Abstract: Websites are becoming increasingly effective communication tools. Nevertheless, web applications are vulnerable to attack and can give attackers access to sensitive information or unauthorized access to accounts. The number of vulnerabilities in web applications has increased dramatically over the past decade. Many are due to improper validation and sanitization of input. Identifying these vulnerabilities is essential for developing high-quality, secure web applications. Whenever a website is released to the public, it is required to have had penetration testing to a certain standard to ensure the security of the information. Application-level security vulnerability detection is possible for many commercial and open-source applications. However, developers are curious about which tools detect security vulnerabilities and how quickly they do so. The purpose of this study is to discuss penetration testing and how it can be implemented. This paper also explores the hazards and vulnerabilities associated with the web environment as well as the protective measures that can be taken. In addition, a comprehensive review and comparison of common web penetration testing tools is provided. The aim of this paper is to help web penetration testers choose a technology that is optimal for their requirements. The paper also sets out to guide and provide recommendations to users for choosing the best web penetration test tool and increasing their awareness of secure web environments. The study results indicate that not all web penetration testing tools offer the same features and that combining analysis tools can provide detailed information about web vulnerabilities.

Abstract: Abstract Climate-responsive building design holds immense potential for enhancing comfort, energy efficiency, and environmental sustainability. However, many social, cultural, and economic obstacles might prevent the wide adoption of designing climate-adapted buildings. One of these obstacles can be removed by enabling practitioners to easily access, visualize and analyze local climate data. The CBE Clima Tool (Clima) is a free and open-source web application that offers easy access to publicly available weather files and has been created for building energy simulation and design. It provides a series of interactive visualizations of the variables contained in the EnergyPlus Weather Files and several derived ones like the UTCI or the adaptive comfort indices. It is aimed at students, educators, and practitioners in the architecture and engineering fields. Since its inception, Clima’s user base has exhibited robust growth, attracting over 25,000 unique users annually from across 70 countries. Our tool is poised to revolutionize climate-adaptive building design, transcending geographical boundaries and fostering innovation in the architecture and engineering fields.

Abstract: Cross-Site Scripting (XSS) attacks inject malicious code payloads into web application logs, triggering stored cross-site scripting execution when accessing the view-logs interface. The destruction produced by the XSS injection susceptibilities is especially significant since the attacker can steal sensitive data such as the stored user's cookies and tokens or control the host remotely by using remote code execution of XSS. For example, if an attacker manages to obtain the cookies of the website administrator, the whole website can be taken over. In this paper, we develop and evaluate the performance of a machine-learning-based XSS detection system for website applications. Particularly, we investigate using three supervised machine learning: optimizable k-nearest neighbours, optimizable naïve bays, and hybrid (ensemble) learning of decision trees. To validate the system's efficacy, we employed the XSS-Attacks-2019 dataset consisting of modern real-world traffic-subjected types of classes normal (benign) or anomaly (XSS attack). To verify the performance evaluation, we have used several conventional metrics, including the confusion matrix analysis, the detection accuracy, the detection precision, the detection sensitivity, the harmonic detection means, and the detection time. The experimental results demonstrated the predominance of the hybrid learning-based XSS detection system. The best performance indicators peaked at 99.8% (accuracy, precision, and sensitivity) with a very short detection time of 103.1 μSec. Conclusively, the proposed hybrid model outpaced several recent XSS-attacks detection systems in the same study area.

Abstract: SQL injection is a type of security vulnerability that occurs in database-driven web applications where an attacker injects malicious code into the application to gain unauthorized access to sensitive information. This paper aims to provide a comprehensive and systematic review of the existing methods for preventing and detecting SQL injection attacks. The review covers a range of techniques, including input validation, parameterized queries, and intrusion detection systems, as well as the advantages and disadvantages of each method. The most common prevention techniques include input validation, parameterized queries, and stored procedures, while the most common detection techniques include intrusion detection systems (IDS), honeypots, and signature-based detection. The choice of method will depend on the specific requirements of the organization and the level of security required. Still, a combination of prevention and detection methods is likely to be the most effective way to secure web applications against SQL injection attacks. The paper concludes that SQL injection attacks continue to be a significant security threat to web applications, and it is essential for organizations to implement effective prevention and detection methods to secure their web applications against SQL injection attacks.

Abstract: We present WebGLM, a web-enhanced question-answering system based on the General Language Model (GLM). Its goal is to augment a pre-trained large language model (LLM) with web search and retrieval capabilities while being efficient for real-world deployments. To achieve this, we develop WebGLM with strategies for the LLM-augmented retriever, bootstrapped generator, and human preference-aware scorer. Specifically, we identify and address the limitations of WebGPT (OpenAI), through which WebGLM is enabled with accuracy, efficiency, and cost-effectiveness advantages. In addition, we propose systematic criteria for evaluating web-enhanced QA systems. We conduct multi-dimensional human evaluation and quantitative ablation studies, which suggest the outperformance of the proposed WebGLM designs over existing systems. WebGLM with the 10-billion-parameter GLM (10B) is shown to perform better than the similar-sized WebGPT (13B) and even comparably to WebGPT (175B) in human evaluation. The code, demo, and data are at https://github.com/THUDM/WebGLM.

Abstract: The pandemic caused by COVID-19 impacted the entire world, but the significant challenges to be faced during this crisis opened an opportunity for organizations to evolve toward a digital transformation. Educational institutions were a concrete example of the use of technologies, which were abruptly incorporated into the teaching–learning model. Although this initiative was initially a challenge for teachers and students, it has now become a tool for new innovative teaching models, such as hybrid, online, and flexible models. The impact of technology used in education has been beneficial due to emerging technologies (virtual reality, augmented reality, games, web applications, mobile applications, etc.), which have served as tools to facilitate and motivate studying. These educational trends contribute directly to the fourth Sustainable Development Goal (SDG). This research analyzes whether the use of a web application, as a support in the educational model, can make students better understand the subjects of network infrastructure and be more efficient when configuring equipment in a data network. Therefore, this research is based on the design of an educational web application based on Python libraries, which allows the configuration of networking equipment based on the concept of network automation with the application of a graphical user interface (GUI). The web application can be deployed with communication equipment or in conjunction with the GNS3 simulator. This versatility allows this web tool to be applied to the teaching of network equipment configuration in any mode of study (classroom, online, hybrid, or flexible). The results obtained in this research are encouraging and open the way for the implementation of network automation and Python libraries for educational applications that can be important tools within the teaching and learning models of higher education.

Abstract: Web scraping can be done using many languages such as C++, Java, JavaScript, PhP, Python, Ruby, etc. Among them, Python stands to be the most powerful language with lots of inbuilt libraries that supports web scraping, extensive support for third-party open-source libraries, and higher speeds compared to other languages. Python libraries for web scraping are designed for fast and highly accurate data extraction. There are many libraries available for web scraping and the developer can choose the respective library in accordance with their scraping application. This paper focuses on the study of several web scraping tools and techniques and analyze the performance of those tools and present the statistical significance of the results.

Abstract: This paper presents a web-based hospital management system that allows patients, doctors, and administrators to interact with the hospital's information system through a web interface. The system is built using HTML5/CSS3, JavaScript, Bootstrap, XAMPP, PHP, MySQL, and TCPDF technologies. Web-Based Hospital Management System (HMS) enables various hospital and medical processes to be performed online. It consists of registration, login of patients, and booking their appointments with doctors storing their details in the system. It provides a login page for patients, doctors, and admins each have their username and password. It consists of three modules. Those are the patient, doctor and admin. This Web Application maintains authentication to access the information. Administrators can see patient and doctor information, appointment schedules and add new doctors as part of administrative tasks. A database was created one for the patient and the other for the doctors so that admin can access it. The Patient module includes booking appointments and checking prescriptions. A patient can pay a doctor’s Fee online. The doctor module allows doctors to view appointments, give prescriptions and search for patients. Web-based technology provides a wide range of online services in practically every industry. The majority of jobs may be completed online, which helps to minimize the workload, expense, and effort. The paper discusses the concept of a web-based platform that would enable various hospital and medical processes to be performed online utilizing Web networking technologies, which could be crucial for implementing the functionality of online medical administration. This will aid in the administration of patients, the management of doctor schedules, and the maintenance of patient data that are accessible throughout the hospital online patient data storage, management, communication, analysis, and updating. Therefore, by implementing this web-based application many tasks that would be time consuming and inconvenient can be accomplished.

Abstract: WebView is a UI widget that helps integrate web applications into the native context of Android apps. It provides powerful mechanisms for bi-directional interactions between the native-end (Java) and the web-end (JavaScript) of an Android app. However, these interaction mechanisms are complicated and have induced various types of bugs. To mitigate the problem, various techniques have been proposed to detect WebView-induced bugs via dynamic analysis, which heavily relies on executing tests to explore WebView behaviors. Unfortunately, these techniques either require manual effort or adopt random test generation approaches, which are not able to effectively explore diverse WebView behaviors. In this paper, we study the problem of test generation for WebViews in Android apps. Effective test generation for WebViews requires identifying the essential program properties to be covered by the generated tests. To this end, we propose WebView-specific properties to characterize WebView behaviors, and devise a cross-language dynamic analysis method to identify these properties. We develop ωTest, a test generation technique that searches for event sequences covering the identified WebView-specific properties. An evaluation on 74 real-world open-/closed-source Android apps shows that ωTest can cover diverse WebView behaviors and detect WebView-induced bugs effectively. ωTest detected 36 previously-unknown bugs. From the 22 bugs that we have reported to the app developers, 13 bugs were confirmed, 9 of which were fixed.

Abstract: In this paper, we present the final results from the research project “Urban Abacus of Building Energy Performances (Abaco Urbano Energeticodegli Edifci–AUREE)” aimed at supporting the renovation process and energy efficiency enhancement of urban building stocks. The crux of the AUREE project is a Web–GIS GeoBlog portal with customized semantic dashboards aimed at sharing information on an urban built environment and promoting the participation of local stakeholders in its improvement. As the latest development of this research, a workflow that integrates the AUREE portal with BIM authoring and an open-source IoT platform is implemented and applied to an experimental case study concerning a public building in Carbonia (Italy). The headquarters of the Sotacarbo Sustainable Energy Research Center was selected as the case study. The presented results proved that it was possible to create a valid open system, which was accessible to both specialist and unskilled users, and aimed at guiding, through a progressive knowledge deepening, common end-users toward proper conscious “energy behaviors” as well as public administrations and decision-makers toward sustainable facility management. Later, the proposed open system could also be suitable to be used as an effective tool to support the rising “energy communities”.

Abstract: In recent years, huge increase in attacks and data breaches is noticed. Most of the attacks are performed and focused on the vulnerabilities related to web applications. Hence, nowadays the mitigation of application vulnerabilities is an ignited research area. Thus, due to the potential high severity impacts of web application, many different approaches have been proposed in the past decades to mitigate the damages of application vulnerabilities. Static and dynamic analysis are the two main techniques used. In this paper, a new classification for web application input validation vulnerabilities is proffered. In addition, various techniques/tools that are used to detect them are analyzed and evaluated to apprehend their strengths and weaknesses. Thus, this paper provides both technical as well as literature countermeasures to input validation vulnerabilities. Moreover, various statistical distributions of the reviewed techniques were manifested and scrutinize in different aspects to reveal the perception of the prevailing techniques and the gaps in the literature. In addition, the most widespread metrics are also propounded.

Abstract: Medical doctors frequently rely on assistance tools during the decision-making process or when determining suitable chemotherapy options. These tools can take the form of recommendation systems, online test calculators, or web-based applications. They provide support not only in making recommendations but also in conducting thorough profile investigations of patients. Previous researchers have developed web-based survival analysis tools in the cancer survival field. However, many of these tools provide only basic functionality and rely on simplistic models, offering only a superficial understanding of the data. In this study, we undertake a comprehensive analysis of risk profiles using survival clustering techniques applied to a real-world dataset and developed an accessible online Shiny application to facilitate easier utilization of our findings. By leveraging survival clustering, we aim to uncover distinct subgroups based on survival patterns and identify unique risk profiles associated with breast cancer patients. Our online app provides a user-friendly interface for researchers and clinicians to explore the results, enabling them to gain valuable insights into the complex landscape of breast cancer risk profiles. This interactive tool offers a more accessible means of understanding and utilizing the implications of our research in personalized medicine and clinical decision-making.

Abstract: The paper compares the effectiveness of the online and blended learning of music during COVID-19. The study involved 140 students from Nanjing Xiaozhuang University in China. The research design: a pre-test and post-test experiment with a control group. The following research findings were obtained: the combination of face-to-face and online learning resulted in significant increases in PK (from 205.72 to 303.40), TPK (from 258.75 to 271.50), PCK (from 271.00 to 295.00) and TPCK (from 261.00 to 293.00) among students in TPACK test, which was significant (p < 0.05). The experimental group's scores on the Piano Lesson Achievement Test were higher (293.00) than those of the control group (174.00), which was considered statistically significant (z = 2.67). The research suggests that personalized blended learning to play the piano is more effective than conventional online learning. The results can provide fundamental insights when designing and implementing online or blended piano courses. For example, a piano video tutorial can be created and applied in terms of personalized online instruction. Further on, it is important to explore alternative methods in online music learning (learning through apps, videos, etc.), to study their effectiveness in music education, to identify the advantages and disadvantages of each method.

Abstract: Detection and mitigation of critical web vulnerabilities and attacks like cross-site scripting (XSS), and cross-site request forgery (CSRF) have been a great concern in the field of web security. Such web attacks are evolving and becoming more challenging to detect. Several ideas from different perspectives have been put forth that can be used to improve the performance of detecting these web vulnerabilities and preventing the attacks from happening. Machine learning techniques have lately been used by researchers to defend against XSS and CSRF, and given the positive findings, it can be concluded that it is a promising research direction. The objective of this paper is to briefly report on the research works that have been published in this direction of applying classical and advanced machine learning to identify and prevent XSS and CSRF. The purpose of providing this survey is to address different machine learning approaches that have been implemented, understand the key takeaway of every research, discuss their positive impact and the downsides that persists, so that it can help the researchers to determine the best direction to develop new approaches for their own research and to encourage researchers to focus towards the intersection between web security and machine learning.

Abstract: In 2022, over half of the web traffic was accessed through mobile devices. By reducing the energy consumption of mobile web apps, we can not only extend the battery life of our devices, but also make a significant contribution to energy conservation efforts. For example, if we could save only 5% of the energy used by web apps, we estimate that it would be enough to shut down one of the nuclear reactors in Fukushima. This paper presents a comprehensive overview of energy-saving experiments and related approaches for mobile web apps, relevant for researchers and practitioners. To achieve this objective, we conducted a systematic literature review and identified 44 primary studies for inclusion. Through the mapping and analysis of scientific papers, this work contributes: (1) an overview of the energy-draining aspects of mobile web apps, (2) a comprehensive description of the methodology used for the energy-saving experiments, and (3) a categorization and synthesis of various energy-saving approaches.

Abstract: Cross-site scripting (XSS) vulnerabilities are significant threats to web applications. The number of XSS vulnerabilities reported has increased annually for the past three years, posing a considerable challenge to web application maintainers. Black-box scanners are mainstream tools for security engineers to perform penetration testing and detect XSS vulnerabilities. Unfortunately, black-box scanners rely on crawlers to find input points of web applications and cannot guarantee all input points are tested. To this end, we propose a grey-box fuzzing method based on reinforcement learning, which can detect reflected and stored XSS vulnerabilities for Java web applications. We first use static analysis to identify potential input points from components (i.e., Java code, configuration files, and HTML files) of the Java web application. Then, an XSS vulnerability payload generation method is proposed, which is used together with the reinforcement learning model. We define the state, action, and reward functions of three reinforcement learning models for XSS vulnerability detection scenarios so that the fuzz loop can be performed automatically. To demonstrate the effectiveness of the proposed method, we compare it against four state-of-the-art web scanners. Experimental results show that our method finds all XSS vulnerabilities and has no false positives.

Abstract: The recent surge in the popularity of Python as a programming language is mainly due to its libraries used in the field of data science applications. However, Python is also extensively used for web application development, thanks to the abundance of its web application frameworks.

Abstract: The rise in usage of the Internet has tremendously helped those who use web applications. Web-based applications are becoming more susceptible to numerous security risks and network vulnerabilities as online attacks continue to develop. Malicious code or contents could be embedded in requests from HTTP causing attacks like SQL injections etc.In this research, an online intrusion detection system is presented to tackle the rise in web application attacks. Our web intrusion detection system uses a Distil-BERT, RNN, and LSTM model to identify attacks with body, URL, and User-data. The experimental findings demonstrate that our model successfully classifies the attacks with body, URL, and user data with a 94% accuracy.

Abstract: Abstract Background Postpartum depression is a major public health concern, which is associated with negative consequences for both mothers and children. Unfortunately, many affected women neither understand the warning signs of postpartum depression nor do they know where to seek help. The aim of this study was to evaluate the feasibility of SmartMoms, a German mobile web application (web app) designed to inform women about postpartum depression, support them, and provide an easily accessible self-screening instrument. Methods After its development, SmartMoms was distributed through healthcare providers and social media. Feasibility was assessed by examining (1) the experience of postpartum women with the web app, (2) user behaviour, and (3) the experience of healthcare providers with the web app and its distribution. A mixed methods approach was used, including online surveys, usage data, and interviews. Results Most women used SmartMoms to prevent postpartum depression and rated the web app as good (on average 4.36 out of 5 stars). The majority of women (62.2%) accessing the self-screening instrument showed a risk for postpartum depression (Edinburgh Postnatal Depression scale score ≥ 12). Most providers (n = 12/13) felt supported through SmartMoms in discussing postpartum depression and considered it a useful offer. Suggestions for improvement were provided. Conclusions SmartMoms meets the needs and expectations of mothers and healthcare providers interested in postpartum depression but should be further adapted to include more specific support options and additional information for professionals.

Abstract: The Low Code Development Platform (LCDP) is a versatile platform to handle process, database, mobile and web based applications. The platform provides us opportunity to digitize the activities in IT, telecommunication, government and all other industries as well as different departments of the organization in the form of applications. The manufacturing industry can also incorporate low-code apps for data analysis and their manufacturing processes to automate the process. This research work has proposed a novel sustainable LCDP with optimization techniques for data analysis. The proposed platform allows user to execute data analysis applications in optimization and without optimization mode. The result shows that optimized LCDP reduces both space and time required for the any type of application.

Abstract: Web applications are exposed to many attacks, including SQL injection attacks, cross-site scripting, etc. This study will focus on attacks related to SQL-i. SQL-i injection leads to loss of confidentiality, integrity, and availability of data for users or organizations, as a result of which unauthorized persons have to access, update, and delete the user’s database, which leads to many risks at the individual or institutional level. Many methods for detecting SQL injection attacks include static analysis, dynamic analysis, and machine learning techniques. As a result, preventive measures must be implemented to combat the increased risk of SQL injection. This paper proposes using a model to detect these threats by applying machine learning algorithms, precisely the improved K-Nearest Neighbor algorithm, as the primary injection detection mechanism. Experiments show that applying the optimized K-Nearest Neighbor model with principal component analysis produces a dataset with significant advantages that improve model accuracy. After using the proposed model, the results showed good accuracy of 96.75% and time complexity, even with a difference in the number of features in the dataset used.

Abstract: To maintain secure web services and IT infrastructure, this has proposed the prototype of a vulnerability reporting system. Among these reporting systems developed to deal with problems of maintenance and analysis report management system which not yet been implemented in the cyber security scanning tool, Nessus. The system, which was designed to manage and analyze cyber security maintenance by focusing on vulnerability reports, was based on web-based technology. To ensure that the prototyping system could be used quickly, the development process employed the prototyping-rapid application development technique. The administrator of this system may easily manage and keep track of the report following the activity of scanning the cyber security maintenance for vulnerabilities.

Abstract: The technological advances we are witnessing today have stimulated the creation of many 3D virtual environments for various purposes, from entertainment to industry to education. While the majority of these environments are perfectly suited for the healthy population, we should not forget about impaired people living among us. Regarding children’s education, one may wonder how impaired children handle them. Do they find them usable and attractive? How well do they handle basic activities in 3D environments, including orientation and interaction with objects? The experiment presented in this article provides answers to these questions within a specific setup. The experiment used a custom web application with several 3D virtual environments in a desktop virtual reality setting. The participants were 12 children, aged 8–14, with multiple impairments, predominantly hearing impairment, borderline and mild degree of mental retardation, and inferior communication skills. The answers can be regarded as positive and are based on results gathered in the form of completion times and the System Usability Scale questionnaire scores. The article also reports on a significant relation found between completion times and questionnaire scores. Future research directions, including those related to the Metaverse concept, are discussed, too.