking dashboards, and forecasting models. We present a list of the minimally essential online, web-based applications to serve a multitude of purposes, from hundreds of those developed since the beginning of the pandemic. A critical analysis is provided for the selected applications based on 17 features that can be useful for researchers and analysts for their evaluations. These features make up our evaluation framework and have not been used previously for analysis and evaluation. Therefore, knowledge of these applications will not only increase productivity but will also allow us to explore new dimensions for using existing applications with more control, better management, and greater outcome of their research. In addition, the features used in our framework can be applied for future evaluations of similar applications and health professionals can adapt them for evaluation of other applications not covered in this analysis.

Download Full-text

An Energy Efficiency Study of Web-Based Communication in Android Phones

Scientific Programming ◽

10.1155/2019/8235458 ◽

2019 ◽

Vol 2019 ◽

pp. 1-19 ◽

Cited By ~ 1

Author(s):

Inmaculada Ayala ◽

Mercedes Amor ◽

Lidia Fuentes

Keyword(s):

Energy Consumption ◽

Mobile Devices ◽

Energy Demand ◽

Web Applications ◽

Asynchronous Communication ◽

Mobile App ◽

Web Based ◽

Mobile Web ◽

The Impact ◽

Web Developers

Currently, mobile devices are the most popular pervasive computing devices, and they are becoming the primary way for accessing Internet. Battery is a critical resource in such personal computing gadgets, network communications being one of the primary energy consuming activities in any mobile app. Indeed, as web-based communication is the most used explicitly or implicitly by mobile devices, HTTP-based traffic is the most power demanding one. So, mobile web developers should be aware of how much energy demands the different web-based communication alternatives. The goal of this paper is to measure and compare the energy consumption of three asynchronous HTTP-based methods in mobile devices in different browsers. Our experiments focus on three HTTP-based asynchronous communication models that allow a web server to push data to a client browser through a HTTP/1.1 interaction: Polling, Long Polling, and WebSockets. The resulted measurements are then analysed to get more accurate understanding of the impact of the selected method, and the mobile browser, in the energy consumption of the asynchronous HTTP-based communication. The utility of these experiments is to show developers what are the factors and settings that mostly influence the energy consumption when different web-based asynchronous communication methods are used, helping them to choose the most beneficial solution if possible. With this information, mobile web developers should be able to reduce the power consumption of the front-end of web applications for mobile devices, just selecting and configuring the best asynchronous method or mobile browser, improving the performance of HTTP-based communication in terms of energy demand.

Download Full-text

HTCPM: A HYBRID TEST CASE PRIORITIZATION MODEL FOR WEB AND GUI APPLICATIONS

International Journal of Computer and Communication Technology ◽

10.47893/ijcct.2015.1288 ◽

2015 ◽

pp. 122-128

Author(s):

P.DILEEP KUMAR REDDY ◽

A. ANANDA RAO

Keyword(s):

User Interfaces ◽

Web Applications ◽

Text Messages ◽

Test Case ◽

Web Based ◽

User Session ◽

System Calls ◽

Application Behavior ◽

Functional Correctness ◽

Embedded Applications

Web and Event-driven applications (EDS) is a class of applications that is quickly becoming ubiquitous. All EDS take sequences of events (e.g., messages, mouse-clicks) as input, change their state, and produce an output (e.g., events, system calls, text messages), where as in web, user session data gathered as users operate web applications can be considered as input, change their state, and produce an output. Examples include web applications, graphical user interfaces (GUIs), network protocols, device drivers, and embedded applications. Testing for functional correctness of EDS such as stand-alone GUI and web-based applications is critical to many organizations. These applications share several important characteristics. Both are particularly challenging to test because users can invoke many different sequences of events that affect application behavior. Hence here a novel model is provided to rank the test cases based on their prioritization.

Download Full-text

ANALYZING AND IMPROVING WEB APPLICATION QUALITY USING DESIGN PATTERNS

INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY ◽

10.24297/ijct.v2i2b.2641 ◽

2012 ◽

Vol 2 (2) ◽

pp. 112-116

Author(s):

Shikha Bhatia ◽

Mr. Harshpreet Singh

Keyword(s):

Web Application ◽

Design Pattern ◽

Design Patterns ◽

Web Applications ◽

Past Research ◽

Software Systems ◽

Interactive Software ◽

Web Based ◽

Software Application ◽

Execution Speed

With the mounting demand of web applications, a number of issues allied to its quality have came in existence. In the meadow of web applications, it is very thorny to develop high quality web applications. A design pattern is a general repeatable solution to a generally stirring problem in software design. It should be noted that design pattern is not a finished product that can be directly transformed into source code. Rather design pattern is a depiction or template that describes how to find solution of a problem that can be used in many different situations. Past research has shown that design patterns greatly improved the execution speed of a software application. Design pattern are classified as creational design patterns, structural design pattern, behavioral design pattern, etc. MVC design pattern is very productive for architecting interactive software systems and web applications. This design pattern is partition-independent, because it is expressed in terms of an interactive application running in a single address space. We will design and analyze an algorithm by using MVC approach to improve the performance of web based application. The objective of our study will be to reduce one of the major object oriented features i.e. coupling between model and view segments of web based application. The implementation for the same will be done in by using .NET framework.

Download Full-text

Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.15.21434 ◽

2018 ◽

Vol 7 (4.15) ◽

pp. 130

Author(s):

Emil Semastin ◽

Sami Azam ◽

Bharanidharan Shanmugam ◽

Krishnan Kannoorpatti ◽

Mirjam Jonokman ◽

...

Keyword(s):

Web Application ◽

Web Applications ◽

Operating Cycle ◽

Web Application Security ◽

Web Based ◽

Business World ◽

Application Security ◽

Server Side ◽

Combined Solution ◽

Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.

Download Full-text

Metode Rapid Application Development (RAD) pada Perancangan Website Inventory PT. SARANA ABADI MAKMUR BERSAMA (S.A.M.B) JAKARTA

Evolusi : Jurnal Sains dan Manajemen ◽

10.31294/evolusi.v6i2.4414 ◽

2018 ◽

Vol 6 (2) ◽

Author(s):

Oky Irnawati - AMIK BSI Bekasi ◽

Galih Bayu Aji Listianto - AMIK BSI Bekasi

Keyword(s):

Operating Systems ◽

Fast Moving ◽

Web Applications ◽

Design System ◽

Application Development ◽

Web Based ◽

Transportation Services ◽

Rapid Application Development ◽

Logistics Company ◽

Asset Inventory

Abstract - PT. S.A.M.B (Sarana Abadi Makmur Bersama) is a distributor and logistics company engaged in Modern Trade (MT) for fast moving consumer goods (FMCG) in Jabodetabek (Jakarta, Bogor, Depok, Tangerang, Bekasi). In addition to distribution, SAMB also provides services for companies seeking logistics and transportation services for modern trade within the designated area. The inventory design system is one of the most important factors in meeting the needs of consumers in a timely and demanding manner. There are still many companies that use desktop applications especially on PT. Sarana Abadi Makmur Bersama. Employees often complain about the performance of the used desktop app. Not all desktop applications can run on all operating systems, while web applications can run in all operating systems as long as there is a browser and an internet connection, it makes it more practical. With web-based asset inventory data item can be used relatively fast, relatively accurate, and relatively more accurate data. . Keywords: Rapid Application Development, Web-Based Inventory Program Design Abstrak - PT. S.A.M.B (Sarana Abadi Makmur Bersama) adalah perusahaan distributor dan logistik yang bergerak dalam bidang Modern Trade (MT) untuk fast moving consumers goods (FMCG) di wilayah Jabodetabek (Jakarta, Bogor, Depok, Tangerang, Bekasi). Selain distribusi, SAMB juga menyediakan layanan bagi perusahaan yang mencari jasa logistik dan transportasi untuk perdagangan modern dalam area yang ditentukan. Perancangan sistem inventory menjadi salah satu faktor yang paling penting dalam memenuhi kebutuhan konsumen dalam waktu yang tepat dan sesuai dengan permintaan. Masih banyak perusahaan-perusahaan yang menggunakan aplikasi desktop terutama pada PT. Sarana Abadi Makmur Bersama. Para karyawan sering mengeluhkan kinerja dari aplikasi desktop yang dipakai. Tidak semua aplikasi desktop dapat berjalan di semua Sistem Operasi, sedangkan aplikasi web dapat berjalan disemua Sistem Operasi selama ada browser dan koneksi internet, itu membuatnya lebih praktis. Dengan berbasis web, data inventori asset barang dapat digunakan relatif cepat, relatif tepat, dan relatif data lebih akurat. . Kata Kunci: Rapid Application Development, Perancangan Website Inventory.

Download Full-text

Performance Benchmarking of Key-Value Store NoSQL Databases

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v8i6.pp5333-5341 ◽

2018 ◽

Vol 8 (6) ◽

pp. 5333

Author(s):

Omoruyi Osemwegie ◽

Kennedy Okokpujie ◽

Nsikan Nkordeh ◽

Charles Ndujiuba ◽

Samuel John ◽

...

Keyword(s):

Data Storage ◽

Web Applications ◽

Query Language ◽

Research Work ◽

Database Systems ◽

Nosql Databases ◽

Performance Benchmarking ◽

Nosql Database ◽

Structured Query Language ◽

Web Developers

<p>Increasing requirements for scalability and elasticity of data storage for web applications has made Not Structured Query Language NoSQL databases more invaluable to web developers. One of such NoSQL Database solutions is Redis. A budding alternative to Redis database is the SSDB database, which is also a key-value store but is disk-based. The aim of this research work is to benchmark both databases (Redis and SSDB) using the Yahoo Cloud Serving Benchmark (YCSB). YCSB is a platform that has been used to compare and benchmark similar NoSQL database systems. Both databases were given variable workloads to identify the throughput of all given operations. The results obtained shows that SSDB gives a better throughput for majority of operations to Redis’s performance.</p>

Download Full-text

Web-Based Job Aids Using RESTXQ and JavaScript for Authors of XML Documents

Proceedings of Balisage: The Markup Conference 2016 ◽

10.4242/balisagevol17.galtman01 ◽

2016 ◽

Cited By ~ 2

Author(s):

Amanda Galtman

Keyword(s):

Web Applications ◽

Web Based ◽

Job Aids ◽

Xml Documents ◽

Software Company ◽

Technical Writers ◽

Visualization Application ◽

Exchange Data ◽

The Web

Using XML as the source format for authoring technical publications creates opportunities to develop tools that provide analysis, author guidance, and visualization. This case study describes two web applications that take advantage of the XML source format of documents. The applications provide a browser-based tool for technical writers and editors in a 100-person documentation department of a software company. Compared to desktop tools, the web applications are more convenient for users and less affected by hard-to-predict inconsistencies among users' computers. One application analyzes file dependencies and produces custom reports that facilitate reorganizing files. The other helps authors visualize their network of topics in their documentation sets. Both applications rely on the XQuery language and its RESTXQ web API. The visualization application also uses JavaScript, including the powerful jQuery and D3 libraries. After discussing what the applications do and why, this paper describes some architectural highlights, including how the different technologies fit together and exchange data.

Download Full-text