A Framework for Web Application Vulnerability Detection

Hardly a facet of human life is not influenced by the Internet due to the continuous proliferation in the Internet facilities, usage, speed, user friendly browsing, global access, etc. At flip side, hackers are also attacking this digital world with new tactics and techniques through exploiting the web application vulnerabilities. The analysis of these vulnerabilities is of paramount importance in direction to secure social digital world. It can be carried out in two ways. First, manual analysis which is error prone due to the human nature of forgiveness, dynamic change in technology and fraudulence attack techniques. Second, through the existing web application vulnerability scanners that sometime may suffer from generating false alarm rate. Hence, there is a need to develop a framework that can detect different levels of vulnerabilities, ranging from client side vulnerabilities, communication side vulnerabilities to server side vulnerabilities. This paper has carried out the literature survey in direction of identifying the new attack vectors, vulnerabilities, detection mechanism, research gaps and new working areas in same field. Continuous improvement in framework is easy. Hence, a framework is proposed to overcome the identified research gap

Download Full-text

ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting attacks

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v9i2.pp1393-1398 ◽

2019 ◽

Vol 9 (2) ◽

pp. 1393

Author(s):

PMD Nagarjun ◽

Shaik Shakeel Ahamad

Keyword(s):

Web Application ◽

Web Applications ◽

Human Life ◽

Single Line ◽

Sensitive Information ◽

Server Side ◽

Client Side ◽

Application Execution ◽

Cross Site

<span lang="EN-US">Cross-Site Scripting (XSS) is one of serious web application attack. Web applications are involved in every activity of human life. JavaScript plays a major role in these web applications. In XSS attacks hacker inject malicious JavaScript into a trusted web application, execution of that malicious script may steal sensitive information from the user. Previous solutions to prevent XSS attacks require a lot of effort to integrate into existing web applications, some solutions works at client-side and some solutions works based on filter list which needs to be updated regularly. In this paper, we propose an Image Substitute technique (ImageSubXSS) to prevent Cross-Site Scripting attacks which works at the server-side. The proposed solution is implemented and evaluated on a number of XSS attacks. With a single line, developers can integrate ImageSubXSS into their applications and the proposed solution is able to prevent XSS attacks effectively.</span>

Download Full-text

The Framework Design of E-Box Multimedia System

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.739.628 ◽

2013 ◽

Vol 739 ◽

pp. 628-631

Author(s):

Xiao Meng Chen ◽

Wei Chang Feng

Keyword(s):

Remote Control ◽

Multimedia System ◽

The Internet ◽

Tv Viewing ◽

Server Side ◽

Framework Design ◽

E Box ◽

Video And Audio ◽

The Rich ◽

Client Side

E-Box multimedia system is developed for the rich audio and video resource on the Internet and on its server side, it can automatically search and integration of network video and audio resources, and send to the client side for the user in real-time broadcast TV viewing, full use of remote control operation, Simply its a very easy to use multimedia system. This article introduces its infrastructure, main technical ideas and you can also see some details about server side and client side.

Download Full-text

A Home Multimedia Control Centers of Improved Design

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.338.796 ◽

2011 ◽

Vol 338 ◽

pp. 796-799

Author(s):

Wei Chang Feng

Keyword(s):

Remote Control ◽

Real Time ◽

Multimedia System ◽

The Internet ◽

Tv Viewing ◽

Server Side ◽

Video And Audio ◽

The Rich ◽

Improved Design ◽

Client Side

E-Yuan multimedia system is developed for the rich audio and video resource on the Internet and on its server side, it can automatically search and integration of network video and audio resources, and send to the client side for the user in real-time broadcast TV viewing, full use of remote control operation, Simply it’s a very easy to use multimedia system. This article introduces its infrastructure, main technical ideas and you can also see some details about server side and client side. At the same time, the improvement on how to collect and integrate video resources is comprehensively elaborated.

Download Full-text

On distributed concern delivery in user interface design

Computer Science and Information Systems ◽

10.2298/csis141202021c ◽

2015 ◽

Vol 12 (2) ◽

pp. 655-681 ◽

Cited By ~ 14

Author(s):

Tomas Cerny ◽

Miroslav Macik ◽

Michael Donahoo ◽

Jan Janousek

Keyword(s):

User Interface ◽

Interface Design ◽

Web Application ◽

Significant Information ◽

Server Side ◽

Ui Design ◽

Potential Benefits ◽

And Performance ◽

Client Side

Increasing demands on user interface (UI) usability, adaptability, and dynamic behavior drives ever-growing development and maintenance complexity. Traditional UI design techniques result in complex descriptions for data presentations with significant information restatement. In addition, multiple concerns in UI development leads to descriptions that exhibit concern tangling, which results in high fragment replication. Concern-separating approaches address these issues; however, they fail to maintain the separation of concerns for execution tasks like rendering or UI delivery to clients. During the rendering process at the server side, the separation collapses into entangled concerns that are provided to clients. Such client-side entanglement may seem inconsequential since the clients are simply displaying what is sent to them; however, such entanglement compromises client performance as it results in problems such as replication, fragment granularity ill-suited for effective caching, etc. This paper considers advantages brought by concern-separation from both perspectives. It proposes extension to the aspect-oriented UI design with distributed concern delivery (DCD) for client-server applications. Such an extension lessens the serverside involvement in UI assembly and reduces the fragment replication in provided UI descriptions. The server provides clients with individual UI concerns, and they become partially responsible for the UI assembly. This change increases client-side concern reuse and extends caching opportunities, reducing the volume of transmitted information between client and server to improve UI responsiveness and performance. The underlying aspect-oriented UI design automates the server-side derivation of concerns related to data presentations adapted to runtime context, security, conditions, etc. Evaluation of the approach is considered in a case study applying DCD to an existing, production web application. Our results demonstrate decreased volumes of UI descriptions assembled by the server-side and extended client-side caching abilities, reducing required data/fragment transmission, which improves UI responsiveness. Furthermore, we evaluate the potential benefits of DCD integration implications in selected UI frameworks.

Download Full-text

Towards Progressive Geospatial Information Processing on Web Systems: A Case Study for Watershed Analysis in Iowa

10.31223/x5wk8c ◽

2021 ◽

Author(s):

Muneeb Shahid ◽

Yusuf Sermet ◽

Ibrahim Demir

Keyword(s):

Data Processing ◽

Web Application ◽

Large Scale ◽

Flow Direction ◽

Geospatial Data ◽

The Internet ◽

Raster Data ◽

Watershed Analysis ◽

Client Side

Geographic Information Systems (GIS) are available as stand-alone desktop applications as well as web platforms for vector- and raster-based geospatial data processing and visualization. While each approach offers certain advantages, limitations exist that motivate the development of hybrid systems that will increase the productivity of users for performing interactive data analytics using multidimensional gridded data. Web-based applications are platform-independent, however, require the internet to communicate with servers for data management and processing which raises issues for performance, data integrity, handling, and transfer of massive multidimensional raster data. On the other hand, stand-alone desktop applications can usually function without relying on the internet, however, they are platform-dependent, making distribution and maintenance of these systems difficult. This paper presents RasterJS, a hybrid client-side web library for geospatial data processing that is built on the Progressive Web Application (PWA) architecture to operate seamlessly in both Online and Offline modes. A packaged version of this system is also presented with the help of Web Bundles API for offline access and distribution. RasterJS entails the use of latest web technologies that are supported by modern web browsers, including Service Workers API, Cache API, IndexedDB API, Notifications API, Push API, and Web Workers API, in order to bring geospatial analytics capabilities to large-scale raster data for client-side processing. Each of these technologies acts as a component in the RasterJS to collectively provide a similar experience to users in both Online and Offline modes in terms of performing geospatial analysis activities such as flow direction calculation with hydro-conditioning, raindrop flow tracking, and watershed delineation. A large-scale case study is included in the study for watershed analysis to demonstrate the capabilities and limitations of the library. The framework further presents the potential to be utilized for other use cases that rely on raster processing, including land use, agriculture, soil erosion, transportation, and population studies.

Download Full-text

Prosedur efektif pengembangan aplikasi basis data

JSAI (Journal Scientific and Applied Informatics) ◽

10.36085/jsai.v2i1.104 ◽

2019 ◽

Vol 2 (1) ◽

Author(s):

Zulkarnaen Hatala

Keyword(s):

Web Application ◽

Specific Requirement ◽

Application System ◽

Web Based ◽

Database Application ◽

Server Side ◽

The Right ◽

Client Side ◽

The Web

Abstract—Efficient and quick procedure to build a web application is presented. The steps are intended to build a database application system with hundreds of tables. The procedure can minimize tasks needed to write code and doing manual programming line by line. The intention also to build rapidly web-based database application. In this method security concerning authentification and authorization already built in ensuring the right and eligible access of the user to the system. The end result is ready to use the web-based 3-tier application. Moreover, the application is still flexible to be customized and to be enhanced to suit more specific requirement in part of each module of the software both the server-side and client-side programming codes. Abstrak—Pada penelitian kali ini diusulkan prosedur cepat dan efisien pengembangan aplikasi basis data menggunakan generator aplikasi. Bertujuan untuk meminimalisir penulisan bahasa pemograman. Keuntungan dari prosedur ini adalah bisa digunakan untuk mengembangkan aplikasi basis data secara cepat terutama dengan sistem basis data yang terdiri dari banyak tabel. Hak akses dan prosedur keamanan standar telah disediakan sehingga setiap user terjamin haknya terhadap entitas tertentu di basis data. Hasil generasi adalah aplikasi basis data berbasis web yang siap pakai. Sistem aplikasi yang terbentuk masih sangat lentur untuk untuk dilakukan penyesuaian setiap komponen aplikasi baik di sisi server maupun di sisi client.

Download Full-text

RaDMaX online: a web-based program for the determination of strain and damage profiles in irradiated crystals using X-ray diffraction

Journal of Applied Crystallography ◽

10.1107/s1600576720002514 ◽

2020 ◽

Vol 53 (2) ◽

pp. 587-593

Author(s):

A. Boulle ◽

V. Mergnac

Keyword(s):

Web Application ◽

The Internet ◽

Programming Environment ◽

X Ray Diffraction ◽

Web Browser ◽

Web Based ◽

X Ray ◽

Depth Profiles ◽

User Friendly

RaDMaX online is a major update to the previously published RaDMaX (radiation damage in materials analysed with X-ray diffraction) software [Souilah, Boulle & Debelle (2016). J. Appl. Cryst. 49, 311–316]. This program features a user-friendly interface that allows retrieval of strain and disorder depth profiles in irradiated crystals from the simulation of X-ray diffraction data recorded in symmetrical θ/2θ mode. As compared with its predecessor, RaDMaX online has been entirely rewritten in order to be able to run within a simple web browser, therefore avoiding the necessity to install any programming environment on the users' computers. The RaDMaX online web application is written in Python and developed within a Jupyter notebook implementing graphical widgets and interactive plots. RaDMaX online is free and open source and can be accessed on the internet at https://aboulle.github.io/RaDMaX-online/.

Download Full-text

Acceleration of Server-side Image Processing by Client-side Pre-processing in Web Application Environment

2019 42nd International Conference on Telecommunications and Signal Processing (TSP) ◽

10.1109/tsp.2019.8768889 ◽

2019 ◽

Cited By ~ 1

Author(s):

Lubos Juranek ◽

Jiri Stastny ◽

Vladislav Skorpil ◽

Lukas Junek

Keyword(s):

Image Processing ◽

Web Application ◽

Server Side ◽

Client Side

Download Full-text

DETECTING SERVER-SIDE ENDPOINTS IN WEB APPLICATIONS BASED ON STATIC ANALYSIS OF CLIENT-SIDE JavaScript CODE

PRIKLADNAYa DISKRETNAYa MATEMATIKA ◽

10.17223/20710410/53/3 ◽

2021 ◽

pp. 32-54

Author(s):

D. A. Sigalov ◽

◽

A. A. Khashaev ◽

D. Yu. Gamayunov ◽

◽

...

Keyword(s):

Static Analysis ◽

Web Application ◽

Web Applications ◽

Security Analysis ◽

Endpoint Detection ◽

Security Testing ◽

Application Security ◽

Server Side ◽

Dynamic Web ◽

Client Side

The problem of server-side endpoint detection in the context of blackbox security analysis of dynamic web applications is considered. We propose a method to increase coverage of server-side endpoint detection using static analysis of client-side JavaScript code to find functions which generate HTTP requests to the server-side of the application and reconstruct parameters for those functions. In the context of application security testing, static analysis allows to find such functions even in dead or unreachable JavaScript code, which cannot be achieved by dynamic crawling or dynamic code analysis. Evaluation of the proposed method and its implementation has been done using synthetic web application with endpoints vulnerable to SQL injections, and the same application was used to compare the proposed method with existing solutions. Evaluation results show that adding JavaScript static analysis to traditional dynamic crawling of web applications may significantly improve server-side endpoint coverage in blackbox application security analysis.

Download Full-text

IOT based Advanced Medicine Dispenser Integrated with an Interactive Web Application

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.10.20704 ◽

2018 ◽

Vol 7 (4.10) ◽

pp. 46

Author(s):

Nanda Kishor Panda ◽

Shubham Bhardwaj ◽

H. Bharadwaj ◽

Rohil Singhvi

Keyword(s):

Machine Learning ◽

Web Application ◽

The Internet ◽

Human Machine Interaction ◽

Everyday Objects ◽

Front End ◽

Healthcare Monitoring ◽

User Friendly ◽

Machine Interaction ◽

Interactive User

Internet of Things (IOT) is a development of the internet which plays a major role in integrating human-machine interaction by allowing everyday objects to send and receive data in a variety of applications. Using IOT in healthcare monitoring provides an avenue for doctors and patients to interact and to track the dosage of medication administered. The paper presents an interactive, user friendly network integrated with an automated medicine dispenser which uses IOT, cloud computing and machine learning. The network was built on a python tornado framework with a front end developed using materialise CSS. The feasibility of this approach was validated by building a prototype and conducting a survey.

Download Full-text