X-Switch: An Efficient , Multi-User, Multi-Language Web Application Server

Web applications are usually installed on and accessed through a Web server. For security reasons, these Web servers generally provide very few privileges to Web applications, defaulting to executing them in the realm of a guest ac- count. In addition, performance often is a problem as Web applications may need to be reinitialised with each access. Various solutions have been designed to address these security and performance issues, mostly independently of one another, but most have been language or system-specic. The X-Switch system is proposed as an alternative Web application execution environment, with more secure user-based resource management, persistent application interpreters and support for arbitrary languages/interpreters. Thus it provides a general-purpose environment for developing and deploying Web applications. The X-Switch system's experimental results demonstrated that it can achieve a high level of performance. Further- more it was shown that X-Switch can provide functionality matching that of existing Web application servers but with the added benet of multi-user support. Finally the X-Switch system showed that it is feasible to completely separate the deployment platform from the application code, thus ensuring that the developer does not need to modify his/her code to make it compatible with the deployment platform.

Download Full-text

An Auto-Programming Approach to Vulkan

10.20948/graphicon-2021-3027-150-165 ◽

2021 ◽

Author(s):

Vladimir Alexandrovich Frolov ◽

Vadim Sanzharov ◽

Vladimir Alexandrovich Galaktionov ◽

Alexandr Scherbakov

Keyword(s):

Performance Studies ◽

General Purpose ◽

Software Implementation ◽

Programming Approach ◽

Fine Grained ◽

Speed Up ◽

Cross Platform ◽

Increase Productivity ◽

And Performance ◽

High Level

We propose a novel high-level approach for software development on GPU using Vulkan API. Our goal is to speed-up development and performance studies for complex algorithms on GPU, which is quite difficult and laborious for Vulkan due to large number of HW features low level details. The proposed approach uses auto programming to translate ordinary C++ to optimized Vulkan implementation with automatic shaders generation, resource binding and fine-grained barriers placement. Our model is not general-purpose programming, but is extendible and customer-focused. For a single C++ input our tool can generate multiple different implementations of algorithm in Vulkan for different cases or types of hardware. For example, we automatically detect reduction in C++ source code and then generate several variants of parallel reduction on GPU: with optimization for different warp size, with or without atomics, using or not subgroup operations. Another example is GPU ray tracing applications for which we can generate different variants: pure software implementation in compute shader, using hardware accelerated ray queries, using full RTX pipeline. The goal of our work is to increase productivity of developers who are forced to use Vulkan due to various required hardware features in their software but still do care about cross-platform ability of the developed software and want to debug their algorithm logic on the CPU. Therefore, we assume that the user will take generated code and integrate it with hand-written Vulkan code.

Download Full-text

Web Server Hacking

Constructing an Ethical Hacking Knowledge Base for Threat Awareness and Prevention ◽

10.4018/978-1-5225-7628-0.ch008 ◽

2019 ◽

pp. 209-243

Keyword(s):

Web Application ◽

Web Applications ◽

Web Server ◽

Dos Attacks ◽

Web Servers ◽

Server Software ◽

Session Hijacking ◽

High Level ◽

Cross Site ◽

The Web

Organizational web servers reflect the public image of an organization and serve web pages/information to organizational clients via web browsers using HTTP protocol. Some of the web server software may contain web applications that enable users to perform high-level tasks, such as querying a database and delivering the output through the web server to the client browser as an HTML file. Hackers always try to exploit the different vulnerabilities or flaws existing in web servers and web applications, which can pose a big threat for an organization. This chapter provides the importance of protecting web servers and applications along with the different tools used for analyzing the security of web servers and web applications. The chapter also introduces different web attacks that are carried out by an attacker either to gain illegal access to the web server data or reduce the availability of web services. The web server attacks includes denial of service (DOS) attacks, buffer overflow exploits, website defacement with sql injection (SQLi) attacks, cross site scripting (XSS) attacks, remote file inclusion (RFI) attacks, directory traversal attacks, phishing attacks, brute force attacks, source code disclosure attacks, session hijacking, parameter form tampering, man-in-the-middle (MITM) attacks, HTTP response splitting attacks, cross-site request forgery (XSRF), lightweight directory access protocol (LDAP) attacks, and hidden field manipulation attacks. The chapter explains different web server and web application testing tools and vulnerability scanners including Nikto, BurpSuite, Paros, IBM AppScan, Fortify, Accunetix, and ZAP. Finally, the chapter also discusses countermeasures to be implemented while designing any web application for any organization in order to reduce the risk.

Download Full-text

WEB MISUSE DETECTION THROUGH TEXT CATEGORISATION OF APPLICATION SERVER LOGS

International Journal of Artificial Intelligence Tools ◽

10.1142/s0218213006002989 ◽

2006 ◽

Vol 15 (05) ◽

pp. 849-854 ◽

Cited By ~ 2

Author(s):

JUAN JOSÉ GARCÍA ADEVA ◽

JUAN MANUEL PIKATZA ATXA

Keyword(s):

Access Control ◽

Intrusion Detection ◽

Web Application ◽

Application Server ◽

Confidential Information ◽

Telemedicine System ◽

Web Based ◽

Restricted Access ◽

High Level ◽

The Web

Security in web-based systems that handle confidential information can be considered a particularly sensitive subject that requires assuming some responsibilities about security. Achieving a secure web application involves tackling several issues such encryption of traffic and certain database information, strictly restricted access control, etc. In this work we focus on detecting misuse of the web application in order to gain unauthorised access. We introduce an Intrusion Detection component that by applying Text Categorisation is capable of learning the characteristics of both normal and malicious user behaviour from the regular, high-level log entries generated by web application through its application server. Therefore, the detection of misuse in the web application is achieved without the need of explicit programming or modification of the existing web application. We applied our Intrusion Detection component to a real web-based telemedicine system in order to offer some evaluation measurements. This articles offers an overview of the model, our experiences, and observations.

Download Full-text

A View Oriented Approach to Modeling Web Navigation

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.411-414.537 ◽

2013 ◽

Vol 411-414 ◽

pp. 537-544

Author(s):

Bu Ye Lou

Keyword(s):

User Experience ◽

Web Application ◽

Web Applications ◽

Abstract Model ◽

Analysis Method ◽

Graphical Notation ◽

Web Navigation ◽

High Level ◽

Concrete Model ◽

Oriented Approach

This paper presents a view oriented approach to modeling web navigation, which is suitable as an analysis method and tool for web applications. As a navigation node, the view has characteristics of dynamic and hierarchy. The dynamic of the view reflects that the content data of the application is changeable, and the hierarchy of the view makes it possible that the navigation model could evolve from a high-level abstract model to a low-level concrete model. In this paper navigation is divided into action navigation and non-action navigation. Action navigation fuses navigation process with data processing, which reflects the inherit characteristic of web application well. This paper show how to use the graphical notation to represent the various conceptions and elements involved in the approach. At last, several navigation implement patterns which can improve user experience are introduced.

Download Full-text

NMMp: A Model-Driven UML Extension for the Description of Navigation Maps for Web Applications

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194014500156 ◽

2014 ◽

Vol 24 (03) ◽

pp. 391-417 ◽

Cited By ~ 3

Author(s):

Humberto Cortés ◽

Antonio Navarro

Keyword(s):

Programming Languages ◽

Web Application ◽

Design Patterns ◽

Web Applications ◽

General Purpose ◽

Service Oriented Architectures ◽

Model Driven ◽

Service Oriented ◽

Uml Extension ◽

The Web

With the advent of multitier and service-oriented architectures, the presentation tier is more detached from the rest of the web application than ever. Moreover, complex web applications can have thousands of linked web pages built using different technologies. As a result, the description of navigation maps has become more complex in recent years. This paper presents NMMp, a UML extension that: (i) provides an abstract vision of the navigation structure of the presentation tier of web applications, independently of architectural details or programming languages; (ii) can be automatically transformed into UML-WAE class diagrams, which can be easily integrated with the design of the other tiers of the web application; (iii) encourages the use of architectural and multitier design patterns; and (iv) has been developed according to OMG standards, thus facilitating its use with general purpose UML CASE tools in industry.

Download Full-text

Comparison of web application state management tools

Journal of Computer Sciences Institute ◽

10.35784/jcsi.2675 ◽

2021 ◽

Vol 20 ◽

pp. 183-188

Author(s):

Kacper Szymanek ◽

Beata Pańczyk

Keyword(s):

Web Application ◽

Solution Structure ◽

Web Applications ◽

Performance Testing ◽

Community Support ◽

Management Tools ◽

State Management ◽

Code Metrics ◽

State Manager ◽

And Performance

Modern web applications require flow of large amounts of data. To maintain order in code, a state manager was invented. With manager all data can be retrieved from and goes to one place. In this paper, four libraries for state management (NgRx, Ngxs, Redux, Vuex) were analyzed. Five criteria were used for the study: code metrics, solution structure, availability of ready-made implementations, community support, and performance testing. Results showed that there is not the best tool in every criterion, but when comparing the results obtained, the most universal solution is Vuex.

Download Full-text

Automatic Generation of Web Applications from Visual High-Level Functional Web Components

Advances in Software Engineering ◽

10.1155/2009/879725 ◽

2009 ◽

Vol 2009 ◽

pp. 1-16

Author(s):

Quan Liang Chen ◽

Takao Shimomura

Keyword(s):

Web Application ◽

Web Applications ◽

Automatic Generation ◽

Two Dimensions ◽

Web Page ◽

High Level ◽

Functional Components

This paper presents high-level functional Web components such as frames, framesets, and pivot tables, which conventional development environments for Web applications have not yet supported. Frameset Web components provide several editing facilities such as adding, deleting, changing, and nesting of framesets to make it easier to develop Web applications that use frame facilities. Pivot table Web components sum up various kinds of data in two dimensions. They reduce the amount of code to be written by developers greatly. The paper also describes the system that implements these high-level functional components as visual Web components. This system assists designers in the development of Web applications based on the page-transition framework that models a Web application as a set of Web page transitions, and by using visual Web components, makes it easier to write processes to be executed when a Web page transfers to another.

Download Full-text

Constructing Workflows from Script Applications

Scientific Programming ◽

10.1155/2012/683634 ◽

2012 ◽

Vol 20 (4) ◽

pp. 359-377 ◽

Cited By ~ 5

Author(s):

Mikołaj Baranowski ◽

Adam Belloum ◽

Marian Bubak ◽

Maciej Malawski

Keyword(s):

Programming Languages ◽

Source Code ◽

General Purpose ◽

Control Flow ◽

Scientific Workflows ◽

Collaborative Programming ◽

Execution Environment ◽

Grid Infrastructures ◽

Grid Application ◽

High Level

For programming and executing complex applications on grid infrastructures, scientific workflows have been proposed as convenient high-level alternative to solutions based on general-purpose programming languages, APIs and scripts. GridSpace is a collaborative programming and execution environment, which is based on a scripting approach and it extends Ruby language with a high-level API for invoking operations on remote resources. In this paper we describe a tool which enables to convert the GridSpace application source code into a workflow representation which, in turn, may be used for scheduling, provenance, or visualization. We describe how we addressed the issues of analyzing Ruby source code, resolving variable and method dependencies, as well as building workflow representation. The solutions to these problems have been developed and they were evaluated by testing them on complex grid application workflows such as CyberShake, Epigenomics and Montage. Evaluation is enriched by representing typical workflow control flow patterns.

Download Full-text

Design and Implement of Teaching Resources Management Network Platform Based on MVC

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.631-632.999 ◽

2014 ◽

Vol 631-632 ◽

pp. 999-1002 ◽

Cited By ~ 1

Author(s):

Jian Jun Zhang ◽

Xiang Hua Pu ◽

Zi Hui Zhang

Keyword(s):

Web Application ◽

Weak Coupling ◽

Web Applications ◽

Teaching Resources ◽

Integration Framework ◽

Business Operations ◽

Ajax Technology ◽

Network Platform ◽

Software Development Model ◽

High Level

Now the popular Struts+Spring+Hibernate framework provides a weak coupling, easily containable, lightweight J2EE software development model which helps to build high-quality Web applications. Through researching of SSH framework and ExtJS framework based on AJAX technology, an integration framework is designed, which is based on ExtJS+SSH ,and can be used to build a flexible, easily extended and maintainable multi-tier Web application platforms. In this paper, a teaching resource management network platform is introduced, which is based on the integration framework. Experimental results show that business operations, the database, and display will be divided completely by using this integration framework based on ExtJS and SSH, in order to achieve a system of weak coupling and high level of maintenance.

Download Full-text

Defining the semantics of rule-based Web applications through model-driven development

International Journal of Applied Mathematics and Computer Science ◽

10.2478/v10006-011-0003-4 ◽

2011 ◽

Vol 21 (1) ◽

pp. 41-55 ◽

Cited By ~ 3

Author(s):

Joaquín Cañadas ◽

José Palma ◽

Samuel Túnez

Keyword(s):

Web Application ◽

Web Applications ◽

Conceptual Modeling ◽

Automatic Process ◽

Rule Engine ◽

Production Rules ◽

Rule Based ◽

Model Driven Development ◽

Model Driven ◽

High Level

Defining the semantics of rule-based Web applications through model-driven developmentRule languages and inference engines incorporate reasoning capabilities to Web information systems. This paper presents an approach for the specification and development of Web applications performing the usual functionalities of data management and incorporating a rule engine for reasoning capabilities. The proposed approach is based on the definition of a high-level representation of the semantics of rule-based applications through a formalism for conceptual modeling combining lightweight ontologies and production rules. These models are used as the source for a model-driven method that applies several transformations to conceptual models generating the rule-based Web application code in an automatic process. As a result, the rule-based Web application embeds a rule engine suitable for deducing information by applying an inference process. The structure of the information managed by the Web application is based on ontology classes, whereas the logical expressions applied in reasoning are obtained from production rules of the model. A rule-based Web application has been developed and evaluated using a supporting tool that implements the ideas presented in this paper.

Download Full-text