27 research outputs found

    Security First approach in development of Single-Page Application based on Angular

    Get PDF
    Recently a Single-Page Application (SPA) approach is getting attention even though this is based on JavaScript is not considered to be a safe programming language. In the SPA ecosystem developers often have to use many external dependencies. Detected vulnerabilities in these external dependencies are disclosed and updated in most cases by the community. Often, in-depth security analysis is not included during the development stage, due to project deadlines and other circumstances. It goes with number of complications. The most straightforward is to be vulnerable for cyber attacks which causes financial problems for companies. Currently law already includes penalties in case of data breaches. Moreover, detected vulnerable code delays projects due to necessary time to improve it. Sometimes it requires to change the whole architecture if the application was poorly designed or in case security was skipped completely in the early stage. It might lead even to putting changes in the architectural style once the application is already on the market. It does makes high pressure on software developers to fix it fast. The rush to deliver it as fast as possible can create new security risks, because in some scenarios it might take significant amount of time to change the design with security prioritization. Especially within the financial industry consequences of not including security during the design stage might be harmful. Companies in this industry are entrusted with high social trust and sensitive (personal) data. For such enterprises shortcomings in security might cause data, image and money loss. Cybercrime activities are intensifying and for some companies it might causes to be kicked out of business due to hacking. This important factor of software development is currently getting more attention. That is why providing security in an early stage of a project is important, as well should be considered as a prerequisite. Security should be integrally included in all parts of the development cycle: specification, design, implementation and testing. The desired result is a secure web application. Improving security might be done explicitly by using security analysis and enhance security accordingly to the results. However, implicit methods like clean code, programming best practices, proper architecture design also applies. Ideally, in a continuous security way. Programming best practices and countermeasures against web application security threats have been used to analyse and verify SPA security. In this research project, an Angular SPA has been developed with focus on security. It includes programming best practices, security analysis and number of different tests. The main goal was to develop a SPA based on the Angular framework with security first approach. An in-depth security analysis of the deployed application is then conducted with validation of these results

    1957-2007: 50 Years of Higher Order Programming Languages

    Get PDF
    Fifty years ago one of the greatest breakthroughs in computer programming and in the history of computers happened – the appearance of FORTRAN, the first higher-order programming language. From that time until now hundreds of programming languages were invented, different programming paradigms were defined, all with the main goal to make computer programming easier and closer to as many people as possible. Many battles were fought among scientists as well as among developers around concepts of programming, programming languages and paradigms. It can be said that programming paradigms and programming languages were very often a trigger for many changes and improvements in computer science as well as in computer industry. Definitely, computer programming is one of the cornerstones of computer science. Today there are many tools that give a help in the process of programming, but there is still a programming tasks that can be solved only manually. Therefore, programming is still one of the most creative parts of interaction with computers. Programmers should chose programming language in accordance to task they have to solve, but very often, they chose it in accordance to their personal preferences, their beliefs and many other subjective reasons. Nevertheless, the market of programming languages can be merciless to languages as history was merciless to some people, even whole nations. Programming languages and developers get born, live and die leaving more or less tracks and successors, and not always the best survives. The history of programming languages is closely connected to the history of computers and computer science itself. Every single thing from one of them has its reflexions onto the other. This paper gives a short overview of last fifty years of computer programming and computer programming languages, but also gives many ideas that influenced other aspects of computer science. Particularly, programming paradigms are described, their intentions and goals, as well as the most of the significant languages of all paradigms

    ISCR Annual Report: Fical Year 2004

    Full text link

    Efficient integration of software components for scientific simulations

    Get PDF
    Abstract unavailable please refer to PD

    Secure extensible languages, design of

    Get PDF
    The basic premise of this thesis is that extensible languages afford the user considerable power and flexibility. We argue that this flexibility can, and should, be provided in a secure and error-resistant manner, but that this objective is not realised in existing extensible languages. This thesis first investigates the nature of security in programming languages, building up a simple and informal theory of the design of secure languages, and relating this theory to the notions of structured programming and .transparency. We use this theory to build a conceptual model for a secure extensible language and its physical realisation. We show that existing extensible languages fail to meet the ideals of this model in total, and proceed to design an alternative and secure system which builds upon, but attempts to avoid the pitfalls of existing systems. We base this system on a string processing language (Snip) which is itself extensible. The remainder of this thesis discusses the design and implementation (based on an abstract machine, SAM) of this language

    Institute for Scientific Computing Research Annual Report: Fiscal Year 2004

    Full text link
    corecore