Probable Defense Representation for Session Transfer and Network Services Using OTP

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit1951126 ◽

2019 ◽

pp. 360-364

Author(s):

A. Thamizhiniyal

Keyword(s):

Network Security ◽

Access Control ◽

Web Application ◽

Early Stage ◽

Quality Standard ◽

Web Security ◽

Internet Security ◽

Security Model ◽

Application Development ◽

Internet Applications

Internet network security is a branch of computer sciences often involving browser security, network security, applications and operating systems to keep the internet as a secure channel to exchange information by reducing the risk and attacks. There are a number of studies that have been conducted in this field resulting in the development of various security models to achieve internet security. However, periodic security reports and previous studies prove that the most secure systems are not immune from risk and much effort is needed to improve internet security. This paper proposed a simple security model to improve internet applications security and services protections, specified access control, cryptographic, cookies and session managements, defense programming practices, care for security from early stage on development life cycle, use hardware authentication techniques in access control, then propose cryptographic approach by mix MD5 with Based64, consider session and cookies types and ways to keep it secure. Additionally, these practices discussed the most important web security vulnerability and access control weakness and how to overcome such weaknesses, proposed an approach to measure, analyze and evaluate security project according to software quality standard ISO 25010 by using Liker scale, finally ended by case study. The effort of this paper represents a set of techniques and tips that should be applied within each web application development process to maintain its security.

Download Full-text

Anticipated Security Model for Session Transfer and Services Using OTP

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit195198 ◽

2019 ◽

pp. 414-418

Author(s):

J. Jose Merlin ◽

A. Prathipa ◽

G. Ramyadevi ◽

P. Radhika

Keyword(s):

Access Control ◽

Web Application ◽

Early Stage ◽

Quality Standard ◽

Web Security ◽

Internet Security ◽

Security Model ◽

Application Development ◽

Internet Applications ◽

Browser Security

Internet security is a branch of computer sciences often involving browser security, network security, applications and operating systems to keep the internet as a secure channel to exchange information by reducing the risk and attacks. There are a number of studies that have been conducted in this field resulting in the development of various security models to achieve internet security. However, periodic security reports and previous studies prove that the most secure systems are not immune from risk and much effort is needed to improve internet security. This paper proposed a simple security model to improve internet applications security and services protections, specified access control, cryptographic, cookies and session managements, defense programing practices, care for security from early stage on development life cycle, use hardware authentication techniques in access control, then propose cryptographic approach by mix MD5 with Based64, consider session and cookies types and ways to keep it secure. Additionally, these practices discussed the most important web security vulnerability and access control weakness and how to overcome such weaknesses, proposed an approach to measure, analyze and evaluate security project according to software quality standard ISO 25010 by using Liker scale, finally ended by case study. The effort of this paper represents a set of techniques and tips that should be applied within each web application development process to maintain its security.

Download Full-text

Gaining Hands-on Experience via Collaborative Learning: Interactive Computer Science Courses

International Journal of Emerging Technologies in Learning (iJET) ◽

10.3991/ijet.v10i3.4510 ◽

2015 ◽

Vol 10 (3) ◽

pp. 34

Author(s):

Anna Danielewicz-Betz ◽

Tatsuki Kawaguchi

Keyword(s):

Collaborative Learning ◽

Web Application ◽

Resource Constraints ◽

Collaborative Teaching ◽

Added Value ◽

Application Development ◽

Internet Applications ◽

Science Courses ◽

Computer Science Courses ◽

Hands On

In this paper we report on the practical outcomes of Software Studio (SS) undergraduate course, but also on a graduate Software Engineering for Internet Applications (SEIA) course, both of which are taught collaboratively by IT and non-IT faculty members. In the latter, students are assigned to projects proposed by actual customers and work together in teams to deliver quality results under time and resource constraints. We are interested in the learning results, such as skills acquired, e.g. by analysing the interaction between students and customers to determine how and to what degree the students transform through project based collaborative learning. As for the SEIA course, the primary goal is to allow students to manage a relatively large number of tools with little prior knowledge and having to work out how to obtain detailed information about given features, when required. In other words, students have to understand the key ideas of web application development in order to be able not only to apply technical knowledge, but also to successfully interact with all the stakeholders involved. In the process, we look for the added value of collaborative teaching, aiming at equipping the participants with both technical and non-technical skills required for their prospective jobs.

Download Full-text

Model-Driven Approach to develop Rich Web Applications

CLEI electronic journal ◽

10.19153/cleiej.21.2.4 ◽

2018 ◽

Vol 21 (2) ◽

Cited By ~ 1

Author(s):

Guido Nuñez ◽

Daniel Bonhaure ◽

Magalí González ◽

Nathalie Aquino ◽

Luca Cernuzzi

Keyword(s):

Code Generation ◽

Web Application ◽

Web Applications ◽

Application Development ◽

Internet Applications ◽

Architecture Model ◽

Model Driven ◽

Rich Internet Applications ◽

Preliminary Validation ◽

Model Driven Approach

Many Web applications have among their features the possibility of distributing their data and their business logic between the client and the server, also allowing an asynchronous communication between them. These features, originally associated with the arrival of Rich Internet Applications (RIA), remain particularly relevant and desirable. In the area of RIA, there are few proposals that simultaneously consider these features, adopt Model-Driven Development (MDD), and use implementation technologies based on scripting. In this work, we start from MoWebA, an MDD approach to web application development, and we extend it by defining a specific architecture model with RIA functionalities, supporting the previously mentioned features. We have defined the necessary metamodels and UML profiles, as well as transformation rules that allow you to generate code based on HTML5, Javascript, jQuery, jQuery Datatables and jQuery UI. The preliminary validation of the proposal shows positive evidences regarding the effectiveness, efficiency and satisfaction of the users with respect to the modeling and code generation processes of the proposal.

Download Full-text

A Secured System for Internet Enabled Host Devices

Network and Communication Technologies ◽

10.5539/nct.v5n1p26 ◽

2020 ◽

Vol 5 (1) ◽

pp. 26

Author(s):

Aderonke F. Thompson ◽

Oghenerukevwe E. Oyinloye ◽

Matthew T. David ◽

Boniface K. Alese

Keyword(s):

Access Control ◽

Web Application ◽

Cyber Attacks ◽

Context Aware ◽

Security Model ◽

Term Evolution ◽

Public Keys ◽

Network Topologies ◽

The Right

In the world of wireless communication, heterogeneous network topologies such as Wi-Fi and Long-Term Evolution (LTE) the topologies authentication service delivery forms a major challenge with access control; which is sought to be addressed. In this paper, we propose a security model by adapting Capability-based Context Aware Access Control (CCAAC) model for internet-enabled devices for defense against hacking or unauthorized access. The steps applied during the programming of this web application was followed through using the Elliptic-Curve Diffie–Hellman (ECCDH) algorithm so that the initiation of a random prime number between a range, the encryption and exchange of the devices public keys to the decryption are interpreted the right way to the machine making use of it. The results established a security model that has a good chance of being effective against present cyber-attacks other security loopholes.

Download Full-text

RBAC+: Protecting Web Databases With Access Control Mechanism

INTERNATIONAL JOURNAL OF MANAGEMENT & INFORMATION TECHNOLOGY ◽

10.24297/ijmit.v2i1.1407 ◽

2012 ◽

Vol 2 (1) ◽

pp. 24-30

Author(s):

Archna Arudkar ◽

Vimla Jethani

Keyword(s):

Control System ◽

Access Control ◽

Web Application ◽

Internet Security ◽

End User ◽

User Requirement ◽

Web Databases ◽

Database Server ◽

Access Control System ◽

Application Aware

With the wide adoption of Internet, security of web database is a key issue. In web-based applications, due to the use of n-tier architecture, the database server has no knowledge of the web application user and hence all authorization decisions are based upon execution of specific web application. Application server has full access privileges to delegate to the end user based upon the user requirement. The identity of the end user is hidden , subsequently database server fails to assign proper authorizations to the end user. Hence, current approaches to access control on databases do not fit for web databases because they are mostly based on individual user identities. To fill this security gap, the definition of application aware access control system is needed. In this paper, RBAC+ Model, an extension of NIST RBAC provides a application aware access control system to prevent attacks with the notion of application, application profile and sub-application session.

Download Full-text

Managing Security in the World Wide Web

Internet and Intranet Security Management ◽

10.4018/978-1-878289-71-1.ch005 ◽

2011 ◽

pp. 106-139 ◽

Cited By ~ 2

Author(s):

Fredj Dridi ◽

Gustaf Neumann

Keyword(s):

World Wide Web ◽

Access Control ◽

World Wide ◽

New Technologies ◽

Web Security ◽

Internet Security ◽

The Internet ◽

Security Attacks ◽

The World ◽

Role Based

Advances in the World Wide Web technology have resulted in the proliferation of significant collaborative applications in commercial environments. However, the World Wide Web as a distributed system, which introduces new technologies (like Java applets and ActiveX) and uses a vulnerable communication infrastructure (the Internet), is subject to various security attacks. These security attacks violate the confidentiality, integrity, and availability of Web resources. To achieve a certain degree of Web security and security management, different protocols and techniques have been proposed and implemented. This is still a hot topic in the current research area and still requires more ambitious efforts. We give an overview of the Internet security issues with special emphasis on the Web security. We describe an architecture built up by the means of security services to shield against these threats and to achieve information security for networked systems like the WWW. We focus on the authentication and access control services (like role-based access control) and their administration aspects. We discuss several elementary techniques and Internet standards which provide state-of-the-art of Web security.

Download Full-text

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

Journal of Electrical Engineering ◽

10.2478/v10187-010-0003-x ◽

2010 ◽

Vol 61 (1) ◽

pp. 20-28 ◽

Cited By ~ 2

Author(s):

Ahmed Hassan ◽

Waleed Bahgat

Keyword(s):

Network Security ◽

Access Control ◽

Security Policy ◽

Security Policies ◽

Second Phase ◽

Security Model ◽

Intermediate Model ◽

Low Level ◽

Proposed Model ◽

High Level

A Framework for Translating a High Level Security Policy into Low Level Security MechanismsSecurity policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Download Full-text

Model-Assisted Access Control Implementation for Code-centric Ruby-on-Rails Web Application Development

2013 International Conference on Availability, Reliability and Security ◽

10.1109/ares.2013.47 ◽

2013 ◽

Cited By ~ 3

Author(s):

Seiji Munetoh ◽

Nobukazu Yoshioka

Keyword(s):

Access Control ◽

Web Application ◽

Application Development ◽

Web Application Development ◽

Control Implementation ◽

Ruby On Rails

Download Full-text

Spring Framework for Testing

10.36227/techrxiv.12094230 ◽

2020 ◽

Author(s):

Darshak Mota ◽

Neel Zadafiya ◽

Jinan Fiaidhi

Keyword(s):

Web Application ◽

Application Development ◽

Spring Framework ◽

Java Application ◽

Development Framework ◽

Development Life Cycle ◽

Form Model ◽

Project Structure ◽

Model View ◽

The Web

Java Spring is an application development framework for enterprise Java. It is an open source platform which is used to develop robust Java application easily. Spring can also be performed using MVC structure. The MVC architecture is based on Model View and Controller techniques, where the project structure or code is divided into three parts or sections which helps to categorize the code files and other files in an organized form. Model, View and Controller code are interrelated and often passes and fetches information from each other without having to put all code in a single file which can make testing the program easy. Testing the application while and after development is an integral part of the Software Development Life Cycle (SDLC). Different techniques have been used to test the web application which is developed using Java Spring MVC architecture. And compares the results among all the three different techniques used to test the web application.

Download Full-text