The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Information flow control (IFC) is useful in preventing information leakage during software execution. Our survey reveals that no IFC model is applied on the entire software development process. Applying an IFC model on the entire software development process offers the following features: (1) viewpoints of all stakeholders (i.e., customers and analysts) can be included and (2) the IFC model helps...
In this paper, we have tested several open source web applications against common security vulnerabilities. These vulnerabilities spans from unnecessary data member declaration to leaving gaps for SQL injection. The static security vulnerabilities testing was done in three categories (1) Dodgy code vulnerabilities (2) Malicious code vulnerabilities (3) Security code vulnerabilities on seven (7) different...
Web applications are an extremely important and ubiquitous part of today's world. Students must not only know how to develop them from a technical perspective, but in doing so need to understand how to follow the proper principles of software engineering — delivering the project on time, on budget, and in a high quality manner. At the Department of Software Engineering at the Rochester Institute of...
Business critical web applications are the most popular services provided to the client by the financial sector. These applications are bringing handsome revenue for the financial industry every year. These services are also a frequent target of attackers. Poor coding practice leads applications to vulnerability that are exploited by attackers. Information and privileges such as access to databases,...
A Web Service is a software system designed to support interoperable machine-to-machine interaction over a network, it also provides a standard means of interoperating between different software applications. However, Web Services have raised new challenges on information security, this technology is susceptible to XML Injection attacks, which would allow an attacker to collect and manipulate information...
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance. The Web extra at http://youtu.be/COgKs9e679o is an audio interview in which authors Nuno Antunes and...
Developing robust web services is a difficult task. Field studies show that a large number of web services are deployed with robustness problems (i.e., presenting unexpected behaviors in the presence of invalid inputs). Although several techniques for the identification of robustness problems have been proposed in the past, there is no practical approach to automatically fix those problems. This paper...
Over the last fifteen years, Web applications have evolved from the early simple and hyper-text based ones into the more complex, interactive, usable and adaptive applications of the new generations. New paradigms, architectures, and technologies for developing Web-based systems continuously emerge and transform this specific context. At the same time, new techniques and tools for effectively testing...
Developers often rely on penetration testing tools to detect vulnerabilities in web services, although frequently without really knowing their effectiveness. In fact, the lack of information on the internal state of the tested services and the complexity and variability of the responses analyzed, limits the effectiveness of such technique, highlighting the importance of evaluating and improving existing...
Web services are often deployed with critical software bugs that may be maliciously exploited. Developers often trust on penetration testing tools to detect those vulnerabilities but the effectiveness of such technique is limited by the lack of information on the internal state of the tested services. This paper proposes a new approach for the detection of injection vulnerabilities in web services...
Increasing complexity and distribution of current software systems lead to new and more complex behavioral constraints. Consequently, testing if a given system fulfills its functional requirements becomes more crucial than ever and necessitates more powerful test oracles. In this paper, we focus on temporal requirements of critical systems. We propose a formal testing approach for specification and...
This paper presents a methodology to perform passive testing of behavioural conformance for the web services based on the security rule. The proposed methodology can be used either to check a trace (offline checking) or to runtime verification (online checking) with timing constraints, including future and past time. In order to perform this: firstly, we use the Nomad language to define the security...
The system utilizes the object-oriented analysis method and the broad-based B / S / D software architecture. Then researching and developing the coal mining security equipment's intelligent monitoring and management system of being based on the web-environment, the Web server software on this system using the tomcat6.0. Connecting the database by struts and ibatis dynamic web page technology and framework...
In this paper, we propose a security evaluation model for the web application and define a security evaluation function based on the Analytic Hierarchy Process (AHP) to describe the model. We use the evaluation method proposed by this paper to evaluate the vulnerability test effect of a BBS application named IPB. The experiment result reveals that the evaluation value calculated by the security evaluation...
The proposed architecture of the Hungarian e-government framework, mandating the functional co-operation of independent organizations, puts special emphasis on interoperability. WS-*standards have been created to reach uniformity and interoperability in the common middleware tasks for Web services such as security, reliable messaging and transactions. These standards, however, while existing for some...
Considering the design of inclusive interfaces of static and dynamic Web pages, this work focuses on the group of users with cognitive/intellectual disabilities, while simultaneously accounting for the needs of users with mobility and sensory deficits. A number of specific universal design principles are derived from a variety of cognitive disabilities, such as problems with linguistics (text and...
This paper presents an enhanced derivation procedure to obtain a system of services, from a given choreography. In addition to the basic framework, we introduce several situations where nondeterminism appears and it is resolved by using a dynamic prioritized system. The priority policy is based on several parameters such as the request dispatching, the response time, the quality of the response, etc...
Web services are becoming business-critical components that must provide a non-vulnerable interface to the client applications. However, previous research and practice show that many web services are deployed with critical vulnerabilities. SQL injection vulnerabilities are particularly relevant, as Web services frequently access a relational database using SQL commands. Penetration testing and static...
Data grids, such as the ones used by the high energy physics community, are used to share vast amounts of data across geographic locations. However, interactions with grid data are generally limited by the interfaces provided by the corresponding grid's infrastructure. The standardization of grid interfaces is one way to expand the reach of grid data seamlessly for users as well as to broaden the...
This paper proposes a new automatic approach for the detection of SQL Injection and XPath Injection vulnerabilities, two of the most common and most critical types of vulnerabilities in Web services. Although there are tools that allow testing Web applications against security vulnerabilities, previous research shows that the effectiveness of those tools in Web services environments is very poor....
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.