Selecting Secure Web Applications Using Trustworthiness Benchmarking

The multiplicity of existing software and component alternatives for web applications, especially in open source communities, has boosted interest in suitable benchmarks, able to assist in the selection of candidate solutions, concerning several quality attributes. However, the huge success of performance and dependability benchmarking contrasts the small advances in security benchmarking. Traditional vulnerability/attack detection techniques can hardly be used alone to benchmark security, as security depends on hidden vulnerabilities and subtle properties of the system and its environment. A comprehensive security benchmarking process should consist of a two-step process: elimination of flawed alternatives followed by trustworthiness benchmarking. In this paper, the authors propose a trustworthiness benchmark based on the systematic collection of evidences that can be used to select one among several web applications, from a security point-of-view. They evaluate this benchmark approach by comparing its results with an evaluation conducted by a group of security experts and programmers. Results show that the proposed benchmark provides security rankings similar to those provided by human experts. In fact, although experts may take days to gather the information and rank the alternative web applications, the benchmark consistently provides similar results in a matter of few minutes.

Download Full-text

Information Theoretic XSS Attack Detection in Web Applications

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2014070101 ◽

2014 ◽

Vol 5 (3) ◽

pp. 1-15 ◽

Cited By ~ 2

Author(s):

Hossain Shahriar ◽

Sarah North ◽

Wei-Chuen Chen ◽

Edward Mawangi

Keyword(s):

Web Applications ◽

False Positive Rate ◽

Attack Detection ◽

Information Theoretic ◽

Detection Techniques ◽

Security Breaches ◽

Detection Approach ◽

Leibler Divergence ◽

Positive Rate ◽

Initial Results

Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few years. XSS vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser to cause unwanted behaviors and security breaches. Despite the presence of many mitigation approaches, the discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existing solutions and to develop novel attack detection techniques. This paper proposes a proxy-level XSS attack detection approach based on a popular information-theoretic measure known as Kullback-Leibler Divergence (KLD). Legitimate JavaScript code present in an application should remain similar or very close to the JavaScript code present in a rendered web page. A deviation between the two can be an indication of an XSS attack. This paper applies a back-off smoothing technique to effectively detect the presence of malicious JavaScript code in response pages. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks and suffer from low false positive rate through proper choice of threshold values of KLD. Further, the performance overhead has been found to be negligible.

Download Full-text

A Survey on Web Application Security

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit206543 ◽

2020 ◽

pp. 223-228

Author(s):

Danish Mairaj Inamdar ◽

Shyam Gupta

Keyword(s):

Web Application ◽

Web Applications ◽

Attack Detection ◽

Web Application Security ◽

Application Security ◽

Detection Techniques ◽

Data Breaches ◽

Current State ◽

Tools And Techniques ◽

Detection Mechanisms

Web application security has become real concern due to increase in attacks and data breaches. As Application becomes critical, complex and connected, the difficulty of achieving application security increases exponentially. Also there are tools and techniques to detect such attacks, threat and vulnerabilities that exist in application which developer prevent and mitigate the risk associated to it. This paper evaluates various web application attack detection mechanisms and how resistant they are against various attacking techniques. Such an evaluation is important for not only measuring the available attack defense against web application attacks but also identifying gaps to build effective solutions for different defense techniques on web application and use it for study. Based on the research, the limitations of these application attack detection techniques are identified and remedies proposed for improving the current state attack detection on web applications.

Download Full-text

Information Theoretic XSS Attack Detection in Web Applications

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch042 ◽

2018 ◽

pp. 972-987 ◽

Cited By ~ 1

Author(s):

Hossain Shahriar ◽

Sarah North ◽

Wei-Chuen Chen ◽

Edward Mawangi

Keyword(s):

Web Applications ◽

False Positive Rate ◽

Attack Detection ◽

Information Theoretic ◽

Detection Techniques ◽

Security Breaches ◽

Detection Approach ◽

Leibler Divergence ◽

Positive Rate ◽

Initial Results

Download Full-text

Tauchnitz for Translators. The Circulation of English-language Literature in Finland

Comparative Critical Studies ◽

10.3366/ccs.2019.0325 ◽

2019 ◽

Vol 16 (2-3) ◽

pp. 161-179

Author(s):

Outi Paloposki

Keyword(s):

Foreign Language ◽

English Language ◽

Book History ◽

Language Skills ◽

Point Of View ◽

Book Production ◽

German Publisher ◽

Language Literature ◽

Selection Of

The article looks at book production and circulation from the point of view of translators, who, as purchasers and readers of foreign-language books, are an important mediating force in the selection of literature for translation. Taking the German publisher Tauchnitz's series ‘Collection of British Authors’ and its circulation in Finland in the nineteenth and early twentieth century as a case in point, the article argues that the increased availability of English-language books facilitated the acquiring and honing of translators' language skills and gradually diminished the need for indirect translating. Book history and translation studies meet here in an examination of the role of the Collection in Finnish translators' work.

Download Full-text

COMBINATORIAL POLYNOMIALLY COMPUTABLE CHARACTERISTICS OF SUBSTITUTIONS AND THEIR PROPERTIES

Computational nanotechnology ◽

10.33693/2313-223x-2020-7-2-34-41 ◽

2020 ◽

Vol 7 (2) ◽

pp. 34-41

Author(s):

VLADIMIR NIKONOV ◽

◽

ANTON ZOBOV ◽

Keyword(s):

Mathematical Expectation ◽

Point Of View ◽

Small Range ◽

Computational Point ◽

Wide Range ◽

Bijective Function ◽

The Difference ◽

Element Base ◽

Selection Of

The construction and selection of a suitable bijective function, that is, substitution, is now becoming an important applied task, particularly for building block encryption systems. Many articles have suggested using different approaches to determining the quality of substitution, but most of them are highly computationally complex. The solution of this problem will significantly expand the range of methods for constructing and analyzing scheme in information protection systems. The purpose of research is to find easily measurable characteristics of substitutions, allowing to evaluate their quality, and also measures of the proximity of a particular substitutions to a random one, or its distance from it. For this purpose, several characteristics were proposed in this work: difference and polynomial, and their mathematical expectation was found, as well as variance for the difference characteristic. This allows us to make a conclusion about its quality by comparing the result of calculating the characteristic for a particular substitution with the calculated mathematical expectation. From a computational point of view, the thesises of the article are of exceptional interest due to the simplicity of the algorithm for quantifying the quality of bijective function substitutions. By its nature, the operation of calculating the difference characteristic carries out a simple summation of integer terms in a fixed and small range. Such an operation, both in the modern and in the prospective element base, is embedded in the logic of a wide range of functional elements, especially when implementing computational actions in the optical range, or on other carriers related to the field of nanotechnology.

Download Full-text

THE USE OF WEB APPLICATIONS FOR THE SELECTION OF CROP GROWING TECHNOLOGIES

Siberian Herald of Agricultural Science ◽

10.26898/0370-8799-2018-3-11 ◽

2018 ◽

Vol 48 (3) ◽

pp. 84-90 ◽

Cited By ~ 1

Author(s):

E. A. Lapchenko ◽

S. P. Isakova ◽

T. N. Bobrova ◽

L. A. Kolpakova

Keyword(s):

Web Application ◽

Crop Production ◽

Web Applications ◽

Weather Forecast ◽

Technical Institute ◽

Software Complex ◽

Agricultural Enterprise ◽

Weather Situation ◽

The Web ◽

Selection Of

It is shown that the application of the Internet technologies is relevant in the selection of crop production technologies and the formation of a rational composition of the machine-and-tractor fl eet taking into account the conditions and production resources of a particular agricultural enterprise. The work gives a short description of the web applications, namely “ExactFarming”, “Agrivi” and “AgCommand” that provide a possibility to select technologies and technical means of soil treatment, and their functions. “ExactFarming” allows to collect and store information about temperature, precipitation and weather forecast in certain areas, keep records of information about crops and make technological maps using expert templates. “Agrivi” allows to store and provide access to weather information in the fi elds with certain crops. It has algorithms to detect and make warnings about risks related to diseases and pests, as well as provides economic calculations of crop profi tability and crop planning. “AgCommand” allows to track the position of machinery and equipment in the fi elds and provides data on the weather situation in order to plan the use of agricultural machinery in the fi elds. The web applications presented hereabove do not show relation between the technologies applied and agro-climatic features of the farm location zone. They do not take into account the phytosanitary conditions in the previous years, or the relief and contour of the fi elds while drawing up technological maps or selecting the machine-and-tractor fl eet. Siberian Physical-Technical Institute of Agrarian Problems of Siberian Federal Scientifi c Center of AgroBioTechnologies of the Russian Academy of Sciences developed a software complex PIKAT for supporting machine agrotechnologies for production of spring wheat grain at an agricultural enterprise, on the basis of which there is a plan to develop a web application that will consider all the main factors limiting the yield of cultivated crops.

Download Full-text

Der Sommer und Herbst 2003 aus phänologischer Sicht | Summer and autumn 2003 from a phenological point of view

Schweizerische Zeitschrift fur Forstwesen ◽

10.3188/szf.2004.0142 ◽

2004 ◽

Vol 155 (5) ◽

pp. 142-145 ◽

Cited By ~ 2

Author(s):

Claudio Defila

Keyword(s):

Time Series ◽

New Record ◽

Point Of View ◽

Late Spring ◽

Mean Deviation ◽

Leaf Shedding ◽

The Mean ◽

Very High ◽

Selection Of

The record-breaking heatwave of 2003 also had an impact on the vegetation in Switzerland. To examine its influences seven phenological late spring and summer phases were evaluated together with six phases in the autumn from a selection of stations. 30% of the 122 chosen phenological time series in late spring and summer phases set a new record (earliest arrival). The proportion of very early arrivals is very high and the mean deviation from the norm is between 10 and 20 days. The situation was less extreme in autumn, where 20% of the 103 time series chosen set a new record. The majority of the phenological arrivals were found in the class «normal» but the class«very early» is still well represented. The mean precocity lies between five and twenty days. As far as the leaf shedding of the beech is concerned, there was even a slight delay of around six days. The evaluation serves to show that the heatwave of 2003 strongly influenced the phenological events of summer and spring.

Download Full-text

How Shallow is a Bug? Open Source Communities as Information Repositories and Solving Software Defects

SSRN Electronic Journal ◽

10.2139/ssrn.1507233 ◽

2009 ◽

Cited By ~ 2

Author(s):

Diederik W. van Liere

Keyword(s):

Open Source ◽

Software Defects ◽

Open Source Communities

Download Full-text

Design of Inhibitors for Glyceraldehyde-3-phosphate Dehydrogenase (GAPDH) Enzyme of Leishmania mexicana

Medicinal Chemistry ◽

10.2174/1573406415666190712111139 ◽

2020 ◽

Vol 16 (6) ◽

pp. 784-795

Author(s):

Krisnna M.A. Alves ◽

Fábio José Bonfim Cardoso ◽

Kathia M. Honorio ◽

Fábio A. de Molfetta

Keyword(s):

Molecular Dynamics ◽

Molecular Dynamics Simulations ◽

Binding Site ◽

Point Of View ◽

New Drugs ◽

Leishmania Mexicana ◽

Receptor Complexes ◽

Starting Point ◽

Dynamics Simulations ◽

Selection Of

Background:: Leishmaniosis is a neglected tropical disease and glyceraldehyde 3- phosphate dehydrogenase (GAPDH) is a key enzyme in the design of new drugs to fight this disease. Objective:: The present study aimed to evaluate potential inhibitors of GAPDH enzyme found in Leishmania mexicana (L. mexicana). Methods: A search for novel antileishmanial molecules was carried out based on similarities from the pharmacophoric point of view related to the binding site of the crystallographic enzyme using the ZINCPharmer server. The molecules selected in this screening were subjected to molecular docking and molecular dynamics simulations. Results:: Consensual analysis of the docking energy values was performed, resulting in the selection of ten compounds. These ligand-receptor complexes were visually inspected in order to analyze the main interactions and subjected to toxicophoric evaluation, culminating in the selection of three compounds, which were subsequently submitted to molecular dynamics simulations. The docking results showed that the selected compounds interacted with GAPDH from L. mexicana, especially by hydrogen bonds with Cys166, Arg249, His194, Thr167, and Thr226. From the results obtained from molecular dynamics, it was observed that one of the loop regions, corresponding to the residues 195-222, can be related to the fitting of the substrate at the binding site, assisting in the positioning and the molecular recognition via residues responsible for the catalytic activity. Conclusion:: he use of molecular modeling techniques enabled the identification of promising compounds as inhibitors of the GAPDH enzyme from L. mexicana, and the results obtained here can serve as a starting point to design new and more effective compounds than those currently available.

Download Full-text

Analysis of the Most Valued Organization to Work for in Spain, According to Nationality and Location

Technology Transfer and Entrepreneurship ◽

10.2174/2213809906666181214125420 ◽

2019 ◽

Vol 5 (2) ◽

pp. 83-99

Author(s):

Francisco Jesús Ferreiro Seoane ◽

Manuel Octavio Del Campo Villares

Keyword(s):

Work Environment ◽

Talent Management ◽

Point Of View ◽

Added Value ◽

Quantitative Character ◽

Autonomous Communities ◽

Professional Performance ◽

Significant Relationships ◽

Pearson Correlations ◽

Selection Of

Background: The objective of this article is to analyse if there are significant relationships between the most valuable companies operating in Spain regarding professional performance, according to nationality and location within their Autonomous Communities or any superior aggrupation. To do that, a sample of 100 companies has been selected. Methods: The methodology followed is based on the selection of the 100 highestvalued companies from the point of view of Human Resources’ policy for the period 2013-2016 and through the measurement of six factors: Talent Management, Retribution, Work environment, CSR, Training and Employees’ perception, and classified by nationality and location. The study was based on 12 hypotheses, using the Unifactorial Variance’s Analysis, Pearson correlations and regressions. One limitation could be the fact that this study refers to a particular period, focusing on Spain and the variables mentioned, based on questionnaires. The added value of this work lies on the newness as it has a quantitative character, and on the fact that most of the hypotheses do not comply. Results and Conclusion: This allows to deny certain beliefs that affirm that European and American companies operating in Spain are more attractive than the Spanish or the Mediterranean ones.

Download Full-text