Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review

Most existing surveys and reviews on web application vulnerability detection (WAVD) approaches focus on comparing and summarizing the approaches’ technical details. Although some studies have analyzed the efficiency and effectiveness of specific methods, there is a lack of a comprehensive and systematic analysis of the efficiency and effectiveness of various WAVD approaches. We conducted a systematic literature review (SLR) of WAVD approaches and analyzed their efficiency and effectiveness. We identified 105 primary studies out of 775 WAVD articles published between January 2008 and June 2019. Our study identified 10 categories of artifacts analyzed by the WAVD approaches and 8 categories of WAVD meta-approaches for analyzing the artifacts. Our study’s results also summarized and compared the effectiveness and efficiency of different WAVD approaches on detecting specific categories of web application vulnerabilities and which web applications and test suites are used to evaluate the WAVD approaches. To our knowledge, this is the first SLR that focuses on summarizing the effectiveness and efficiencies of WAVD approaches. Our study results can help security engineers choose and compare WAVD tools and help researchers identify research gaps.

A Review on Technologies used in MERN stack

MERN stack is one of the well known web stack that has acquired significance over other stack. This is a direct result of its UI delivering and execution, Cost-Adequacy, Open Source and is not difficult to switch among customer and server. Its essential target is to improve the general exhibition of the application. This stack, as well as utilizing superior execution and tweaked advances, considers web applications and programming to be grown rapidly. MERN stack is an assortment of strong and amazing innovations used to foster adaptable expert web applications, containing front-end, back-end, and data set parts. It is an innovation stack that is an easy to understand full-stack JavaScript structure for building dynamic sites and applications. This is the explanation it is the most favored stage by new businesses. This paper will depict MERN Stack involving 4 advancements to be specific: Mongo DB, Express, Respond and Node.js. Every one of these 4 incredible advancements gives a start to finish system for the designers to work in and every one of these advances have a major influence in the improvement of web applications. Index Terms: MERN STACK, Mongo DB, Express JS, React JS, Node JS platform

Scientific and technical information's restoration in the open access environment through smart search engines

Open access is one of the topics that attracted the researchers interest as it is a turning point for the recovery of technical and scientific information’s recovery which requires a set of tools and technical skills. This study aims to discover the main problems of information’s recovery within open access in addition to the inventory of the most important smart search engines and to know the strategies of information’s recovery. The study adopted the descriptive analytical approach, and came out with a number of important conclusions, the most important are : Searching for scientific and technical information in the open access environment has become a very difficult and the researcher does not know which of them is more useful. Relying on the common ranking of sites, smart search engines in its work, depends on semantic web applications, most notably XML, RDF and ontology, users can quickly find specific search results through smart search engines without having to become experts in search engines or have a well-defined strategies for searching within the open access environment. The study also showed that the semantic scholar search engine deals with open sources more efficiently than traditional search engines through its ability to discover these sources and display them to the beneficiary in a distinctive way.

Algorithm for detecting attacks on Web applications based on machine learning methods and attributes queries

Abstract—Almost developed applications tend to become as accessible as possible to the user on the Internet. Different applications often store their data in cyberspace for more effective work and entertainment, such as Google Docs, emails, cloud storage, maps, weather, news,... Attacks on Web resources most often occur at the application level, in the form of HTTP/HTTPS-requests to the site, where traditional firewalls have limited capabilities for analysis and detection attacks. To protect Web resources from attacks at the application level, there are special tools - Web Application Firewall (WAF). This article presents an anomaly detection algorithm, and how it works in the open-source web application firewall ModSecurity, which uses machine learning methods with 8 suggested features to detect attacks on web applications. Tóm tắt—Hầu hết các ứng dụng được phát triển có xu hướng trở nên dễ tiếp cận nhất có thể đối với người dùng qua Internet. Các ứng dụng khác nhau thường lưu trữ dữ liệu trên không gian mạng để làm việc và giải trí hiệu quả hơn, chẳng hạn như Google Docs, email, lưu trữ đám mây, bản đồ, thời tiết, tin tức,... Các cuộc tấn công vào tài nguyên Web thường xảy ra nhất ở tầng ứng dụng, dưới dạng các yêu cầu HTTP/HTTPS đến trang web, nơi tường lửa truyền thống có khả năng hạn chế trong việc phân tích và phát hiện các cuộc tấn công. Để bảo vệ tài nguyên Web khỏi các cuộc tấn công ở tầng ứng dụng, xuất hiện các công cụ đặc biệt - Tường lửa Ứng dụng Web (WAF). Bài viết này trình bày thuật toán phát hiện bất thường và cách thức hoạt động của tường lửa ứng dụng web mã nguồn mở ModSecurity khi sử dụng phương pháp học máy với 8 đặc trưng được đề xuất để phát hiện các cuộc tấn công vào các ứng dụng web.

SOFTWARE DEVELOPMENT FOR RENDERING THREE-DIMENSIONAL SURFACES IN A WEB BROWSER

Представлена реализация программного обеспечения для построения трехмерных поверхностей с использованием трассировки лучей, выполняемого в веб-браузере персонального компьютера или смартфона. Подход веб-приложений стал широко применим в последние годы из-за развития сети Интернет. Современные веб-браузеры имеют достаточную вычислительную мощность для реализации сложных веб-приложений, а не ограничиваются только веб-сайтами. В процессе разработки были изучены различные методы построения поверхностей и методы визуализации, чтобы подобрать наиболее оптимальные для реализации веб-приложения. Были проанализированы и представлены базовые способы создания трехмерных поверхностей. Выделены ключевые различия каркасного и полигонального способа задания поверхности. Рассмотрен ряд моделей с процедурно вычисляемыми поверхностями. Подробно описан кинематический способ образования поверхностей, а также описан разработанный алгоритм для преобразования кинематических моделей в поверхность с использованием полигональной сетки. Подробно описан процесс визуализации и метод трассировки лучей. Продемонстрирован способ работы с видеочипом и распараллеливанию вычислений для оптимизации веб-приложения с помощью библиотеки GPU.js. Представлена структура веб-приложения с описанием главных каталогов проекта. Структура проекта основана на фреймворке Vue.js, благодаря чему функционал веб-приложения позволяет безгранично расширять. Для демонстрации работы веб-приложения представлен пример пошагового задания кинематической поверхности и визуализации на сцене с применением графических эффектов, таких как закраска и освещение, а также представлен пример с визуализацией множества объектов на сцене The article presents the implementation of software for rendering 3D-surfaces using ray tracing, running in a web browser of computers or smartphones. The web application approach has become widespread in recent years due to the development of the Internet. Modern web browsers have enough processing power to run complex web applications and are not limited to just websites. During the development process, various methods for constructing surfaces and visualization methods were analyzed to choose the most optimal solution for web applications. We analyzed and presented basic methods of creating 3D surfaces. We highlighted the key differences between wireframe and polygonal methods of surface definition. We considered several models with dynamic surface computation. We described the kinematic method of surface formation in detail and the developed algorithm for transforming kinematic models into a surface using a polygonal mesh. We described in detail the rendering process and ray tracing method. We demonstrated a way of working with a video chip and parallelizing computations to optimize a web application using the GPU.js library. We presented the structure of a web application with a description of the main project directories. The project structure is based on the Vue.js framework. The framework allows one to endlessly expand the functionality of a web application. The article presents how the web application works and example of step-by-step creation of a kinematic surface and rendering on a scene using graphic effects such as shading and lighting. Also it contains an example of rendering many objects on a scene

Security Testing Framework for Web Applications

The growth of web-based applications has increased tremendously from last two decades. While these applications bring huge benefits to society, yet they suffer from various security threats. Although there exist various techniques to ensure the security of web applications, still a large number of applications suffer from a wide variety of attacks and result in financial loses. In this article, a security-testing framework for web applications is proposed with an argument that security of an application should be tested at every stage of software development life cycle (SDLC). Security testing is initiated from the requirement engineering phase using a keyword-analysis phase. The output of the first phase serves as input to the next phase. Different case study applications indicate that the framework assists in early detection of security threats and applying appropriate security measures. The results obtained from the implementation of the proposed framework demonstrated a high detection ratio with a less false-positive rate.