Global ETD Search

81	Domain-Driven Security : Injection & Cross-site scripting / Domändriven säkerhet : Injection & Cross-site scripting Stendahl, Jonas January 2016 (has links) Many web applications are vulnerable to Injection and Cross-site scripting. These attacks are often focused on infrastructural parts of the application. This thesis investigates if Domain-Driven Design can unify existing technical protection mechanisms as well as provide protection for attacks aimed at the business logic of an application. The performance of data validation and transformation performed with components from Domain-Driven Design is evaluated. The evaluation is performed by exposing an E-commerce application to dangerous injection and cross-site scripting strings. The data validation was found to be accurate and flexible and context mapping aided the understanding of correct data treatment depending on where in the application it is located or travelling to. Domain-Driven Security Domain-Driven Design DDS DDD Injection Cross-site scripting XSS Security Computer security Computer Systems Datorsystem
82	Opdigtede orgasmer Stavngaard, Lene January 2013 (has links) This study explores the function of female simulated orgasm in long-term relationships, and its significance for the individual’s perception of their own body and sexuality. Through a series of semi-structured interviews with subjects that have experiences with simulated orgasm, the study utilizes scripting theory to analyze and explain the meaning of the simulated orgasm. Four central themes in the narratives are identified: The demand for orgasm, the mutually rewarding orgasm, the orgasm as strategy, and the ethics of orgasm. The study concludes that several scripts are involved in the decision to simulate one’s own orgasm. Significantly, the study identifies that in some cases simulated orgasms can lead to the experience of a pseudo-orgasm – a state that is neither simulated nor authentic orgasm. Simulated orgasm Pretended orgasm Fake orgasm Scripting Pseudo-orgasm Sexual experience Long-term relationships Sexology Social Sciences Samhällsvetenskap
83	[pt] ANALIZANDO O USO DE MEMORIA EM LUA / [en] PROFILING MEMORY IN LUA PABLO MARTINS MUSA 16 July 2020 (has links) [pt] Inchaço de memória e um problema que ocorre quando a memória consumida por um programa excede a expectativa do programador. Em muitos casos, o inchaço de memória prejudica o desempenho ou, até mesmo, interrompe a execução de aplicações. Detectar e consertar inchaços de memória é uma tarefa difícil para programadores e, portanto, eles costumam usar ferramentas para identificar e consertar problemas desta natureza. Nas últimas duas décadas, muitos trabalhos e ferramentas foram desenvolvidos com o intuito de ajudar programadores a abordar problemas de inchaço de memória, entre eles perfiladores de memória. Apesar de perfiladores de memória terem sido muito estudados nos últimos anos, existe uma lacuna em relação a linguagens de script. Nessa dissertação, nós estudamos perfiladores de memória para linguagens de script. Primeiro, nos propomos uma classificação que divide as ferramentas em manual e automática baseada em como elas são usadas pelos programadores. Em seguida, após estudar ferramentas disponíveis em três linguagens de script diferentes, nós experimentamos algumas das técnicas estudadas ao construir dois perfiladores de memória automáticos para ajudar programadores Lua a resolver inchaços de memória. Finalmente, nós avaliamos ambas as ferramentas com relação a facilidade de integração ao programa, a utilidade dos relatórios para o entendimento de programas desconhecidos e para a localização de inchaços de memória e ao custo de desempenho que elas geram. / [en] Memory bloat is a software problem that happens when the memory consumption of a program exceeds the programmer s expectations. In many cases, memory bloat hurts performance or even crashes applications. Detecting and fixing memory bloat problems is a difficult task for programmers and, thus, they usually need tools to identify and fix these problems. The past two decades produced an extensive research and many tools to help programmers tackle memory bloat, including memory profilers. Although memory profilers have been largely studied in the last years, there is a gap regarding scripting languages. In this thesis, we study memory profilers in scripting languages. First, we propose a classification in which we divide memory profilers in manual and automatic, based on how the programmer uses the memory profiler. Then, after reviewing memory profilers available in three different scripting languages, we experiment some of the studied techniques by implementing two automatic memory profilers to help Lua programmers deal with memory bloat. Finally, we evaluate our tools regarding how easy it is to incorporate them to a program, how useful their reports are to understand an unknown program and track memory bloats, and how much overhead they impose. [pt] LINGUAGENS DE SCRIPT [pt] INCHACO DE MEMORIA [pt] PERFILADOR DE MEMORIA [pt] LUA [en] SCRIPTING LANGUAGES [en] MEMORY BLOAT [en] MEMORY PROFILER [en] LUA
84	Amenable Building: Designing for Change in the Musical Process Popoutsis, Nickolas D. 14 July 2009 (has links) No description available. Architecture flexibility scripting unscripted transformation change scale of time amenable multifunction recording studio music process performance based design, dynamic
85	Applying Agent Modeling to Behaviour Patterns of Characters in Story-Based Games Zhao, Richard 11 1900 (has links) Most story-based games today have manually-scripted non-player characters (NPCs) and the scripts are usually simple and repetitive since it is time-consuming for game developers to script each character individually. ScriptEase, a publicly-available author-oriented developer tool, attempts to solve this problem by generating script code from high-level design patterns, for BioWare Corp.'s role-playing game Neverwinter Nights. The ALeRT algorithm uses reinforcement learning (RL) to automatically generate NPC behaviours that change over time as the NPCs learn from the successes or failures of their own actions. This thesis aims to provide a new learning mechanism to game agents so they are capable of adapting to new behaviours based on the actions of other agents. The new on-line RL algorithm, ALeRT-AM, which includes an agent-modeling mechanism, is applied in a series of combat experiments in Neverwinter Nights and integrated into ScriptEase to produce adaptive behaviour patterns for NPCs. agent modeling opponent modeling behaviour non-player character reinforcement learning ALeRT Sarsa variable learning rate variable exploration rate role-playing game ScriptEase scripting
86	MITIGATION OF WEB-BASED PROGRAM SECURITY VULNERABILITY EXPLOITATIONS Shahriar, HOSSAIN 30 November 2011 (has links) Over the last few years, web-based attacks have caused significant harm to users. Many of these attacks occur through the exploitations of common security vulnerabilities in web-based programs. Given that, mitigation of these attacks is extremely crucial to reduce some of the harmful consequences. Web-based applications contain vulnerabilities that can be exploited by attackers at a client-side (browser) without the victim’s (browser user’s) knowledge. This thesis is intended to mitigate some exploitations due to the presence of security vulnerabilities in web applications while performing seemingly benign functionalities at the client-side. For example, visiting a webpage might result in JavaScript code execution (cross-site scripting), downloading a file might lead to the execution of JavaScript code (content sniffing), clicking on a hyperlink might result in sending unwanted legitimate requests to a trusted website (cross-site request forgery), and filling out a seemingly legitimate form may eventually lead to stealing of credential information (phishing). Existing web-based attack detection approaches suffer from several limitations such as (i) modification of both server and client-side environments, (ii) exchange of sensitive information between the server and client, and (iii) lack of detection of some attack types. This thesis addresses these limitations by mitigating four security vulnerabilities in web applications: cross-site scripting, content sniffing, cross-site request forgery, and phishing. We mitigate the exploitations of these vulnerabilities by developing automatic attack detection approaches at both server and client-sides. We develop server-side attack detection frameworks to detect attack symptoms within response pages before sending them to the client. The approaches are designed based on the assumption that the server-side program source is available for analysis, but we are not allowed to alter the program code and the runtime environments. Moreover, we develop client-side attack detection frameworks so that some level of protection is present when the source code of server websites (either trusted or untrusted) is not available. Our proposed solutions explore several techniques such as response page parsing and file content analysis, browser-level checking of requests and responses, and finite state machine-based behavior monitoring. The thesis evaluates the proposed attack detection approaches with real-world vulnerable programs. The evaluation results indicate that our approaches are effective and perform better than the related work. We also contribute to the development of benchmark suites for evaluating attack detection techniques. / Thesis (Ph.D, Computing) -- Queen's University, 2011-11-29 09:44:24.465 Security vulnerability Cross-site request forgery Phishing Content sniffing Parser-based analysis Browser-based checking Cross-site scripting Trustworthiness testing Web-based program
87	Applying Agent Modeling to Behaviour Patterns of Characters in Story-Based Games Zhao, Richard Unknown Date No description available. agent modeling opponent modeling behaviour non-player character reinforcement learning ALeRT Sarsa variable learning rate variable exploration rate role-playing game ScriptEase scripting
88	Μέθοδοι προστασίας ιστοσελίδων στο διαδίκτυο Μπαλαφούτης, Χρήστος 19 October 2012 (has links) Στην παρούσα διπλωματική εργασία παρουσιάζονται βασικές έννοιες και μέθοδοι για την ασφάλεια ιστοσελίδων και ιδιαίτερα των site με web application προσανατολισμό, χωρίς αυτό να σημαίνει ότι αρκετές τεχνικές προστασίας και σφάλματα που θα εντοπίσουμε δεν μπορούν να συναντηθούν και σε άλλου σκοπού ιστοσελίδες. Αρχικά, γίνεται αναφορά στο τι είναι μια εφαρμογή ιστού (web app) και ποια είναι τα στοιχεία που την αποτελούν. Στη συνέχεια, χρησιμοποιώντας έρευνες, παρουσιάζονται κάποιες από τις πιο “δημοφιλείς” επιθέσεις που γίνονται σε ιστοσελίδες και περιγράφεται πιο διεξοδικά ποια αδύνατα σημεία της δομής των ιστοσελίδων εκμεταλλεύονται. Παράλληλα, γίνεται αναφορά στο πως και με ποια εργαλεία μπορούμε να εντοπίσουμε και να κλείσουμε τα κενά ασφαλείας που τυχόν έχει μία εφαρμογή ιστού. Τέλος, παρουσιάζεται η εφαρμογή που αναπτύχθηκε στα πλαίσια της εργασίας με σκοπό να γίνει επίδειξη συγκεκριμένων επιθέσεων και σφαλμάτων που παρατηρούνται στο διαδίκτυο. / In the following pages basic principals and methods are presented in order to secure websites and web applications. I begin by mentioning what is a web application. Moreover, by using statistics and recent researches from various sources i mention the most common web app attack methods and which vulnerabilities can be found in a web app and how to prevent exploiting, something we can accomplish by using various penetration testing tools. Finally, by using a basic web app some web attacks are shown so that it will become more clear how these attacks work. Ασφάλεια ιστοσελίδων Εφαρμογές ιστού Διαδίκτυο 005.8 Web application security Site attacks Web applications Penetration testing Cross-site scripting (XSS) Cross-site request forgeries (CSRF) SQL injection
89	A performance and installation research in web server solutions for small e-commerce systems. / En prestanda och installations forskning i webb server lösningar för mindre e-handel system. Shirazi, Erfan, Håkansson, Mattias, Abels, Christian January 2004 (has links) This thesis investigates two different web server solutions. One is a commercial, proprietary solution known as the Windows solution that consists of Windows Server 2003, IIS and ASP. The other is a free, open source solution consisting of FreeBSD, Apache and PHP. The both solutions had the database MySQL as a common component. The hypothesis that was used in this investigation is as follows: IIS on Windows Server is not better than Apache on FreeBSD for e-commerce systems. To answer the hypothesis two empirical comparisons were conducted. One was a response time experiment testing two symmetrical web shops developed for the both solutions. For this response time test a stress test application was developed. The second comparison was a case study in the ease of installation of the two different solutions. The third empirical research method was a survey that was conducted among Swedish web hotel administrators. The survey identifies various factors that play a part when choosing one of the solutions. Open source users prefer performance, security and costs of software while Windows users prefer required knowledge, usability and compatibility. By analysing our result it is shown that the hypothesis is verified proving that an open source solution reports better performance because it has lower response times than the Windows solution. The results from the case study show that Windows is the easiest solution to install. / Den här uppsatsen undersöker två olika webbservrar lösningar. En är kommersiell patentskyddad lösning känd som Windows lösningen som består av Windows Server 2003, IIS och ASP. Den andra lösningen är en gratis open source lösning som består av FreeBSD, Apache och PHP. Båda lösningarna har databasen MySQL som en jämensam komponent. Hypotesen som användes i denna forskning är; IIS på Windows Server är inte bättre än Apache på FreeBSD för e-handel system. För att kunna besvara hypotesen gjordes två empirisk jämförelsen. En var respons tid experiment som testade två symmetriska webb shops som var utvecklad av oss för bägge lösningarna. För detta experiment utvecklades en stress test program. Den andra jämförelsen var en fallstudie i lätthet av installation av dessa två lösningar. Den tredje forsknings metoden är en undersökning bland svensk webb hotell administratörer. Undersökningen identifierar olika faktorer som spelar roll när man väljer en av lösningarna. Open source användare föredrar prestanda, säkerhet och kostnad av mjukvara medan Windows användare föredrar obligatorisk kunskap, användbarhet och jämförbarhet. Genom analys av våra resultat har vi visat att vår hypotes är verifierad och detta bevisar att open source lösningen har bättre prestanda genom att den har lägre respons tid än Windows lösningen. Resultatet av fallstudien visar att Windows är lättare att installera. Web servers stress-test response time e-commerce server side scripting languages installation process Windows FreeBSD PHP ASP Computer Sciences Datavetenskap (datalogi)
90	Generating web applications containing XSS and CSRF vulnerabilities Ahlberg, Gustav January 2014 (has links) Most of the people in the industrial world are using several web applications every day. Many of those web applications contain vulnerabilities that can allow attackers to steal sensitive data from the web application's users. One way to detect these vulnerabilities is to have a penetration tester examine the web application. A common way to train penetration testers to find vulnerabilities is to challenge them with realistic web applications that contain vulnerabilities. The penetration tester's assignment is to try to locate and exploit the vulnerabilities in the web application. Training on the same web application twice will not provide any new challenges to the penetration tester, because the penetration tester already knows how to exploit all the vulnerabilities in the web application. Therefore, a vast number of web applications and variants of web applications are needed to train on. This thesis describes a tool designed and developed to automatically generate vulnerable web applications. First a web application is prepared, so that the tool can generate a vulnerable version of the web application. The tool injects Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities in prepared web applications. Different variations of the same vulnerability can also be injected, so that different methods are needed to exploit the vulnerability depending on the variation. A purpose of the tool is that it should generate web applications which shall be used to train penetration testers, and some of the vulnerabilities the tool can inject, cannot be detected by current free web application vulnerability scanners, and would thus need to be detected by a penetration tester. To inject the vulnerabilities, the tool uses abstract syntax trees and taint analysis to detect where vulnerabilities can be injected in the prepared web applications. Tests confirm that web application vulnerability scanners cannot find all the vulnerabilities on the web applications which have been generated by the tool. Web security CSRF XSS Cross Site Request Forgery Cross Site Scripting Taint analysis vulnerability generating web applications Computer Sciences Datavetenskap (datalogi)

Search results