Abstract: Using JavaScript and dynamic DOM manipulation on the client side of Web applications is becoming a widespread approach for achieving rich interactivity and responsiveness in modern Web applications. At the same time, such techniques---collectively known as Ajax---shatter the concept of webpages with unique URLs, on which traditional Web crawlers are based. This article describes a novel technique for crawling Ajax-based applications through automatic dynamic analysis of user-interface-state changes in Web browsers. Our algorithm scans the DOM tree, spots candidate elements that are capable of changing the state, fires events on those candidate elements, and incrementally infers a state machine that models the various navigational paths and states within an Ajax application. This inferred model can be used in program comprehension and in analysis and testing of dynamic Web states, for instance, or for generating a static version of the application. In this article, we discuss our sequential and concurrent Ajax crawling algorithms. We present our open source tool called Crawljax, which implements the concepts and algorithms discussed in this article. Additionally, we report a number of empirical studies in which we apply our approach to a number of open-source and industrial Web applications and elaborate on the obtained results.

Abstract: This study investigates Web-based, project oriented, many-to-many collaborative writing for academic purposes. Thirty-eight Fulbright scholars in an orientation program at a large Midwestern university used a Web-based word processing tool to collaboratively plan and report on a research project. The purpose of this study is to explore and understand the changing nature of collaborative writing, as it is influenced by Web-based writing contexts. Details of students’ writing processes and their perceptions of the collaborative Web-based word processing experience are explored. Findings suggest that students focused more on meaning than form, that their grammatical changes were overall more accurate than inaccurate, that they participated with varying frequency, and that they used the tool for simultaneous varied purposes. Student feedback about the Web-based collaborative activity and use of Google Docs offers additional insights. Observations about the evolving nature of Web-based collaborative writing and associated pedagogical practices including considerations about student autonomy are discussed.

Abstract: JavaScript is used by web developers to enhance the interactivity of their sites, offload work to the users' browsers and improve their sites' responsiveness and user-friendliness, making web pages feel and behave like traditional desktop applications. An important feature of JavaScript, is the ability to combine multiple libraries from local and remote sources into the same page, under the same namespace. While this enables the creation of more advanced web applications, it also allows for a malicious JavaScript provider to steal data from other scripts and from the page itself. Today, when developers include remote JavaScript libraries, they trust that the remote providers will not abuse the power bestowed upon them.In this paper, we report on a large-scale crawl of more than three million pages of the top 10,000 Alexa sites, and identify the trust relationships of these sites with their library providers. We show the evolution of JavaScript inclusions over time and develop a set of metrics in order to assess the maintenance-quality of each JavaScript provider, showing that in some cases, top Internet sites trust remote providers that could be successfully compromised by determined attackers and subsequently serve malicious JavaScript. In this process, we identify four, previously unknown, types of vulnerabilities that attackers could use to attack popular web sites. Lastly, we review some proposed ways of protecting a web application from malicious remote scripts and show that some of them may not be as effective as previously thought.

Abstract: A method, apparatus, computer readable medium, computer system, network, or system, is provided for using impressions tracking and analysis, location information, 2D and 3D mapping, social media, and user behavior and information for generating mobile and internet posted promotions or offers for, and/or sales of, products and/or services, for example, through an advertising application programming interfaces (APIs) on mobile devices, tablets, or computers, that provides mobile and web based promotions or offers that connect information and user behavior data to a user or related demographic location or user specified or predicted demographic location(s), such as through the use of as social networking, user or demographic profiles, behavior, and/or relationships, for targeted promotions or offers for products and/or services.

Abstract: The Joint BioEnergy Institute Inventory of Composable Elements (JBEI-ICEs) is an open source registry platform for managing information about biological parts. It is capable of recording information about ‘legacy’ parts, such as plasmids, microbial host strains and Arabidopsis seeds, as well as DNA parts in various assembly standards. ICE is built on the idea of a web of registries and thus provides strong support for distributed interconnected use. The information deposited in an ICE installation instance is accessible both via a web browser and through the web application programming interfaces, which allows automated access to parts via third-party programs. JBEI-ICE includes several useful web browser-based graphical applications for sequence annotation, manipulation and analysis that are also open source. As with open source software, users are encouraged to install, use and customize JBEI-ICE and its components for their particular purposes. As a web application programming interface, ICE provides well-developed parts storage functionality for other synthetic biology software projects. A public instance is available at public-registry.jbei.org, where users can try out features, upload parts or simply use it for their projects. The ICE software suite is available via Google Code, a hosting site for community-driven open source projects.

Abstract: JavaScript has become a central technology of the web, but it is also the source of many security problems, including cross-site scripting attacks and malicious advertising code. Central to these problems is the fact that code from untrusted sources runs with full privileges. We implement information flow controls in Firefox to help prevent violations of data confidentiality and integrity. Most previous information flow techniques have primarily relied on either static type systems, which are a poor fit for JavaScript, or on dynamic analyses that sometimes get stuck due to problematic implicit flows, even in situations where the target web application correctly satisfies the desired security policy. We introduce faceted values, a new mechanism for providing information flow security in a dynamic manner that overcomes these limitations. Taking inspiration from secure multi-execution, we use faceted values to simultaneously and efficiently simulate multiple executions for different security levels, thus providing non-interference with minimal overhead, and without the reliance on the stuck executions of prior dynamic approaches.

Abstract: Black-box web vulnerability scanners are a popular choice for finding security vulnerabilities in web applications in an automated fashion. These tools operate in a point-and-shootmanner, testing any web application-- regardless of the server-side language--for common security vulnerabilities. Unfortunately, black-box tools suffer from a number of limitations, particularly when interacting with complex applications that have multiple actions that can change the application's state. If a vulnerability analysis tool does not take into account changes in the web application's state, it might overlook vulnerabilities or completely miss entire portions of the web application. We propose a novel way of inferring the web application's internal state machine from the outside--that is, by navigating through the web application, observing differences in output, and incrementally producing a model representing the web application's state. We utilize the inferred state machine to drive a black-box web application vulnerability scanner. Our scanner traverses a web application's state machine to find and fuzz user-input vectors and discover security flaws. We implemented our technique in a prototype crawler and linked it to the fuzzing component from an open-source web vulnerability scanner. We show that our state-aware black-box web vulnerability scanner is able to not only exercise more code of the web application, but also discover vulnerabilities that other vulnerability scanners miss.

Abstract: We present FlowFox, the first fully functional web browser that implements a precise and general information flow control mechanism for web scripts based on the technique of secure multi-execution. We demonstrate how FlowFox subsumes many ad-hoc script containment countermeasures developed over the last years. We also show that FlowFox is compatible with the current web, by investigating its behavior on the Alexa top-500 web sites, many of which make intricate use of JavaScript.The performance and memory cost of FlowFox is substantial (a performance cost of around 20% on macro benchmarks for a simple two level policy), but not prohibitive. Our prototype implementation shows that information flow enforcement based on secure multi-execution can be implemented in full-scale browsers. It can support powerful, yet precise policies refining the same-origin-policy in a way that is compatible with existing websites.

Abstract: The genus Symbiodinium encompasses a group of unicellular, photosynthetic dinoflagellates that are found free living or in hospite with a wide range of marine invertebrate hosts including scleractinian corals. We present GeoSymbio, a hybrid web application that provides an online, easy to use and freely accessible interface for users to discover, explore and utilize global geospatial bioinformatic and ecoinformatic data on Symbiodinium–host symbioses. The novelty of this application lies in the combination of a variety of query and visualization tools, including dynamic searchable maps, data tables with filter and grouping functions, and interactive charts that summarize the data. Importantly, this application is hosted remotely or ‘in the cloud’ using Google Apps, and therefore does not require any specialty GIS, web programming or data programming expertise from the user. The current version of the application utilizes Symbiodinium data based on the ITS2 genetic marker from PCR-based techniques, including denaturing gradient gel electrophoresis, sequencing and cloning of specimens collected during 1982–2010. All data elements of the application are also downloadable as spatial files, tables and nucleic acid sequence files in common formats for desktop analysis. The application provides a unique tool set to facilitate research on the basic biology of Symbiodinium and expedite new insights into their ecology, biogeography and evolution in the face of a changing global climate. GeoSymbio can be accessed at https://sites.google.com/site/geosymbio/.

Abstract: Cloud computing is the latest computing paradigm that delivers hardware and software resources as virtualized services in which users are free from the burden of worrying about the low-level system administration details. Migrating Web applications to Cloud services and integrating Cloud services into existing computing infrastructures is non-trivial. It leads to new challenges that often require innovation of paradigms and practices at all levels: technical, cultural, legal, regulatory, and social. The key problem in mapping Web applications to virtualized Cloud services is selecting the best and compatible mix of software images (e.g., Web server image) and infrastructure services to ensure that Quality of Service (QoS) targets of an application are achieved. The fact that, when selecting Cloud services, engineers must consider heterogeneous sets of criteria and complex dependencies between infrastructure services and software images, which are impossible to resolve manually, is a critical issue. To overcome these challenges, we present a framework (called CloudGenius) which automates the decision-making process based on a model and factors specifically for Web server migration to the Cloud. CloudGenius leverages a well known multi-criteria decision making technique, called Analytic Hierarchy Process, to automate the selection process based on a model, factors, and QoS parameters related to an application. An example application demonstrates the applicability of the theoretical CloudGenius approach. Moreover, we present an implementation of CloudGenius that has been validated through experiments.

Abstract: Social sign-on and social sharing are becoming an ever more popular feature of web applications. This success is largely due to the APIs and support offered by prominent social networks, such as Facebook, Twitter, and Google, on the basis of new open standards such as the OAuth 2.0 authorization protocol. A formal analysis of these protocols must account for malicious websites and common web application vulnerabilities, such as cross-site request forgery and open redirectors. We model several configurations of the OAuth 2.0 protocol in the applied pi-calculus and verify them using ProVerif. Our models rely on WebSpi, a new library for modeling web applications and web-based attackers that is designed to help discover concrete website attacks. Our approach is validated by finding dozens of previously unknown vulnerabilities in popular websites such as Yahoo and Word Press, when they connect to social networks such as Twitter and Facebook.

Abstract: Today almost all organizations have improved their performance through allowing more information exchange within their organization as well as between their distributers, suppliers, and customers using web support. Databases are central to the modern websites as they provide necessary data as well as stores critical information such as user credentials, financial and payment information, company statistics etc. These websites have been continuously targeted by highly motivated malicious users to acquire monetary gain. Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS) is perhaps one of the most common application layer attack technique used by attacker to deface the website, manipulate or delete the content through inputting unwanted command strings. Structured Query Language Injection Attacks (SQLIA) is ranked 1st in the Open Web Application Security Project (OWASP) [1] top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. In this paper, we present a detailed review on various types of Structured Query Language Injection attacks, Cross Site Scripting Attack, vulnerabilities, and prevention techniques. Besides presenting our findings from the survey, we also propose future expectations and possible development of countermeasures against Structured Query Language Injection attacks.

Abstract: NoSQL cloud data stores provide scalability and high availability properties for web applications, but at the same time they sacrifice data consistency. However, many applications cannot afford any data inconsistency. CloudTPS is a scalable transaction manager which guarantees full ACID properties for multi-item transactions issued by web applications, even in the presence of server failures and network partitions. We implement this approach on top of the two main families of scalable data layers: Bigtable and SimpleDB. Performance evaluation on top of HBase (an open-source version of Bigtable) in our local cluster and Amazon SimpleDB in the Amazon cloud shows that our system scales linearly at least up to 40 nodes in our local cluster and 80 nodes in the Amazon cloud.

Abstract: HTTP cookies are the de facto mechanism for session authentication in Web applications. However, their inherent security weaknesses allow attacks against the integrity of Web sessions. HTTPS is often recommended to protect cookies, but deploying full HTTPS support can be challenging due to performance and financial concerns, especially for highly distributed applications. Moreover, cookies can be exposed in a variety of ways even when HTTPS is enabled. In this article, we propose one-time cookies (OTC), a more robust alternative for session authentication. OTC prevents attacks such as session hijacking by signing each user request with a session secret securely stored in the browser. Unlike other proposed solutions, OTC does not require expensive state synchronization in the Web application, making it easily deployable in highly distributed systems. We implemented OTC as a plug-in for the popular WordPress platform and as an extension for Firefox and Firefox for mobile browsers. Our extensive experimental analysis shows that OTC introduces a latency of less than 6 ms when compared to cookies—a negligible overhead for most Web applications. Moreover, we show that OTC can be combined with HTTPS to effectively add another layer of security to Web applications. In so doing, we demonstrate that one-time cookies can significantly improve the security of Web applications with minimal impact on performance and scalability.

Abstract: Modern web pages are becoming increasingly full-featured, and this additional functionality often requires greater use of asynchrony. Unfortunately, this asynchrony can trigger unexpected concurrency errors, even though web page scripts are executed sequentially.We present the first formulation of a happens-before relation for common web platform features. Developing this relation was a non-trivial task, due to complex feature interactions and browser differences. We also present a logical memory access model for web applications that abstracts away browser implementation details.Based on the above, we implemented WebRacer, the first dynamic race detector for web applications. WebRacer is implemented atop the production-quality WebKit engine, enabling testing of full-featured web sites. WebRacer can also simulate certain user actions, exposing more races.We evaluated WebRacer by testing a large set of Fortune 100 company web sites. We discovered many harmful races, and also gained insights into how developers handle asynchrony in practice.

Abstract: One of the consequences of the continuous and rapid evolution of web technologies is the amount of inconsistencies between web browsers implementations. Such inconsistencies can result in cross-browser incompatibilities (XBIs) -- situations in which the same web application can behave differently when run on different browsers. In some cases, XBIs consist of tolerable cosmetic differences. In other cases, however, they may completely prevent users from accessing part of a web application's functionality. Despite the prevalence of XBIs, there are hardly any tools that can help web developers detect and correct such issues. In fact, most existing approaches against XBIs involve a considerable amount of manual effort and are consequently extremely time consuming and error prone. In recent work, we have presented two complementary approaches, Web Diff and Cross T, for automatically detecting and reporting XBIs. In this paper, we present Cross Check, a more powerful and comprehensive technique and tool for XBI detection that combines and adapts these two approaches in a way that leverages their respective strengths. The paper also presents an empirical evaluation of Cross Check on a set of real-world web applications. The results of our experiments show that Cross Check is both effective and efficient in detecting XBIs, and that it can outperform existing techniques.

Abstract: Systems and methods for central management and control of user-contributed content in a web-based collaboration environment are disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, for enabling an administrative user in an enterprise setting to centrally manage and control content provided by other users of the enterprise in a web-based collaboration environment. In one embodiment, a view providing access to an aggregate of the content or a selection thereof provided by the other users is depicted in a user interface for the administrative user to access the web-based collaboration environment. The user interface for the administrative user includes both of a management console to access the content provided by other users and a panel for accessing an account of the user and work items owned by the administrative user.

Abstract: We review a popular method for collecing data—Web-based surveys. Although Web surveys are popular, one major concern is their typically low response rates. Using the Dillman et al. (2009) approach, we designed, pre-tested, and implemented a survey on climate change with Extension professionals in the Southeast. The Dillman approach worked well, and we generated response rates as high as 79%. However, the method was not problem-free. We share several lessons learned and recommendations for increasing response rates with Web-based surveys and draw attention to the importance of personalized and repeated contact for improving survey response rates. Introduction and Background Web-based (online) surveys, typically involving email requests with Web survey links, are popular for collecting data on program evaluation and attitudes. There are several benefits to online surveys, including low cost, wide availability of survey design and implementation tools, ease of implementation including reminders, and built-in features that facilitate data cleaning and improve the survey experience for Increasing Response Rates to Web-Based Surveys http://www.joe.org/joe/2012december/tt7.php?pdf=1[12/17/2012 12:49:32 PM] respondents and researchers (Dillman, Smyth, & Christian, 2009; Boyer, Adams, & Lucero, 2010; Israel, 2011). Participation in online surveys is thought to be easy for frequent computer users (Israel, 2011) and those with high-speed Internet access (Archer 2003). However, one major concern is online surveys' typically low response rates (Archer, 2008; Miller & Smith, 1983; Wiseman, 2003). On average, online survey response rates are 11% below mail and phone surveys, and rates as low as 2% have been reported (Petchenik & Watermolen, 2011). A variety of factors, like poor survey design, excessive survey length, and lack of interest hurt response rates (Dillman et al., 2009). For example, needs assessments tend to get lower response rates than evaluations (Archer, 2008). Several strategies can increase response rates to online surveys. Our recent survey of Extension professionals in seven Southeastern states followed the Dillman guidelines and resulted in response rates of 62% to 79%. We describe the survey implementation and provide suggestions about using online surveys. Our Process We designed and pre-tested our survey with Extension professionals (n=32) according to Dillman et al. (2009). Our objective was to assess Extension perceptions about climate change. Based on pre-test feedback, we refined the survey to be completed in about 15 minutes and emphasized confidentiality of responses. The Dillman approach relies on personalized, repeated contact to boost response rates, which can be facilitated with online surveys. To implement our survey online, collaborators from each state's Extension system were recruited to provide email lists, administrators' support for the survey, and logos for their system(s) and to review their state's survey. Collaborators received a copy of their state's survey, an implementation timeline, our approved IRB protocol, and drafts of expected communication to respondents. We personalized the survey implementation by (1) using messages to each person by name (e.g., \"Dear Sam\"), (2) tailoring each survey with state-specific introductory information, logos, and demographic questions, (3) including collaborators' and Extension administrator names on all communications and the survey, and (4) including contact information for collaborators and project organizers. The survey also explained how responses will benefit the state and Increasing Response Rates to Web-Based Surveys http://www.joe.org/joe/2012december/tt7.php?pdf=1[12/17/2012 12:49:32 PM] regional Extension program. For repeated contact, we included: (1) an introductory email informing potential respondents of the upcoming survey; (2) an email with a personalized survey link; (3) reminder emails, with personalized links, to partialand non-respondents over a 4-week period; and (4) two reminder emails sent by Extension administrators to their list at about weeks two and four of implementation. The introductory email was sent using MS Word's mail merge tool, and other messages were sent via SurveyMonkey with personalized links or via Mail Merge with static (non-personalized) survey links for those who \"opted out\" of SurveyMonkey contact. Respondents completing the survey were no longer contacted and partial respondents were reminded they could continue where they left off. The personalized and repeated approach was successful, with one respondent commenting, \"How did my boss know I hadn't filled out your survey yet?\" Lessons Learned Our approach worked well, and we learned important lessons. First, personalized links allow tracking of respondent status (e.g., partial respondent), but if they are forwarded and more than one person responds to a link, responses can be overwritten. This is handled by adjusting SurveyMonkey's settings to prevent multiple responses to personalized links. Second, we observed a gradual increase in responses overall, with the administrators' reminders causing a noticeable and important bump in responses (Figure 1). Third, a small percentage in each state (0 9%) opted out of receiving SurveyMonkey messages. To overcome this, we identified opt-outs and relied on Mail Merge and static survey links to reach them. Fourth, a small percentage (6%) of potential respondents contacted us at the email address we provided for feedback and questions. Some complained about the content of the survey, while others offered additional information. Less than 1% of the respondents expressed concerns about completing an online survey. Finally, our ability to contact potential respondents was influenced by the quality of email lists. It is critical \"to know exactly whom a mailing list does or does not include, and to develop different ways of dealing with any deficiencies\" (Dillman 2009:50). There was little consistency in lists from state to state. In some cases, 1862 and 1890 Extension faculty were in separate lists; in others, staff who do not actively engage in Extension programming were included along with faculty, specialists, and agents. Increasing Response Rates to Web-Based Surveys http://www.joe.org/joe/2012december/tt7.php?pdf=1[12/17/2012 12:49:32 PM] Figure 1. Response Rate from Georgia; Red Bars Denote Reminder Messages Recommendations for Increasing Online Survey Response Rates Determine if an online survey is a viable option and whether accurate email addresses are available, preferably with names. This enables you to send personalized reminders and follow up with respondents or non-respondents as needed (e.g., to assess survey bias). Relying on an organization to forward your survey link hinders the personalized/repeated approach, which reduces response rate. Ask respected leaders (e.g., Associate Dean for Extension) to allow you to use their names on the \"from\" and signature lines of messages and to send their own messages encouraging responses. Introductory alerts increase response rates (Dillman et al., 2009); an authority figure sending this email is even more powerful. Make sure your survey works well with your population. Pilot test it online to identify problems with question mechanics, formatting, question language, skip logic, viewing it in different browsers, and with survey length. Dillman (2000) famously suggests \"there is no other method of collecting survey data that offers so much potential for so little cost\" (p. 400). Using this tool effectively and in a way that generates adequate response rates could be a Increasing Response Rates to Web-Based Surveys http://www.joe.org/joe/2012december/tt7.php?pdf=1[12/17/2012 12:49:32 PM] significant improvement in our ability to understand needs and evaluate programs. References Archer, T. M. (2003). Web-based surveys. Journal of Extension [Online], 41(2) Article 4TOT6. Available at: http://www.joe.org/joe/2003august/tt6.php Archer, T. M. (2008). Response rates to expect from Web-based surveys and what to do about it. Journal of Extension [Online], 46(3) Article 3RIB3. Available at: http://www.joe.org/joe/2008june/rb3.php Boyer, C. N., Adams, D. C., & Lucero, J. (2010). Rural coverage bias in online surveys?: Evidence from Oklahoma water managers. Journal of Extension [Online], 48(3) Article 3TOT5. Available at: http://www.joe.org/joe/2010june/tt5.php Dillman, D. A. (2000). Mail and Internet surveys: The tailored design method, Second edition. New York: John Wiley and Sons Dillman, D. A., Smyth, J. D., & Christian, L. M. (2009). Mail and Internet Surveys: The Tailored Design Method, Third edition. New York: John Wiley and Sons Israel, G. D. (2011). Strategies for obtaining survey responses for Extension clients: Exploring the role of e-mail requests. Journal of Extension [Online], 49(3) Article 3FEA7. Available at: http://www.joe.org/joe/2011june/a7.php Miller, L. E., & Smith, K. L. (1983). Handling nonresponse issues. Journal of Extension [Online], 21(5). Available at: http://www.joe.org/joe/1983september/835-a7.pdf Petchenik, J., & Watermolen, D. J. (2011). A cautionary note on using the Internet to survey recent hunter education graduates. Human Dimensions of Wildlife 16(3): 216-218. Wiseman, F. (2003). On the reporting of response rates in Extension research. Journal of Extension [Online], 41(3) Article 3COM1. Available at: http://www.joe.org/joe/2003june/comm1.php Copyright © by Extension Journal, Inc. ISSN 1077-5315. Articles appearing in the Journal become the property of the Journal. Single copies of articles may be reproduced in electronic or print form for use in educational or training activities. Inclusion of articles in other publications, electronic sources, or systematic largescale distribution may be done only with prior electronic or written permission of the Increasing Response Rates to Web-Based Surveys http://www.joe.org/joe/2012december/tt

Abstract: Cloud computing provides a new way for industries to meet the emerging business need for agility. Many public clouds are available for developers to build web applications on cloud. The process of entering into the cloud is generally in the form of a queue, so that each user need to wait until the current user is being served. In the system, each Cloud Computing User (CCU) requests Cloud Computing Service Provider (CCSP) for use of resources. If CCU finds the server busy, then the user has to wait till the current user completes the job. This may result in increase of queue length as well as waiting time, which may lead to request drop. To handle this problem, CCSP needs to find ways to reduce waiting time. We propose a finite multiserver queueing model with queue dependent heterogeneous servers where the web applications are modeled as queues and the virtual machines are modeled as service providers. CCSP's can use multiple servers and the number of busy servers changes depending on the queue length for reducing queue length and waiting time. This helps us to dynamically create and remove virtual machines in order to scaling up and down. We develop a recursive method to obtain the system steady-state probabilities. Various performance measures of the proposed scheme have been described and evaluated. Computational experiences in the form of graphs are presented.

Abstract: Context: Cross site scripting (XSS) vulnerability is among the top web application vulnerabilities according to recent surveys. This vulnerability occurs when a web application uses inputs received from users in web pages without properly checking them. This allows an attacker to inject malicious scripts in web pages via such inputs such that the scripts perform malicious actions when a client visits the exploited web pages. Such an attack may cause serious security violations such as account hijacking and cookie theft. Current approaches to mitigate this problem mainly focus on effective detection of XSS vulnerabilities in the programs or prevention of real time XSS attacks. As more sophisticated attack vectors are being discovered, vulnerabilities if not removed could be exploited anytime. Objective: To address this issue, this paper presents an approach for removing XSS vulnerabilities in web applications. Method: Based on static analysis and pattern matching techniques, our approach identifies potential XSS vulnerabilities in program source code and secures them with appropriate escaping mechanisms which prevent input values from causing any script execution. Results: We developed a tool, saferXSS, to implement the proposed approach. Using the tool, we evaluated the applicability and effectiveness of the proposed approach based on the experiments on five Java-based web applications. Conclusion: Our evaluation has shown that the tool can be applied to real-world web applications and it automatically removed all the real XSS vulnerabilities in the test subjects.

Abstract: Google App Engine makes it easy to create a web application that can serve millions of people as easily as serving hundreds, with minimal up-front investment. With Programming Google App Engine, Google engineer Dan Sanderson provides practical guidance for designing and developing your application on Googles vast infrastructure, using App Engines scalable services and simple development model.Through clear and concise instructions, youll learn how to get the most out of App Engines nearly unlimited computing power. This second edition is fully updated and expanded to cover Python 2.7 and Java 6 support, multithreading, asynchronous service APIs, and the use of frameworks such as Django 1.3 and webapp2.Understand how App Engine handles web requests and executes application code Learn about new datastore features for queries and indexes, transactions, and data modeling Create, manipulate, and serve large data files with the Blobstore Use task queues to parallelize and distribute computation across the infrastructure Employ scalable services for email, instant messaging, and communicating with web services Track resource consumption, and optimize your application for speed and cost effectiveness

Abstract: A method, apparatus, computer readable medium, computer system, network, or system is provided for mobile and online payment systems for mobile and online promotions or offers or daily deal coupons or daily deal coupons aggregation provided using impressions tracking and analysis, location information, 2D and 3D mapping, social media, and user behavior and information for generating mobile and internet posted promotions or offers or daily deal coupons or daily deal coupons aggregation for, and/or sales of, products and/or services in a social network, online or via a mobile device-for mobile and web based promotions or offers that connect information and user behavior data to a user or related demographic location or user specified or predicted demographic location(s) for targeted promotions or offers for products and/or services in a social network, online or via a mobile device.

Abstract: Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities—SQL injection and cross site scripting. In our experiments, vulnerability predictors built from the proposed attributes detected more than 80% of the vulnerabilities in the test subjects at low false alarm rates.

Abstract: In the last years, Denial of Service (DoS) attacks have been widely spreaded becoming a more than ever relevant threat to network security.