Automated Web Application ...

The rate of web application threats is growing more and more now in days. The most of software bugs are result from inappropriate input validation. It should lead to attack of confidential information, breaking of knowledge integrity. We develop a scanner for detecting SQ injection and XSS type software-bugs which is based on hidden web crawl and make open source scanner with the aim of hidden web crawling which may be require authentication. In this research paper we presents a new technique to find vulnerability which include advantages of black-box analysis of different web pages. And at the end we shows evaluation table which mention comparison of our scanner with two other web scanner tool. So finally this paper additionally shows how easy it is to scan web application bugs with dynamic analysis and retrieve hidden web pages from web applications.

Download Full-text

An Open-Source Web-Based Tool for Resource-Agnostic Interactive Translation Prediction

Prague Bulletin of Mathematical Linguistics ◽

10.2478/pralin-2014-0015 ◽

2014 ◽

Vol 102 (1) ◽

pp. 69-80 ◽

Cited By ~ 2

Author(s):

Torregrosa Daniel ◽

Forcada Mikel L. ◽

Pérez-Ortiz Juan Antonio

Keyword(s):

Open Source ◽

Machine Translation ◽

Web Application ◽

Statistical Machine Translation ◽

Black Box ◽

Translation System ◽

Web Tool ◽

Web Based ◽

Strongly Coupled ◽

Machine Translation System

Abstract We present a web-based open-source tool for interactive translation prediction (ITP) and describe its underlying architecture. ITP systems assist human translators by making context-based computer-generated suggestions as they type. Most of the ITP systems in literature are strongly coupled with a statistical machine translation system that is conveniently adapted to provide the suggestions. Our system, however, follows a resource-agnostic approach and suggestions are obtained from any unmodified black-box bilingual resource. This paper reviews our ITP method and describes the architecture of Forecat, a web tool, partly based on the recent technology of web components, that eases the use of our ITP approach in any web application requiring this kind of translation assistance. We also evaluate the performance of our method when using an unmodified Moses-based statistical machine translation system as the bilingual resource.

Download Full-text

Designing a XSS Defensive Framework for Web Servers Deployed in the Existing Smart City Infrastructure

Journal of Organizational and End User Computing ◽

10.4018/joeuc.2020100105 ◽

2020 ◽

Vol 32 (4) ◽

pp. 85-111

Author(s):

Brij B. Gupta ◽

Pooja Chaudhary ◽

Shashank Gupta

Keyword(s):

Smart City ◽

Web Application ◽

Web Applications ◽

Web Pages ◽

Web Servers ◽

City Environment ◽

Dynamic Web ◽

Attack Mitigation ◽

The Impact ◽

The Internet Of Things

Cross-site scripting is one of the notable exceptions effecting almost every web application. Hence, this article proposed a framework to negate the impact of the XSS attack on web servers deployed in one of the major applications of the Internet of Things (IoT) i.e. the smart city environment. The proposed framework implements 2 approaches: first, it executes vulnerable flow tracking for filtering injected malicious scripting code in dynamic web pages. Second, it accomplished trusted remark generation and validation for unveiling any suspicious activity in static web pages. Finally, the filtered and modified webpage is interfaced to the user. The prototype of the framework has been evaluated on a suite of real-world web applications to detect XSS attack mitigation capability. The performance analysis of the framework has revealed that this framework recognizes the XSS worms with very low false positives, false negatives and acceptable performance overhead as compared to existent XSS defensive methodologies.

Download Full-text

Research on Combine White-Box Testing and Black-Box Testing of Web Applications Security

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.989-994.4542 ◽

2014 ◽

Vol 989-994 ◽

pp. 4542-4546 ◽

Cited By ~ 2

Author(s):

Jie Fan ◽

Peng Gao ◽

Cong Cong Shi ◽

Ni Ge Li

Keyword(s):

Web Application ◽

Web Applications ◽

New Technology ◽

Black Box ◽

Web Application Security ◽

Testing Tools ◽

Black Box Testing ◽

Code Security ◽

White Box Testing ◽

Test Result

Contrary to high false positives rate of use White-box testing tools for Web application source code security and unable to locate vulnerabilities of use Black-box testing tools for Web application security, propose an effective method for combine White-box and Black-box testing tools of Web applications. This method will put the new technology of “Associated Files Matching Engine” into White-box testing tools, this test result and Black-box test result will be statistical analyzed and combined. Argumentation show, this method reduce the positives rate of White-box test result and be able to locate vulnerabilities where it is in file.

Download Full-text

Detecção Automática de Incompatibilidades Cross-Browser utilizando Redes Neurais Artificiais

Journal on Advances in Theoretical and Applied Informatics ◽

10.26729/jadi.v2i2.2109 ◽

2016 ◽

Vol 2 (2) ◽

pp. 55

Author(s):

Fagner Christian Paes ◽

Willian Massami Watanabe

Keyword(s):

Web Application ◽

Web Applications ◽

Automatic Detection ◽

False Positives ◽

Web Pages ◽

Inspection Process ◽

Cascading Style Sheets ◽

Mozilla Firefox ◽

Web Developers ◽

The Web

Cross-Browser Incompatibilities (XBIs) represent inconsistencies in Web Application when introduced in different browsers. The growing number of implementation of browsers (Internet Explorer, Microsoft Edge, Mozilla Firefox, Google Chrome) and the constant evolution of the specifications of Web technologies provided differences in the way that the browsers behave and render the web pages. The web applications must behave consistently among browsers. Therefore, the web developers should overcome the differences that happen during the rendering in different environments by detecting and avoiding XBIs during the development process. Many web developers depend on manual inspection of web pages in several environments to detect the XBIs, independently of the cost and time that the manual tests represent to the process of development. The tools for the automatic detection of the XBIs accelerate the inspection process in the web pages, but the current tools have little precision, and their evaluations report a large percentage of false positives. This search aims to evaluate the use of Artificial Neural Networks for reducing the numbers of false positives in the automatic detection of the XBIs through the CSS (Cascading Style Sheets) and the relative comparison of the element in the web page.

Download Full-text

FTT

International Journal of Systems and Service-Oriented Engineering ◽

10.4018/jssoe.2011100101 ◽

2011 ◽

Vol 2 (4) ◽

pp. 1-20 ◽

Cited By ~ 1

Author(s):

Ming Ying ◽

James Miller

Keyword(s):

Web Application ◽

Web Applications ◽

Web Pages ◽

Web Development ◽

Common Part ◽

Before And After ◽

Form Transformation ◽

The Web

Forms are a common part of web applications. They provide a method for the user to interact with the web application. However, forms in traditional applications require entire web pages to be refreshed every time they are submitted. This model is inefficient and should be replaced with Ajax-enabled forms. Ajax is a set of web development technologies that enables web applications to behave more like desktop applications, thus allowing a richer, more interactive and more efficient model for interactions between the user and the web application. This paper presents a refactoring system called Form Transformation Tool (FTT) to assist web programmers refactor traditional forms into Ajax-enabled forms while ensuring that functionality before and after refactoring is preserved.

Download Full-text

Visual Environment for DOM-Based Wrapping and Client-Side Linkage of Web Applications

Intellectual Property Protection for Multimedia Information Technology ◽

10.4018/978-1-59904-762-1.ch010 ◽

2011 ◽

pp. 219-240

Author(s):

Kimihito Ito ◽

Yuzuru Tanaka

Keyword(s):

Web Application ◽

Web Applications ◽

End Users ◽

Web Pages ◽

Web Based ◽

Visual Component ◽

Basic Infrastructure ◽

Legacy Applications ◽

Client Side ◽

The Web

Web applications, which are computer programs ported to the Web, allow end-users to use various remote services and tools through their Web browsers. There are an enormous number of Web applications on the Web, and they are becoming the basic infrastructure of everyday life. In spite of the remarkable development of Web-based infrastructure, it is still difficult for end-users to compose new integrated tools of both existing Web applications and legacy local applications, such as spreadsheets, chart tools, and database. In this chapter, the authors propose a new framework where end-users can wrap remote Web applications into visual components, called pads, and functionally combine them together through drag-and-drop operations. The authors use, as the basis, a meme media architecture IntelligentPad that was proposed by the second author. In the IntelligentPad architecture, each visual component, called a pad, has slots as data I/O ports. By pasting a pad onto another pad, users can integrate their functionalities. The framework presented in this chapter allows users to visually create a wrapper pad for any Web application by defining HTML nodes within the Web application to work as slots. Examples of such a node include input-forms and text strings on Web pages. Users can directly manipulate both wrapped Web applications and wrapped local legacy tools on their desktop screen to define application linkages among them. Since no programming expertise is required to wrap Web applications or to functionally combine them together, end-users can build new integrated tools of both wrapped Web applications and local legacy applications.

Download Full-text

Web application firewall using XSS

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.7.11429 ◽

2018 ◽

Vol 7 (2.7) ◽

pp. 941 ◽

Cited By ~ 1

Author(s):

M Surekha ◽

K Kiran Kumar ◽

M V.S.Prasanth ◽

P S.G.Aruna Sri

Keyword(s):

Open Source ◽

Web Application ◽

Web Applications ◽

Application Layer ◽

The Web ◽

Basic Examination

Web Applications security has turned out to be logically more essential nowadays. Tremendous quantities of assaults are being sent on the web application layer. Because of emotional increment in Web applications, security gets helpless against assortment of dangers. The ma-jority of these assaults are focused towards the web application layer and system firewall alone can't keep these sorts of assaults. The essen-tial explanation for achievement of these assaults is the numbness of utilization designers while composing the web applications and the vulnerabilities in the current advancements. Web application assaults are the most recent pattern and programmers are attempting to abuse the web application utilizing diverse strategies. Different arrangements are accessible as open source and in business showcase. Be that as it may, the choice of appropriate answer for the security of the authoritative frameworks is a noteworthy issue. This overview paper looked at the Web Application Firewall (WAF) arrangements with critical highlights essential for the security at application layer. Basic examination on WAF arrangements is useful for the clients to choose the most appropriate answer for their surroundings.

Download Full-text

Using web2py Python framework for creating data-driven web applications in the academic library

Library Hi Tech ◽

10.1108/lht-08-2015-0082 ◽

2016 ◽

Vol 34 (1) ◽

pp. 164-171 ◽

Cited By ~ 1

Author(s):

Mathew Miles

Keyword(s):

Open Source ◽

Web Application ◽

Web Applications ◽

Rapid Development ◽

Academic Library ◽

Ease Of Use ◽

Data Driven ◽

Application Framework ◽

Content Type ◽

Open Source Framework

Purpose – Many libraries have a need to develop their own data-driven web applications, but their technical staff often lacks the required specialized training – which includes knowledge of SQL, a web application language like PHP, JavaScript, CSS, and jQuery. The web2py framework greatly reduces the learning curve for creating data-driven websites by focussing on three main goals: ease of use; rapid development; and security. web2py follows a strict MVC framework where the controls and web templates are all written in pure Python. No additional templating language is required. The paper aims to discuss these issues. Design/methodology/approach – There are many frameworks available for creating database-driven web applications. The author had used ColdFusion for many years but wanted to move to a more complete web framework which was also open source. Findings – After evaluating a number of Python frameworks, web2py was found to provide the best combination of functionality and ease of use. This paper focusses on the strengths of web2py and not the specifics of evaluating the different frameworks. Practical implications – Librarians who feel that they do not have the skills to create data-driven websites in other frameworks might find that they can develop them in web2py. It is a good web application framework to start with, which might also provide a gateway to other frameworks. Originality/value – web2py is an open source framework that could have great benefit for those who may have struggled to create database-driven websites in other frameworks or languages.

Download Full-text

A Method for Automated User Interaction Testing of Web Applications

Research and Development on Information and Communication Technology ◽

10.32913/mic-ict-research.v3.n12.315 ◽

2015 ◽

pp. 28

Author(s):

Le Khanh Trinh ◽

Vo Dinh Hieu ◽

Pham Ngoc Hung

Keyword(s):

Web Application ◽

Web Applications ◽

User Interaction ◽

Finite State Automaton ◽

Web Pages ◽

User Interactions ◽

Compositional Model ◽

Finite State ◽

Interaction Testing ◽

The Web

Automated user interaction testing of Web applications has been received great attentions from the research community and industry. Currently, several available tools are proposed to partly deal withthe problem. However, how to perform the automated user interaction testing of whole Web applications effectively is still an open problem. This research proposes a method and develops a tool supporting automated user interaction testing of whole Web applications. In this method, the model of each Web page of the Web application under testing which describes the user interaction (UI) is represented by a finite state automaton. The whole model that describes the behaviors of the whole Web application then is constructed by composing the models of all Web pages. After that, test paths are generated automatically based on the compositional model of the Web application so that these test paths cover all possible user interactions of the application. A tool supporting the proposed method has been developed and applied to test on some simple Web applications. The experimental results show the potential application of this tool for automated user interaction testing of Webapplications in practice

Download Full-text

Implementation of a General Web Application Program Interface for Geoinformatics

Geoinformatics FCE CTU ◽

10.14311/gi.1.5 ◽

2006 ◽

Vol 1 ◽

pp. 44-55

Author(s):

Jan Pytel

Keyword(s):

Open Source ◽

Web Application ◽

Large Scale ◽

Web Applications ◽

Application Program Interface ◽

C Language ◽

Java Language ◽

Practical Experiences ◽

Java Native Interface ◽

Program Interface

C++ language was used for creating web applications at the department of Mapping and Cartography for many years. Plenty of projects started to be very large-scale and complicated to maintain. Consequently, the traditional way of adding functionality to a Web Server which previously has been used (CGI programs) started being usefulness. I was looking for some solutions - particularly open source ones. I have tried many languages (solutions) and finally I chose the Java language and started writing servlets. Using the Java language (servlets) has significantly simplified the development of web applications. As a result, developing cycle was cut down. Because of Java JNI (Java Native Interface) it is still possible to use C++ libraries which we are using. The main goal of this article is to share my practical experiences with rewriting typical CGI web application and creating complex geoinformatic web application.

Download Full-text