Analysis of Security and Performance Service in Service Oriented Architecture (SOA) and Data Integration

Nowdays, the use of web services in the world of education is very much particular services and information provided in the form of the transaction until the payment - the payment and security in a system that is built in the form of a website. This system does not yet have a system that is integrated with each other and the security that is necessary to develop a system that leads towards it. Services provided requires an integrated system of all related system, the Service Oriented Architecture (SOA) to be used as an efficient solution for integrating distributed applications. In SOA-based environment that focuses on quality of service called WSARCH (Web Services Architecture). With this paper can then propose a system that uses a Service Oriented Architecture (SOA) with Web Services Architecture to resolve accurately than techniques that have a lower negative impact in terms of service performance and security

Analysis of Security and Performance Service in Service Oriented Architecture (SOA) and Data Integration

Nowdays, the use of web services in the world of education is very much particular services and information provided in the form of the transaction until the payment - the payment and security in a system that is built in the form of a website. This system does not yet have a system that is integrated with each other and the security that is necessary to develop a system that leads towards it. Services provided requires an integrated system of all related system, the Service Oriented Architecture (SOA) to be used as an efficient solution for integrating distributed applications. In SOA-based environment that focuses on quality of service called WSARCH (Web Services Architecture). With this paper can then propose a system that uses a Service Oriented Architecture (SOA) with Web Services Architecture to resolve accurately than techniques that have a lower negative impact in terms of service performance and security

Building Robust E-learning Software Systems Using Web Technologies

Building a robust e-learning software platform represents a major challenge for both the project manager and the development team. Since functionalities of these software systems improves and grows by the day, several aspects must be taken into consideration – e.g. workflows, use-casesor alternative scenarios – in order to create a well standardized and fully functional integrated learning management system. The paper will focus on a model of implementation for an e-learning software system, analyzing its features, its functional mechanisms as well as exemplifying an implementation algorithm. A list of some of the mostly used web technologies (both server-side and client-side) will be analyzed and a discussion over major security leaks of web applicationswill also be put in discussion.E-learning, E-testing, Web Technology, Software System, Web Platform

PEP4Django - A Policy Enforcement Point for Python Web Applications

Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this context, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system

Reverse Engineering Environment for Teaching Secure Coding in Java

Few toolsets for program analysis and Java learning system provide an integrated console, debugger, and reverse engineered visualizer. We present an interactive debugging environment for Java which helps students to understand the secure coding by detecting and visualizing the data flow anomaly. Previous research shows that the earlier students learn secure coding concepts, even at the same time as they first learn to write code, the better they will continue using secure coding practices. This paper proposes web-based Java programming environment for teaching secure coding practices which provides the essential and fundamental skills in secure coding. Also, this tool helps students to understand the data anomaly and security leak with detecting vulnerabilities in given code.Cockrell School of Engineerin

Automatic Detection and Fixing of Java XXE Vulnerabilities Using Static Source Code Analysis and Instance Tracking

Web security is an important part of any web-based software system. XML External Entity (XXE) attacks are one of web applications’ most significant security risks. A successful XXE attack can have severe consequences like Denial-of-Service (DoS), remote code execution, and information extraction. Many Java codes are vulnerable to XXE due to missing the proper setting of the parser’s security attributes after initializing the instance of the parser. To fix such vulnerabilities, we invented a novel instance tracking approach to detect Java XXE vulnerabilities and integrated the approach into a vulnerability detection plugin of Integrated Development Environment (IDE). We have also implemented auto-fixes for the identified XXE vulnerabilities by modifying the source code’s Abstract Syntax Tree (AST). The detection and auto-fixing approaches were evaluated using typical Java code vulnerable to XXE. The evaluation results showed that our detection approach provided 100% precision and recall in detecting the XXE vulnerabilities and correctly fixed 86% of the identified vulnerabilities

Analysis of Security Vulnerabilities in Web Applications using Threat Modeling

Software security issues have been a major concern to the cyberspace community; therefore, a great deal of research on security testing has been performed, and various security testing techniques have been developed. A security process that is integrated into the application development cycle is required for creating a secure system. A part of this process is to create a threat profile for an application. The present project explains this process as a case study for analyzing a web application using Threat Modeling. This analysis can be used in the security testing approach that derives test cases from design level artifacts

Toward an Integrated System for Surveillance and Behaviour Analysis of Groups and People

Security and INTelligence SYStem is an Italian research project which aims to create an integrated system for the analysis of multi-modal data sources (text, images, video, audio), to assist operators in homeland security applications. Within this project the Scientific Research Unit of the University of Palermo is responsible of the image and video analysis activity. The SRU of Palermo developed a web service based architecture that provides image and video analysis capabilities to the integrated analysis system. The developed architecture uses both state of the art techniques, adapted to cope with the particular problem at hand, and new algorithms to provide the following services: image cropping, image forgery detection, face and people detection, weapon detection and classification, and terrorist logo recognition. In the last phase of the project we plan to include in our system new services, mainly oriented to the video analysis, to study and understand the behaviour of individuals, either alone or in a group

Building Robust E-learning Software Systems Using Web Technologies

Building a robust e-learning software platform represents a major challenge for both the project manager and the development team. Since functionalities of these software systems improves and grows by the day, several aspects must be taken into consideration – e.g. workflows, use-casesor alternative scenarios – in order to create a well standardized and fully functional integrated learning management system. The paper will focus on a model of implementation for an e-learning software system, analyzing its features, its functional mechanisms as well as exemplifying an implementation algorithm. A list of some of the mostly used web technologies (both server-side and client-side) will be analyzed and a discussion over major security leaks of web applicationswill also be put in discussion