241 |
Proposta de uma metodologia de medição e priorização de segurança de acesso para aplicações WEB. / Proposal of a methodology for measuring and prioritization access security for WEB applications.Regina Maria Thienne Colombo 26 March 2014 (has links)
Em um mundo tecnológico e globalmente interconectado, em que indivíduos e organizações executam transações na web com frequência, a questão da segurança de software é imprescindível, ela é necessária em diversos nichos: segurança das redes de computadores, dos computadores e dos softwares. A implantação de um sistema de segurança que abrange todos os aspectos é extensa e complexa, ao mesmo tempo em que a exploração de vulnerabilidades e ataques é exponencialmente crescente. Por causa da natureza do software e de sua disponibilidade na web, a garantia de segurança nunca será total, porém é possível planejar, implementar, medir e avaliar o sistema de segurança e finalmente melhorá-la. Atualmente, o conhecimento específico em segurança é detalhado e fragmentado em seus diversos nichos, a visão entre os especialistas de segurança é sempre muito ligada ao ambiente interno da computação. A medição de atributos de segurança é um meio de conhecer e acompanhar o estado da segurança de um software. Esta pesquisa tem como objetivo apresentar uma abordagem top-down para medição da segurança de acesso de aplicações web. A partir de um conjunto de propriedades de segurança reconhecidas mundialmente, porém propriedades estas intangíveis, é proposta uma metodologia de medição e priorização de atributos de segurança para conhecer o nível de segurança de aplicações web e tomar as ações necessárias para sua melhoria. Define-se um modelo de referência para segurança de acesso e o método processo de análise hierárquica apoia a obtenção de atributos mensuráveis e visualização do estado da segurança de acesso de uma aplicação web. / In a technological world and globally interconnected, in which individuals and organizations perform transactions on the web often, the issue of software security is essential, it is needed in several niches: security of computer networks, computers and software. The implementation of a security system that covers all aspects is extensive and complex, while the exploitation of vulnerabilities and attacks are increasing exponentially. Because of the nature of software and its availability on the web, ensure security will never be complete, but it is possible to plan, implement, measure and evaluate the security system and ultimately improve it. Currently, the specific knowledge in security is detailed and fragmented into its various niches; the view among security experts is always connected to the internal environment of computing. The measurement of security attributes is a way to know and monitor the state of software security. This research aims to present a top-down approach for measuring the access security of web applications. From a set of security properties globally recognized, however these intangible properties, I propose a measurement methodology and prioritization of security attributes to meet the security level of web applications and take necessary actions for improvement. It is defined a reference model for access security and a method of analytic hierarchy process to support the achievement of measurable attributes and status of the access security of a web application.
|
242 |
Análise de técnicas de reconhecimento de padrões para a identificação biométrica de usuários em aplicações WEB Utilizando faces a partir de vídeosKami, Guilherme José da Costa [UNESP] 05 August 2011 (has links) (PDF)
Made available in DSpace on 2014-06-11T19:29:40Z (GMT). No. of bitstreams: 0
Previous issue date: 2011-08-05Bitstream added on 2014-06-13T19:38:57Z : No. of bitstreams: 1
kami_gjc_me_sjrp.pdf: 1342570 bytes, checksum: 240c6d6b92fda1861dfbed94c9213a10 (MD5) / As técnicas para identificação biométrica têm evoluído cada vez mais devido à necessidade que os seres humanos têm de identificar as pessoas em tempo real e de forma precisa para permitir o acesso a determinados recursos, como por exemplo, as aplicações e serviços WEB. O reconhecimento facial é uma técnica biométrica que apresenta várias vantagens em relação às demais, tais como: uso de equipamentos simples e baratos para a obtenção das amostras e a possibilidade de se realizar o reconhecimento em sigilo e à distância. O reconhecimento de faces a partir de vídeo é uma tendência recente na área de Biometria. Esta dissertação tem por objetivo principal comparar diferentes técnicas de reconhecimento facial a partir de vídeo para determinar as que apresentam um melhor compromisso entre tempo de processamento e precisão. Outro objetivo é a incorporação dessas melhores técnicas no sistema de autenticação biométrica em ambientes de E-Learning, proposto em um trabalho anterior. Foi comparado o classificador vizinho mais próximo usando as medidas de distância Euclidiana e Mahalanobis com os seguintes classificadores: Redes Neurais MLP e SOM, K Vizinhos mais Próximos, Classificador Bayesiano, Máquinas de Vetores de Suporte (SVM) e Floresta de Caminhos Ótimos (OPF). Também foi avaliada a técnica de Modelos Ocultos de Markov (HMM). Nos experimentos realizados com a base Recogna Video Database, criada especialmente para uso neste trabalho, e Honda/UCSD Video Database, os classificadores apresentaram os melhores resultados em termos de precisão, com destaque para o classificador SVM da biblioteca SVM Torch. A técnica HMM, que incorpora informações temporais, apresentou resultados melhores do que as funções de distância, em termos de precisão, mas inferiores aos classificadores / The biometric identification techniques have evolved increasingly due to the need that humans have to identify people in real time to allow access to certain resources, such as applications and Web services. Facial recognition is a biometric technique that has several advantages over others. Some of these advantages are the use of simple and cheap equipment to obtain the samples and the ability to perform the recognition in covert mode. The face recognition from video is a recent approach in the area of Biometrics. The work in this dissertation aims at comparing different techniques for face recognition from video in order to find the best rates on processing time and accuracy. Another goal is the incorporation of these techniques in the biometric authentication system for E-Learning environments, proposed in an earlier work. We have compared the nearest neighbor classifier using the Euclidean and Mahalanobis distance measures with some other classifiers, such as neural networks (MLP and SOM), k-nearest neighbor, Bayesian classifier, Support Vector Machines (SVM), and Optimum Path Forest (OPF). We have also evaluated the Hidden Markov Model (HMM) approach, as a way of using the temporal information. In the experiments with Recogna Video Database, created especially for this study, and Honda/UCSD Video Database, the classifiers obtained the best accuracy, especially the SVM classifier from the SVM Torch library. HMM, which takes into account temporal information, presented better performance than the distance metrics, but worse than the classifiers
|
243 |
Understanding and automating application-level caching / Entendendo e automatizando cache a nível de aplicaçãoMertz, Jhonny Marcos Acordi January 2017 (has links)
O custo de serviços na Internet tem encorajado o uso de cache a nível de aplicação para suprir as demandas dos usuários e melhorar a escalabilidade e disponibilidade de aplicações. Cache a nível de aplicação, onde desenvolvedores manualmente controlam o conteúdo cacheado, tem sido adotada quando soluções tradicionais de cache não são capazes de atender aos requisitos de desempenho desejados. Apesar de sua crescente popularidade, este tipo de cache é tipicamente endereçado de maneira ad-hoc, uma vez que depende de detalhes específicos da aplicação para ser desenvolvida. Dessa forma, tal cache consiste em uma tarefa que requer tempo e esforço, além de ser altamente suscetível a erros. Esta dissertação avança o trabalho relacionado a cache a nível de aplicação provendo uma compreensão de seu estado de prática e automatizando a identificação de conteúdo cacheável, fornecendo assim suporte substancial aos desenvolvedores para o projeto, implementação e manutenção de soluções de caching. Mais especificamente, este trabalho apresenta três contribuições: a estruturação de conhecimento sobre caching derivado de um estudo qualitativo, um levantamento do estado da arte em abordagens de cache estáticas e adaptativas, e uma técnica que automatiza a difícil tarefa de identificar oportunidades de cache O estudo qualitativo, que envolveu a investigação de dez aplicações web (código aberto e comercial) com características diferentes, permitiu-nos determinar o estado de prática de cache a nível de aplicação, juntamente com orientações práticas aos desenvolvedores na forma de padrões e diretrizes. Com base nesses padrões e diretrizes derivados, também propomos uma abordagem para automatizar a identificação de métodos cacheáveis, que é geralmente realizado manualmente por desenvolvedores. Tal abordagem foi implementada como um framework, que pode ser integrado em aplicações web para identificar automaticamente oportunidades de cache em tempo de execução, com base na monitoração da execução do sistema e gerenciamento adaptativo das decisões de cache. Nós avaliamos a abordagem empiricamente com três aplicações web de código aberto, e os resultados indicam que a abordagem é capaz de identificar oportunidades de cache adequadas, melhorando o desempenho das aplicações em até 12,16%. / Latency and cost of Internet-based services are encouraging the use of application-level caching to continue satisfying users’ demands, and improve the scalability and availability of origin servers. Application-level caching, in which developers manually control cached content, has been adopted when traditional forms of caching are insufficient to meet such requirements. Despite its popularity, this level of caching is typically addressed in an adhoc way, given that it depends on specific details of the application. Furthermore, it forces application developers to reason about a crosscutting concern, which is unrelated to the application business logic. As a result, application-level caching is a time-consuming and error-prone task, becoming a common source of bugs. This dissertation advances work on application-level caching by providing an understanding of its state-of-practice and automating the decision regarding cacheable content, thus providing developers with substantial support to design, implement and maintain application-level caching solutions. More specifically, we provide three key contributions: structured knowledge derived from a qualitative study, a survey of the state-of-the-art on static and adaptive caching approaches, and a technique and framework that automate the challenging task of identifying cache opportunities The qualitative study, which involved the investigation of ten web applications (open-source and commercial) with different characteristics, allowed us to determine the state-of-practice of application-level caching, along with practical guidance to developers as patterns and guidelines to be followed. Based on such patterns and guidelines derived, we also propose an approach to automate the identification of cacheable methods, which is often manually done and is not supported by existing approaches to implement application-level caching. We implemented a caching framework that can be seamlessly integrated into web applications to automatically identify and cache opportunities at runtime, by monitoring system execution and adaptively managing caching decisions. We evaluated our approach empirically with three open-source web applications, and results indicate that we can identify adequate caching opportunities by improving application throughput up to 12.16%. Furthermore, our approach can prevent code tangling and raise the abstraction level of caching.
|
244 |
A comparison of UML and WAE-UML for the design of Web applicationsGustavsson, Mikael, Andersson, Heinz January 2005 (has links)
Since Web applications are very complex, compared to traditional client/server applications, Web application design with the UML can be obtrusively hard for a modeller. The grounds are that the UML does not define the correct semantics to be able to visualize a web application correctly. This is a qualitative reduction study where we have used interviews and our own experience during the redesign of a UML-modelled e-commerce application with WAE-UML. Using the flow of a case study we have tried to see if we can improve three quality attributes of a complete design. Stakeholder communication reflects the need of unambiguous design artefacts that are easy to understand and that mediate the real message of the use-case. The condition of the design artefacts should provide artefacts that resemble reality and that not are misleading and provide for verification and validation of the requirements. The last attribute maintainability should provide means for easy maintenance and updates. We found that WAE-UML can improve these quality attributes in a design but the impact it has on them is dependent on two major aspects. The first aspect concerns the designers’ judgment of detail in a design. A detailed design can be good considering requirements and use-case traceability and verification, but prohibit communication. Maintainability can also be improved in a detailed design because the diagrams are less abstract and a truer picture of the application. The second aspect is that it depends on the knowledge possessed of the semantics by the people in contact with the design documents. Due to the time aspect the people working in the industry that we interviewed were reluctant to modelling a Web application at all. They thought it would take a long time to learn WAE-UML but also for executing a design phase. / Contact e-mail: miga02@student.bth.se, hean01@student.bth.se
|
245 |
Comparing Progressive Web Applications with Native Android Applications : An evaluation of performance when it comes to response timeFransson, Rebecca, Driaguine, Alexandre January 2017 (has links)
Web applications are often described as being cross-platform. They are accessible from a multitude of different web browsers, which in turn are running on a multitude of different operating systems. For a time now, developers have used many different tools to create cross-platform applications for mobile devices with web technologies. However, these applications fail to deliver when taken out of their native environment, and often do not feel native at all. Enter Progressive Web Applications, PWA. PWA’s are applications written for the web with web technologies, running in a browser, but seasoned with some techniques that can make them behave like a native application when running on a mobile device. They are just ordinary web applications with native behaviour such as offline support, installability, and push notifications. The question that arises is - can this new type of web applications match Native Android Applications in performance, especially the response time when accessing the device's hardware? This report will try to answer that question
|
246 |
Analysis and improvement of a publication System : New approaches on Web ApplicationsRodriguez Fernandez, Angel January 2008 (has links)
The aim of this thesis is the research in modern web development tools to demonstrate in which ways can this raised technologies help to make a real application more user friendly, easy to maintain and extend, and more reliable. Some new approaches to Web applications will be presented in comparison with the traditional way, and a real application will be redesigned for including the lasts advances in Web technologies. / Analysis and improvement of a publication System
|
247 |
Penetration Testing in a Web Application EnvironmentVernersson, Susanne January 2010 (has links)
As the use of web applications is increasing among a number of different industries, many companies turn to online applications to promote their services. Companies see the great advantages with web applications such as convenience, low costs and little need of additional hardware or software configuration. Meanwhile, the threats against web applications are scaling up where the attacker is not in need of much experience or knowledge to hack a poorly secured web application as the service easily can be accessed over the Internet. While common attacks such as cross-site scripting and SQL injection are still around and very much in use since a number of years, the hacker community constantly discovers new exploits making businesses in need of higher security. Penetration testing is a method used to estimate the security of a computer system, network or web application. The aim is to reveal possible vulnerabilities that could be exploited by a malicious attacker and suggest solutions to the given problem at hand. With the right security fixes, a business system can go from being a threat to its users’ sensitive data to a secure and functional platform with just a few adjustments. This thesis aims to help the IT security consultants at Combitech AB with detecting and securing the most common web application exploits that companies suffer from today. By providing Combitech with safe and easy methods to discover and fix the top security deficiencies, the restricted time spent at a client due to budget concerns can be made more efficient thanks to improvements in the internal testing methodology. The project can additionally be of interest to teachers, students and developers who want to know more about web application testing and security as well as common exploit scenarios.
|
248 |
Metodika lokalizace webových aplikací / The methodology of localization of web applicationsMiřacký, Jan January 2014 (has links)
The paper addresses localization of web applications with extra focus on its principles. The goal of the paper was to design a localization methodology that might be used by startups as a handbook during development of their service that aims at customers abroad. The first partial goal was design of a questionnaire used to find out important aspects of localization from user's perspective. The second partial goal was to provide recommendations for Webgarden regarding enhancing cultural customization. The third partial goal was comparison of localization among Webgarden's competitors that represents a platform for generating websites. The main goal as well as all partial goals have been achieved. The phases of internationalization and localization were discussed in detail, therefore readers can get a good command of what needs to be done. The paper nonetheless doesn't go into much detail in technical matters. The Hofstede's cultural model has been introduced and has been used with cultural customization for different cultures. I used the methodology as well as the research results to suggest recommendations for the improvement of Webgarden's localization. It's been evaluated positive by native speakers and as such the methodology has been validated. My contribution was the design of the methodology and to provide Czech-based startups that are considering expanding to foreign markets with important information and guidance; another contribution were new recommendation for Webgarden.
|
249 |
Návrh webové aplikace pro internetovou fotobanku / Designing a web application for online photo-stock businessVávra, Ondřej January 2011 (has links)
This diploma thesis is focused on conceptual design of photo-stock web application, which uses information management to a comprehensive solution to the problem. The first part deals with the problem definition and related areas, as well as theoretical base. There are explained main terms that relate to photo-stock business and web application technologies. Since the proposal is focused on the area of electronic sales, attention here is focused on the current form of e-commerce, statistics and specifics, which arise from the electronic shopping. Then are mentioned characteristics of two methodologies - MMDIS methodology, which focuses on the multidimensional approach to system design and Chackland soft systems methodology. Methodologies and their phases are used to identify areas that need to be addressed in the proposal. Finally, describes the principles for designing successful web applications and basic parts of web audit. The second part is focused on understanding the complex situation that concerns the intention of creating a photo-stock business draft. There are identified lines of business, objectives and strategies of the organization. Based on the company's award is presented a basic specification of the application and the required functionality. Further segmentation is performed by potential customers. System approaches are defined by the root system definitions. Then are introduced analysis of competition and SWOT analysis, which is made from two views of access to the system. Summarized and discussed are economic and technical aspects of the proposal, including the income model. It is performed process system (identify processes, their connections and their information needs). Furthermore, the proposal deals with the possibilities of outsourcing in the data storage and networking basic parts of the system. All this information is transformed into the final design solution. This is outlined in terms of customer, vendor and business perspective. They are presented modified processes that were created in the process analysis. The specification and the design is formulated by questions and answers that bring the system. The following is a brief comparison with competing projects and an outline of further development options. The conclusion includes an appraisal of the work and its benefits.
|
250 |
Návrh webové aplikace pro místenkový rezervační systém / Design and implementation of the seat tickets reservation systemSedláček, Tomáš January 2013 (has links)
The topic of this master thesis is the design and development of the seat ticket reservation web application. Developed application should be useful for organizers of various cultural and sport events and should help them to manage ticket reservations agenda. Application should be useful for visitors of these events too. Visitors will be able to easily choose the preferred seats and complete the reservation within the application. The evaluation of existing tools designated for seat reservations management is the important part of this master thesis. According to the previous evaluation, the author's own experience and consultations with several organizers of public events, functionality requirements of the web application are specified. The acting roles are also defined and the most important use cases are stated for them. Web application of the seat reservation system is programmed using the latest web technologies such as PHP, Javascript, CSS3 and is based on the Nette PHP framework. The resulting web application is publicly accessible at http://demo.e mistenka.cz.
|
Page generated in 0.0318 seconds