Abstract: A cloud computing environment provides the ability to deploy a web application that has been developed using one of a plurality of application frameworks and is configured to execute within one of a plurality of runtime environments. The cloud computing environment receives the web application in a package compatible with the runtime environment (e.g., a WAR file to be launched in an application server, for example) and dynamically binds available services by appropriately inserting service provisioning data (e.g., service network address, login credentials, etc.) into the package. The cloud computing environment then packages an instance of the runtime environment, a start script and the package into a web application deployment package, which is then transmitted to an application (e.g., container virtual machine, etc.). The application container unpacks the web application deployment package, installs the runtime environment, loads the web application package into the runtime environment and starts the start script, thereby deploying the web application in the application container.

Abstract: Current practice in testing JavaScript web applications requires manual construction of test cases, which is difficult and tedious. We present a framework for feedback-directed automated test generation for JavaScript in which execution is monitored to collect information that directs the test generator towards inputs that yield increased coverage. We implemented several instantiations of the framework, corresponding to variations on feedback-directed random testing, in a tool called Artemis. Experiments on a suite of JavaScript applications demonstrate that a simple instantiation of the framework that uses event handler registrations as feedback information produces surprisingly good coverage if enough tests are generated. By also using coverage information and read-write sets as feedback information, a slightly better level of coverage can be achieved, and sometimes with many fewer tests. The generated tests can be used for detecting HTML validity problems and other programming errors.

Abstract: WebView is an essential component in both Android and iOS platforms, enabling smartphone and tablet apps to embed a simple but powerful browser inside them. To achieve a better interaction between apps and their embedded "browsers", WebView provides a number of APIs, allowing code in apps to invoke and be invoked by the JavaScript code within the web pages, intercept their events, and modify those events. Using these features, apps can become customized "browsers" for their intended web applications. Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. The design of WebView changes the landscape of the Web, especially from the security perspective. Two essential pieces of the Web's security infrastructure are weakened if WebView and its APIs are used: the Trusted Computing Base (TCB) at the client side, and the sandbox protection implemented by browsers. As results, many attacks can be launched either against apps or by them. The objective of this paper is to present these attacks, analyze their fundamental causes, and discuss potential solutions.

Abstract: Background: The take-up of eHealth applications in general is still rather low and user attrition is often high. Only limited information is available about the use of eHealth technologies among specific patient groups. Objective: The aim of this study was to explore the factors that influence the initial and long-term use of a Web-based application (DiabetesCoach) for supporting the self-care of patients with type 2 diabetes. Methods: A mixed-methods research design was used for a process analysis of the actual usage of the Web application over a 2-year period and to identify user profiles. Research instruments included log files, interviews, usability tests, and a survey. Results: The DiabetesCoach was predominantly used for interactive features like online monitoring, personal data, and patient–nurse email contact. It was the continuous, personal feedback that particularly appealed to the patients; they felt more closely monitored by their nurse and encouraged to play a more active role in self-managing their disease. Despite the positive outcomes, usage of the Web application was hindered by low enrollment and nonusage attrition. The main barrier to enrollment had to do with a lack of access to the Internet (146/226, 65%). Although 68% (34/50) of the enrollees were continuous users, of whom 32% (16/50) could be defined as hardcore users (highly active), the remaining 32% (16/50) did not continue using the Web application for the full duration of the study period. Barriers to long-term use were primarily due to poor user-friendliness of the Web application (the absence of “push” factors or reminders) and selection of the “wrong” users; the well-regulated patients were not the ones who could benefit the most from system use because of a ceiling effect. Patients with a greater need for care seemed to be more engaged in long-term use; highly active users were significantly more often medication users than low/inactive users (P = .005) and had a longer diabetes duration (P = .03). Conclusion: Innovations in health care will diffuse more rapidly when technology is employed that is simple to use and has applicable components for interactivity. This would foresee the patients’ need for continuous and personalized feedback, in particular for patients with a greater need for care. From this study several factors appear to influence increased use of eHealth technologies: (1) avoiding selective enrollment, (2) making use of participatory design methods, and (3) developing push factors for persistence. Further research should focus on the causal relationship between using the system’s features and actual usage, as such a view would provide important evidence on how specific technology features can engage and captivate users.

Abstract: With the advent of Web 2.0 applications and new browsers, the cross-browser compatibility issue is becoming increasingly important. Although the problem is widely recognized among web developers, no systematic approach to tackle it exists today. None of the current tools, which provide screenshots or emulation environments, specifies any notion of cross-browser compatibility, much less check it automatically. In this paper, we pose the problem of cross-browser compatibility testing of modern web applications as a 'functional consistency' check of web application behavior across different web browsers and present an automated solution for it. Our approach consists of (1) automatically analyzing the given web application under different browser environments and capturing the behavior as a finite-state machine; (2) formally comparing the generated models for equivalence on a pairwise-basis and exposing any observed discrepancies. We validate our approach on several open-source and industrial case studies to demonstrate its effectiveness and real-world relevance.

Abstract: A computer implemented method for providing recommendations for an in-person meeting group, the method comprising: collecting user information, wherein the user information provides information related to topical interests and location information for at least one of a plurality of users; comparing the user information with a topical listing of in-person meeting groups in the same geographical region as the at least one user, wherein the in-person meeting group is formed and maintained through a web-based meeting facility; and providing an in-person meeting group recommendation to the at least one user based on the comparison.

Abstract: A few short years ago, most mobile devices were, for want of a better word, "dumb." Sure, there were some early smartphones, but they were either entirely e-mail focused or lacked sophisticated touch screens that could be used without a stylus. Even fewer shipped with a decent mobile browser capable of displaying anything more than simple text, links, and maybe an image. This meant if you had one of these devices, you were either a businessperson addicted to e-mail or an alpha geek hoping that this would be the year of the smartphone. Then Apple changed everything with the release of the iPhone, and our expectations for mobile experiences were completely reset.

Abstract: Leakage of private information from web applications— even when the traffic is encrypted—is a major security threat to many applications that use HTTP for data delivery. This paper considers the problem of inferring from encrypted HTTP traffic the web sites or web pages visited by a user. Existing browser-side approaches to this problem cannot defend against more advanced attacks, and serverside approaches usually require modifications to web entities, such as browsers, servers, or web objects. In this paper, we propose a novel browser-side system, namely HTTPOS, to prevent information leaks and offer much better scalability and flexibility. HTTPOS provides a comprehensive and configurable suite of traffic transformation techniques for a browser to defeat traffic analysis without requiring any server-side modifications. Extensive evaluation of HTTPOS on live web traffic shows that it can successfully prevent the state-of-the-art attacks from inferring private information from encrypted HTTP flows.

Abstract: Historical user activity is key for building user profiles to predict the user behavior and affinities in many web applications such as targeting of online advertising, content personalization and social recommendations. User profiles are temporal, and changes in a user's activity patterns are particularly useful for improved prediction and recommendation. For instance, an increased interest in car-related web pages may well suggest that the user might be shopping for a new vehicle.In this paper we present a comprehensive statistical framework for user profiling based on topic models which is able to capture such effects in a fully \emph{unsupervised} fashion. Our method models topical interests of a user dynamically where both the user association with the topics and the topics themselves are allowed to vary over time, thus ensuring that the profiles remain current.We describe a streaming, distributed inference algorithm which is able to handle tens of millions of users. Our results show that our model contributes towards improved behavioral targeting of display advertising relative to baseline models that do not incorporate topical and/or temporal dependencies. As a side-effect our model yields human-understandable results which can be used in an intuitive fashion by advertisers.

Abstract: Systems and methods of real time notification of activities that occur in a web-based collaboration environment are disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, for selecting a recipient of a notification an activity according to criteria determined based on a workspace in which the activity was performed in the online collaboration platform and/or sending the notification of the activity to the recipient such that the recipient is notified in real time or near real time to when the activity occurred.

Abstract: Web applications often use special string-manipulating sanitizers on untrusted user data, but it is difficult to reason manually about the behavior of these functions, leading to errors. For example, the Internet Explorer cross-site scripting filter turned out to transform some web pages without JavaScript into web pages with valid Java-Script, enabling attacks. In other cases, sanitizers may fail to commute, rendering one order of application safe and the other dangerous. BEK is a language and system for writing sanitizers that enables precise analysis of sanitizer behavior, including checking idempotence, commutativity, and equivalence. For example, BEK can determine if a target string, such as an entry on the XSS Cheat Sheet, is a valid output of a sanitizer. If so, our analysis synthesizes an input string that yields that target. Our language is expressive enough to capture real web sanitizers used in ASP.NET, the Internet Explorer XSS Filter, and the Google AutoEscape framework, which we demonstrate by porting these sanitizers to BEK. Our analyses use a novel symbolic finite automata representation to leverage fast satisfiability modulo theories (SMT) solvers and are quick in practice, taking fewer than two seconds to check the commutativity of the entire set of Internet Exporer XSS filters, between 36 and 39 seconds to check implementations of HTMLEncode against target strings from the XSS Cheat Sheet, and less than ten seconds to check equivalence between all pairs of a set of implementations of HTMLEncode. Programs written in BEK can be compiled to traditional languages such as JavaScript and C#, making it possible for web developers to write sanitizers supported by deep analysis, yet deploy the analyzed code directly to real applications.

Abstract: Summary: JABAWS is a web services framework that simplifies the deployment of web services for bioinformatics. JABAWS:MSA provides services for five multiple sequence alignment (MSA) methods (Probcons, T-coffee, Muscle, Mafft and ClustalW), and is the system employed by the Jalview multiple sequence analysis workbench since version 2.6. A fully functional, easy to set up server is provided as a Virtual Appliance (VA), which can be run on most operating systems that support a virtualization environment such as VMware or Oracle VirtualBox. JABAWS is also distributed as a Web Application aRchive (WAR) and can be configured to run on a single computer and/or a cluster managed by Grid Engine, LSF or other queuing systems that support DRMAA. JABAWS:MSA provides clients full access to each application's parameters, allows administrators to specify named parameter preset combinations and execution limits for each application through simple configuration files. The JABAWS command-line client allows integration of JABAWS services into conventional scripts. Availability and Implementation: JABAWS is made freely available under the Apache 2 license and can be obtained from: http://www.compbio.dundee.ac.uk/jabaws. Contact: g.j.barton@dundee.ac.uk

Abstract: While most research on XSS defense has focused on techniques for securing existing applications and re-architecting browser mechanisms, sanitization remains the industry-standard defense mechanism. By streamlining and automating XSS sanitization, web application frameworks stand in a good position to stop XSS but have received little research attention. In order to drive research on web frameworks, we systematically study the security of the XSS sanitization abstractions frameworks provide. We develop a novel model of the web browser and characterize the challenges of XSS sanitization. Based on the model, we systematically evaluate the XSS abstractions in 14 major commercially-used web frameworks. We find that frameworks often do not address critical parts of the XSS conundrum. We perform an empirical analysis of 8 large web applications to extract the requirements of sanitization primitives from the perspective of realworld applications. Our study shows that there is a wide gap between the abstractions provided by frameworks and the requirements of applications.

Abstract: Web applications increasingly integrate third-party services. The integration introduces new security challenges due to the complexity for an application to coordinate its internal states with those of the component services and the web client across the Internet. In this paper, we study the security implications of this problem to merchant websites that accept payments through third-party cashiers (e.g., PayPal, Amazon Payments and Google Checkout), which we refer to as Cashier-as-a-Service or CaaS. We found that leading merchant applications (e.g., NopCommerce and Interspire), popular online stores (e.g., Buy.com and JR.com) and a prestigious CaaS provider (Amazon Payments) all contain serious logic flaws that can be exploited to cause inconsistencies between the states of the CaaS and the merchant. As a result, a malicious shopper can purchase an item at an arbitrarily low price, shop for free after paying for one item, or even avoid payment. We reported our findings to the affected parties. They either updated their vulnerable software or continued to work on the fixes with high priorities. We further studied the complexity in finding this type of logic flaws in typical CaaS-based checkout systems, and gained a preliminary understanding of the effort that needs to be made to improve the security assurance of such systems during their development and testing processes.

Abstract: Developers of JavaScript web applications have little tool support for catching errors early in development In comparison, an abundance of tools exist for statically typed languages, including sophisticated integrated development environments and specialized static analyses Transferring such technologies to the domain of JavaScript web applications is challenging In this paper, we discuss the challenges, which include the dynamic aspects of JavaScript and the complex interactions between JavaScript, HTML, and the browser From this, we present the first static analysis that is capable of reasoning about the flow of control and data in modern JavaScript applications that interact with the HTML DOM and browser APIOne application of such a static analysis is to detect type-related and dataflow-related programming errors We report on experiments with a range of modern web applications, including Chrome Experiments and IE Test Drive applications, to measure the precision and performance of the technique The experiments indicate that the analysis is able to show absence of errors related to missing object properties and to identify dead and unreachable code By measuring the precision of the types inferred for object properties, the analysis is precise enough to show that most expressions have unique types By also producing precise call graphs, the analysis additionally shows that most invocations in the programs are monomorphic We furthermore study the usefulness of the analysis to detect spelling errors in the code Despite the encouraging results, not all problems are solved and some of the experiments indicate a potential for improvement, which allows us to identify central remaining challenges and outline directions for future work

Abstract: A cloud computing environment with the ability to deploy a web application that has been developed using one of a plurality of application frameworks and is configured to execute within one of a plurality of runtime environments can be delivered as a self-contained virtual machine disk image configured to launch in a virtualization environment. Upon request (or alternatively, in a pre-processing phase), a cloud computing platform provider can compose a virtual machine disk image comprising the cloud computing environment. The virtual machine disk image may be attached to any virtual machine, whether running on a personal computing device such as a laptop or in an infrastructure-as-a-service service provider to provide a cloud computing environment that is automatically configured to receive and deploy a web application.

Abstract: Background: Drawing on previous web-based diabetes management programs based on the Chronic Care Model, we expanded an intervention to include care management through mobile phones and a game console web browser. Methods: The pilot intervention enrolled eight diabetes patients from the University of Washington in Seattle into a collaborative care program: connecting them to a care provider specializing in diabetes, providing access to their full electronic medical record, allowing wireless glucose uploads and e-mail with providers, and connecting them to the program's web services through a game system. To evaluate the study, we conducted qualitative thematic analysis of semistructured interviews. Results: Participants expressed frustrations with using the cell phones and the game system in their everyday lives, but liked the wireless system for collaborating with a provider on uploaded glucoses and receiving automatic feedback on their blood sugar trends. A majority of participants also expresse...

Abstract: This paper presents F4F (Framework For Frameworks), a system for effective taint analysis of framework-based web applications. Most modern web applications utilize one or more web frameworks, which provide useful abstractions for common functionality. Due to extensive use of reflective language constructs in framework implementations, existing static taint analyses are often ineffective when applied to framework-based applications. While previous work has included ad hoc support for certain framework constructs, adding support for a large number of frameworks in this manner does not scale from an engineering standpoint.F4F employs an initial analysis pass in which both application code and configuration files are processed to generate a specification of framework-related behaviors. A taint analysis engine can leverage these specifications to perform a much deeper, more precise analysis of framework-based applications. Our specification language has only a small number of simple but powerful constructs, easing analysis engine integration. With this architecture, new frameworks can be handled with no changes to the core analysis engine, yielding significant engineering benefits.We implemented specification generators for several web frameworks and added F4F support to a state-of-the-art taint-analysis engine. In an experimental evaluation, the taint analysis enhanced with F4F discovered 525 new issues across nine benchmarks, a harmonic mean of 2.10X more issues per benchmark. Furthermore, manual inspection of a subset of the new issues showed that many were exploitable or reflected bad security practice.

Abstract: This volume provides an overview and an understanding of REST (Representational State Transfer). Discussing the constraints of REST the book focuses on REST as a type of web architectural style. The focus is on applying REST beyond Web applications (i.e., in enterprise environments), and in reusing established and well-understood design patterns when doing so. The reader will be able to understand how RESTful systems can be designed and deployed, and what the results are in terms of benefits and challenges encountered in the process. Since REST is relatively new as an approach for designing Web Services, the more advanced part of the book collects a number of challenges to some of the assumptions and constraints of REST, and looks at current research work on how REST can be extended and applied to scenarios that often are considered not to be a good match for REST. This work will help readers to reach a deeper understanding of REST on a practical as well as on an advanced level.

Abstract: A system and method for synchronizing collaborative web applications, such as collaborative form filling, including using a message bus server and HTTP protocol.

Abstract: This article presents an innovative project in the context of remote experimentation applied to control engineering education. Specifically, the authors describe their experience regarding the analysis, design, development, and exploitation of web-based technologies within the scope of automatic control. This work is part of an inter-university project known as AutomatL@bs, in which seven Spanish universities joined efforts to share their experimentation resources across the Internet. The paper begins by providing a background of how the development of virtual and remote control labs with pedagogical perspectives should be addressed. In particular, we present examples of remote labs developed by two of the university groups taking part in AutomatL@bs. We then present the automatic booking system that manages the access of users to each laboratory's didactical setup. Next, we show the integration process of every component into a Learning Management System (LMS). Finally, an overall system assessment of the students' perception of the quality of the experimental environment as a learning tool is analyzed.

Abstract: This invention is a social networking website & web-based system that allows users to post ‘party reports’—detailed, real-time information about current ongoing parties and events that they know of; allows users to comment and upload pictures & videos on the posted information in real-time; and presents this information in an organized fashion—by city, school or location, by date & time, or by both. The system also contains algorithms used to determine the top or best party cities, schools or locations based on predetermined formulas & user posted information. The website also allows users to connect with other registered users on the website and define them as their ‘peeps’ as well as create ‘crews’, which are close-knit groups of people that they usually party to go out with.

Abstract: A method for converting a mobile web application into a native application (the term “app” has the same meaning as the native application) and an apparatus using the method are disclosed. The method for converting a mobile web application into a native application may include: the steps of receiving at least one of a web implementation document that implements the mobile web application and a uniform resource locator (URL) for a local file; separating and analyzing a user interface element of the mobile web application based on the at least one of the web implementation document and the local file; and converting the mobile web application into the native application by mapping the analyzed user interface element to a native control that implements the native application.

Abstract: In recent years, research into user centric and personalized applications has focused on the utilization of contextual information about the situation in which the user is consuming the content item. However, there is no database suitable for the investigation of specific open issues of contextual information description and utilization available today. The reason for this are several known difficulties with user related contextual information acquisition. A description of a publicly available database for personalization and user adaptation including contextual information is given in the paper. The data was acquired from users watching movies and then providing contextual information about the event in addition to submitting ratings about the movie. Beside describing raw data, the paper outlines basic statistics and selected properties of potentially contextual variables. At the time of submission, the database included 12 contextual variables, more than 90 users, 950 items and 1600 ratings. Data was acquired using a dedicated web application which is still publicly available and the data acquisition is still in progress. Content items (movies) can be enhanced by content item metadata using publicly available databases.

Abstract: Apparatus and methods to implement a technique for using a second display with a network-enabled television. In one implementation, this feature allows the native application on the second display to directly launch the second display application with a requested search term so that the user is immediately brought to a search page with relevant search results. The search term may be derived from the native application which in turn derives from the context of the IP TV. Such a context could be metadata from a currently playing BD from a BD player or TV channel. The second display application may be a web application or a native remote controller application. The second display could be a smart phone that can often be found beside the user, or a laptop or tablet PC, a desktop PC, or the like.