Preventing SQL Injection through Automatic Query Sanitization with ASSIST

Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove SQL injection vulnerabilities in code. In our technique, a combination of static analysis and program transformation are used to automatically instrument web applications with sanitization code. We have implemented this technique in a tool named ASSIST (Automatic and Static SQL Injection Sanitization Tool) for protecting Java-based web applications. Our experimental evaluation showed that our technique is effective against SQL injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

An approach towards development of evaluation framework for usability of smartphone applications

As software and web applications run on the same machine, traditional usability evaluation techniques can be easily conducted for these applications. Whereas, mobile application operates on profoundly different machine and environment; smartphones. The unique characteristics of mobile phones pose challenges in adopting traditional usability evaluation techniques for evaluating usability of mobile applications. This implies that mobile applications also have different properties of user interface compared to software and web application. Thus, adopting traditional usability evaluation methods for mobile applications are prone towards unreliable usability analysis. Previous studies proposed usability evaluation framework for native mobile phone functionalities or physical constraints, limitations and mobility conditions of mobile devices based on user interface widgets. This paper proposed a framework with an integrated approach to usability evaluation for a smartphone app in view of abstraction levels of usability criteria and user interface elements of an app

Towards the 3D Web with Open Simulator

Continuing advances and reduced costs in computational power, graphics processors and network bandwidth have led to 3D immersive multi-user virtual worlds becoming increasingly accessible while offering an improved and engaging Quality of Experience. At the same time the functionality of the World Wide Web continues to expand alongside the computing infrastructure it runs on and pages can now routinely accommodate many forms of interactive multimedia components as standard features - streaming video for example. Inevitably there is an emerging expectation that the Web will expand further to incorporate immersive 3D environments. This is exciting because humans are well adapted to operating in 3D environments and it is challenging because existing software and skill sets are focused around competencies in 2D Web applications. Open Simulator (OpenSim) is a freely available open source tool-kit that empowers users to create and deploy their own 3D environments in the same way that anyone can create and deploy a Web site. Its characteristics can be seen as a set of references as to how the 3D Web could be instantiated. This paper describes experiments carried out with OpenSim to better understand network and system issues, and presents experience in using OpenSim to develop and deliver applications for education and cultural heritage. Evaluation is based upon observations of these applications in use and measurements of systems both in the lab and in the wild.Postprin

A Voice-Enabled Framework for Recommender and Adaptation Systems in E-Learning

With the proliferation of learning resources on the Web, finding suitable content (using telephone) has become a rigorous task for voice-based online learners to achieve better performance. The problem with Finding Content Suitability (FCS) with voice E-Learning applications is more complex when the sight-impaired learner is involved. Existing voice-enabled applications in the domain of E-Learning lack the attributes of adaptive and reusable learning objects to be able to address the FCS problem. This study provides a Voice-enabled Framework for Recommender and Adaptation (VeFRA) Systems in E-learning and an implementation of a system based on the framework with dual user interfaces – voice and Web. A usability study was carried out in a visually impaired and non-visually impaired school using the International Standard Organization’s (ISO) 9241-11 specification to determine the level of effectiveness, efficiency and user satisfaction. The result of the usability evaluation reveals that the prototype application developed for the school has “Good Usability” rating of 4.13 out of 5 scale. This shows that the application will not only complement existing mobile and Web-based learning systems, but will be of immense benefit to users, based on the system’s capacity for taking autonomous decisions that are capable of adapting to the needs of both visually impaired and non-visually impaired learners

Evaluating usability of cross-platform smartphone applications

The computing power of smartphones is increasing as time goes. However, the proliferation of multiple different types of operating platforms affected interoperable smartphone applications development. Thus, the cross-platform development tools are coined. Literature showed that smartphone applications developed with the native platforms have better user experience than the cross-platform counterparts. However, comparative evaluation of usability of cross-platform applications on the deployment platforms is not studied yet. In this work, we evaluated usability of a crossword puzzle developed with PhoneGap on Android, Windows Phone, and BlackBerry. The evaluation was conducted focusing on the developer's adaptation effort to native platforms and the end users. Thus, we observed that usability of the cross-platform crossword puzzle is unaffected on the respective native platforms and the SDKs require only minimal configuration effort. In addition, we observed the prospect of HTML5 and related web technologies as our future work towards evaluating and enhancing usability in composing REST-based services for smartphone applications