RAWS & UWAS

Reflection is a powerful technology that allows us to produce auto-adaptable software. RAWS is a reflective, multilevel Web service architecture aimed at allowing a Web service to transform its structure and behaviour without the need of human intervention to change the source code, compile it or deploy it again on the application server. Using RAWS, the Web service can change itself automatically. Current application servers have a very important limitation: The deployment platform (J2EE, .NET, etc.). Using current servers, a Web service or application can only be deployed on a server which runs with the same technology. To solve this drawback, we have developed universal Web application server (UWAS), platform capable of deploying Web services or applications written in any object-oriented language or for any platform. This is possible thanks to the fact that UWAS internally uses a language-independent object-oriented Web server markup language (OOWSML) representation based on XML. Altogether, RAWS & UWAS make it possible to deploy a Web service on the server regardless of its implementation technology, providing the flexibility to automatically adapt or transform the Web service structure and/or behaviour.

Download Full-text

Secure ASP.NET Web Application by Discovering Broken Authentication and Session Management Vulnerabilities

Oriental journal of computer science and technology ◽

10.13005/ojcst/10.02.15 ◽

2017 ◽

Vol 10 (2) ◽

pp. 359-363

Author(s):

Rupal Sharma ◽

Ravi Sheth

Keyword(s):

Web Service ◽

Web Application ◽

Web Applications ◽

The Other ◽

Web Application Security ◽

Application Security ◽

Security Vulnerability ◽

Session Management ◽

The Given ◽

The Web

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The owner of web applications can’t see security vulnerability in web application which develops in ASP.NET. This paper explain one algorithm which aim to identify broken authentication and session management vulnerability. The given method of this paper scan the web application files. The created scanner generator relies on studying the source character of the application limited ASP.NET files and the code be beholden files. A program develop for this motive is to bring about a report which describes vulnerabilities types by mentioning the indict name, disclose description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The indicated algorithm will uphold organization and developer to repair the vulnerabilities and recover from one end to the other security.

Download Full-text

Migrating Web Services in Mobile and Wireless Environments

Web Technologies ◽

10.4018/978-1-60566-982-3.ch038 ◽

2011 ◽

pp. 706-723

Author(s):

Myung-Woo Park ◽

Yeon-Seok Kim ◽

Kyong-Ho Lee

Keyword(s):

Web Services ◽

Web Service ◽

Mobile Devices ◽

Wireless Network ◽

Efficient Method ◽

Source Code ◽

Context Information ◽

Wireless Environments ◽

Migration Method ◽

The Web

Mobile devices enabled with Web services are being considered as equal participants of the Web services environment. The frequent mobility of devices and the intermittent disconnection of wireless network require migrating or replicating Web services onto adjacent devices appropriately. This article proposes an efficient method for migrating and replicating Web services among mobile devices through code splitting. Specifically, the proposed method splits the source code of a Web service into subcodes based on users’ preferences for its constituent operations. The subcode with a higher preference is migrated earlier than others. The proposed method also replicates a Web service to other devices to enhance its performance by considering context information such as network traffic or the parameter size of its operations. To evaluate the performance of the proposed method, the effect of the code splitting on migration was analyzed. Furthermore, to show the feasibility of the proposed migration method, three application scenarios were devised and implemented.

Download Full-text

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2014010102 ◽

2014 ◽

Vol 5 (1) ◽

pp. 19-38

Author(s):

Romaric Ludinard ◽

Éric Totel ◽

Frédéric Tronel ◽

Vincent Nicomette ◽

Mohamed Kaâniche ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Web Application ◽

Web Applications ◽

Detection System ◽

Source Code ◽

Web Attacks ◽

Application Profile ◽

The Web ◽

Ruby On Rails

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

Download Full-text

Presence-based call reservation service using open API on the Web-service architecture in broadband converged network

2006 8th International Conference Advanced Communication Technology ◽

10.1109/icact.2006.205967 ◽

2006 ◽

Cited By ~ 1

Author(s):

Yoo-mi Park ◽

Young-il Choi ◽

Sang-ha Kim

Keyword(s):

Web Service ◽

Service Architecture ◽

Converged Network ◽

Open Api ◽

The Web

Download Full-text

Software Architectures and Requirements for a Web-Based Survey System

Modelling and Analysis of Enterprise Information Systems ◽

10.4018/978-1-59904-477-4.ch004 ◽

2011 ◽

pp. 87-109

Author(s):

Dirk Baldwin ◽

Suresh Chalasani

Keyword(s):

Web Application ◽

Application Server ◽

Web Based ◽

Server Side ◽

Business Partners ◽

University Of Wisconsin ◽

Survey System ◽

Survey Responses ◽

The University ◽

The Web

Many businesses obtain feedback by surveying customers and business partners. Increasingly, these surveys are conducted via the Web. This chapter reviews briefly literature regarding Web-based surveys and describes a software architecture for a Web-based survey system. The architecture for the survey system is based on three-tiers comprised of a Web server, Web application server, and database server. The Web application server hosts the application modules that display and process the surveys. The application software consists of packages for establishing connections to the database and for reading static and dynamic data from the database. The processed surveys are written to the database with the survey responses. This system allows for anonymous survey responses and maintains user confidentiality. At the University of Wisconsin-Parkside, we have implemented this Web-based survey system, and used it to conduct three different surveys. This survey system is easily extensible to new surveys, and is used for instructional purposes to teach server-side programming. In this chapter, we discuss the key ideas behind the design and implementation of the extensible survey system, and provide results on its application.

Download Full-text

ITFG

E-Collaborations and Virtual Organizations ◽

10.4018/978-1-59140-285-5.ch011 ◽

2011 ◽

pp. 252-275

Author(s):

Georg Peters ◽

Tobias Lang ◽

Mike Lie

Keyword(s):

Applied Sciences ◽

Web Application ◽

Research Work ◽

Application Server ◽

Communication Platform ◽

University Of Applied Sciences ◽

Set Up ◽

The Web

In this chapter we present results of a project in the field of groupware systems. Munich University of Applied Sciences has set up an initiative called IT-Forum to coordinate IT activities across its 14 different departments. As part of this initiative a groupware system was developed on the basis of the Web application server ZOPE and the database mySQL. The objective of this project was to use the groupware systems operatively as communication platform within the IT-Forum and in project-orientated student courses. Furthermore the development and use of the application has been accompanied by some research work in the field of groupware systems. The main focus of this chapter is to describe this groupware system and report some experience of the use of it.

Download Full-text

The Realization of Design of Agile Commerce Based on Web Service

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.34-35.1355 ◽

2010 ◽

Vol 34-35 ◽

pp. 1355-1359

Author(s):

Xi Long Qu ◽

Mi An Dai ◽

Zhen Hui Li

Keyword(s):

Web Service ◽

Enterprise Application Integration ◽

Application Server ◽

Application Integration ◽

Enterprise Application ◽

Definition Of ◽

Server Application ◽

Is Design ◽

The Web

The definition of agile commerce is introduced, and the earlier emergence of e-commerce technology, such as EDI, web EDI, contents server, application Server, EAI(Enterprise Application Integration) are presented. The advantages of web service are discussed; moreover, based on the web service, the system of agile commerce based on web service is design. Finally, the running interface and core code are shown.

Download Full-text

WEB MISUSE DETECTION THROUGH TEXT CATEGORISATION OF APPLICATION SERVER LOGS

International Journal of Artificial Intelligence Tools ◽

10.1142/s0218213006002989 ◽

2006 ◽

Vol 15 (05) ◽

pp. 849-854 ◽

Cited By ~ 2

Author(s):

JUAN JOSÉ GARCÍA ADEVA ◽

JUAN MANUEL PIKATZA ATXA

Keyword(s):

Access Control ◽

Intrusion Detection ◽

Web Application ◽

Application Server ◽

Confidential Information ◽

Telemedicine System ◽

Web Based ◽

Restricted Access ◽

High Level ◽

The Web

Security in web-based systems that handle confidential information can be considered a particularly sensitive subject that requires assuming some responsibilities about security. Achieving a secure web application involves tackling several issues such encryption of traffic and certain database information, strictly restricted access control, etc. In this work we focus on detecting misuse of the web application in order to gain unauthorised access. We introduce an Intrusion Detection component that by applying Text Categorisation is capable of learning the characteristics of both normal and malicious user behaviour from the regular, high-level log entries generated by web application through its application server. Therefore, the detection of misuse in the web application is achieved without the need of explicit programming or modification of the existing web application. We applied our Intrusion Detection component to a real web-based telemedicine system in order to offer some evaluation measurements. This articles offers an overview of the model, our experiences, and observations.

Download Full-text

Smart KOT App Generation using an Android Application

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f1235.089620 ◽

2020 ◽

Vol 9 (6) ◽

pp. 68-72

Keyword(s):

Web Application ◽

Traditional Method ◽

Application Server ◽

Android Application ◽

Critical Levels ◽

Fundamental Step ◽

Start Line ◽

Android Platform ◽

The Right ◽

The Web

One of the maximum critical levels of serving your visitors is to take their orders correctly. It is taken into consideration to be the start line of the patron’ s evaluation of your services. It is likewise the maximum fundamental step within the system of serving the right food to the proper patron. It is incredible how era can revolutionize the best yet crucial practices of hoteliers, and the Kitchen Order Token / Ticket app is a tremendous example of the same. In the traditional method, the order is taken by the waiter manually by using a pen and paper that is referred to as the Kitchen Order Token / Ticket. Usually had to be printed as duplicates(or triplicates in a few cases), traditional Kitchen Order Token / Ticket techniques serve to create miscommunication, consume greater time, and are extra vulnerable to manual mistakes. In this paper mainly concentrate on the Android application is used in the android platform Tablets for taking orders from the customer near their tables only. The app is used by the waiters to take down the orders. The particular device will be given to the waiters in the organization with their username and password logged in respectively. This app will act as the user end application and the server will be the web application (server) that is managed by the Administrator.

Download Full-text

Authentication Techniques for UDDI Registries

Modern Technologies in Web Services Research ◽

10.4018/978-1-59904-280-0.ch002 ◽

2011 ◽

pp. 9-30

Author(s):

Elisa Bertino ◽

Barbara Carminati ◽

Elena Ferrari

Keyword(s):

Web Services ◽

Web Service ◽

Digital Signature ◽

The Internet ◽

Software System ◽

Description Language ◽

Service Architecture ◽

Access Protocol ◽

Security Issues ◽

The Web

A Web service is a software system designed to support interoperable application-to-application interactions over the Internet. Web services are based on a set of XML standards, such as Web services description language (WSDL), simple object access protocol (SOAP) and universal description, discovery and integration (UDDI). A key role in the Web service architecture is played by UDDI registries, i.e., a structured repository of information that can be queried by clients to find the Web services that better fit their needs. Even if, at the beginning, UDDI has been mainly conceived as a public registry without specific facilities for security, today security issues are becoming more and more crucial, due to the fact that data published in UDDI registries may be highly strategic and sensitive. In this chapter, we focus on authenticity issues, by proposing a method based on Merkle hash trees, which does not require the party managing the UDDI to be trusted wrt authenticity. In the chapter, besides giving all the details of the proposed solution, we show its benefit wrt standard digital signature techniques.

Download Full-text