Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit State Model Checking

Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact the usability of web applications. Current tools for web-page validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests, so that the resulting bug reports are small and useful in finding and fixing the underlying faults. Our tool Apollo implements the technique for the PHP programming language. Apollo generates test inputs for a web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo's algorithms and implementation, and an experimental evaluation that revealed 302 faults in 6 PHP web applications

The Jasper Framework: Towards a Platform Independent, Formal Treatment of Web Programming

This paper introduces Jasper, a web programming framework which allows web applications to be developed in an essentially platform indepedent manner and which is also suited to a formal treatment. It outlines Jasper conceptually and shows how Jasper is implemented on several commonplace platforms. It also introduces the Jasper Music Store, a web application powered by Jasper and implemented on each of these platforms. And it briefly describes a formal treatment and outlines the tools and languages planned that will allow this treatment to be automated.Comment: In Proceedings WWV 2012, arXiv:1210.5783. Added doi references where possibl

Some security issues for web based frameworks

This report investigates whether a vulnerability found in one web framework may be used to find a vulnerability in a different web framework. To test this hypothesis, several open source applications were installed in a secure test environment together with security analysis tools. Each one of the applications were developed using a different software framework. The results show that a vulnerability identified in one framework can often be used to find similar vulnerabilities in other frameworks. Crosssite scripting security issues are the most likely to succeed when being applied to more than one framework

Text books untuk mata kuliah pemrograman web

.HTML.And.Web.Design.Tips.And.Techniques.Jan.2002.ISBN.0072228253.pd

Web Security Detection Tool

According to Government Computer News (GCN) web attacks have been marked as all- time high this year. GCN says that some of the leading security software like SOPHOS detected about 15,000 newly infected web pages daily in initial three months of 2008 [13]. This has lead to the need of efficient software to make web applications robust and sustainable to these attacks. While finding information on different types of attacks, I found that SQL injection and cross site scripting are the most famous among attackers. These attacks are used extensively since, they can be performed using different techniques and it is difficult to make a web application completely immune to these attacks. There are myriad detection tools available which help to detect vulnerabilities in web applications. These tools are mainly categorized as white-box and black-box testing tools. In this writing project, we aim to develop a detection tool which would be efficient and helpful for the users to pinpoint possible vulnerabilities in his/her PHP scripts. We propose a technique to integrate the aforementioned categories of tools under one framework to achieve better detection against possible vulnerabilities. Our system focuses on giving the developer a simple and concise tool which would help him/her to correct possible loopholes in the PHP code snippets

SOLUSI BISNIS BERBASIS AJAX : STUDI KASUS SISTEM POS (POINT OF SALE)

Retailers find themselves up against fierce competition. They must fight for every sale, and work hard to build customer loyalty and protect already slim margins. Today, an increasing number of smaller retailers understand the urgent need to catch up to larger players to remain competitive. They also recognize the important role that IT investments play in organizations� strategic decision-making and operational efficiency in all areas of the business, including point of sale, supply chain management, and inventory. The savvy retailer knows that POS (Point Of Sale) data and functionality has quickly become critical to business rather than a mere convenience. In recent time Ajax based applications have become very popular. Ajax is a new model for web applications to provide more responsive and faster user interfaces resembling more closely to dekstop applications. Typical usage areas are user input validation without page submission, integrating small elements from several servers on a single page, and simulating push-services. Especially the latter are promising for enhancing web applications and for realizing them directly in browsers without plug-ins or additional software. Many frameworks and libraries (open source or comercial) are available which support Ajax development. In this final project, we will integrate some open-source Ajax framework to build low-cost, interactive and integrate POS (Point Of Sale) systems which is accessible to a wide retailer through the Internet. This is we call as iPOS. We hope it�s will become a solution for retailers to run their business more efective and effisien

e-Sem: Dynamic Seminar Management System for Primary, Secondary and Tertiary Education

This paper describes the dynamic seminar management system named 'e-Sem', developed according to the opensource software philosophy. Due to its dynamic management functionality, it can equally adapt to any education environment (Primary, Secondary, Tertiary). The purpose of the proposed dynamic system is ease of use and handling, by any class of users, without the need of special guidance. Also, students are given the opportunity to: a) register as users; b) enroll in seminars in a simple way; c) receive e-learning material at any time of day any day of week, and d) be informed of new announcements concerning the seminar in which they are enrolled . In addition, the administrator and the tutors have a number of tools such as : management seminars and trainees in a friendly way, sending educational material as well as new announcements to the trainees; the possibility of electronic recording of presence or absence of the trainees in a seminar, and direct printing of a certificate of successful attendance of a seminar for each trainee. The application also offers features such as electronic organization, storage and presentation of educational material, overcoming the limiting factors of space and time of classical teaching, thus creating a dynamic environmen