Spelling suggestions: "subject:"eeb applicatication."" "subject:"eeb ratios:application.""
31 |
Verifying Web Application Vulnerabilities by Model CheckingHung, Chun-Chieh 20 August 2009 (has links)
Due to the continued development of Internet technology, more and more people are willing to take advantage of high-interaction and diverse web applications to deal with commercial, knowledge-sharing, and social activities. However, while web applications deeply affect our society by degrees, hackers start exploiting web application vulnerabilities to attack innocent end user and back-end database, and therefore pose significant threat in information security.
According to this situation, this paper proposes a detection mechanism based on Model Checking to detect web application vulnerabilities. We reduce the problem whether the vulnerabilities exist or not to a kind of SMT (Satisfiability Modulo Theories) problem, and analyze all of the traces of tainted data flow in web applications to find possible vulnerabilities by SMT solver. The experimental results show that the method we proposed can identify SQL injection and XSS vulnerabilities effectively, and prove our method is a feasible way to find web application vulnerabilities.
|
32 |
Internetinės duomenų apdorojimo sąsajos kūrimas: metodologija ir įrankis / Creation of internet data processing interface: methodology and toolStasiūnas, Tomas 26 May 2005 (has links)
With increase of a web application popularity there was a necessity of simplification of their creation. In this paper ways of creation electronic data processing and opportunities of their simplification are investigated. Models of web application and tools for their creation are considered in the paper. Being based on this analysis the model which more all would approach for creation of the fast interface of data processing is offered. It is based on the user interface architecture separated from logic of activity. The offered model is realized by system of programs PHPForm on a platform Eclipse, the comparative analysis of the created and existing products is executed.
|
33 |
A Model-driven Penetration Test Framework for Web ApplicationsXiong, Pulei 12 January 2012 (has links)
Penetration testing is widely used in industry as a test method for web application security assessment. However, penetration testing is often performed late in a software development life cycle as an isolated task and usually requires specialized security experts. There is no well-defined test framework providing guidance and support to general testers who usually do not have in-depth security expertise to perform a systematic and cost-efficient penetration test campaign throughout a security-oriented software development life cycle.
In this thesis, we propose a model-driven penetration test framework for web applications that consists of a penetration test methodology, a grey-box test architecture, a web security knowledge base, a test campaign model, and a knowledge-based PenTest workbench. The test framework enables general testers to perform a penetration test campaign in a model-driven approach that is fully integrated into a security-oriented software development life cycle. Security experts are still required to build up and maintain a web security knowledgebase for test campaigns, but the general testers are capable of developing and executing penetration test campaigns with reduced complexity and increased reusability in a systematic and cost-efficient approach.
A prototype of the framework has been implemented and applied to three web applications: the benchmark WebGoat web application, a hospital adverse event management system (AEMS), and a palliative pain and symptom management system (PAL-IS). An evaluation of the test framework prototype based on the case studies indicates the potential of the proposed test framework to improve how penetration test campaigns are performed and integrated into a security-oriented software development life cycle.
|
34 |
The development of an integrated database of the model organism Bacillus subtilisMichna, Raphael 13 January 2016 (has links)
No description available.
|
35 |
Nouveauté technologique et milieu professionnel : la tablette tactile et les acteurs de l'immobilier / Technological novelty and occupational world : the touchscreen tablet and the real estate’s professionalsThevenot, Pauline 06 March 2015 (has links)
En milieu professionnel, les acteurs d’un nouveau dispositif technologique doivent faire face à de nombreux inconnus : objet technique inédit, technologie non maitrisée, manière de faire différente, usager inconnu, etc. À partir de l’étude des représentations et des pratiques associées aux tablettes tactiles, nous avons interrogé la construction du sens des usages en situation de nouveauté technologique. Pour cela, nous avons étudié une web application d’états des lieux immobiliers développée peu de temps après le lancement des tablettes tactiles en France. Les représentations à l’œuvre agissent en réaction à l’inconnu, au non maitrisé et en constituent une première forme de gestion. Pour la tablette tactile, objet de convergence technologique et fonctionnelle, l’inconnu et le rapport à celui-ci renvoient à un paradoxe : la tablette se présente comme étant en rupture avec le paysage numérique existant tout en se positionnant sur des fonctionnalités et des pratiques préexistantes. Dès lors, entre expérience et nouveauté technologique, comment le sens des usages se construit-il en situation professionnelle ? Comment le paradoxe de la tablette tactile intervient-il dans le développement informatique ? / In occupational world, the actors of a new technological device have to deal with numerous elements which are unknowns: unpublished device, new technology, new practices, unknown users, etc. From the study of the representations and the practices which are associated with touch screen tablets, we questioned the construction of the sense of the uses in situation of technological novelty. For that purpose, we studied a web application for real estate situations which was developed a little time after the launch of touchpads in France. The representations act in reaction to the unknowns’ elements, to the not mastered and establish a first shape of management. For the tablet computer, the object of technological and functional convergence, the unknown and the relationship in this one highlight to a paradox: the touchscreen tablet appears as in break with the existing digital devices and positioning on features and pre-existent practices. From then on, between experience and technological novelty, how sense of the practices builds itself in professional situation? How does the paradox of the touchscreen tablet intervenes in a IT development ?
|
36 |
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-box Web Vulnerability ScannersKhalil, Rana Fouad 19 December 2018 (has links)
Black-box web application vulnerability scanners are automated tools that are used to crawl a web application to look for vulnerabilities. These tools are often used in one of two ways. In the first approach, scanners are used as Point-and-Shoot tools where a scanner is only given the root URL of an application and asked to scan the site. Whereas, in the second approach, scanners are first configured to maximize the crawling coverage and vulnerability detection accuracy. Although the performance of leading commercial scanners has been thoroughly studied, very little research has been done to evaluate open-source scanners. This paper presents a feature and performance evaluation of five open-source scanners. We analyze the crawling coverage, vulnerability detection accuracy, scanning speed, report- ing and usability features. The scanners are tested against two well known benchmarks: WIVET and WAVSEP. Additionally, the scanners are tested against a realistic web application called WackoPicko. The chosen benchmarks are composed of a wide range of vulnerabilities and crawling challenges. Each scanner is tested in two modes: default and configured. Lastly, the scanners are compared with the state of the art commercial scanner Burp Suite Professional.
Our results show that being able to properly crawl a web application is a critical task in detecting vulnerabilities. Unfortunately, the majority of the scanners evaluated had difficulty crawling through common web technologies such as dynamically generated JavaScript content and Flash applications. We also identified several classes of vulnerabilities that are not being detected by the scanners. Furthermore, our results show that scanners displayed considerable improvement when run in configured mode.
|
37 |
Data visualization for the modern web : A look into tools and techniques for visualizing data in Angular 5 applicationsAlmroth, Tobias January 2018 (has links)
This paper looks into how data is best visualized and how visualizations should be designed to be most easily perceived. Furthermore the study looks into what tools there are available on the market today for visualizing data in angular 5 applications. With regards to a client, a developer team from the swedish police IT-department, the tools are evaluated and the one most suitable for the client is found. The paper also looks into how a dynamic data solution can be developed in angular 5. A solution where data can be selected in one component and displayed in another. To answer the questions sought a study of previous research into data visualization was done as well as a look into how angular 5 applications can be developed. Interviews with the clients were held where their specific requirements on visualization tools were identified. After searching and listing available visualization tools on the market the tools were evaluated against the clients requirements and a prototype application were developed. Showcasing both the most suitable tool and its integration but also a dynamic data solution in angular 5. As a conclusion data visualizations should be made as simple as possible with the main focus on the data. When it comes to tools the one most suitable to the client was Chart.js that easily integrated into an angular 5 application. An application that thanks to angular’s features is well equipped for handling and developing dynamic data solutions.
|
38 |
Beach Museum Web ApplicationKakkireni, Nithin Kumar January 1900 (has links)
Master of Science / Department of Computer Science / Daniel Andresen / This project involves in developing a responsive web application for Beach Museum at Manhattan, Kansas. Application is built on development boxes using Amazon web services. Project is built on MVC architecture that helps user to search images, create their own collection from the images and include an admin module. Migrating the current existing SQL database to couchDB for better performance of the available data. Integrated Apache Lucene to support text search in the couch database writing different indexes to retrieve the results. Implementing core functionalities like basic search, advanced search, filter objects with respective to artist, decade, object type and relevance using different indexes and Mango queries in the couchDB. Search Results are further chunked and displayed to the user. Web storage API’s were used to provide the functionality for a user to create their own collection (set of Images). Built an Admin module to perform CRUD operations the database. Admin module involves in creating exhibitions, adding/editing works and artists in the couch DB.
|
39 |
Online job portalChakravarty, Urmi January 1900 (has links)
Master of Science / Department of Computing and Information Sciences / Daniel A. Andresen / “Dreams Job” is an online Job Search Portal, a web application through which job seekers can register and apply for jobs. Through this portal employers can also post their jobs and review applications. The traditional recruitment systems are time taking and costly. A job seeker must find jobs through advertisements, college fairs, job fairs etc., and the employers must put in much effort to find the right candidate for a vacant position. This application addresses such shortcomings and is a convenient platform for both job seekers to find and apply for jobs and for employers to post jobs and review applications with much ease. Candidates can search for jobs in any field through advanced search capabilities. They can upload their resumes to this application which is stored for future use also. Employers can download these resumes and post/delete job positions. The admin controls this portal and makes the decision about companies and jobs that can access/appear in this portal. Candidates and Employers can use this portal without any geographical barrier, from any part of the world. This application is also developed by using some cutting-edge technologies that are in great demand in the IT industry today. Some of them are NodeJS, AngularJS, Sequelize ORM, etc.
|
40 |
Improving information sharing between teachers and assistants : Implementation and testing of a web application / Förbättring av informationsdelning mellan lärare och assistenter : Implementation och testning av en webbapplikationLindroth, Kalle, Olsson, Daniel January 2018 (has links)
The teachers at Linköpings University are currently using an emailclient to handle the sharing of information between teachers involved ina course. This is inefficient due to the difficulty of sharing existinginformation with new course memebers, sharing new information with existingcourse members and finding specific information is an issue because of thelack of course separation. Some features, such as handing over a courseto a new leading teacher, are also lacking which makes course managementdifficult. To solve this issue, we have developed a web application whichfocuses on its usability and efficiency to make it easier for coursestaff to share course information. By performing usability and efficiencytests where test subjects used the new application as well as the oldemail system we established that the newly developed application with itsadditional features became an improvement over the old email system.
|
Page generated in 0.0897 seconds