Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | sheena-jenkins |
View: | 215 times |
Download: | 1 times |
CST 500- COALESCED SUMMARY OF FACULTY PRESENTATIONS AND AREAS
WEB APPLICATIONS
PRESENTED BYESHWARI MENTE, NAVEEN DANTURI, AGASTHESWAR
INTRODUCTION Dr. Kevin Gary is an associate professor in College of
Technology and Innovation at Arizona State University.
His research interests includes: Software engineering Systems architecture Web applications Databases Enterprise computing Image guided surgery Computational intelligence Technology supported teaching and learning.
DR. GARY’S PAST /CURRENT PROJECTS
IGSTK - Technology assisted surgical procedures Robotic Notes (Robotic Natural Orifice Transluminal
Endoscopic Surgery) Cochlear Implants The Software Enterprise
Courses offered at ASU:
o CSE515-Multimedia & Web Databaseso CST533 - DB-centric Enterprise App. Devo CST 515 - Software Enterprise: Inception and Elaboration
THE MASHWARE CHALLENGE: BRIDGING THE GAP BETWEEN WEB DEVELOPMENT AND SOFTWARE ENGINEERING- TOMMI MIKKONEN
ANTERO TAIVALSAARI
INTRODUCTION The software industry is currently experiencing a
paradigm shift towards web based software. There is an impending mismatch between web
and software development Mashware software that leverages source code
and software components that are downloaded dynamically from all over the world.
The trend towards Mashware will aggravate the gap between web and software development.
EVOLUTION OF THE WEB AS A SOFTWARE PLATFORM
First phase: Simple page structured documents
Second phase: Increasingly interactive with graphics, animation and plug–in.
Recent trend is towards desktop-style web applications.
TOWARDS MASHWARE :WEB APPLICATIONS AS MASHWARE
A mashup is a web site that combines content from multiple web sites into an integrated experience.
Allows unparalleled sharing and reuse of software, data, layout and visualization information, or any other content across the planet.
This increases productivity and reusability.
IMPLENDING MISMATCH The principles and practices for web development evolved
rather independently of the principles and practices for software engineering
INTERESTING RESEARCH AREAS:
Software engineering principle violations Usability and user interaction issues Networking and security issues Browser inoperability and incompatibility issues Development style and testing issues Deployment model changes Performance issues.
CALL FOR ACTION
So far, web engineering and software engineering have evolved as separate fields.
It is time to forget the origins of the browser as a document viewing environment and to start treating the Web as a real, full-fledged application platform – one whose capabilities will eventually far exceed those of the earlier software platforms.
FINDING EMERGENT PROPERTIES OF WEBAPPLICATION DEVELOPMENT PLATFORMS
BYULRICH STÄRK, LUTZ PRECHELT, ILIJA JOLEVSKI
WEB APPLICATION DEVELOPMENT PLATFORMS
“What is a Web Development Framework” Functions of Web application Framework Types of frameworks “What web framework should we use”
xkcd.com/292 by Randall Munroe
WEB DEVELOPMENT FRAMEWORK
Package to support construction of dynamic web applications.
Alleviating the repetitive overhead of development patterns.
Develop apps compatible with different Browsers.
More sophisticated, interactive, and well-managed
FEATURES OF A FRAMEWORK
Provide Core Functionality. Promote reusability and pluggability. Good at organizing large projects. Program actions and logic are separated from the
HTML, CSS and design files. Implement complex functionalities in efficient
manner. Enforce best coding practices.
DIFFERENT FRAMEWORKS CATEGORIZED
Model–view–controller (MVC) Push-based vs. pull-based Three-tier organization Content management systems
10 BEST FREE WEB APPLICATION FRAMEWORKS
Web Application Frameworks
Ruby on Rails MVC ruby based framework geared for web application development
CodeIgniter Powerful PHP framework with a very small footprint
Django Python framework which encourages rapid development and clean design
CakePHP MVC rapid application development framework for PHP
Zend Framework Simple, straightforward, open-source software framework for PHP 5
Yii High-performance component-based PHP framework
Pylons Python web framework emphasizing flexibility and rapid development
Catalyst Elegant MVC Web Application Framework
Symfony Full-stack framework
TurboGears Next generation TurboGears built on Pylons
PERFORMANCE COMPARISON
Speed and agility of building applications in Rails. ROR syntax is more cryptic than that of Perl. Python with Django combination yields high
performance. PHP with Symfony is the easiest language to code
in, has security issues. Java still chugging on Struts 1.X, JSF is promising.
Perl code tends to be small in size.
WEB APPLICATIONS VULNERABILITY STATISTICS 2010-2011- ALEX HOPKINS
SUMMARY
Whitepaper will provide a unique insight into the state of web application security
Number of Issues in Web Application penetration test increased in 2011
Most Prevalent issues
Server Misconfiguration
Information Leakage
Cross Scripting effect 2/3rd and SQL Injection effect 1/5th applications in 2011
Input Validation Issues have decreased from 2010 to 2011
In General issues identified remains constant indicates “Developers Tend to make
Same Issues”
CATEGORIES OF VULNERABILITIES
Server Configuration Information Leakage Authentication Weakness Session Management Weakness Authorization Weakness Input Validation Weakness Encryption Vulnerabilities Other
OWASP (OPEN WEB APPLICATION SECURITY PROJECT) TOP 10 ISSUES
Injection (SQL, LDAP, XPATH, OS command)
Cross-Site Scripting (XSS)
Broken Authentication and Session Management
Insecure Direct Object References
Cross-Site Request Forgery (CSRF)
Security Misconfiguration
Insecure Cryptographic Storage
Failure to Restrict URL Access
Insufficient Transport Layer Protection
Un-validated Redirects and Forwards
CONFERENCES AND JOURNALS
WWW: World-Wide Web Conference WebDB: International Workshop on the Web and
Databases WCW: Web Caching Workshop WIDM: International Workshop on Web
Information and Data Management International Journal of Web Applications International Journal of Web Services Research
REFERENCES http://www.isr.uci.edu/architecture/research.html http://laser.cs.umass.edu/ http://www.cs.umass.edu/faculty/software-systems-and-architecture Issues, Challenges and Opportunities for Research in Software Engineering by Manish K Anand,
Vasudeva Varma Conference on Software Engineering and Applications (SEA 2004), November 09-1, 2004, MIT Cambridge, USA.
Major Issues in Software Engineering Project Management RICHARD H. THAYER, MEMBER, IEEE, ARTHUR B. PYSTER, MEMBER, IEEE, AND ROGER C. WOOD, MEMBER, IEEE
Web Application Vulnerability Statistics 2010-2011 Alex Hopkins :[email protected] http://perso.crans.org/~genest/conf.html http://www.igi-global.com/journal/international-journal-web-services-research/1079 http://dline.info/ijwa/ PlatForms 2011: Finding Emergent Properties of Web Application Development Platforms- Ulrich
Stärk, Lutz Prechelt, Ilija Jolevski The Mashware Challenge: Bridging the Gap Between Web Development and Software Engineering
-Tommi Mikkonen , Antero Taivalsaari