JWE Abstracts 

Vol.9 No.1 March 1, 2010

Practical Elimination of External Interaction Vulnerabilities in Web Applications (pp001-024)
        James Mille and Toan Huynh
External Interaction Vulnerabilities (EIVs) are currently the most common vulnerability for web applications.  These vulnerabilities allow attackers to use vulnerable web applications as a vessel to transmit malicious code to external systems that interact with the web applications.  The malicious code will modify the semantic content of the information sent to the external application.  Current vulnerability detection approaches are black-box oriented and do not take advantage of the data flow information which is available in the source code.  In this paper, we introduce a white-box approach called EIV analysis to eliminate web applications’ vulnerabilities.  This strategy allows investigators to accurately identify all inputs entering the web application and model the input as it reaches external systems acting as data sinks. The strategy is partially automated resulting in substantial effort savings when compared with common industrial approaches; while also providing superior performance in terms vulnerability detection. A case study using a commercial, currently deployed, mission-critical web application is presented to demonstrate the validity of these claims.

Investigating the Distributional Property of the Session Workload (pp025-047)
        James Mille and Toan Huynh
Companies now rely on the World Wide Web for communication with their customers.   As reliance on web servers grows, the need for companies to better understand the workload placed upon these servers also increases.  The session workload unit is a popular unit of measurement used to analyze recorded information from server logs.  In fact, many web applications, from shopping carts to online banking systems, require session information to function correctly.  Web data mining is also dependent on session workload information.  However, the distributional properties of this session workload are not understood.  Whether the session workload can be described as a short-tailed or heavy-tailed distribution is a fundamental question for the investigation of the session workload unit.  This paper empirically explores claims that the session workload can be described using a heavy-tailed distribution.  The paper concludes that, for the samples used in this paper, a method to accurately determine whether the session workload is drawn from a heavy-tailed distribution does not exist.  Hence, the conclusion that they are drawn from such a distribution cannot be made.

Augmenting a Web-Based Learning Environment through Blending Formative Assessment Services (pp048-065)
        I-Ching Chen, Dong-Her Shih, and Shuen-Cheng Hu
Web-based training gained popularity due to pervasive hypertext information systems, as well as its flexibility of time and place. However, the lack of orientation and interactions leads to higher dropout rates in those self-directed learning environments. From the perspectives of learners, formative assessment generates criticism and suggestions that guide them toward ultimate learning goals, which improves their sustaining rates in self-directed learning environments. This research work aims to investigate how a Web-based learning platform can blend external formative assessment services to foster learning activities as well as facilitate interactions between learners and mentors.  Besides proposing a conceptual model, a proof-of-concept prototype has been developed, in which both fully-automatic and human-involved formative assessment works could be blended into a self-paced, Web-mediated learning process. An experiment indicated that the prototyped e-learning context did help to sustain learners. The result of this research implies that, with abundant pedagogical Web services in an open framework, high priced e-learning resources could be easily shared and flexibly orchestrated to fulfill various educational goals.

Empirically Assessing the Impact of DI on the Development of Web Service Applications (pp066-094)
        Marco Crasso, Cristian Mateos, Alejandro Zunino, and Marcelo Campo
Service-Oriented Computing (SOC) has been broadly conceived as the next big thing in distributed software development. The software industry has embraced SOC through Web Services --functionality that is accessible via ubiquitous protocols such as HTTP. This technology provides the basis for reuse and interoperability of applications across the WWW. However, consuming Web Services is still an expensive task in terms of development costs, since developers still have to invest much effort not only into manually discovering services, but also on providing code to invoke them, which leads to software that is polluted with service-aware code and therefore is more difficult to modify and test. Recently, a technique that has become very popular for building software is Dependency Injection (DI), which allows applications to be far more testable and maintainable. In this paper, we quantitatively analyze some of the benefits and costs of DI for building Web Service applications. We base our experiments on a refined version of DI that combines text-mining, machine learning, and best practices from component-based software development to simplify the way Web Services are discovered and consumed. To our knowledge, this is the first study on the impacts of using DI in the context of SOC.

Back to JWE Online Front Page