Assessment of Dynamic Open-source Cross-site Scripting Filters for Web Application

Cross-Site Scripting (XSS) is one of the most common and dangerous attacks. The user is the target of an XSS attack, but the attacker gains access to the user by exploiting an XSS vulnerability in a web application as Bridge. There are three types of XSS attacks: Reflected, Stored, and Dom-based. This paper focuses on the Stored-XSS attack, which is the most dangerous of the three. In Stored-XSS, the attacker injects a malicious script into the web application and saves it in the website repository. The proposed method in this paper has been suggested to detect and prevent the Stored-XSS. The prevent Stored-XSS Server (PSS) was proposed as a server to test and sanitize the input to web applications before saving it in the database. Any user input must be checked to see if it contains a malicious script, and if so, the input must be sanitized and saved in the database instead of the harmful input. The PSS is tested using a vulnerable open-source web application and succeeds in detection by determining the harmful script within the input and prevent the attack by sterilized the input with an average time of 0.3 seconds.

Download Full-text

An open-source R-package and web application for high-quality probabilistic predictions in hydrology

10.5194/egusphere-egu21-8549 ◽

2021 ◽

Author(s):

Jason Hunter ◽

Mark Thyer ◽

Dmitri Kavetski ◽

David McInerney

Keyword(s):

Open Source ◽

Web Application ◽

R Package ◽

Error Model ◽

Objective Functions ◽

High Quality ◽

Wide Range ◽

Probabilistic Error

Probabilistic predictions provide crucial information regarding the uncertainty of hydrological predictions, which are a key input for risk-based decision-making. However, they are often excluded from hydrological modelling applications because suitable probabilistic error models can be both challenging to construct and interpret, and the quality of results are often reliant on the objective function used to calibrate the hydrological model.We present an open-source R-package and an online web application that achieves the following two aims. Firstly, these resources are easy-to-use and accessible, so that users need not have specialised knowledge in probabilistic modelling to apply them. Secondly, the probabilistic error model that we describe provides high-quality probabilistic predictions for a wide range of commonly-used hydrological objective functions, which it is only able to do by including a new innovation that resolves a long-standing issue relating to model assumptions that previously prevented this broad application. &#160;We demonstrate our methods by comparing our new probabilistic error model with an existing reference error model in an empirical case study that uses 54 perennial Australian catchments, the hydrological model GR4J, 8 common objective functions and 4 performance metrics (reliability, precision, volumetric bias and errors in the flow duration curve). The existing reference error model introduces additional flow dependencies into the residual error structure when it is used with most of the study objective functions, which in turn leads to poor-quality probabilistic predictions. In contrast, the new probabilistic error model achieves high-quality probabilistic predictions for all objective functions used in this case study.The new probabilistic error model and the open-source software and web application aims to facilitate the adoption of probabilistic predictions in the hydrological modelling community, and to improve the quality of predictions and decisions that are made using those predictions. In particular, our methods can be used to achieve high-quality probabilistic predictions from hydrological models that are calibrated with a wide range of common objective functions.

Download Full-text

MarkUs: An Open-Source Web Application to Annotate Student Papers On-Line

Volume 4: Advanced Manufacturing Processes; Biomedical Engineering; Multiscale Mechanics of Biological Tissues; Sciences, Engineering and Education; Multiphysics; Emerging Technologies for Inspection ◽

10.1115/esda2012-82141 ◽

2012 ◽

Author(s):

Morgan Magnin ◽

Guillaume Moreau ◽

Nelle Varoquaux ◽

Benjamin Vialle ◽

Karen Reid ◽

...

Keyword(s):

Higher Education ◽

Open Source ◽

Web Application ◽

Online System ◽

Important Benefit ◽

Special Cases ◽

Assessment Time ◽

On Line ◽

Active Pedagogy ◽

Further Development

A critical component of the learning process lies in the feedback that students receive on their work that validates their progress, identifies flaws in their thinking, and identifies skills that still need to be learned. Many higher-education institutions have developed an active pedagogy that gives students opportunities for different forms of assessment and feedback. This means that students have numerous lab exercises, assignments, and projects. Both instructors and students thus require effective tools to efficiently manage the submission, assessment, and individualized feedback of students’ work. The open-source web application MarkUs aims at meeting these needs: it facilitates the submission and assessment of students’ work. Students directly submit their work using MarkUs, rather than printing it, or sending it by email. The instructors or teaching assistants use MarkUs’s interface to view the students’ work, annotate it, and fill in a marking rubric. Students use the same interface to read the annotations and learn from the assessment. Managing the students’ submissions and the instructors assessments within a single online system, has led to several positive pedagogical outcomes: the number of late submissions has decreased, the assessment time has been drastically reduced, students can access their results and read the instructor’s feedback immediately after the grading process is completed. Using MarkUs has also significantly reduced the time that instructors spend collecting assignments, creating the marking schemes, passing them on to graders, handling special cases, and returning work to the students. In this paper, we introduce MarkUs’ features, and illustrate their benefits for higher education through our own teaching experiences and that of our colleagues. We also describe an important benefit of the fact that the tool itself is open-source. MarkUs has been developed entirely by students giving them a valuable learning opportunity as they work on a large software system that real users depend on. Virtuous circles indeed arise, with former users of MarkUs becoming developers and then supervisors of further development. We will conclude by drawing perspectives about forthcoming features and use, both technically and pedagogically.

Download Full-text

An Open-Source Web-Based Tool for Resource-Agnostic Interactive Translation Prediction

Prague Bulletin of Mathematical Linguistics ◽

10.2478/pralin-2014-0015 ◽

2014 ◽

Vol 102 (1) ◽

pp. 69-80 ◽

Cited By ~ 2

Author(s):

Torregrosa Daniel ◽

Forcada Mikel L. ◽

Pérez-Ortiz Juan Antonio

Keyword(s):

Open Source ◽

Machine Translation ◽

Web Application ◽

Statistical Machine Translation ◽

Black Box ◽

Translation System ◽

Web Tool ◽

Web Based ◽

Strongly Coupled ◽

Machine Translation System

Abstract We present a web-based open-source tool for interactive translation prediction (ITP) and describe its underlying architecture. ITP systems assist human translators by making context-based computer-generated suggestions as they type. Most of the ITP systems in literature are strongly coupled with a statistical machine translation system that is conveniently adapted to provide the suggestions. Our system, however, follows a resource-agnostic approach and suggestions are obtained from any unmodified black-box bilingual resource. This paper reviews our ITP method and describes the architecture of Forecat, a web tool, partly based on the recent technology of web components, that eases the use of our ITP approach in any web application requiring this kind of translation assistance. We also evaluate the performance of our method when using an unmodified Moses-based statistical machine translation system as the bilingual resource.

Download Full-text

ATGme: Open-source web application for rare codon identification and custom DNA sequence optimization

BMC Bioinformatics ◽

10.1186/s12859-015-0743-5 ◽

2015 ◽

Vol 16 (1) ◽

Cited By ~ 12

Author(s):

Edward Daniel ◽

Goodluck U. Onwukwe ◽

Rik K. Wierenga ◽

Susan E. Quaggin ◽

Seppo J. Vainio ◽

...

Keyword(s):

Open Source ◽

Dna Sequence ◽

Web Application ◽

Rare Codon ◽

Sequence Optimization

Download Full-text

An Open-Sourced Web Application for Aerial Applicators to Avoid Spray Drift Caused by Temperature Inversion

Applied Engineering in Agriculture ◽

10.13031/aea.13841 ◽

2021 ◽

Vol 37 (1) ◽

pp. 77-84

Author(s):

Yanbo Huang ◽

D. K. Fisher

Keyword(s):

Open Source ◽

Web Application ◽

Mississippi Delta ◽

Temperature Inversion ◽

Weather Data ◽

List Type ◽

Spray Drift ◽

Atmospheric Conditions ◽

Weather Stations ◽

Open Source Hardware

HighlightsA web application for guiding data calculated from distributed weather data through open-source cloud service.A design scheme of portable weather stations built from inexpensive open-source electronics.Integration of open-source hardware and software for online guiding data to avoid drift caused by temperature inversion.Abstract. It is important for agricultural chemical applicators to follow proper spray procedures to prevent susceptible crops, animals, people, or other living organisms from being injured far downwind. Spraying during stable atmospheric conditions should be avoided to prevent surface-temperature inversion-induced off-target drift of crop protection materials. Previous statistical analysis determined times of high likelihood of stable atmospheric conditions, which are unfavorable for spraying, during the day under clear and cloudy conditions in hot summer months in the Mississippi Delta. Results validated the thresholds of temperature increase in the morning and temperature drop in the afternoon with wind speeds and the transition between stable and unstable atmospheric conditions. With this information, an algorithm was developed to calculate if atmospheric conditions were favorable for spraying based on field temperature and wind speed at any instant. With this algorithm, a web application was built to provide real-time determination of atmospheric stability and hourly online recommendation of whether aerial applications were appropriate for a location and time in the Mississippi Delta. This study further developed another web application specifically for Stoneville, Mississippi, with data measured from weather stations constructed from inexpensive open-source electronics, accessories, and software for more accurate online guidance for site-specific drift management. The web application is adapted for accessing on mobile terminals, such as smartphones and tablets, and provides timely guidance for aerial applicators and producers to avoid spray drift and air quality issues long distances downwind in the area. Keywords: Open-source hardware, Open-source software, Spray drift, Temperature inversion, Web application.

Download Full-text

Web Application Vulnerabilities and Their Countermeasures

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch056 ◽

2018 ◽

pp. 1312-1342

Author(s):

Kannan Balasubramanian

Keyword(s):

Access Control ◽

Web Application ◽

Denial Of Service ◽

Real Life ◽

Security Breach ◽

System Administration ◽

Session Management ◽

Input Validation ◽

Gain Access ◽

Cross Site

The obvious risks to a security breach are that unauthorized individuals: 1) can gain access to restricted information and 2) may be able to escalate their privileges in order to compromise the application and the entire application environment. The areas that can be compromised include user and system administration accounts. In this chapter we identify the major classes of web application vulnerabilities, gives some examples of actual vulnerabilities found in real-life web application audits, and describes some countermeasures for those vulnerabilities. The classes are: 1) authentication 2) session management 3) access control 4) input validation 5) redirects and forwards 6) injection flaws 7) unauthorized view of data 8) error handling 9) cross-site scripting 10) security misconfigurations and 10) denial of service.

Download Full-text

IDseq—An open source cloud-based pipeline and analysis service for metagenomic pathogen detection and monitoring

GigaScience ◽

10.1093/gigascience/giaa111 ◽

2020 ◽

Vol 9 (10) ◽

Cited By ~ 2

Author(s):

Katrina L Kalantar ◽

Tiago Carvalho ◽

Charles F A de Bourcy ◽

Boris Dimitrov ◽

Greg Dingle ◽

...

Keyword(s):

Data Analysis ◽

Open Source ◽

Web Application ◽

Pathogen Detection ◽

A Priori ◽

Virus Detection ◽

Data Interpretation ◽

Nasopharyngeal Swab ◽

Microbial Composition ◽

Detection And Identification

Abstract Background Metagenomic next-generation sequencing (mNGS) has enabled the rapid, unbiased detection and identification of microbes without pathogen-specific reagents, culturing, or a priori knowledge of the microbial landscape. mNGS data analysis requires a series of computationally intensive processing steps to accurately determine the microbial composition of a sample. Existing mNGS data analysis tools typically require bioinformatics expertise and access to local server-class hardware resources. For many research laboratories, this presents an obstacle, especially in resource-limited environments. Findings We present IDseq, an open source cloud-based metagenomics pipeline and service for global pathogen detection and monitoring (https://idseq.net). The IDseq Portal accepts raw mNGS data, performs host and quality filtration steps, then executes an assembly-based alignment pipeline, which results in the assignment of reads and contigs to taxonomic categories. The taxonomic relative abundances are reported and visualized in an easy-to-use web application to facilitate data interpretation and hypothesis generation. Furthermore, IDseq supports environmental background model generation and automatic internal spike-in control recognition, providing statistics that are critical for data interpretation. IDseq was designed with the specific intent of detecting novel pathogens. Here, we benchmark novel virus detection capability using both synthetically evolved viral sequences and real-world samples, including IDseq analysis of a nasopharyngeal swab sample acquired and processed locally in Cambodia from a tourist from Wuhan, China, infected with the recently emergent SARS-CoV-2. Conclusion The IDseq Portal reduces the barrier to entry for mNGS data analysis and enables bench scientists, clinicians, and bioinformaticians to gain insight from mNGS datasets for both known and novel pathogens.

Download Full-text

Cross Site Scripting (XSS) and SQL-Injection Attack Detection in Web Application

SSRN Electronic Journal ◽

10.2139/ssrn.3356292 ◽

2019 ◽

Author(s):

Prakhar Tripathi ◽

Rahul Thingla

Keyword(s):

Web Application ◽

Attack Detection ◽

Sql Injection ◽

Sql Injection Attack ◽

Cross Site

Download Full-text

AtChem, an open source box-model for the Master Chemical Mechanism

10.5194/gmd-2019-192 ◽

2019 ◽

Author(s):

Roberto Sommariva ◽

Sam Cox ◽

Chris Martin ◽

Kasia Borońska ◽

Jenny Young ◽

...

Keyword(s):

Open Source ◽

Atmospheric Chemistry ◽

Web Application ◽

Box Model ◽

Chemical Mechanism ◽

Control Software ◽

Sensitivity Studies ◽

Master Chemical Mechanism ◽

Field Campaigns ◽

Set Up

Abstract. AtChem is an open source zero-dimensional box-model for atmospheric chemistry. Any general set of chemical reactions can be used with AtChem, but the model was designed specifically for use with the Master Chemical Mechanism (MCM, http://mcm.york.ac.uk/). AtChem was initially developed within the EUROCHAMP project as a web application (AtChem-online, https://atchem.leeds.ac.uk/webapp/) for modelling environmental chamber experiments; it was recently upgraded and further developed into a standalone offline version (AtChem2) which allows the user to run complex and long simulations, such as those needed for modelling of intensive field campaigns, as well as to perform batch model runs for sensitivity studies. AtChem is installed, set up and configured using semi-automated scripts and simple text configuration files, making it easy to use even for non-experienced users. A key feature of AtChem is that it can easily be constrained to observational data which may have different timescales, thus retaining all the information contained in the observations. Implementation of a continuous integration workflow, coupled with a comprehensive suite of tests and version control software, makes the AtChem codebase robust, reliable and traceable. The AtChem2 code and documentation are available at https://github.com/AtChem/, under the open source MIT license.

Download Full-text