Hunting CAPTCHA-solving bots

openToday, smart phones have become an integral part of modern human life. By increasing CPU power and energy efficiency of these types of equipment, almost all daily routines and even personal activities of people have become dependent on these devices. By knowing the importance of these equipment in today's human life and crucial role of them to protect personal sensitive information, security and authorized access to these data are indispensable requirement in any new methods in this field of study. Today, CAPTCHAs are used to protect smart phones and computers from robot access, however most of which are broken and hacked by robots and machine learning based method. Therefore, it is necessary to provide more accurate and comprehensive algorithm in order to identify robots and prevent them from entering mobile phones

Security First approach in development of Single-Page Application based on Angular

Recently a Single-Page Application (SPA) approach is getting attention even though this is based on JavaScript is not considered to be a safe programming language. In the SPA ecosystem developers often have to use many external dependencies. Detected vulnerabilities in these external dependencies are disclosed and updated in most cases by the community. Often, in-depth security analysis is not included during the development stage, due to project deadlines and other circumstances. It goes with number of complications. The most straightforward is to be vulnerable for cyber attacks which causes financial problems for companies. Currently law already includes penalties in case of data breaches. Moreover, detected vulnerable code delays projects due to necessary time to improve it. Sometimes it requires to change the whole architecture if the application was poorly designed or in case security was skipped completely in the early stage. It might lead even to putting changes in the architectural style once the application is already on the market. It does makes high pressure on software developers to fix it fast. The rush to deliver it as fast as possible can create new security risks, because in some scenarios it might take significant amount of time to change the design with security prioritization. Especially within the financial industry consequences of not including security during the design stage might be harmful. Companies in this industry are entrusted with high social trust and sensitive (personal) data. For such enterprises shortcomings in security might cause data, image and money loss. Cybercrime activities are intensifying and for some companies it might causes to be kicked out of business due to hacking. This important factor of software development is currently getting more attention. That is why providing security in an early stage of a project is important, as well should be considered as a prerequisite. Security should be integrally included in all parts of the development cycle: specification, design, implementation and testing. The desired result is a secure web application. Improving security might be done explicitly by using security analysis and enhance security accordingly to the results. However, implicit methods like clean code, programming best practices, proper architecture design also applies. Ideally, in a continuous security way. Programming best practices and countermeasures against web application security threats have been used to analyse and verify SPA security. In this research project, an Angular SPA has been developed with focus on security. It includes programming best practices, security analysis and number of different tests. The main goal was to develop a SPA based on the Angular framework with security first approach. An in-depth security analysis of the deployed application is then conducted with validation of these results

Design of a back-end for a camera based person detection system

In this thesis, a back-end web server is developed for the CityTrack project. The project uses modern Deep Learning techniques to provide object and people detection on embedded devices. By using multiple of these devices, detection nodes, statistical data can be collected about a certain venue or event. To expand this project, a web application is needed to visualise the data with the possibility to watch in real time. In addition to the web application, a central database should be established to provide long-time structured storage for the detection data. To make well-considered choices, different technologies are discussed and weighed against each other. For instance, for the communication between the detection nodes and the web application, the HTTP-based REST architectural style and SOAP protocol are compared to the MQTT protocol. Furthermore, the real time capable communication technologies WebSocket, SeverSent Event and HTTP Long Polling is reviewed. The system uses the REST architectural style due to practical implementation reasons and WebSocket due to the limitations of the other alternatives. The layered architecture is then discussed to arrive at a proposal for a more modern version of the web architecture. The theoretical background and implementations of all components are then discussed. The advantages and disadvantages of each implementation are reviewed and a thoughtful choice was made. To make a sustained choice, the performance of different WSGI server implementations are tested. A WSGI server is an interface between a web server and a Python-based framework. The ApacheBench stress testing tool examines different aspects of the performance. The result is that the uWSGI server performs the best on both latency and throughput aspect compared to the other candidates tested. Also, the performance of the various implementations of ASGI server has been tested analogously. An ASGI interface is a superset of WSGI with additional support for asynchronous communication technologies. Implementations of the ASGI interface are tested on the WSGI functionalities. In this way, it is investigated whether the current implementation of ASGI could replace the WSGI server. The results show that the current implementations of various ASGI servers underperform to replace a WSGI server

CrowdCE: A Collaboration Model for Crowdsourcing Software with Computing Elements

Today’s crowd computing models are mainly used for handling independent tasks with simplistic collaboration and coordination through business workflows. However, the software development processes are complex, intellectually and organizationally challenging business models. We present a model for software development that addresses key challenges. It is designed for the crowd in the development of a social application. Our model presents an approach to structurally decompose the overall computing element into atomic machine-based computing elements and human-based computing elements such that the elements can complement each other independently and socially by the crowd. We evaluate our approach by developing a business application through crowd work. We compare our model with the traditional software development models. The primary result was completed well for empowering the crowd

Web archives: the future

T his report is structured first, to engage in some speculative thought about the possible futures of the web as an exercise in prom pting us to think about what we need to do now in order to make sure that we can reliably and fruitfully use archives of the w eb in the future. Next, we turn to considering the methods and tools being used to research the live web, as a pointer to the types of things that can be developed to help unde rstand the archived web. Then , we turn to a series of topics and questions that researchers want or may want to address using the archived web. In this final section, we i dentify some of the challenges individuals, organizations, and international bodies can target to increase our ability to explore these topi cs and answer these quest ions. We end the report with some conclusions based on what we have learned from this exercise

Web Service for Creation of Informative Web Pages about Events

Tato bakalářská práce se zabývá analýzou technologií webových aplikací, dostupných vývojových prostředí, aplikačních rámců a v neposlední řadě také návrhem a vývojem webové služby. Tato služba svým uživatelům poskytuje možnost vytvořit informační webové stránky k pořádaným událostem soukromého charakteru. Služba je implementována v jazyce JavaScript. Na serverové straně je použit aplikační rámec Express, běhové prostředí Node.js a databáze MongoDB. Klientská část služby je implementována za použití aplikačního rámce React. This bachelor's thesis deals with analyzing technologies of web applications, available development environments, frameworks and last but not least also with designing and developing a web service. Such service provides creation of informational web pages about upcoming private events. The service is implemented in JavaScript. Express framework running in Node.js environment is used on the server-side. MongoDB is used as a database. Client-side is implemented with use of React framework.