Web Applications

It is a well-established fact that the Web applications require frequent maintenance because of cutting–edge business competitions. Further, such applications are maintained by third party in majority of the cases. This paper emphasizes that the factors like Analyzability, Changeability, Scalability, Stability and Testability as defined by ISO9126 standards are not sufficient. It is important to consider factors like the capability of maintenance team, management attitude of both client and maintenance organization. Further, the capability of the original Web application developer is also important.

Security modelling of web applications is a very important aspect of web application development. Security is a dynamic research domain, where new techniques are introduced whereas some older ones are declared deprecated. A working understanding of the basic security traits and the new techniques introduced to implement them leads to the designing of an effective security model. Also, the objective of the application should be analysed to find an acceptable balance between the security techniques implemented and their effect on the performance of the system.

Many of the performance tuning techniques applied to client/server applications that consisted of rewriting poorly written SQL code and tuning the database itself are not helpful when dealing with Web applications that are frequently unaffected by these performance improvement approaches. This tip describes some of the most common problem areas when dealing with Web application performance issues.

Nowadays the Web applications are a part of daily life on humanity. On these systems operate economics process as banking services, business sites, social networks and e-commerce. Many companies have established Intranets in order to linking data sharing in their productive process. In the scientific activity, big knowledge databases have been implemented, and the important events are broadcast by these applications.

implementations described in these studies, such as [13] [14] [16], rely on AspectJ. The work presented at [15] is closest to the objectives of our project. The authors propose an aspect to detect cross-site scripting. Their approach relies on sanitizing, i.e. replacing special characters by quoted ones, the input data submitted by users to web applications. The authors take the case of servlet based web applications. When data is submitted to a servlet, one of the issues which are raised consists in determining whether it comes from an end-user or whether it comes from another servlet which delegates the request by mean of the transfer mechanism provided by the servlet container. In the latter case, data is supposed to be trust worthy as it simply originates from another part of the application. In this case, the sanitizing can be skipped in order to save computation time. To achieve this, the authors propose to extend the syntax of the AspectJ pointcut language with a new construct to detect data flows: the servlet input is sanitized if and only if it is written back on the servlet output stream. As far as we know, this data flow operator remains at the level of a proposal and has not been implemented. Furthermore, it remains to be seen in what circumstances this solution is more efficient than a solution that would sanitize all input streams regardless of their origin.

Security testing is a type of software testing carried out by specialized team of software testers. Objective of security testing is to make the software secure from external or internal threats caused either by humans or malicious programs. Security testing basically checks, how good is software’s authorization mechanism, how strong is authentication, how software maintains confidentiality of the data, how does the software maintain integrity of the data, what is the availability of the software in an event of an attack on the software by hackers and malicious programs. Security testing requires good knowledge of application, technology, networking, security testing tools. With increasing number of web applications necessarily of security testing has increased to a greater extent [3]. Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. It also aims at verifying 6 basic principles as listed below:

Struts framework extends the Java Servlet API and engages MVC architecture. It means Model View Controller .Model hold JavaBeans, EJB and View hold JSP files and Controller hold out by Actions. It gives you a chance to create formable web applications based on JSP pages, Java Beans and XML. Struts architecture shown below

Imperva’s Web Application Attack Report (2012) have identified and investigated malicious traffic containing the following technical attacks: Remote File Inclusion (RFI), SQL Injection (SQLi), Local File Inclusion (LFI), Cross Site Scripting (XSS) and Directory Traversal (DT). Cross Site Scripting and Directory Traversal are the most prevalent classical attack types. It also investigated two types of Business Logic attacks: Email Extraction and Comment Spamming. Comment Spamming injects malicious links into comment fields to defraud consumers and alter search engine results. Email Extraction simply catalogs email addresses for building spam lists. These Business Logic attacks accounted for 14% of the analyzed malicious traffic. Email Extraction traffic was more prevalent than Comment Spamming. A full anatomy of BLAs is described in this report. Web applications face attacks that are becoming more diverse, more technically sophisticated and more difficult to detect and block. Obviously, security counter-measures must keep up with the threats to prevent damages and losses to the business and its customers.

The security issues of Ajax based applications are discussed in [10], [11] and in [13] its integration with web services is studied. The heart of Ajax is object XHR. XHR is based on JavaScript and that can cause trouble. Because JavaScript is visible client side browser. A mal-intentional person can edit that code and can be used to validation process. One of the major problem is in server-side, if there is no validation on data. In such case, there is great risk of exposition of vulnerabilities like SQL injection. Another problem is mal-practicing of programming. Sometimes programmer writes code for client side and includes validation process for server side. This problem becomes grave danger, when web application access many different servers for information and validation code is written on the client side. In such scenario, validation code should be on the server side, or for more security, validation code should be written on one server and then from the central server, other server validation should be done, instead of user interacting directly with other servers. The validation request sent by XMR is same as in case of common web applications. Validation and analysis of request to server is very important to avoid in mishap in security.

Abstract — Estimating size and effort is a crucial factor in application development projects and low error margins are a priority. In line with the very fast evolution of Internet technologies, all applications are quickly becoming Web Applications. Thus there is a clear need for an estimation model for these applications' development projects. The objective of this paper is to illustrate a new Web Application cost estimation model that can form the starting point for any development project. The concept of Web components can be well implied to calculate the Web size and effort. In this paper we have taken 10 projects of a software company and have calculated the effort and size using Web components.

The survey was intended to get idea of real world applications and their different aspects of design, layout, typography which is consistent to our predefined ISO 9126 quality models. The survey was carried on 1200 web applications for two years 2010 and 2011. The quality research which was done earlier was focused on general descriptions and was not focused on aspects that are required. In this study, we have moved beyond descriptive evidence to empirical evaluation and verification by developing a multi-dimensional quality factors based on ISO 9126. The results of the questionnaire uncovered four factors to be determinant. The factors are content, navigation, security and presentation. Aesthetic factor scored on higher than other factors. Security is also dominant factor in all these. Limitations of the study include those customarily associated with instrument building and survey methods. The web quality model has practical as well as theoretical research applications. In terms of practical applications a validated tool provides an important aspect for accessing the quality of web application.

method (Cost Estimation, Benchmarking, and Risk Assessment) in a new application domain, the area of web development. COBRA combines expert knowledge with data on a small number of projects to develop cost estimation models, which can also be used for risk analysis and benchmarking purposes. We modified and applied the method to the web applications of a small Australian company, specializing in web development. In this paper we present the modifications made to the COBRA method and results of applying the method. In our study, using data on twelve web applications, the estimates derived from our Web- COBRA model showed a Mean Magnitude of Relative Error (MMRE) of 0.17. This result significantly outperformed expert estimates from Allette Systems (MMRE 0.37). A result comparable to Web-COBRA was obtained when applying ordinary least squares regression with size in terms of Web Objects as an independent variable (MMRE 0.23).

management system. This system saves time and is more convenient to all. In this application houses are made available to potential bidders who can place bids on them. A bid is the amount of money for which a bidder is willing buy the house. An administrator will review bids and can accept one per House, in which case the house becomes unavailable to other bidders. This system is an exploration for integrating different web applications (like ASP.Net, Java, Silverlight) using web services concept. Language for communication between different web services will be XML (EXTENSIBLE MARKUP LANGUAGE). If format of xml generated is different for different applications then inbuilt XSLT transformation engine is used for mapping values. This case study will use the technologies like SOA, ASP.NET, JAVA, XML, XSLT, MS SQL Server 2000, Silverlight and WEB SERVICES.

Basically, web testing refers to the software testing that focuses on web applications. If testing is done properly before going live to the public then problems related to this will be removed & consumers will not face errors through testing.

Oracle E-Business Suite software and tools are deployed and managed on this tier. This tier eliminates the need to install and maintain application software on each desktop client. The software also has the potential to scale with load by moving components to separate hosts. Network traffic is kept low by passing only data, instead of passing graphical information like some screen scraping technologies. Oracle Web Applications Desktop Integrator business logic is installed on the middle tier.

Abstract: Threat analysis of a web application can lead to a wide variety of identified threats. Some of these threats will be very specific to the application; others will be more related to the underlying infrastructural software, such as the web or application servers, the database, the directory server and so forth. This paper analyzes the threats that can be related to the use of web services technology in a web application. It is part of a series of papers, written by different academic teams, that each focus on one particular technological building block for web applications.

After taking a survey on web structure mining & web usage mining the main algorithm is found out to follow for the further development of web applications that is HITS algorithm. This paper described several purposed web structure mining algorithms like Pagerank algorithm, weighted content Pagerank algorithm (WCPR), HITS etc. We analyzed their strengths and limitations and provide comparison among them. So we can say that this paper may be used as a reference by researchers when deciding which algorithm is suitable. We also try to overcome from the problem that particular algorithms have. This paper gives an insight into the possibility of merging data mining techniques with Web application analysis for achieving a synergetic effect of Web usage mining and its utilization in Web Applications Evaluation. The paper firstly describes the data preprocessing and pattern discovery steps, as pages based upon visits using weighted page content ranking and HITS. User clustering tries to discover groups of users having similar browsing patterns. Such knowledge is especially useful in Ecommerce applications for inferring user demographics in order to perform market segmentation while in the evaluation of Web site quality and developing web applications this knowledge is valuable for providing personalized Web content to the users. For the further research of web applications HITS will be the best.

Idea of Web Applications • Single directory or file – Servlets, JSP pages, HTML files, utility classes, beans, tag libraries, etc.. are bundled together in a single directory hierarchy o[r]

Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.

The first step towards analysis and restructuring in the definition of a model representing the various entities involved in Web applications and their mutual relationships is part of the study. The models proposed in literature usually aim at describing the Web application from a logical point of view at a high level of abstractions, as required when the application is being designed. We therefore define our own model of UML and MVC to fill the gap which is put forth in the next part of our thesis On the contrary; we focus our model on the implementation of the site, which is the starting point for analysis. We have added one more feature of storing the contents in an object oriented database OODB for reusability.