A Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Applications

This paper present and implement a Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Application. In the developing process is used a Windows Phone 7 application that interact with a WCF Web Service and a database. The types of Business Intelligence Mobile Applications are presented. The Windows mobile devices security and restrictions are presented. The namespaces and security algorithms used in .NET Compact Framework for assuring the application security are presented. The proposed architecture is showed underlying the flows between the application and the web service.Security, Secure Architecture, Mobile Applications, Business Intelligence, Web Service

Native Cryptography in the Browser, An Exploratory Approach

As applications move from the desktop to the web browser, security needs to be taken into consideration. The new Web Crypto API provides native support for web applications to perform cryptographic operations and key management functions. Client side cryptographic support is a critical component in the future development of secure web based applications. This thesis presents an exploration of the Web Crypto API. The aim of this research was to determine the feasibility of developing complex cryptographic applications in the browser. This evaluation was performed by building an end to end encrypted messaging system that implements the off the record (OTR) messaging protocol. This thesis also proposes Joey’s Web Crypto Library (JWCL), a wrapper library around the native Web Crypto API that provides network portable output, secure default options, and a class based modern interface. In this thesis the Web Crypto API is shown to be capable of supporting the development of a functional, proof of concept, end to end encrypted secure messaging system in the browser. JWCL succeeds in providing a high level, simple yet elegant interface to the low level Web Crypto API

SSETGami: Secure Software Education Through Gamification

Since web browsers have become essential to accomplishing everyday tasks, developing secure web applications has become a priority in order to protect user data, corporate databases and critical infrastructure against cyber-crimes . This research presents a game-like (gamification) approach to teach key concepts and skills on how to develop secure web applications. Gamification draws on motivational models, one of psychological theories. Gamification design has great potential over traditional education where we often find students demotivated and lecturers failing to engage them in learning activities. This research created game-like learning modules to teach top vulnerabilities and countermeasures for these top vulnerabilities in secure web developments including SQL injection, broken authentication and session management, cross site scripting, insecure direct object references, etc. In this paper, each module is self-contained with a module background, sample module questions, and the expected learning outcomes of each module

A Software Development Methodology for Secure Web Application

In recent years, there has been a demand for Web applications with complex functions. In addition, most web applications efficiently manage data based on databases. While the key and critical dimension of developing these Web applications is analysis and design, most object-oriented analysis and design methods do not have a consistent view of the database. In addition, Java Enterprise Edition (EE) -based technologies are used in Web application implementations, but they do not provide any correlation with the database. On the other hand, as users' demands for security increase, security becomes more important. To this end, Java EE and database systems provide security solutions. However, it does not provide any correlation with object-oriented analysis and design methodology. As a result, it is difficult to develop secure web applications in a consistent way from analysis to implementation. In this paper, we propose a consistent software development methodology from analysis to implementation of secure web applications. The proposed software development methodology for web application development uses UMLsec, a security-emphasized modeling language, and object-relational (O-R) mapping for relational database design. It also uses Java servlets and SQL to implement analysis and design results based on role-based access control (RBAC). The software development methodology for the secure web application proposed in this paper has been applied to the development of the online banking system, from the design stage of the user's requirements analysis to the implementation of the web application

Analyse the risks of ad hoc programming in web development and develop a metrics of appropriate tools

Today the World Wide Web has become one of the most powerful tools for business promotion and social networking. As the use of websites and web applications to promote the businesses has increased drastically over the past few years, the complexity of managing them and protecting them from security threats has become a complicated task for the organizations. On the other hand, most of the web projects are at risk and less secure due to lack of quality programming. Although there are plenty of frameworks available for free in the market to improve the quality of programming, most of the programmers use ad hoc programming rather than using frameworks which could save their time and repeated work. The research identifies the different frameworks in PHP and .NET programming, and evaluates their benefits and drawbacks in the web application development. The research aims to help web development companies to minimize the risks involved in developing large web projects and develop a metrics of appropriate frameworks to be used for the specific projects. The study examined the way web applications were developed in different software companies and the advantages of using frameworks while developing them. The findings of the results show that it was not only the experience of developers that motivated them to use frameworks. The major conclusions and recommendations drawn from this research were that the main reasons behind web developers avoiding frameworks are that they are difficult to learn and implement. Also, the motivations factors for programmers towards using frameworks were self-efficiency, habit of learning new things and awareness about the benefits of frameworks. The research recommended companies to use appropriate frameworks to protect their projects against security threats like SQL injection and RSS injectio

A Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Applications

This paper present and implement a Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Application. In the developing process is used a Windows Phone 7 application that interact with a WCF Web Service and a database. The types of Business Intelligence Mobile Applications are presented. The Windows mobile devices security and restrictions are presented. The namespaces and security algorithms used in .NET Compact Framework for assuring the application security are presented. The proposed architecture is showed underlying the flows between the application and the web service

Learning Management System Built Using the MERN Stack

Web based applications play a main role in our day-to-day life and therefore, it is important to ensure the quality and reliability of web applications. With the sudden increase in use of web based applications for online and distant learning, it is important to address existing issues in current Learning Management Systems (LMS), so that users can benefit from a better, uninterrupted learning experience. This work mainly contributes to understanding how the MERN stack can be efficiently used in building a reliable and secure LMS that will provide its services free of charge so that students are provided with a free and uninterrupted learning experience. An LMS that is equipped with user handling functionality, managing courses and course materials, and maintaining a library, has been the focus of the study that resulted in producing this paper. The work also includes reasoning as to why the MERN stack was selected for developing the proposed system

Spammer and hacker, two old friends

Spammers are always looking for new ways to bypass filters and spread spam content. Currently, spammers have not only improved their spam methods but have also moved towards exploiting software security vulnerabilities in order to spread their spam content. Spammers use weaknesses inside web applications to inject their spam content into legitimate websites, redirect users to their own campaign, misuse web users resources, and hide their footprints. In this paper, we investigate security vulnerabilities that are exploited by spammers. We explain these security vulnerabilities, list their importance and provide a scenario of how spammers can exploit them. Additionally, we discuss two possible solutions to counter problems by patching and secure software development. The result of our work highlights importance of concerning security best-practices in developing secure software which lack of that would result to demotion of website popularity, blacklisting of website and lose of users' trust

Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage

Many organizations, to save costs, are moving to the Bring Your Own Mobile Device (BYOD) model and adopting applications built by third-parties at an unprecedented rate. Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection, mitigation, and prevention. This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project (OWASP). OWASP maintains lists of the top ten security threats to web and mobile applications. We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code. We analyze 200+ healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats, the threat of “Insecure Data Storage.” We find that many of the applications are storing personally identifying information (PII) in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data

AndroShield:automated Android applications vulnerability detection, a hybrid static and dynamic analysis approach

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution