Auditing Defense Against XSS Worms in Online Social Network-Based Web Applications

Nowadays, users of Online Social Network (OSN) are less familiar with cyber security threats that occur in such networks, comprising Cross-Site Scripting (XSS) worms, Distributed Denial of Service (DDoS) attacks, Phishing, etc. Numerous defensive methodologies exist for mitigating the effect of DDoS attacks and Phishing vulnerabilities from OSN. However, till now, no such robust defensive solution is proposed for the complete alleviation of XSS worms from such networks. This chapter discusses the detailed incidences of XSS attacks in the recent period on the platforms of OSN. A high level of taxonomy of XSS worms is illustrated in this article for the precise interpretation of its exploitation in multiple applications of OSN like Facebook, Twitter, LinkedIn, etc. We have also discussed the key contributions of current defensive solutions of XSS attacks on the existing platforms of OSN. Based on this study, we identified the current performance issues in these existing solutions and recommend future research guidelines.

Design-Based Research with AGILE Sprints to Produce MUVES in Vocational Education

An innovative approach to effective design, development and testing of Multi-User Virtual Environments (MUVE) in vocational education is provided. It blends Agile software development with design based research (DBR), seeded with educational frameworks and theories relevant to vocational education. Legitimate peripheral participation was used as a filter to inform design thinking for authentic vocational contexts because moving towards being work ready increases the student's legitimate practices particular to a vocation. Technological Pedagogical Content Knowledge TPACK (Mishra & Koehler 2006) provided a framework to link content and pedagogy with the MUVE technology. Software development techniques for MUVEs are shown to have characteristics compatible with design based research. A design based methodological process that introduces software development within phases is described. The approach is illustrated in the design of two MUVE to simulate (1) the hazardous situation of temporary traffic management and (2) communication on a maritime ship's bridge.

Voice Application Generator Platform for Real Time Multimedia Vehicle Sensor Based Notifications

Nowadays, many software applications are used to offer services or functionalities to drivers. Even though, there is a lack of applications that offer drivers the possibility to express their need to generate a specific application in real time. In this research, the authors present an innovative platform that allows users to generate multimedia web applications that use real time vehicle sensor information. The creation of applications is specified through a voice interface to allow users to generate applications while driving. Information used in the applications is collected combining mobile device sensors (accelerometer, GPS, light sensor, barometer, etc.) and vehicle real time On-board Diagnosis port information (speed, engine revolutions per minute, fuel consumption, coolant temperature, throttle, battery voltage, etc.). The domain of generated applications includes driving safety, road state, parameter notifications, social applications, etc. The generated applications can display visual information systems such as maps, audio, video and measurement gauges. For the analysis of this paper, the authors present three prototypes to demonstrate the platform capabilities.

Performance Evaluation of Public IaaS Clouds for Web 2.0 Applications Using CloudStone Benchmark

Web 2.0 applications have become ubiquitous over the past few years because they provide useful features such as a rich, responsive graphical user interface that supports interactive and dynamic content. Social networking websites, blogs, auctions, online banking, online shopping and video sharing websites are noteworthy examples of Web 2.0 applications. The market for public cloud service providers is growing rapidly, and cloud providers offer an ever-growing list of services. As a result, developers and researchers find it challenging when deciding which public cloud service to use for deploying, experimenting or testing Web 2.0 applications. This study compares the scalability and performance of a social-events calendar application on two Infrastructure as a Service (IaaS) cloud services – Amazon EC2 and HP Cloud. This study captures and compares metrics on three different instance configurations for each cloud service such as the number of concurrent users (load), as well as response time and throughput (performance). Additionally, the total price of the three different instance configurations for each cloud service is calculated and compared. This comparison of the scalability, performance and price metrics provides developers and researchers with an insight into the scalability and performance characteristics of the three instance configurations for each cloud service, which simplifies the process of determining which cloud service and instance configuration to use for deploying their Web 2.0 applications. This study uses CloudStone – an open-source, three-tier web application benchmarking tool that simulates Web 2.0 application activities – as a realistic workload generator and to capture the intended metrics. The comparison of the collected metrics indicates that all of the tested Amazon EC2 instance configurations provide better scalability and lower latency at a lower cost than the respective HP Cloud instance configurations; however, the tested HP Cloud instance configurations provide a greater storage capacity than the Amazon EC2 instance configurations, which is an important consideration for data-intensive Web 2.0 applications.

Method Using Command Abstraction Library for Iterative Testing Security of Web Applications

A framework based on a scripting language is commonly used in Web application development, and high development efficiency is often achieved by applying several Agile development techniques. However, the adaptation of security assurance techniques to support Agile development is still underway, particularly from the developer's perspective. The authors have addressed this problem by developing an iterative security testing method that splits the security test target application into two parts on the basis of the code lifecycle, application logic (“active development code”) and framework (“used code”). For the former, detailed security testing is conducted using static analysis since it contains code that is changed during the iterative development process. For the latter, an abstraction library at the command granularity level is created and maintained. The library identifies the behavior of an application from the security assurance standpoint. This separation reduces the amount of code to be statically inspected and provides a mechanism for sharing security issues among application developers using the same Web application framework. Evaluation demonstrated that this method can detect various types of Web application vulnerabilities.

Basic Concepts on RIAs

This chapter presents an overview of RIA features, and it explains the most important concepts for RIAs development, as well as their benefits and importance in several domains. In this chapter, a standard architecture for RIAs is described. This architecture has three well-defined layers: 1) the client-side that renders the rich user interface, 2) a controller layer where the business logic is executed, and 3) a data transactions manager. Important domains of Web development are presented, and in each one of them, the importance of RIAs is explained emphasizing particular features of each domain. Finally, experiences and successful stories of using RIAs in B2C e-commerce domain are presented.

Reviewing the Security Features in Contemporary Security Policies and Models for Multiple Platforms

Numerous vulnerabilities have a tendency to taint modern real-world web applications, allowing attackers in retrieving sensitive information and exploiting genuine web applications as a platform for malware activities. Moreover, computing techniques are evolved from the large desktop computer systems to the devices like smartphones, smart watches and goggles. This needs to be ensure that these devices improve their usability and will not be utilized for attacking the personal credentilas (such as credit card numbers, transaction passwords, etc.) of the users. Therefore, there is a need of security architecture over the user's credentials so that no unauthorized user can access it. This chapter summarizes various security models and techniques that are being discovered, studied and utilized extensively in order to ensure computer security. It also discusses numerous security principles and presents the models that ensure these security principles. Security models (such as access control models, information flow models, protection ring, etc.) form the basis of various higher level and complex models. Therefore, learning such security models is very much essential for ensuring the security of the computer and cyber world.

Web 2.0 and Social Media in Today's Business World

Social media technology is an innovative way for businesses to collaborate, network, and provide a mechanism for individuals to interact. When social media technology is used effectively, it can be a powerful tool for businesses to market themselves and obtain important data on their customers and competitors. Given the importance and public nature of today's consumer opinions, it is vital for companies to present themselves effectively on social media. Some companies and their employees are not familiar with this form of technology and do not realize the massive amount of data social media sites can generate. Therefore, companies need to develop a social media policy and educate their employees on how to analyze and respond to the data produced from social media. This chapter studies Web 2.0 tools and social media in today's business world and provides guidelines of adopting social media for organizations.

Web Application Vulnerabilities and Their Countermeasures

The obvious risks to a security breach are that unauthorized individuals: 1) can gain access to restricted information and 2) may be able to escalate their privileges in order to compromise the application and the entire application environment. The areas that can be compromised include user and system administration accounts. In this chapter we identify the major classes of web application vulnerabilities, gives some examples of actual vulnerabilities found in real-life web application audits, and describes some countermeasures for those vulnerabilities. The classes are: 1) authentication 2) session management 3) access control 4) input validation 5) redirects and forwards 6) injection flaws 7) unauthorized view of data 8) error handling 9) cross-site scripting 10) security misconfigurations and 10) denial of service.

Requirement Prioritization of Complex Web 2.0 Application Based on Effects on Regression Testing

Web 2.0 applications are complex information systems. Likewise any desktop applications, web applications are complex and require effective requirement prioritization preceded by effective decision aspect prioritization by involving diverse stakeholders. During the release of new increments, objective is to provide value to the software and simultaneously lowering the regression testing effort. This can be achieved by implementing all highest priority requirements along with those dependent on them so that next increments implemented requirements independent of already implemented ones. The challenges involved in aspect selection, requirement prioritization, and effective selection of the security requirements of Web 2.0 application makes its incremental deliveries a complex task as compared to that of desktop applications. The proposed requirement prioritization process is hybrid approach i.e. Based on combination of negotiations and methods to prioritize both decision aspects and software requirements. This technique reduces regression testing effort by taking an impact on regression testing as one of the parameters during prioritization and overcomes various problems related to prioritization of web 2.0 applications. This technique is applied on live system of “Virtual Classroom”, by employing three stakeholder groups with total 8 stakeholders. Results were promising since it resulted in the successful delivery of web application due to effective aspect and requirement prioritization thereby leading to reduced regression testing effort.