Abstract: Cloud computing has seen tremendous growth, particularly for commercial web applications. The on-demand, pay-as-you-go model creates a flexible and cost-effective means to access compute resources. For these reasons, the scientific computing community has shown increasing interest in exploring cloud computing. However, the underlying implementation and performance of clouds are very different from those at traditional supercomputing centers. It is therefore critical to evaluate the performance of HPC applications in today’s cloud environments to understand the tradeoffs inherent in migrating to the cloud. This work represents the most comprehensive evaluation to date comparing conventional HPC platforms to Amazon EC2, using real applications representative of the workload at a typical supercomputing center. Overall results indicate that EC2 is six times slower than a typical mid-range Linux cluster, and twenty times slower than a modern HPC system. The interconnect on the EC2 cloud platform severely limits performance and causes significant variability.

Abstract: This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code. Native Client aims to give browser-based applications the computational performance of native applications without compromising safety. Native Client uses software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client. Native Client provides operating system portability for binary code while supporting performance-oriented features generally absent from web application programming environments, such as thread support, instruction set extensions such as SSE, and use of compiler intrinsics and hand-coded assembler. We combine these properties in an open architecture that encourages community review and 3rd-party tools.

Abstract: The traditional epidemiologic modes of data collection, including paper-and-pencil questionnaires and interviews, have several limitations, such as decreasing response rates over the last decades and high costs in large study populations. The use of Web-based questionnaires may be an attractive alternative but is still scarce in epidemiologic research because of major concerns about selective nonresponse and reliability of the data obtained. The authors discuss advantages and disadvantages of Web-based questionnaires and current developments in this area. In addition, they focus on some practical issues and safety concerns involved in the application of Web-based questionnaires in epidemiologic research. They conclude that many problems related to the use of Web-based questionnaires have been solved or will most likely be solved in the near future and that this mode of data collection offers serious benefits. However, questionnaire design issues may have a major impact on response and completion rates and on reliability of the data. Theoretically, Web-based questionnaires could be considered an alternative or complementary mode in the range of epidemiologic methods of data collection. Practice and comparisons with the traditional survey techniques should reveal whether they can fulfill their expectations.

Abstract: How does MongoDB help you manage a huMONGOus amount of data collected through your web application? With this authoritative introduction, you'll learn the many advantages of using document-oriented databases, and discover why MongoDB is a reliable, high-performance system that allows for almost infinite horizontal scalability. Written by engineers from 10gen, the company that develops and supports this open source database, MongoDB: The Definitive Guide provides guidance for database developers, advanced configuration for system administrators, and an overview of the concepts and use cases for other people on your project. Learn how easy it is to handle data as self-contained JSON-style documents, rather than as records in a relational database. Explore ways that document-oriented storage will work for your project Learn how MongoDBs schema-free data model handles documents, collections, and multiple databases Execute basic write operations, and create complex queries to find data with any criteria Use indexes, aggregation tools, and other advanced query techniques Learn about monitoring, security and authentication, backup and repair, and more Set up master-slave and automatic failover replication in MongoDB Use sharding to scale MongoDB horizontally, and learn how it impacts applications Get example applications written in Java, PHP, Python, and Ruby

Abstract: Cytobank is a Web-based application for storage, analysis, and sharing of flow cytometry experiments. Researchers use a Web browser to log in and use a wide range of tools developed for basic and advanced flow cytometry. In addition to providing access to standard cytometry tools from any computer, Cytobank creates a platform and community for developing new analysis and publication tools. Figure layouts created on Cytobank are designed to allow transparent access to the underlying experiment annotation and data processing steps. Since all flow cytometry files and analysis data are stored on a central server, experiments and figures can be viewed or edited by anyone with the proper permission, from any computer with Internet access. Once a primary researcher has performed the initial analysis of the data, collaborators can engage in experiment analysis and make their own figure layouts using the gated, compensated experiment files. Cytobank is available to the scientific community at http://www.cytobank.org.

Abstract: As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly complex. However, few automated vulnerability analysis tools for JavaScript exist. In this paper, we describe the first system for exploring the execution space of JavaScript code using symbolic execution. To handle JavaScript code’s complex use of string operations, we design a new language of string constraints and implement a solver for it. We build an automatic end-to-end tool, Kudzu, and apply it to the problem of finding client-side code injection vulnerabilities. In experiments on 18 live web applications, Kudzu automatically discovers 2 previously unknown vulnerabilities and 9 more that were previously found only with a manually-constructed test suite.

Abstract: Black-box web application vulnerability scanners are automated tools that probe web applications for security vulnerabilities. In order to assess the current state of the art, we obtained access to eight leading tools and carried out a study of: (i) the class of vulnerabilities tested by these scanners, (ii) their effectiveness against target vulnerabilities, and (iii) the relevance of the target vulnerabilities to vulnerabilities found in the wild. To conduct our study we used a custom web application vulnerable to known and projected vulnerabilities, and previous versions of widely used web applications containing known vulnerabilities. Our results show the promise and effectiveness of automated tools, as a group, and also some limitations. In particular, "stored" forms of Cross Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities are not currently found by many tools. Because our goal is to assess the potential of future research, not to evaluate specific vendors, we do not report comparative data or make any recommendations about purchase of specific tools.

Abstract: Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as "point-and-click pentesting" tools that automatically evaluate the security of web applications with little or no human support. These tools access a web application in the same way users do, and, therefore, have the advantage of being independent of the particular technology used to implement the web application. However, these tools need to be able to access and test the application's various components, which are often hidden behind forms, JavaScript-generated links, and Flash applications. This paper presents an evaluation of eleven black-box web vulnerability scanners, both commercial and open-source. The evaluation composes different types of vulnerabilities with different challenges to the crawling capabilities of the tools. These tests are integrated in a realistic web application. The results of the evaluation show that crawling is a task that is as critical and challenging to the overall ability to detect vulnerabilities as the vulnerability detection techniques themselves, and that many classes of vulnerabilities are completely overlooked by these tools, and thus research is required to improve the automated detection of these flaws.

Abstract: This disclosure is directed to a system and method for providing advisement about applications on mobile communication devices such as smartphones, netbooks, and tablets. A server gathers data about mobile applications, analyzes the applications, and produces an assessment that may advise users on a variety of factors, including security, privacy, battery impact, performance impact, and network usage. The disclosure helps users understand the impact of applications to improve the experience in using their mobile device. The disclosure also enables a server to feed information about applications to other protection systems such as application policy systems and network infrastructure. The disclosure also enables advisement about applications to be presented in a variety of forms, such as through a mobile application, as part of a web application, or integrated into other services via an API.

Abstract: In embodiments of the present invention improved capabilities are described for multiple web-based content category searching for web content on a mobile communication facility comprising capturing speech presented by a user using a resident capture facility on the mobile communication facility; transmitting at least a portion of the captured speech as data through a wireless communication facility to a speech recognition facility; generating speech-to-text results for the captured speech utilizing the speech recognition facility; and transmitting the text results and a plurality of formatting rules specifying how search text may be used to form a query for a search capability on the mobile communications facility, wherein each formatting rule is associated with a category of content to be searched.

Abstract: More and more products and services are being deployed on the web, and this presents new challenges and opportunities for measurement of user experience on a large scale. There is a strong need for user-centered metrics for web applications, which can be used to measure progress towards key goals, and drive product decisions. In this note, we describe the HEART framework for user-centered metrics, as well as a process for mapping product goals to metrics. We include practical examples of how HEART metrics have helped product teams make decisions that are both data-driven and user-centered. The framework and process have generalized to enough of our company's own products that we are confident that teams in other organizations will be able to reuse or adapt them. We also hope to encourage more research into metrics based on large-scale behavioral data.

Abstract: Web script crashes and malformed dynamically generated webpages are common errors, and they seriously impact the usability of Web applications. Current tools for webpage validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic Web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests so that the resulting bug reports are small and useful in finding and fixing the underlying faults. Our tool Apollo implements the technique for the PHP programming language. Apollo generates test inputs for a Web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo's algorithms and implementation, and an experimental evaluation that revealed 673 faults in six PHP Web applications.

Abstract: This book is about the next generation of the Google Maps API. It will provide the reader with the skills and knowledge necessary to incorporate Google Maps v3 on web pages in both desktop and mobile browsers. It also describes how to deal with common problems that most map developers encounter at some point, like performance and usability issues with having too many markers and possible solutions to that. Introduction to the Google Maps API v3 Solutions to common problems most developers encounters (too many markers, common JavaScript pitfalls) Best practices using HTML/CSS/JavaScript and Google Maps What youll learn Building reliable Google Maps web applications How to transfer from version 2 to version 3 of the API Best practices using HTML/CSS/JavaScript Dealing with large amounts of map markers How to look up addresses and coordinates using GeoCoding and reversed GeoCoding Who this book is for Web designers/web developers with a basic knowledge of HTML, CSS and JavaScript, as well as people with knowledge of the old Google Maps API that needs help to easily transfer to the new API. And, this book is for anyone interested in learning how to integrate Google Maps on their web page.

Abstract: A system enabling service communications in distributed Web applications between servers otherwise inaccessible due to cross-origin security restrictions in pre-HTML5 compliant Web-browser clients. A Web-browser client executes a client-side Web application received from a source origin server having a defined source origin and requests connections to request identified Web-application services. Execution of an emulation client library establishes a bidirectional capable HTTP-based communications connection between the Web-browser client and a gateway server, having a target origin outside the scope of the source origin, providing access to the request identified Web-application service. The bidirectional capable HTTP-based communications connection includes a cross-origin communications bridge providing a secure communications path between the source and target origins. The gateway server can establish an HTML5 compliant connection to a target defined service, provided by a target server, having a predefined relation to the request identified Web-application service.

Abstract: Cross-browser (and cross-platform) issues are prevalent in modern web based applications and range from minor cosmetic bugs to critical functional failures. In spite of the relevance of these issues, cross-browser testing of web applications is still a fairly immature field. Existing tools and techniques require a considerable manual effort to identify such issues and provide limited support to developers for fixing the underlying cause of the issues. To address these limitations, we propose a technique for automatically detecting cross-browser issues and assisting their diagnosis. Our approach is dynamic and is based on differential testing. It compares the behavior of a web application in different web browsers, identifies differences in behavior as potential issues, and reports them to the developers. Given a page to be analyzed, the comparison is performed by combining a structural analysis of the information in the page's DOM and a visual analysis of the page's appearance, obtained through screen captures. To evaluate the usefulness of our approach, we implemented our technique in a tool, called WEBDIFF, and used WEBDIFF to identify cross-browser issues in nine real web applications. The results of our evaluation are promising, in that WEBDIFF was able to automatically identify 121 issues in the applications, while generating only 21 false positives. Moreover, many of these false positives are due to limitations in the current implementation of WEBDIFF and could be eliminated with suitable engineering.

Abstract: Mugshot is a system that captures every event in an executing JavaScript program, allowing developers to deterministically replay past executions of web applications. Replay is useful for a variety of reasons: failure analysis using debugging tools, performance evaluation, and even usability analysis of a GUI. Because Mugshot can replay every execution step that led to a failure, it is far more useful for performing root-cause analysis than today's commonly deployed client-based error reporting systems--core dumps and stack traces can only give developers a snapshot of the system after a failure has occurred.Many logging systems require a specially instrumented execution environment like a virtual machine or a custom program interpreter. In contrast, Mugshot's client-side component is implemented entirely in standard JavaScript, providing event capture on unmodified client browsers. Mugshot imposes low overhead in terms of storage (20-80KB/minute) and computation (slowdowns of about 7% for games with high event rates). This combination of features--a low-overhead library that runs in unmodified browers--makes Mugshot one of the first capture systems that is practical to deploy to every client and run in the common case. With Mugshot, developers can collect widespread traces from programs in the field, gaining a visibility into application execution that is typically only available in a controlled development environment.

Abstract: JavaScript is widely used in web-based applications and is increasingly popular with developers. So-called browser wars in recent years have focused on JavaScript performance, specifically claiming comparative results based on benchmark suites such as SunSpider and V8. In this paper we evaluate the behavior of JavaScript web applications from commercial web sites and compare this behavior with the benchmarks. We measure two specific areas of JavaScript runtime behavior: 1) functions and code and 2) events and handlers. We find that the benchmarks are not representative of many real web sites and that conclusions reached from measuring the benchmarks may be misleading. Specific common behaviors of real web sites that are underem-phasized in the benchmarks include event-driven execution, instruction mix similarity, cold-code dominance, and the prevalence of short functions. We hope our results will convince the JavaScript community to develop and adopt benchmarks that are more representative of real web applications.

Abstract: The complexity of the client-side components of web applications has exploded with the increase in popularity of web 2.0 applications. Today, traditional desktop applications, such as document viewers, presentation tools and chat applications are commonly available as online JavaScript applications. Previous research on web vulnerabilities has primarily concentrated on flaws in the server-side components of web applications. This paper highlights a new class of vulnerabilities, which we term client-side validation (or CSV) vulnerabilities. CSV vulnerabilities arise from unsafe usage of untrusted data in the client-side code of the web application that is typically written in JavaScript. In this paper, we demonstrate that they can result in a broad spectrum of attacks. Our work provides empirical evidence that CSV vulnerabilities are not merely conceptual but are prevalent in today’s web applications. We propose dynamic analysis techniques to systematically discover vulnerabilities of this class. The techniques are light-weight, efficient, and have no false positives. We implement our techniques in a prototype tool called FLAX, which scales to real-world applications and has discovered 11 vulnerabilities in the wild so far.

Abstract: Modern Web solutions resemble desktop applications, enabling sophisticated user interactions, client-side processing, asynchronous communications, and multimedia. A pure HTTP/HTML architecture fails to support these required capabilities in several respects. The "network as platform computing" idea, strengthened by Web 2.0's emergence, has accentuated HTML/HTTP's limits. This is the reason why many developers are switching to novel technologies, known under the collective name of rich Internet applications (RIAs). RIAs combine the Web's lightweight distribution architecture with desktop applications' interface interactivity and computation power, and the resulting combination improves all the elements of a Web application (data, business logic, communication, and presentation). This special issue briefly introduces the main characteristics and benefits of RIAs and highlights the research challenges in their development. The issue features two articles that address some of these open problems. One focuses on language and architecture issues, whereas the other deals with the methodological principles at the base of a model-driven approach to RIA development. Despite these efforts, the research community must continue investigating to propose novel methods and tools to make their development more systematic and efficient.

Abstract: This paper discusses the potential opportunities and challenges of applying content analysis to Web based content, in particular the content available on Web 20 sites The relative strengths and limitations of the method are described To illustrate how content analysis may be applied to web-based content we provide a brief overview of a case study that investigates cultural impacts on the use of design features with regards to self-disclosure on the blogs of South Korean and United Kingdom's users In this study we followed the steps proposed by Neuendorf for conducting the content analysis Based on our experience in using content analysis in that study we made several suggestions on how content analysis of the Web based content can be improved

Abstract: Understanding the structure and evolution of web-based user-object networks is a significant task since they play a crucial role in e-commerce nowadays. This letter reports the empirical analysis on two large-scale web sites, audioscrobbler.com and del.icio.us, where users are connected with music groups and bookmarks, respectively. The degree distributions and degree-degree correlations for both users and objects are reported. We propose a new index, named collaborative similarity, to quantify the diversity of tastes based on the collaborative selection. Accordingly, the correlation between degree and selection diversity is investigated. We report some novel phenomena well characterizing the selection mechanism of web users and outline the relevance of these phenomena to the information recommendation problem.

Abstract: A gateway server interoperates with client and remote server systems to provide stateless security management for a distributed Web application. A Web client application on the client system initiates a WebSocket connection directed to a remote Web service by performing an authentication challenge directed to a user of the Web-browser client where a secure token is not present in a local store instance corresponding to the client application. The authentication challenge obtains the user credentials and then exchanges the user credentials with the gateway server for a secure token. The secure token is then sent in a protocol specific connect message to the gateway server. The gateway server, in response to receipt of the connect message, initiates a WebSocket connection directed to the remote Web service by inspecting the connect message to recover the secure token, evaluating the secure token to obtain user credentials, injecting the secure token with the user credentials, and sending the connect message to the remote Web service.

Abstract: Web technologies provide the basis to distribute digital information worldwide and in realtime but they have also established the Web as a ubiquitous application platform. The Web evolved from simple text data to include advanced layout, images, audio, and recently streaming video. Today, as our digital environment becomes increasingly three-dimensional (e.g. 3D cinema, 3D video, consumer 3D displays, and high-performance 3D processing even in mobile devices) it becomes obvious that we must extend the core Web technologies to support interactive 3D content.Instead of adapting existing graphics technologies to the Web, XML3D uses a more radical approach: We take today's Web technology and try to find the minimum set of additions that fully support interactive 3D content as an integral part of mixed 2D/3D Web documents.XML3D enables portable cross-platform authoring, distribution, and rendering of and interaction with 3D data. As a declarative approach XML3D fully leverages existing web technologies including HTML, Cascading Style Sheets (CSS), the Document Object Model (DOM), and AJAX for dynamic content. All 3D content is exposed in the DOM, fully supporting DOM scripting and events, thus allowing Web designers to easily apply their existing skills. The design of XML3D is based on modern programmable graphics hardware, e.g. supports efficient mapping to GPUs without maintaining copies. It also leverages a new approach to specify shaders independently of specific rendering techniques or graphics APIs. We demonstrated the feasibility of our approach by integrating XML3D support into two major open browser frameworks from Mozilla and WebKit as well as providing a portable implementation based on JavaScript and WebGL.

Abstract: Method and apparatus for integrating distributed shared services system which integrates web based applications with each other and with other centralized application to provide a single sign-on approach for authentication and authorization services for distributed web sites requiring no access time back to the authentication/authorization server is provided.

Abstract: Summary: The SMARTCyp server is the first web application for site of metabolism prediction of cytochrome P450-mediated drug metabolism. Availability: The SMARTCyp server is freely available for use on the web at www.farma.ku.dk/smartcyp where the SMARTCyp Java program and source code is also available for download. Contact:[email protected]; [email protected] Supplementary information:Supplementary data are available at Bioinformatics online.