Structural Learning of Attack Vectors for Generating Mutated XSS Attacks

Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1) automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2) mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3) be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

Automatically Detecting Visual Bugs in HTML5 <canvas> Games

The HTML5 is used to display high quality graphics in web applications such as web games (i.e., games). However, automatically testing games is not possible with existing web testing techniques and tools, and manual testing is laborious. Many widely used web testing tools rely on the Document Object Model (DOM) to drive web test automation, but the contents of the are not represented in the DOM. The main alternative approach, snapshot testing, involves comparing oracle snapshot images with test-time snapshot images using an image similarity metric to catch visual bugs, i.e., bugs in the graphics of the web application. However, creating and maintaining oracle snapshot images for games is onerous, defeating the purpose of test automation. In this paper, we present a novel approach to automatically detect visual bugs in games. By leveraging an internal representation of objects on the , we decompose snapshot images into a set of object images, each of which is compared with a respective oracle asset (e.g., a sprite) using four similarity metrics: percentage overlap, mean squared error, structural similarity, and embedding similarity. We evaluate our approach by injecting 24 visual bugs into a custom game, and find that our approach achieves an accuracy of 100%, compared to an accuracy of 44.6% with traditional snapshot testing.Comment: Accepted at ASE 2022 conferenc

Strength Evaluation of Wood I-Joist with Sinusoidal Web

Wood I-joists are highly efficient, lightweight structural members used for long span applications. However, because of the high strength to stiffness ratio and thin--walled nature of the web, buckling or sudden loss of stability is a primary concern. Recently at West Virginia University a new structural wood composite panel has been developed using discarded veneer-mill residues. These panels were manufactured with a sinusoidal geometry and used as web material in I-joists. The profiling of the web is designed to increase the buckling capacity of the joists.;This thesis is focused on the evaluation of the strength, stiffness, and stability of this composite wood I-joist with sinusoidal web. Joists were manufactured at two different depths and also with flat webs for comparison. An evaluation of the web in compression, lateral-torsional buckling of the joists, the rotational stiffness through torsion testing, and an evaluation of the joists in four point bending are presented. Finite element analysis was performed along with the experimental evaluations. The finite element predictions are compared with the experimental results

Innovative all composite multi-pultrusion truss system for stressed arch deployable shelters

Trusses are one of the successful structural forms that have been utilised, at extended scale, since the nineteen century. Fibre composite materials are relatively new to civil engineering applications. The increased interest in using composites in civil applications can be attributed to advantages when compared to other construction materials that offset their associated costs. Using conventional approaches for truss systems in composite materials can undermine their efficiency. This is mainly due to concentration of stresses at connections which usually govern the truss design. The Military Modular Shelter System (M2S2) initiative is a research project that aims to develop a fibre composite re-deployable arched shelter system with rigid PVC or fabric cladding. The main frames are formed from modular fibre composite panels that are connected and stressed into position by prestressing cables. Different geometries can be obtained using this system by changing the number of panels per frame and the packer sizes between panels. This paper presents the development and testing of innovative fibre composite truss modules that were investigated as part of this project. The truss system is based on using multi-pultrusion sections for the chord and vertical members. Truss bracing is provided by a double skin laminated web. This structure offers many advantages including semi-ductile failure that occurred outside the joint area and ease of manufacturing. In spite of being developed for the M2S2 system, the concept is similarly applicable as a general purpose truss system

EDULISS: a small-molecule database with data-mining and pharmacophore searching capabilities

We present the relational database EDULISS (EDinburgh University Ligand Selection System), which stores structural, physicochemical and pharmacophoric properties of small molecules. The database comprises a collection of over 4 million commercially available compounds from 28 different suppliers. A user-friendly web-based interface for EDULISS (available at http://eduliss.bch.ed.ac.uk/) has been established providing a number of data-mining possibilities. For each compound a single 3D conformer is stored along with over 1600 calculated descriptor values (molecular properties). A very efficient method for unique compound recognition, especially for a large scale database, is demonstrated by making use of small subgroups of the descriptors. Many of the shape and distance descriptors are held as pre-calculated bit strings permitting fast and efficient similarity and pharmacophore searches which can be used to identify families of related compounds for biological testing. Two ligand searching applications are given to demonstrate how EDULISS can be used to extract families of molecules with selected structural and biophysical features

A Survey on Software Testing Techniques using Genetic Algorithm

The overall aim of the software industry is to ensure delivery of high quality software to the end user. To ensure high quality software, it is required to test software. Testing ensures that software meets user specifications and requirements. However, the field of software testing has a number of underlying issues like effective generation of test cases, prioritisation of test cases etc which need to be tackled. These issues demand on effort, time and cost of the testing. Different techniques and methodologies have been proposed for taking care of these issues. Use of evolutionary algorithms for automatic test generation has been an area of interest for many researchers. Genetic Algorithm (GA) is one such form of evolutionary algorithms. In this research paper, we present a survey of GA approach for addressing the various issues encountered during software testing.Comment: 13 Page

Ferritic stainless steels in structural applications

Ferritic stainless steels are low cost, price-stable, corrosion-resistant materials. Although widely used in the automotive and domestic appliance sectors, structural applications are scarce owing to a dearth of performance data and design guidance. The characteristics of ferritics make them appropriate for structures requiring strong and moderately durable structural elements with attractive metallic surface finishes. The present paper provides an overview of the structural behaviour of ferritic stainless steels, including a summary of the findings of a recent European project (SAFSS) on ferritics. Laboratory experiments have been completed including material tests as well as structural member tests, both at ambient and elevated temperatures. The experimental data is supplemented by numerical analysis in order to study a wide range of parameters. The findings of this work have enabled design guidance to be proposed, as discussed herein

Utilizing Output in Web Application Server-Side Testing

This thesis investigates the utilization of web application output in enhancing automated server-side code testing. The server-side code is the main driving force of a web application generating client-side code, maintaining the state and communicating with back-end resources. The output observed in those elements provides a valuable resource that can potentially enhance the efficiency and effectiveness of automated testing. The thesis aims to explore the use of this output in test data generation, test sequence regeneration, augmentation and test case selection. This thesis also addresses the web-specific challenges faced when applying search based test data generation algorithms to web applications and dataflow analysis of state variables to test sequence regeneration. The thesis presents three tools and four empirical studies to implement and evaluate the proposed approaches: SWAT (Search based Web Application Tester) is a first application of search based test data generation algorithms for web applications. It uses values dynamically mined from the intermediate and the client-side output to enhance the search based algorithm. SART (State Aware Regeneration Tool) uses dataflow analysis of state variables, session state and database tables, and their values to regenerate new sequences from existing sequences. SWAT-U (SWAT-Uniqueness) augments test suites with test cases that produce outputs not observed in the original test suite’s output. Finally, the thesis presents an empirical study of the correlation between new output based test selection criteria and fault detection and structural coverage. The results confirm that using the output does indeed enhance the effectiveness and efficiency of search based test data generation and enhances test suites’ effectiveness for test sequence regeneration and augmentation. The results also report that output uniqueness criteria are strongly correlated with both fault detection and structural coverage and are complementary to structural coverage

Bridges Structural Health Monitoring and Deterioration Detection Synthesis of Knowledge and Technology

INE/AUTC 10.0

Serverification of Molecular Modeling Applications: the Rosetta Online Server that Includes Everyone (ROSIE)

The Rosetta molecular modeling software package provides experimentally tested and rapidly evolving tools for the 3D structure prediction and high-resolution design of proteins, nucleic acids, and a growing number of non-natural polymers. Despite its free availability to academic users and improving documentation, use of Rosetta has largely remained confined to developers and their immediate collaborators due to the code's difficulty of use, the requirement for large computational resources, and the unavailability of servers for most of the Rosetta applications. Here, we present a unified web framework for Rosetta applications called ROSIE (Rosetta Online Server that Includes Everyone). ROSIE provides (a) a common user interface for Rosetta protocols, (b) a stable application programming interface for developers to add additional protocols, (c) a flexible back-end to allow leveraging of computer cluster resources shared by RosettaCommons member institutions, and (d) centralized administration by the RosettaCommons to ensure continuous maintenance. This paper describes the ROSIE server infrastructure, a step-by-step 'serverification' protocol for use by Rosetta developers, and the deployment of the first nine ROSIE applications by six separate developer teams: Docking, RNA de novo, ERRASER, Antibody, Sequence Tolerance, Supercharge, Beta peptide design, NCBB design, and VIP redesign. As illustrated by the number and diversity of these applications, ROSIE offers a general and speedy paradigm for serverification of Rosetta applications that incurs negligible cost to developers and lowers barriers to Rosetta use for the broader biological community. ROSIE is available at http://rosie.rosettacommons.org