CST 500- COALESCED SUMMARY OF FACULTY PRESENTATIONS AND AREAS

WEB APPLICATIONS

PRESENTED BYESHWARI MENTE, NAVEEN DANTURI, AGASTHESWAR

INTRODUCTION Dr. Kevin Gary is an associate professor in College of

Technology and Innovation at Arizona State University.

His research interests includes: Software engineering Systems architecture Web applications Databases Enterprise computing Image guided surgery Computational intelligence Technology supported teaching and learning.

DR. GARY’S PAST /CURRENT PROJECTS

IGSTK - Technology assisted surgical procedures Robotic Notes (Robotic Natural Orifice Transluminal

Endoscopic Surgery) Cochlear Implants The Software Enterprise

Courses offered at ASU:

o CSE515-Multimedia & Web Databaseso CST533 - DB-centric Enterprise App. Devo CST 515 - Software Enterprise: Inception and Elaboration

THE MASHWARE CHALLENGE: BRIDGING THE GAP BETWEEN WEB DEVELOPMENT AND SOFTWARE ENGINEERING- TOMMI MIKKONEN

ANTERO TAIVALSAARI

INTRODUCTION The software industry is currently experiencing a

paradigm shift towards web based software. There is an impending mismatch between web

and software development Mashware software that leverages source code

and software components that are downloaded dynamically from all over the world.

The trend towards Mashware will aggravate the gap between web and software development.

EVOLUTION OF THE WEB AS A SOFTWARE PLATFORM

First phase: Simple page structured documents

Second phase: Increasingly interactive with graphics, animation and plug–in.

Recent trend is towards desktop-style web applications.

TOWARDS MASHWARE :WEB APPLICATIONS AS MASHWARE

A mashup is a web site that combines content from multiple web sites into an integrated experience.

Allows unparalleled sharing and reuse of software, data, layout and visualization information, or any other content across the planet.

This increases productivity and reusability.

IMPLENDING MISMATCH The principles and practices for web development evolved

rather independently of the principles and practices for software engineering

INTERESTING RESEARCH AREAS:

Software engineering principle violations Usability and user interaction issues Networking and security issues Browser inoperability and incompatibility issues Development style and testing issues Deployment model changes Performance issues.

CALL FOR ACTION

So far, web engineering and software engineering have evolved as separate fields.

It is time to forget the origins of the browser as a document viewing environment and to start treating the Web as a real, full-fledged application platform – one whose capabilities will eventually far exceed those of the earlier software platforms.

FINDING EMERGENT PROPERTIES OF WEBAPPLICATION DEVELOPMENT PLATFORMS

BYULRICH STÄRK, LUTZ PRECHELT, ILIJA JOLEVSKI

WEB APPLICATION DEVELOPMENT PLATFORMS

“What is a Web Development Framework” Functions of Web application Framework Types of frameworks “What web framework should we use”

xkcd.com/292 by Randall Munroe

WEB DEVELOPMENT FRAMEWORK

Package to support construction of dynamic web applications.

Alleviating the repetitive overhead of development patterns.

Develop apps compatible with different Browsers.

More sophisticated, interactive, and well-managed

FEATURES OF A FRAMEWORK

Provide Core Functionality. Promote reusability and pluggability. Good at organizing large projects. Program actions and logic are separated from the

HTML, CSS and design files. Implement complex functionalities in efficient

manner. Enforce best coding practices.

DIFFERENT FRAMEWORKS CATEGORIZED

Model–view–controller (MVC) Push-based vs. pull-based Three-tier organization Content management systems

10 BEST FREE WEB APPLICATION FRAMEWORKS

Web Application Frameworks

Ruby on Rails MVC ruby based framework geared for web application development

CodeIgniter Powerful PHP framework with a very small footprint

Django Python framework which encourages rapid development and clean design

CakePHP MVC rapid application development framework for PHP

Zend Framework Simple, straightforward, open-source software framework for PHP 5

Yii High-performance component-based PHP framework

Pylons Python web framework emphasizing flexibility and rapid development

Catalyst Elegant MVC Web Application Framework

Symfony Full-stack framework

TurboGears Next generation TurboGears built on Pylons

PERFORMANCE COMPARISON

Speed and agility of building applications in Rails. ROR syntax is more cryptic than that of Perl. Python with Django combination yields high

performance. PHP with Symfony is the easiest language to code

in, has security issues. Java still chugging on Struts 1.X, JSF is promising.

Perl code tends to be small in size.

WEB APPLICATIONS VULNERABILITY STATISTICS 2010-2011- ALEX HOPKINS

SUMMARY

Whitepaper will provide a unique insight into the state of web application security

Number of Issues in Web Application penetration test increased in 2011

Most Prevalent issues

Server Misconfiguration

Information Leakage

Cross Scripting effect 2/3rd and SQL Injection effect 1/5th applications in 2011

Input Validation Issues have decreased from 2010 to 2011

In General issues identified remains constant indicates “Developers Tend to make

Same Issues”

CATEGORIES OF VULNERABILITIES

Server Configuration Information Leakage Authentication Weakness Session Management Weakness Authorization Weakness Input Validation Weakness Encryption Vulnerabilities Other

OWASP (OPEN WEB APPLICATION SECURITY PROJECT) TOP 10 ISSUES

Injection (SQL, LDAP, XPATH, OS command)

Cross-Site Scripting (XSS)

Broken Authentication and Session Management

Insecure Direct Object References

Cross-Site Request Forgery (CSRF)

Security Misconfiguration

Insecure Cryptographic Storage

Failure to Restrict URL Access

Insufficient Transport Layer Protection

Un-validated Redirects and Forwards

CONFERENCES AND JOURNALS

WWW: World-Wide Web Conference WebDB: International Workshop on the Web and

Databases WCW: Web Caching Workshop WIDM: International Workshop on Web

Information and Data Management International Journal of Web Applications International Journal of Web Services Research

REFERENCES http://www.isr.uci.edu/architecture/research.html http://laser.cs.umass.edu/ http://www.cs.umass.edu/faculty/software-systems-and-architecture Issues, Challenges and Opportunities for Research in Software Engineering by Manish K Anand,

Vasudeva Varma Conference on Software Engineering and Applications (SEA 2004), November 09-1, 2004, MIT Cambridge, USA.

Major Issues in Software Engineering Project Management RICHARD H. THAYER, MEMBER, IEEE, ARTHUR B. PYSTER, MEMBER, IEEE, AND ROGER C. WOOD, MEMBER, IEEE

Web Application Vulnerability Statistics 2010-2011 Alex Hopkins :whitepapers@contextis.com http://perso.crans.org/~genest/conf.html http://www.igi-global.com/journal/international-journal-web-services-research/1079 http://dline.info/ijwa/ PlatForms 2011: Finding Emergent Properties of Web Application Development Platforms- Ulrich

Stärk, Lutz Prechelt, Ilija Jolevski The Mashware Challenge: Bridging the Gap Between Web Development and Software Engineering

-Tommi Mikkonen , Antero Taivalsaari