Abstract: Here we present NeuroVault — a web based repository that allows researchers to store, share, visualize, and decode statistical maps of the human brain. NeuroVault is easy to use and employs modern web technologies to provide informative visualization of data without the need to install additional software. In addition, it leverages the power of the Neurosynth database to provide cognitive decoding of deposited maps. The data are exposed through a public REST API enabling other services and tools to take advantage of it. NeuroVault is a new resource for researchers interested in conducting meta- and coactivation analyses.

Abstract: The CIPRES Science Gateway is a community web application that provides public access to a set of parallel tree inference and multiple sequence alignment codes run on large computational resources. These resources are made available at no charge to users by the NSF Extreme Science and Engineering Discovery Environment (XSEDE) project. Here we describe the CIPRES RESTful application programmer interface (CRA), a web service that provides programmatic access to all resources and services currently offered by the CIPRES Science Gateway. Software developers can use the CRA to extend their web or desktop applications to include the ability to run MrBayes, BEAST, RAxML, MAFFT, and other computationally intensive algorithms on XSEDE. The CRA also makes it possible for individuals with modest scripting skills to access the same tools from the command line using curl, or through any scripting language. This report describes the CRA and its use in three web applications (Influenza Research Database – www.fludb.org, Virus Pathogen Resource – www.viprbrc.org, and MorphoBank – www.morphobank.org). The CRA is freely accessible to registered users at https://cipresrest.sdsc.edu/cipresrest/v1; supporting documentation and registration tools are available at https://www.phylo.org/restusers.

Abstract: The NGL Viewer (http://proteinformatics.charite.de/ngl) is a web application for the visualization of macromolecular structures. By fully adopting capabilities of modern web browsers, such as WebGL, for molecular graphics, the viewer can interactively display large molecular complexes and is also unaffected by the retirement of third-party plug-ins like Flash and Java Applets. Generally, the web application offers comprehensive molecular visualization through a graphical user interface so that life scientists can easily access and profit from available structural data. It supports common structural file-formats (e.g. PDB, mmCIF) and a variety of molecular representations (e.g. ‘cartoon, spacefill, licorice’). Moreover, the viewer can be embedded in other web sites to provide specialized visualizations of entries in structural databases or results of structure-related calculations.

Abstract: We present here “Just Another Tool for Online Studies” (JATOS): an open source, cross-platform web application with a graphical user interface (GUI) that greatly simplifies setting up and communicating with a web server to host online studies that are written in JavaScript. JATOS is easy to install in all three major platforms (Microsoft Windows, Mac OS X, and Linux), and seamlessly pairs with a database for secure data storage. It can be installed on a server or locally, allowing researchers to try the application and feasibility of their studies within a browser environment, before engaging in setting up a server. All communication with the JATOS server takes place via a GUI (with no need to use a command line interface), making JATOS an especially accessible tool for researchers without a strong IT background. We describe JATOS’ main features and implementation and provide a detailed tutorial along with example studies to help interested researchers to set up their online studies. JATOS can be found under the Internet address: www.jatos.org.

Abstract: Cloud computing provides new opportunities to deploy scalable application in an efficient way, allowing enterprise applications to dynamically adjust their computing resources on demand. In this paper we analyze and test the microservice architecture pattern, used during the last years by large Internet companies like Amazon, Netflix and LinkedIn to deploy large applications in the cloud as a set of small services that can be developed, tested, deployed, scaled, operated and upgraded independently, allowing these companies to gain agility, reduce complexity and scale their applications in the cloud in a more efficient way. We present a case study where an enterprise application was developed and deployed in the cloud using a monolithic approach and a microservice architecture using the Play web framework. We show the results of performance tests executed on both applications, and we describe the benefits and challenges that existing enterprises can get and face when they implement microservices in their applications.

Abstract: This poster paper presents the operation and the new features of Dr. Scratch, an award-winning gamified web application that allows to perform automatic analysis of Scratch projects to assess the development of computational thinking and detect some bad programming habits that are common in students learning to program in this environment.

Abstract: Summary: We have created a Shiny-based Web application, called Shiny-phyloseq, for dynamic interaction with microbiome data that runs on any modern Web browser and requires no programming, increasing the accessibility and decreasing the entrance requirement to using phyloseq and related R tools. Along with a data- and context-aware dynamic interface for exploring the effects of parameter and method choices, Shiny-phyloseq also records the complete user input and subsequent graphical results of a user’s session, allowing the user to archive, share and reproduce the sequence of steps that created their result—without writing any new code themselves. Availability and implementation: Shiny-phyloseq is implemented entirely in the R language. It can be hosted/launched by any system with R installed, including Windows, Mac OS and most Linux distributions. Information technology administrators can also host Shiny-phyloseq from a remote server, in which case users need only have a Web browser installed. Shiny-phyloseq is provided free of charge under a GPL-3 open-source license through GitHub at http://joey711.github.io/shiny-phyloseq/. Contact: ude.drofnats.inmula@eidrumcm.

Abstract: Due to limited time and resources, web software engineers need support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing efforts. In this paper, we propose using a set of hybrid (static+dynamic) code attributes that characterize input validation and input sanitization code patterns and are expected to be significant indicators of web application vulnerabilities. Because static and dynamic program analyses complement each other, both techniques are used to extract the proposed attributes in an accurate and scalable way. Current vulnerability prediction techniques rely on the availability of data labeled with vulnerability information for training. For many real world applications, past vulnerability data is often not available or at least not complete. Hence, to address both situations where labeled past data is fully available or not, we apply both supervised and semi-supervised learning when building vulnerability predictors based on hybrid code attributes. Given that semi-supervised learning is entirely unexplored in this domain, we describe how to use this learning scheme effectively for vulnerability prediction. We performed empirical case studies on seven open source projects where we built and evaluated supervised and semi-supervised models. When cross validated with fully available labeled data, the supervised models achieve an average of 77 percent recall and 5 percent probability of false alarm for predicting SQL injection, cross site scripting, remote code execution and file inclusion vulnerabilities. With a low amount of labeled data, when compared to the supervised model, the semi-supervised model showed an average improvement of 24 percent higher recall and 3 percent lower probability of false alarm, thus suggesting semi-supervised learning may be a preferable solution for many real world applications where vulnerability data is missing.

Abstract: BACKGROUND: The NanoSafety Cluster, a cluster of projects funded by the European Commision, identified the need for a computational infrastructure for toxicological data management of engineered nanomaterials (ENMs). Ontologies, open standards, and interoperable designs were envisioned to empower a harmonized approach to European research in nanotechnology. This setting provides a number of opportunities and challenges in the representation of nanomaterials data and the integration of ENM information originating from diverse systems. Within this cluster, eNanoMapper works towards supporting the collaborative safety assessment for ENMs by creating a modular and extensible infrastructure for data sharing, data analysis, and building computational toxicology models for ENMs. RESULTS: The eNanoMapper database solution builds on the previous experience of the consortium partners in supporting diverse data through flexible data storage, open source components and web services. We have recently described the design of the eNanoMapper prototype database along with a summary of challenges in the representation of ENM data and an extensive review of existing nano-related data models, databases, and nanomaterials-related entries in chemical and toxicogenomic databases. This paper continues with a focus on the database functionality exposed through its application programming interface (API), and its use in visualisation and modelling. Considering the preferred community practice of using spreadsheet templates, we developed a configurable spreadsheet parser facilitating user friendly data preparation and data upload. We further present a web application able to retrieve the experimental data via the API and analyze it with multiple data preprocessing and machine learning algorithms. CONCLUSION: We demonstrate how the eNanoMapper database is used to import and publish online ENM and assay data from several data sources, how the "representational state transfer" (REST) API enables building user friendly interfaces and graphical summaries of the data, and how these resources facilitate the modelling of reproducible quantitative structure-activity relationships for nanomaterials (NanoQSAR).

Abstract: With the arrival of the big data era, opportunities as well as challenges arise in both industry and academia. As an important service in most web applications, accurate real-time recommendation in the context of big data is of high demand. Traditional recommender systems that analyze data and update models at regular time intervals cannot satisfy the requirements of modern web applications, calling for real-time recommender systems. In this paper, we tackle the ``big", ``real-time" and ``accurate" challenges in real-time recommendation, and propose a general real-time stream recommender system built on Storm named TencentRec from three aspects, i.e., ``system", ``algorithm", and ``data". We analyze the large amount of data streams from a wide range of applications leveraging the considerable computation ability of Storm, together with a data access component and a data storage component developed by us. To deal with various application specific demands, we have implemented several classic practical recommendation algorithms in TencentRec, including the item-based collaborative filtering, the content based, and the demographic based algorithms. Specially, we present a practical scalable item-based CF algorithm in detail, with the super characteristics such as robust to the implicit feedback problem, incremental update and real-time pruning. With the enhancement of real-time data collection and processing, we can capture the recommendation changes in real-time. We deploy the TencentRec in a series of production applications, and observe the superiority of TencentRec in providing accurate real-time recommendations for 10 billion user requests everyday.

Abstract: Water resources web applications or "web apps" are growing in popularity as a means to overcome many of the challenges associated with hydrologic simulations in decision-making. Water resources web apps fall outside of the capabilities of standard web development software, because of their spatial data components. These spatial data needs can be addressed using a combination of existing free and open source software (FOSS) for geographic information systems (FOSS4G) and FOSS for web development. However, the abundance of FOSS projects that are available can be overwhelming to new developers. In an effort to understand the web of FOSS features and capabilities, we reviewed many of the state-of-the-art FOSS software projects in the context of those that have been used to develop water resources web apps published in the peer-reviewed literature in the last decade (2004-2014). Free and open source software can be used to address the needs of water resources web applications.The large number of open source projects can be overwhelming to novice developers.We present a review of the free and open source GIS and web development software.Software reviewed includes those projects used to develop 45 water resources and earth science web applications.The review highlights 11 FOSS4G software projects and 9 FOSS projects for web development.

Abstract: The Internet of Things (IoT) is an emerging paradigm where physical objects are connected and communicate over the Web. The IoT system presented here seamlessly integrates virtual and physical worlds to efficiently manage things of interest (TOIs), where services and resources offered by things easily can be monitored, visualized, and aggregated for value-added services by users. Using practical experience gained from this system, the authors identify several RaD opportunities for building future IoT applications.

Abstract: Service computing promotes a large number of web-delivered services, including web services, APIs and data feeds. Composing data, functionalities and even UI from these web-delivered services into a single web application, usually called service mashup , becomes a popular web development paradigm. The web-delivered services can be modeled as mashup components , while the development of mashup actually yields a set of inter-connected mashup components. The growing popularity of mashup components enriches functionality and user experiences, while the possible connections among components are complex and difficult to mashup developers, who might be non-professional programmers or even end-users, as actions over one component may have potential impacts on another. This paper proposes a novel approach for recommending developers in terms of navigation and completion of mashup components with a large-scale components repository. From data-driven perspective, we model the relationships between mashup components by a generic layered-graph model. Developers are allowed to select some initial components as starting point, while a graph-based algorithm recommends how to navigate to potentially relevant mashup components and complete the relevant mashup application. We experimentally demonstrate the efficiency and effectiveness of our approach for rapid mashup construction.

Abstract: Global land cover (GLC) data production and verification process is very complicated, time consuming and labor intensive, requiring huge amount of imagery data and ancillary data and involving many people, often from different geographic locations. The efficient integration of various kinds of ancillary data and effective collaborative classification in large area land cover mapping requires advanced supporting tools. This paper presents the design and development of a web-based system for supporting 30-m resolution GLC data production by combining geo-spatial web-service and Computer Support Collaborative Work (CSCW) technology. Based on the analysis of the functional and non-functional requirements from GLC mapping, a three tiers system model is proposed with four major parts, i.e., multisource data resources, data and function services, interactive mapping and production management. The prototyping and implementation of the system have been realised by a combination of Open Source Software (OSS) and commercially available off-the-shelf system. This web-based system not only facilitates the integration of heterogeneous data and services required by GLC data production, but also provides online access, visualization and analysis of the images, ancillary data and interim 30 m global land-cover maps. The system further supports online collaborative quality check and verification workflows. It has been successfully applied to China’s 30-m resolution GLC mapping project, and has improved significantly the efficiency of GLC data production and verification. The concepts developed through this study should also benefit other GLC or regional land-cover data production efforts.

Abstract: Sustainable pest management implies less pesticide use and replacement by safe control alternatives. This requires decision support for rational pest management. However, in practice, successful decision making is dependent upon the availability of integrated, high-quality information. Computer-aided forecasting and related decision support systems make pest control more sustainable by avoiding unwanted consequences of pesticide applications. Here, I review integrated pest management for web-based decision support systems. The major points are the following: (1) Principles of integrated pest management are compatible with sustainable agriculture. (2) Pest models serve as basis of decision making because they offer means to predict the exact time of pest phenological development and initiate management actions. Most models are climate driven. (3) New hardware technology has permitted the registration of automatically recorded climatic data. This data can be combined with pest models through logical operations and forecasting algorithms to develop a software of pest management. (4) Dynamic web interfaces can serve as decision support systems providing the user with real-time pest warnings and recommendations for management actions. (5) Ontology web programing and semantic knowledge representations provide a way to classify and describe agrodata to facilitate information sharing and data exploitation over distributed systems. (6) Most available pest management data is published on static web pages and, thus, cannot be classified as decision support systems. Some web-based decision support systems provide user-interactive content and real-time pest forecasts and management support.

Abstract: Background Medical research networks rely on record linkage and pseudonymization to determine which records from different sources relate to the same patient. To establish informational separation of powers, the required identifying data are redirected to a trusted third party that has, in turn, no access to medical data. This pseudonymization service receives identifying data, compares them with a list of already reported patient records and replies with a (new or existing) pseudonym. We found existing solutions to be technically outdated, complex to implement or not suitable for internet-based research infrastructures. In this article, we propose a new RESTful pseudonymization interface tailored for use in web applications accessed by modern web browsers.

Abstract: Typically in a restaurant food order process involves several steps for ordering the food where firstly customer starting from browsing the paper based menu and then inform to the waiter for ordering items. Usually the process require that the customer has to be seated before starting. An alternative method for the customers is "Food Pre-Order System using Web Based Application" in which customer can be able to create the order before they approach the restaurant. Customer using Smartphone. When the customer approach to the restaurant, the saved order can be confirmed by touching the Smartphone. The list of selected pre-ordered items shall be shown on the kitchen screen, and when confirmed, order slip shall be printed for further order processing. The solution provides easy and convenient way to select pre-order transaction form customers.

Abstract: Web applications are a critical component of the security ecosystem as they are often the front door for many companies, as such, vulnerabilities in web applications allow hackers access to companies' private data, which contains consumers' private financial information. Web applications are, by their nature, available to everyone, at anytime, from anywhere, and this includes attackers. Therefore, attackers have the opportunity to perform reconnaissance at their leisure, acquiring information on the layout and technologies of the web application, before launching an attack. However, the defender must be prepared for all possible attacks and does not have the luxury of performing reconnaissance on the attacker. The idea behind Moving Target Defense (MTD) is to reduce the information asymmetry between the attacker and defender, ultimately rendering the reconnaissance information misleading or useless. In this paper we take the first steps of applying MTD concepts to web applications in order to create effective defensive layers. We first analyze the web application stack to understand where and how MTD can be applied. The key issue here is that an MTD application must actively prevent or disrupt a vulnerability or exploit, while still providing identical functionality. Then, we discuss our implementation of two MTD approaches, which can mitigate several classes of web application vulnerabilities or exploits. We hope that our discussion will help guide future research in applying the MTD concepts to the web application stack.

Abstract: Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website.

Abstract: The present invention relates generally to client-server architectures for allowing generic upload and download functionality between a web application at a server and a client. One exemplary method includes sending a download/upload request to a web application at the server, where the download/upload request specifies at least one file to download/upload; receiving a transmission from the server; parsing the transmission to identify a download/upload command and an associated download/upload manifest, where the download/upload manifest includes executable code that, when executed on the client, will perform the download/upload of the at least one file.

Abstract: In recent yeas a lot of web applications have been released in the world. At the same time, cyber attacks against web application vulnerabilities have also increased. In such a situation, it is necessary to make web applications more secure. However checking all web vulnerabilities by hand is very difficult and time-consuming. Therefore, we need a web application vulnerability scanner. In this work, we evaluate two open source vulnerability scanners OWASP Zed Attack Proxy (OWASP ZAP) and Skipfish using vulnerable web applications Damn Vulnerable Web Application (DVWA) and The Web Application Vulnerability Scanner Evaluation Project (WAVSEP).

Abstract: Memory-based key-value stores, such as Memcached and Redis, are often used to speed up web applications. Specifically, they are used to cache the results of computations, such as database queries and dynamically generated web pages, so that a future request to the web application may not have to repeat the same computation. Currently, when memory-based key-value stores reach their capacity limits, they use replacement policies, like LRU and random, that are oblivious to differences among the cached results in their recomputation costs. However, this paper shows that if the costs of recomputing cached results vary significantly, as in the RUBiS and TPC-W benchmarks, then a cost-aware replacement policy will not only reduce the web application's total recomputation cost but also reduce its average response time. To this end, this paper introduces GD-Wheel, which is an amortized constant-time implementation of the GreedyDual replacement algorithm that supports a limited range of costs. In effect, GD-Wheel integrates recency of access and cost of recomputation in an efficient manner. Moreover, this paper describes an implementation of GD-Wheel in Memcached, including the modifications to Memcached's interface so that web applications can include cost information with each key-value pair, and a new cost-aware slab rebalancing policy for Memcached's slab-based memory allocator. An evaluation of this implementation using the Yahoo! Cloud Serving Benchmark shows that GD-Wheel, when compared to LRU, reduces the total recomputation cost by as much as 90%. Moreover, GD-Wheel reduces the web application's average and 99th percentile latency to obtain the computed results by as much as 56% and 85%, respectively.

Abstract: Today cyber physical systems (CPS) facilitate physical world devices to integrate with several Internet data sources and services. In the contemporary era of Web 2.0 technologies, web applications are being developed on several advanced technologies (e.g., AJAX, JavaScript, Flash, ASP.net). However, due to the frequent usage in daily life, web applications are constantly under attack. Cross-site scripting (XSS) attacks are presently the most exploited security problems in the modern web applications. XSS attacks are generally caused by the improper sanitization of user-supplied input on the applications. These attacked use vulnerabilities in the source code, resulting in serious consequences such as stealing of session-identifications embedded in cookies, passwords, credit card numbers, and several other related personal credentials. This article describes a three-fold approach: 1) testing the vulnerabilities of XSS attack on the local host server Apache Tomcat by utilizing the malicious scripts from XSS ...

Abstract: Improvements in telemetry technology are allowing us to monitor animal movements with increasing accuracy, precision and frequency. The increased complexity of the data collections, however, demands additional software and programming skills to process, store and disseminate the datasets. Recent focus on data availability has also heightened the need for sustainable data management solutions to ensure data integrity and provide longer term access. In the last ten years, a number of online facilities have been developed for the archiving, processing and sharing of telemetry data. These facilities offer secure storage, multi-user support and analysis tools and are a step along the way to improving data access, long-term data preservation and science communication. While these software platforms promote data sharing, access to the majority of the data and to the software behind these systems remains restricted. In this paper, we present a comprehensive, highly accessible and fully transparent software facility for animal movement data. The online system we developed ( http://oztrack.org ) offers a set of robust, up-to-date and accessible tools for managing, processing, visualising and analysing animal location data and linking these outputs with environmental datasets. As OzTrack uses exclusively free and open-source software, and the source code is available online, the system promotes open access not only to data but also to the tools and software underpinning the system. We outline the capabilities and limitations of the infrastructure design and discuss the uptake of this platform by the Australasian biotelemetry community. We discuss whether an open approach to analysis tools and software encourages a more open approach to sharing data, information and knowledge. Finally, we discuss why a free and open approach enhances longer term sustainability and enables data storage facilities to evolve in parallel with the telemetry devices themselves.

Abstract: As virtual reality approaches mainstream consumer use, a vibrant development ecosystem has emerged in the past few years. This hands-on guide takes you through VR development essentials for desktop, mobile, and browser-based applications. You'll explore the three go-to platforms-OculusVR, Gear VR, and Cardboard VR-as well as several VR development environments, programming tools, and techniques. If you're an experienced programmer familiar with mobile development, this book will help you gain a working knowledge of VR development through clear and simple examples. Once you create a complete application in the final chapter, you'll have a jumpstart on the next major entertainment medium. Learn VR basics for UI design, 3D graphics, and stereo rendering Explore Unity3D, the current development choice among game engines Create native applications for desktop computers with the Oculus Rift Develop mobile applications for Samsung's Gear VR with the Android and Oculus Mobile SDKs Build browser-based applications with the WebVR Javascript API and WebGL Create simple and affordable mobile apps for any smartphone with Google's Cardboard VR Bring everything together to build a 360-degree panoramic photo viewer