296,208 research outputs found
Structural Learning of Attack Vectors for Generating Mutated XSS Attacks
Web applications suffer from cross-site scripting (XSS) attacks that
resulting from incomplete or incorrect input sanitization. Learning the
structure of attack vectors could enrich the variety of manifestations in
generated XSS attacks. In this study, we focus on generating more threatening
XSS attacks for the state-of-the-art detection approaches that can find
potential XSS vulnerabilities in Web applications, and propose a mechanism for
structural learning of attack vectors with the aim of generating mutated XSS
attacks in a fully automatic way. Mutated XSS attack generation depends on the
analysis of attack vectors and the structural learning mechanism. For the
kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the
structure of the attack vector model to capture the implicit manner of the
attack vector, and this manner is benefited from the syntax meanings that are
labeled by the proposed tokenizing mechanism. Bayes theorem is used to
determine the number of hidden states in the model for generalizing the
structure model. The paper has the contributions as following: (1)
automatically learn the structure of attack vectors from practical data
analysis to modeling a structure model of attack vectors, (2) mimic the manners
and the elements of attack vectors to extend the ability of testing tool for
identifying XSS vulnerabilities, (3) be helpful to verify the flaws of
blacklist sanitization procedures of Web applications. We evaluated the
proposed mechanism by Burp Intruder with a dataset collected from public XSS
archives. The results show that mutated XSS attack generation can identify
potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
Automatically Detecting Visual Bugs in HTML5 <canvas> Games
The HTML5 is used to display high quality graphics in web
applications such as web games (i.e., games). However, automatically
testing games is not possible with existing web testing techniques and
tools, and manual testing is laborious. Many widely used web testing tools rely
on the Document Object Model (DOM) to drive web test automation, but the
contents of the are not represented in the DOM. The main alternative
approach, snapshot testing, involves comparing oracle snapshot images with
test-time snapshot images using an image similarity metric to catch visual
bugs, i.e., bugs in the graphics of the web application. However, creating and
maintaining oracle snapshot images for games is onerous, defeating the
purpose of test automation. In this paper, we present a novel approach to
automatically detect visual bugs in games. By leveraging an internal
representation of objects on the , we decompose snapshot images into a
set of object images, each of which is compared with a respective oracle asset
(e.g., a sprite) using four similarity metrics: percentage overlap, mean
squared error, structural similarity, and embedding similarity. We evaluate our
approach by injecting 24 visual bugs into a custom game, and find that
our approach achieves an accuracy of 100%, compared to an accuracy of 44.6%
with traditional snapshot testing.Comment: Accepted at ASE 2022 conferenc
Strength Evaluation of Wood I-Joist with Sinusoidal Web
Wood I-joists are highly efficient, lightweight structural members used for long span applications. However, because of the high strength to stiffness ratio and thin--walled nature of the web, buckling or sudden loss of stability is a primary concern. Recently at West Virginia University a new structural wood composite panel has been developed using discarded veneer-mill residues. These panels were manufactured with a sinusoidal geometry and used as web material in I-joists. The profiling of the web is designed to increase the buckling capacity of the joists.;This thesis is focused on the evaluation of the strength, stiffness, and stability of this composite wood I-joist with sinusoidal web. Joists were manufactured at two different depths and also with flat webs for comparison. An evaluation of the web in compression, lateral-torsional buckling of the joists, the rotational stiffness through torsion testing, and an evaluation of the joists in four point bending are presented. Finite element analysis was performed along with the experimental evaluations. The finite element predictions are compared with the experimental results
Innovative all composite multi-pultrusion truss system for stressed arch deployable shelters
Trusses are one of the successful structural forms that have been utilised, at extended scale, since the nineteen century. Fibre composite materials are relatively new to civil engineering applications. The increased interest in using composites in civil applications can be attributed to advantages when compared to other construction materials that offset their associated costs. Using conventional approaches for truss systems in composite materials can undermine their efficiency. This is mainly due to concentration of stresses at connections which usually govern the truss design.
The Military Modular Shelter System (M2S2) initiative is a research project that aims to develop a fibre composite re-deployable arched shelter system with rigid PVC or fabric cladding. The main frames are formed from modular fibre composite panels that are connected and stressed into position by prestressing cables. Different geometries can be obtained using this system by changing the number of panels per frame and the packer sizes between panels.
This paper presents the development and testing of innovative fibre composite truss modules that were investigated as part of this project. The truss system is based on using multi-pultrusion sections for the chord and vertical members. Truss bracing is provided by a double skin laminated web. This structure offers many advantages including semi-ductile failure that occurred outside the joint area and ease of manufacturing. In spite of being developed for the M2S2 system, the concept is similarly applicable as a general purpose truss system
EDULISS: a small-molecule database with data-mining and pharmacophore searching capabilities
We present the relational database EDULISS (EDinburgh University Ligand Selection System), which stores structural, physicochemical and pharmacophoric properties of small molecules. The database comprises a collection of over 4 million commercially available compounds from 28 different suppliers. A user-friendly web-based interface for EDULISS (available at http://eduliss.bch.ed.ac.uk/) has been established providing a number of data-mining possibilities. For each compound a single 3D conformer is stored along with over 1600 calculated descriptor values (molecular properties). A very efficient method for unique compound recognition, especially for a large scale database, is demonstrated by making use of small subgroups of the descriptors. Many of the shape and distance descriptors are held as pre-calculated bit strings permitting fast and efficient similarity and pharmacophore searches which can be used to identify families of related compounds for biological testing. Two ligand searching applications are given to demonstrate how EDULISS can be used to extract families of molecules with selected structural and biophysical features
A Survey on Software Testing Techniques using Genetic Algorithm
The overall aim of the software industry is to ensure delivery of high
quality software to the end user. To ensure high quality software, it is
required to test software. Testing ensures that software meets user
specifications and requirements. However, the field of software testing has a
number of underlying issues like effective generation of test cases,
prioritisation of test cases etc which need to be tackled. These issues demand
on effort, time and cost of the testing. Different techniques and methodologies
have been proposed for taking care of these issues. Use of evolutionary
algorithms for automatic test generation has been an area of interest for many
researchers. Genetic Algorithm (GA) is one such form of evolutionary
algorithms. In this research paper, we present a survey of GA approach for
addressing the various issues encountered during software testing.Comment: 13 Page
Recommended from our members
Ferritic stainless steels in structural applications
Ferritic stainless steels are low cost, price-stable, corrosion-resistant materials. Although widely used in the automotive and domestic appliance sectors, structural applications are scarce owing to a dearth of performance data and design guidance. The characteristics of ferritics make them appropriate for structures requiring strong and moderately durable structural elements with attractive metallic surface finishes. The present paper provides an overview of the structural behaviour of ferritic stainless steels, including a summary of the findings of a recent European project (SAFSS) on ferritics. Laboratory experiments have been completed including material tests as well as structural member tests, both at ambient and elevated temperatures. The experimental data is supplemented by numerical analysis in order to study a wide range of parameters. The findings of this work have enabled design guidance to be proposed, as discussed herein
Utilizing Output in Web Application Server-Side Testing
This thesis investigates the utilization of web application output in enhancing automated server-side code testing. The server-side code is the main driving force of a web application generating client-side code, maintaining the state and communicating with back-end resources. The output observed in those elements provides a valuable resource that can potentially enhance the efficiency and effectiveness of automated testing. The thesis aims to explore the use of this output in test data generation, test sequence regeneration, augmentation and test case selection. This thesis also addresses the web-specific challenges faced when applying search based test data generation algorithms to web applications and dataflow analysis of state variables to test sequence regeneration. The thesis presents three tools and four empirical studies to implement and evaluate the proposed approaches: SWAT (Search based Web Application Tester) is a first application of search based test data generation algorithms for web applications. It uses values dynamically mined from the intermediate and the client-side output to enhance the search based algorithm. SART (State Aware Regeneration Tool) uses dataflow analysis of state variables, session state and database tables, and their values to regenerate new sequences from existing sequences. SWAT-U (SWAT-Uniqueness) augments test suites with test cases that produce outputs not observed in the original test suite’s output. Finally, the thesis presents an empirical study of the correlation between new output based test selection criteria and fault detection and structural coverage. The results confirm that using the output does indeed enhance the effectiveness and efficiency of search based test data generation and enhances test suites’ effectiveness for test sequence regeneration and augmentation. The results also report that output uniqueness criteria are strongly correlated with both fault detection and structural coverage and are complementary to structural coverage
Bridges Structural Health Monitoring and Deterioration Detection Synthesis of Knowledge and Technology
INE/AUTC 10.0
Serverification of Molecular Modeling Applications: the Rosetta Online Server that Includes Everyone (ROSIE)
The Rosetta molecular modeling software package provides experimentally
tested and rapidly evolving tools for the 3D structure prediction and
high-resolution design of proteins, nucleic acids, and a growing number of
non-natural polymers. Despite its free availability to academic users and
improving documentation, use of Rosetta has largely remained confined to
developers and their immediate collaborators due to the code's difficulty of
use, the requirement for large computational resources, and the unavailability
of servers for most of the Rosetta applications. Here, we present a unified web
framework for Rosetta applications called ROSIE (Rosetta Online Server that
Includes Everyone). ROSIE provides (a) a common user interface for Rosetta
protocols, (b) a stable application programming interface for developers to add
additional protocols, (c) a flexible back-end to allow leveraging of computer
cluster resources shared by RosettaCommons member institutions, and (d)
centralized administration by the RosettaCommons to ensure continuous
maintenance. This paper describes the ROSIE server infrastructure, a
step-by-step 'serverification' protocol for use by Rosetta developers, and the
deployment of the first nine ROSIE applications by six separate developer
teams: Docking, RNA de novo, ERRASER, Antibody, Sequence Tolerance,
Supercharge, Beta peptide design, NCBB design, and VIP redesign. As illustrated
by the number and diversity of these applications, ROSIE offers a general and
speedy paradigm for serverification of Rosetta applications that incurs
negligible cost to developers and lowers barriers to Rosetta use for the
broader biological community. ROSIE is available at
http://rosie.rosettacommons.org
- …