Abstract: The growing use of the internet has resulted in an exponential rise in the use of web applications. Businesses, industries, financial and educational institutions, and the general populace depend on web applications. This mammoth rise in their usage has also resulted in many security issues that make these web applications vulnerable, thereby affecting the confidentiality, integrity, and availability of associated information systems. It has, therefore, become necessary to find vulnerabilities in these information system resources to guarantee information security. A publicly available web application vulnerability scanner is a computer program that assesses web application security by employing automated penetration testing techniques that reduce the time, cost, and resources required for web application penetration testing and eliminates test engineers’ dependency on human knowledge. However, these security scanners possess various weaknesses of not scanning complete web applications and generating wrong test results. Moreover, intensive research has been carried out to quantitatively enumerate web application security scanners’ results to inspect their effectiveness and limitations. However, the findings show no well-defined method or criteria available for assessing their results. In this research, we have evaluated the performance of web application vulnerability scanners by testing intentionally defined vulnerable applications and the level of their respective precision and accuracy. This was achieved by classifying the analyzed tools using the most common parameters. The evaluation is based on an extracted list of vulnerabilities from OWASP (Open Web Application Security Project).

Abstract: The rapid development of the web geographic information system (Web GIS) has promoted new vitality in high school geography education, relieved the stress of geography teachers caused by software and technical problems, and made it possible for teachers to devote more energy to geography teaching and research activities. Natural disaster education is not only an important part of the geography curriculum, but also an indispensable aspect of education for sustainable development (ESD) for high school students. The application of Web GIS in the dynamic monitoring, forecast, and early warning of natural disasters is becoming more experienced. Therefore, the application of Web GIS in natural disaster education is quite feasible. How to build a bridge between them is the purpose of this paper. Thus, the paper selects ArcGIS Online, which is not limited by time and space, and analyzes several functions that apply it to geography teaching. These include smart mapping, story maps, 3D web maps, and mobile GIS. Meanwhile, it analyzes the knowledge structure of “natural disasters” in Chinese geography textbooks to guide the subsequent case design. Then, the Web GIS inquiry-based teaching case is formed based on “7.20 Zhengzhou Torrential Rain”. It contains knowledge about natural disasters and designs from many aspects, such as the causes, manifestations, and prevention and control of disasters. The discussion identifies a range of specific educational benefits of applying Web GIS to natural disaster education for teachers and schools. Ultimately, it can provide some reference values for geography teachers and other developers to explore curriculum resources and create quality educational models.

Abstract: This paper introduces HydroLang, an open-source and integrated community-driven computational web framework for hydrology and water resources research and education. HydroLang employs client-side web technologies and standards to carry out various routines aimed at acquiring, managing, transforming, analyzing, and visualizing hydrological datasets. HydroLang consists of four major high-cohesion low-coupling modules: (1) retrieving, manipulating, and transforming raw hydrological data, (2) statistical operations, hydrological analysis, and model creation, (3) generating graphical and tabular data representations, and (4) mapping and geospatial data visualization. To demonstrate the framework's capabilities, portability, and interoperability, two detailed case studies (assessment of lumped models and construction of a rainfall disaggregation model) have been presented. HydroLang's unique modular architecture and open-source nature allow it to be easily tailored into any use case and web framework, and it encourages iterative enhancements with community involvement to establish the comprehensive next-generation hydrological software toolkit.

Abstract: Hazard maps are irreplaceable in dealing with emergency disaster cases, and geography instructors utilize paper hazard maps for teaching at various educational levels. In recent years, web hazard maps have received attention in disaster risk reduction (DRR) education. This study aims to examine the effectiveness of web hazard maps in DRR education compared with conventional paper hazard maps, an aspect that has rarely been studied previously. The core technology of online web hazard maps is geographic information systems (GIS), and their combination is referred to as Web GIS. Online DRR educational materials for Japanese and Chinese high school students were constructed using Web GIS and geospatial data, including hazard information, to investigate the educational feasibility of web hazard maps. Important findings from questionnaire surveys on students who used both paper and web hazard maps showed that 1) most students thought that informative and easy-to-use web maps need to be introduced to DRR education, and 2) they could identify risk areas more accurately using web hazard maps, indicating that DRR education should utilize modern technologies. However, the surveys also indicated a few limitations, such as usability issues and technological constraints, suggesting that DRR education should ideally combine online materials and paper maps for maximum effectiveness. The results and observations may not only be used in future studies, but also in the formulation of effective DRR courses internationally.

Abstract: The library is an important part of higher education, where the teaching and learning process does not escape from teaching materials and reference materials. Qamarul Huda Badaruddin University is one of the universities in NTB which has a library with a desktop-based library system. This has an impact on the management of libraries and users which in this case students become ineffective and inefficient. With a high need for libraries, library managers, namely librarians and students as users, need a web-based information system so that they can be used from anywhere and anytime, simply using a smartphone or computer. To answer the above problems, the authors design and build a web-based library information system at Qamarul Huda Badaruddin University using the Rapid Application Development (RAD) method. The framework uses CodeIgniter which allows developers to create web applications with Rapid Application Development (RAD) development characteristics. The Qamarul Huda Badaruddin University Library Information System consists of 12 functional requirements, which cover all the requirements for the Qamarul Huda Badaruddin University library. Completion of each module also refers to all stages of the Rapid Application Development (RAD) method and all of them can run well

Abstract: Web measurement studies can shed light on not yet fully understood phenomena and thus are essential for analyzing how the modern Web works. This often requires building new and adjusting existing crawling setups, which has led to a wide variety of analysis tools for different (but related) aspects. If these efforts are not sufficiently documented, the reproducibility and replicability of the measurements may suffer—two properties that are crucial to sustainable research. In this paper, we survey 117 recent research papers to derive best practices for Web-based measurement studies and specify criteria that need to be met in practice. When applying these criteria to the surveyed papers, we find that the experimental setup and other aspects essential to reproducing and replicating results are often missing. We underline the criticality of this finding by performing a large-scale Web measurement study on 4.5 million pages with 24 different measurement setups to demonstrate the influence of the individual criteria. Our experiments show that slight differences in the experimental setup directly affect the overall results and must be documented accurately and carefully.

Abstract: Abstract Motivation As pan-genome approaches are largely employed for bacterial comparative genomics and evolution analyses, but still difficult to be carried out by non-bioinformatician biologists, there is a need for an innovative tool facilitating the exploration of bacterial pan-genomes. Results PanExplorer is a web application providing various genomic analyses and reports, giving intuitive views that enable a better understanding of bacterial pan-genomes. As an example, we produced the pan-genome for 121 Anaplasmataceae strains (including 30 Ehrlichia, 15 Anaplasma, 68 Wolbachia). Availability and implementation PanExplorer is written in Perl CGI and relies on several JavaScript libraries for visualization (hotmap.js, MauveViewer, CircosJS). It is freely available at http://panexplorer.southgreen.fr. The source code has been released in a GitHub repository https://github.com/SouthGreenPlatform/PanExplorer. A documentation section is available on PanExplorer website.

Abstract: Non-robust (fragile) test execution is a commonly reported challenge in GUI-based test automation, despite much research and several proposed solutions. A test script needs to be resilient to (minor) changes in the tested application but, at the same time, fail when detecting potential issues that require investigation. Test script fragility is a multi-faceted problem. However, one crucial challenge is how to reliably identify and locate the correct target web elements when the website evolves between releases or otherwise fail and report an issue. This article proposes and evaluates a novel approach called similarity-based web element localization (Similo), which leverages information from multiple web element locator parameters to identify a target element using a weighted similarity score. This experimental study compares Similo to a baseline approach for web element localization. To get an extensive empirical basis, we target 48 of the most popular websites on the Internet in our evaluation. Robustness is considered by counting the number of web elements found in a recent website version compared to how many of these existed in an older version. Results of the experiment show that Similo outperforms the baseline; it failed to locate the correct target web element in 91 out of 801 considered cases (i.e., 11%) compared to 214 failed cases (i.e., 27%) for the baseline approach. The time efficiency of Similo was also considered, where the average time to locate a web element was determined to be 4 milliseconds. However, since the cost of web interactions (e.g., a click) is typically on the order of hundreds of milliseconds, the additional computational demands of Similo can be considered negligible. This study presents evidence that quantifying the similarity between multiple attributes of web elements when trying to locate them, as in our proposed Similo approach, is beneficial. With acceptable efficiency, Similo gives significantly higher effectiveness (i.e., robustness) than the baseline web element localization approach.

Abstract: Research using custom-made web applications is burgeoning as scholars increasingly conduct their experiments online. We show how researchers can integrate their web applications into popular survey software such as Qualtrics in five simple steps and provide the full JavaScript code and screenshots. This procedure allows participants to seamlessly switch from Qualtrics to their web applications without leaving the survey platform. This integration has two benefits: (1) it eliminates the risk that participants inadvertently drop out of the survey while switching from the survey software to the web application and vice versa; and (2) it saves researchers the fees charged by survey companies to host an external link on the survey platform. Hence, we make it easier to conduct research on targeted (e.g., national) samples using web applications.

Abstract: In the fields of social networking, media, and management, web applications on the Internet play a very indispensable role. A large amount of personal privacy information and login tokens make web applications often targeted by hackers. Cross-site scripting attacks are the most common method used to steal data from web applications. To solve the security risks caused by cross-site scripting vulnerabilities, security personnel need to actively discover these vulnerabilities to better defend against the harm. We proposed a novel genetic algorithm-based fuzzing scheme to address this problem. First, a small number of initial attack vectors are generated according to the interactive environment of the web application and then the attack vectors are sequenced into genes. Combined with the grammatical structure features of cross-site scripting and common bypass methods, the gene sequences are iteratively optimized and improved. Finally, the generated high-quality vectors are used to detect potential cross-site scripting threats in the application (we named the implementation of this approach GAXSS). The method we proposed can automatically detect the vulnerability of page interaction points and can obtain better detection results without a large number of test dictionaries, and the time cost is also reasonable. We have conducted vulnerability tests on many common open-source web applications, with a precision rate of 1.0 and an accuracy rate over 0.98. In addition, we also compared GAXSS with other well-known scanners and state-of-the-art detection methods. Its comprehensive performance is better, and it can effectively detect vulnerabilities.

Abstract: In this chapter, a number of tools for crawling websites are presented, and an example using hotel ratings has been adopted in order to specifically show how these can be extracted from a rating platform. For this purpose, Python with the library “BeautifulSoup” is used. Other program packages include Scrapy and Selenium, with which more complex applications can be realized. In addition to the technical aspects of web scraping, the legal framework of this process will also be discussed.

Abstract: We examine whether the novel systems programming language named Rust can be utilized alongside JavaScript in Node.js and Web-based applications development. The paper describes how JavaScript can be used as a high-level scripting language in combination with Rust in place of C++ in order to realize efficiency and be free of race conditions as well as memory-related software issues. Furthermore, we conducted stress tests in order to evaluate the performance of the proposed architecture in various scenarios. Rust-based implementations were able to outperform JS by 1.15 by over 115 times across the range of measurements and overpower Node.js’s concurrency model by 14.5 times or more without the need for fine-tuning. In Web browsers, the single-thread WebAssembly implementation outperformed the respective pure JS implementation by about two to four times. WebAssembly executed inside of Chromium compared to the equivalent Node.js implementations was able to deliver 93.5% the performance of the single-threaded implementation and 67.86% the performance of the multi-threaded implementation, which translates to 1.87 to over 24 times greater performance than the equivalent manually optimized pure JS implementation. Our findings provide substantial evidence that Rust is capable of providing the low-level features needed for non-blocking operations and hardware access while maintaining high-level similarities to JavaScript, aiding productivity.

Abstract: Nowadays, many attendance applications utilise biometric techniques such as the face, fingerprint, and iris recognition. Biometrics has become ubiquitous in many sectors. Due to the advancement of deep learning algorithms, the accuracy rate of biometric techniques has been improved tremendously. This paper proposes a web-based attendance system that adopts facial recognition using open-source deep learning pre-trained models. Face recognition procedural steps using web technology and database were explained. The methodology used the required pre-trained weight files embedded in the procedure of face recognition. The face recognition method includes two important processes: registration of face datasets and face matching. The extracted feature vectors were implemented and stored in an online database to create a more dynamic face recognition process. Finally, user testing was conducted, whereby users were asked to perform a series of biometric verification. The testing consists of facial scans from the front, right (30 – 45 degrees) and left (30 – 45 degrees). Reported face recognition results showed an accuracy of 92% with a precision of 100% and recall of 90%.

Abstract: Abstract: An essential step in developing any program or app is choosing the appropriate front-end framework or library. Frontend Web development sounds similar to the JavaScript framework. Both of these choices are available for web development requirements. Vue, React, and Angular all fall under the umbrella of JavaScript frameworks. Due to the extensive spectrum of issues developers encounter daily, the industry offers a wide diversity. With the help of many accessible frameworks, a web application may be constructed as intended while considering all practical considerations. The advantages and disadvantages of the fundamental elements and distinctive features of frameworks are discussed in this paper. Additionally, it offers a thorough analysis of the research on front-end frameworks. This study gives an overview of the front-end frameworks discovered in the literature, outlining the essential components of these frameworks using a systematic literature review as methodology. The three most popular frameworks, Vue.js, Angular, and React, were examined for the necessary features.

Abstract: The project is aimed at developing an application for the “`WEB BASED PLACEMENT MANAGEMENT SYSTEM” of the college. The system is an application that can be accessed and effectively used throughout the organization with proper login enabled. This system can be used as an application for the Placement Officers in the college to manage the student information with regard to placement. Our project provides the facility of maintaining the details of the students. The web application can be accessed throughout the organization with proper login provided. The “placement management software” or system helps the students, company to register and communicate all the information in the portal.The users can easily get access to the portal and also the data can be retrieved easily within no time. In various colleges, training and placement officers have to manage the student’s profile and documents for their placements manually. The placement officers will collect the information from various companies who want to recruit the students and updates to the students from time to time. And also arranges the profile of students according to various streams. The placement officer will clearly notify the needs and requirements of the company. It was difficult to communicate the information with the “N” number of students together about the placement drives. So the web application was designed which was easy and efficient to communicate the information to the students in a manual way ,It reduces the manual work and consumes less paper work to reduce the time.

Abstract: There are many web vulnerabilities and popular among them is Cross Site Scripting Attacks (XSS). The XSS vulnerability can go to the extent of intruding on an organization's data via its web application. The activities the hijacker performs during these XSS attacks are accessing user sessions, deleting, adding, and modifying the data of the websites. Additionally, as they have control over the web pages, they add malicious code to distort the user interface and stop further business activities. If an organization’s website is providing service across the globe, this would halt all the user transactions for many hours until the issue is resolved. The attackers would further proceed to access the organization's servers if the situation is not handled to stop the XSS attacks. These real- time scenarios explain the severity of the XSS attacks. Further implementing solutions to not face further attacks is still continuing. The reason for the quest to find better solutions is to avoid these XSS attacks, because the hackers are always finding various routes to hack these web applications. However, even after finding many solutions, these attacks are happening regularly. Hence it is necessary to discover the gap to find an appropriate solution even before any new XSS attack happens. This paper proposes a methodology to explore these gaps and solutions to an ongoing cross site scripting attacks.

Abstract: The aim of the work is to conduct a performance analysis and, on its basis, to indicate the most user-friendly and fastest operating framework. Three Internet applications have been written to test the speed of operation of selected technologies. Some of the most popular frameworks were analyzed: Angular, React and Vue. Static comparative criteria used in the work are: favorable and generally available documentation, application development, speed of application development, development and support by creators. The practical criteria are the times measured during the execution of the tests. The tests were performed with simple operations using the CRUD (Create Read Update Delete) function. The performance analysis carried out in this way shows the differences between the frameworks. The following developerPersian tools were used for the comparative analysis: Google Analytics, Google Chrome, Mozilla Firefox, Chrome DevTools.

Abstract: Most applications looking for XSS vulnerabilities have a variety of weaknesses related to the nature of constructing internet applications. Existing XSS vulnerability packages solely scan public net resources, which negatively influences the safety of internet resources. Threats may be in non-public sections of internet resources that can only be accessed by approved users. The aim of this work is to improve available internet functions for preventing XSS assaults by creating a programme that detects XSS vulnerabilities by completely mapping internet applications. The innovation of this work lies in its use of environment-friendly algorithms for locating extraordinary XSS vulnerabilities in addition to encompassing pre-approved XSS vulnerability scanning in examined internet functions to generate a complete internet resource map. Using the developed programme to discover XSS vulnerabilities increases the effectiveness of internet utility protection. This programme also simplifies the use of internet applications. Even customers unfamiliar with the fundamentals of internet security can use this programme due to its capability to generate a document with suggestions for rectifying detected XSS vulnerabilities.

Abstract: Web accessibility is expressed as the ability of all target users, including the disabled, to access, use, understand and interact with the website. This study aims to systematically review the literature on automated tool utilization in web accessibility research. A comprehensive review was carried out covering the last two decades from 2002 to 2021. 72 articles were reached from widely used databases by using a search strategy. These identified articles were classified according to publication type, publication year, publisher, automated testing tool, website type, and accessibility guide. The findings show an increasing trend in its use in web accessibility evaluations with the popularity of automated testing tools year by year. We hope that this literature review and classification will provide an overview of research on web accessibility analysis using automated testing tools, and present as a roadmap to guide future research in this area.

Abstract: Abstract The introduction of new memory-based crypto-mining techniques and the rise of new web technologies like WebAssembly, made the use of browsers for crypto-currencies mining more and more convenient and popular. That, in turn, originated a new form of computer piracy, called cryptojacking, which is rapidly gaining ground on the web. A cryptojacking site exploits its visitors’ hardware resources to secretly mine crypto-currencies. This paper analyzes current web-based cryptojacking detection methods in order to propose a novel hybrid strategy. Current detection methods are found to require either considerable computer administration skills or execution privileges usually not available to common users. In this view, a method, named MinerAlert, has been designed and proposed, aiming at detecting in real-time sites performing cryptojacking. To address the limitations of current methods, the method implementation has been achieved through a browser extension. The present paper describes the method’s details and its implementation. It also reports the experimental results of its utilization, showing its positive performances in terms of ease of use, successful detections and speed.

Abstract: The global nature of web applications puts them at a high risk of attacks from different locations and with various levels of severity and complexity. Cross-Site Scripting (XSS) is a code injection attack that happens at the client-side i.e., through the web browsers. The attacker's main strategy is to execute the malicious injected scripts in a legitimate web application through the victim's browser. XSS vulnerabilities can be a source of other security attacks such as the spread of malware, credential theft, credential phishing, social network worms, and website defacing. Plenty of research has been carried out on the detection and prevention of XSS using machine learning techniques that involved URL-based features, HTML features, and JavaScript features and achieved an accuracy of about 98%. XSS attacks can have different forms and evolve regularly, new patterns emerge daily, feature extraction can be challenging, so there is a high probability of being not exhaustive. A Convolutional Neural network can be useful for XSS classification tasks, as because of its architecture it requires less feature extraction pre-processing task. In this paper, we used almost all the characters of XSS Scripts during feature generation and used the Convolutional Neural Network (CNN) technique to classify and detect the XSS scripts as malicious or benign and achieved the accuracy of 98.62 and precision of 98.6 and recall 98.86.

Abstract: Current static detection technology for web application vulnerabilities relies highly on specific vulnerability patterns, while dynamic analysis technology has the problem of low vulnerability coverage. In order to improve the ability to detect unknown web application vulnerabilities, this paper proposes a PHP Remote Command/Code Execution (RCE) vulnerability directed fuzzing method. Our method is a combination of static and dynamic methods. First, we obtained the potential RCE vulnerability information of the web application through fine-grained static taint analysis. Then we performed instrumentation for the source code of the web application based on the potential RCE vulnerability information to provide feedback information for fuzzing. Finally, a loop feedback web application vulnerability automatic verification mechanism was established in which the vulnerability verification component provides feedback information, and the seed mutation component improves the vulnerability test seed based on the feedback information. On the basis of this method, the prototype system Cefuzz (Command/Code Execution Fuzzer) is implemented. Thorough experiments show that, compared with the existing web application vulnerability detection methods, Cefuzz significantly improves the verification effect of RCE vulnerabilities, discovering 13 unknown vulnerabilities in 10 popular web CMSes.

Abstract: The hospital location selection for COVID-19-infected patients is out to be one of the most critical decisions for healthcare sectors in high-case countries. In this study, optimal urban hospital location selection for COVID-19-infected patients has been done out of multiple alternative locations in city of Baghdad Iraq by introducing a web application system that can find the best site from alternatives by using MEREC and modified technique for order of preference by similarity to ideal solution (TOPSIS) algorithms. MEREC algorithm is utilized to obtain criteria weights and modified TOPSIS for ranking the alternatives. Four criteria are considered with eight alternatives sites. The proposed system has two-part, hardware part (embedded systems) designed by utilizing NEO-6M GPS receiver with ESP8266NodeMCU to obtain coordinate of regions and then, using the HTTP protocol to communicate to submit these data to database server. The second part is the web application developed by PHP, JavaScript, CSS, HTML, and MySQL used to allow the system admin to enter the locations of the alternatives with their criteria into the system to get the best urban hospital location for COVID-19-patients. The results showed effectiveness of overall suggested system and appropriateness of the modified TOPSIS method over the traditional TOPSIS method in ranking the alternative.

Abstract: The worldwide Web has dramatically evolved in recent years. Web pages are dynamic, expressed by programs written in common programming languages given rise to sophisticated Web applications. Thus, Web browsers are almost operating systems, having to interpret/compile such programs and execute them. Although JavaScript is widely used to express dynamic Web pages, it has several shortcomings and performance inefficiencies. To overcome such limitations, major IT powerhouses are developing a new portable and size/load efficient language: WebAssembly.In this paper, we conduct the first systematic study on the energy and run-time performance of WebAssembly and JavaScript on the Web. We used micro-benchmarks and also real applications in order to have more realistic results. Preliminary results show that WebAssembly, while still in its infancy, is starting to already outperform JavaScript, with much more room to grow. A statistical analysis indicates that WebAssembly produces significant performance differences compared to JavaScript. However, these differences differ between micro-benchmarks and real-world benchmarks. Our results also show that WebAssembly improved energy efficiency by 30%, on average, and showed how different WebAssembly behaviour is among three popular Web Browsers: Google Chrome, Microsoft Edge, and Mozilla Firefox. Our findings indicate that WebAssembly is faster than JavaScript and even more energy-efficient. Additionally, our benchmarking framework is also available to allow further research and replication.

Abstract: Existing e-commerce applications offer various functionalities to buy any products from their websites. However, a comparison for any product in terms of price offers, and quality among these applications is time-consuming and involves the user’s time to check reviews and surf other websites to check prices. The objective of this paper is to propose a web application that identifies those basic details for any product from different e-commerce websites. These details are compared, and the result is displayed to the user graphically for the final decision. The proposed web application uses the web-scraping methodology with selenium and is implemented on the python framework using various algorithms and techniques which are discussed in the paper. As an outcome, the system will give the simulation results, so that the user can get the recommendations on purchasing the relevant product with better user satisfaction and in minimum clicks and time.