Search results

The purpose of this paper is to introduce a new tool which detects, prevents and records common web attacks that mainly result in web applications information leaking using pattern recognition. It is a cross‐platform application, namely, it is not OS‐dependent or web server dependent. It offers a flexible attacks search engine, which scans http requests and responses during a webpage serving without affecting the web server performance.

The paper starts with a study of the most known web vulnerabilities and the way they can be exploited. Then, it focuses on those web attacks based on input validation, which are the ones the new tool detects through pattern recognition. This tool acts as a proxy server having a simple GUI for administration purposes. Patterns can be detected in both http requests and responses in an extensible and manageable way.

The new tool was compared to dotDefender, a commercial web application firewall, and ModSecurity, a widely used open source application firewall, using over 200 attack patterns. The new tool had satisfying results for every attack category examined having a high percentage of success. Results for stored XSS could not be achieved since the other tools are not able to search and detect them in http responses. The fact that the new tool is very extensible, it makes it possible for future work to be done.

This paper introduces a new web server plug‐in, which has some advanced web application firewall features with a flexible attacks search engine which scans http requests and responses. By scanning http responses, attacks such as stored XSS can be detected, a feature that cannot be found on other web application firewalls.

The revolution brought about by the internet and the World Wide Web has led to the development of numerous e-Tendering systems for public sector tendering that have automated various aspects of the manual tendering processes that are known to experience numerous problems. However, one key area that has not been fully addressed is the automation of the evaluation of public tenders based on group decision-making. This paper presents part of the development of a Web-based e-tendering system called Nigerian Public Sector eTender (NPS-eTender) that automate the evaluation of public sector tenders based on group decision-making.

The system was developed using object-oriented methodologies. Specifically, Ripple and unified process methodologies were adopted.

The results of the system validation showed that NPS-eTender has an average rating of 74% with respect to correct and accurate modelling of the existing tendering domain and an average rating of 67.6% with respect to its potential to enhance the proficiency of public sector tendering in Nigeria. Based on the results of the validation, it can be concluded that the automation of the tender evaluation process can lead to a more proficient tendering process.

This research has contributed to the development of an e-Tendering system for the public sector that supports the whole tendering lifecycle including the automation of evaluation of public tenders based on group decision-making.

The purpose of this paper is to propose an in-depth analysis of online communities of practice that support the innovative development of web applications. The analysis is aimed at understanding the preeminent characteristics of communities of practice that can favour the process of innovation (conceptualisation and realization of a web application) and if these characteristics differ in the diverse phases of a software development project (requirement specification, design, implementation and verification).

The authors adopted a multiple case study research design, selected 29 communities of practice related to the development of web applications and classified them recognizing the different practices that refer to the different phases of the innovation process of web-applications software development. Finally, the authors focussed on seven communities comparing five important dimensions for each one.

The results of the empirical analysis show that the best practices are different, considering the different phases of the project, and that these practices can be strategies directed at members to attract them and also, strategies directed at the community to permit collaboration.

The paper proposes an important and new insight into the management of virtual communities of practice (VCoP). The authors supposed that the ways to manage a VCoP could depend on project phases. In particular, the management practices of community should differ according to the different project phases, i.e. requirements specification, design, implementation and verification of the software. Literature in this sense presented only research focussed on the different effects of virtualness on teams depending on the length of team duration and on communication efforts.

Mergers and acquisitions (M&A) are often very complex management endeavors. Analyzes the IT component of M&A for two financial institutions. Students are tasked with assisting Mike Farrell, the CIO of New Millennium Financial (NMF), a new company created through the merger of FinStar Financial and D&L Bank, in determining the optimal combined IT portfolio. To accomplish this task the strategic business objectives of the firm must be clearly understood and the IT projects in the pipelines of both institutions analyzed. Students must make an IT portfolio management decision and answer the question: What is the optimal IT strategy and project portfolio for NMF?

To apply a framework to manage a company's IT portfolio, i.e., understand the company's strategic context, develop business objectives that align with its strategy, assess IT investments, and develop a portfolio of IT projects that support the objectives. The framework is iterative, i.e., IT investments are assessed on a regular basis based on their performance and risk/return tradeoffs. Also to introduce a leading Web-based tool, ProSight, that helps managers organize IT portfolios.

The World Wide Web (WWW) or the Web has been recognized as a powerful new information exchange channel in recent years. Today, an ever‐increasing number of businesses have set up Web sites to publicize their products and services. However, careful planning and preparation is needed to achieve the intended purpose of this new information exchange channel. This paper proposes a comprehensive framework for effective commercial Web application development based on prior research in hypermedia and human‐computer interfaces. The framework regards Web application development as a special type of software development project. At the onset of the project, its social acceptability is investigated. Next, economic, technical, operational, and organizational viability are examined. For Web page design, both the functionality and usability of Web pages are thoroughly considered. The use of the framework should result in more effective commercial Web application development.

The World Wide Web has undergone a rapid transition from the originally static hypertext to an ubiquitous hypermedia system. Today, the Web is not only used as a basis for distributed applications (Web applications), moreover it serves as a generic architecture for autonomous applications and services. Many research work has been done regarding the modeling and engineering process of Web applications and various platforms, frameworks and development kits exist for the efficient implementation of such systems. Concerning the modeling process, many of the published concepts try to merge traditional hypermedia modeling with techniques from the software engineering domain. Unfortunately, those concepts which capture all facets of the Web’s architecture become rather bulky and are eventually not applicable for a model‐driven Web application development. Moreover, there is a need for frameworks which address both, the modeling process and the implementation task and allow a model driven, semi‐automatic engineering process using CASE tools. This paper outlines the DaVinci Web Engineering Framework which supports the modeling as well as the semi‐automated implementation of Web applications. The DaVinci Architectural Layer specifies a persistent, hierarchical GUI model and a generic interaction scheme. This allows the elimination of the hypermedia paradigm, which turned out to be rather practical when building Web applications.

States that the rate of change of Internet technology is alarmingly high. The main question addressed in this article is: how can organizations cope whose main activities are not Internet‐technology related? METANET is a framework containing the concepts required to keep pace with the rapid evolution of Web applications. It has four main components: development, maintenance, tools architecture and organizational fit. A typology of Web applications and the development method allows IT departments to determine what types of Web applications they are ready to develop. Content maintenance models are set out. The necessary organizational structure is discussed. An architecture for efficient and productive corporate development tools is set out. To illustrate the concepts a prototype repository is discussed.

Modern Enterprise Web Application development can exploit third-party software components, both internal and external to the enterprise, that provide access to huge and valuable data sets, tested by millions of users and often available as Web application programming interfaces (APIs). In this context, the developers have to select the right data services and might rely, to this purpose, on advanced techniques, based on functional and non-functional data service descriptive features. This paper focuses on this selection task where data service selection may be difficult because the developer has no control on services, and source reputation could be only partially known.

The proposed framework and methodology are apt to provide advanced search and ranking techniques by considering: lightweight data service descriptions, in terms of (semantic) tags and technical aspects; previously developed aggregations of data services, to use in the selection process of a service the past experiences with the services when used in similar applications; social relationships between developers (social network) and their credibility evaluations. This paper also discusses some experimental results regarding the plan to expand other experiments to check how developers feel using the approach.

In this paper, a data service selection framework that extends and specializes an existing one for Web APIs selection is presented. The revised multi-layered model for data services is discussed and proper metrics relying on it, meant for supporting the selection of data services in a context of Web application design, are introduced. Model and metrics take into account the network of social relationships between developers, to exploit them for estimating the importance that a developer assigns to other developers’ experience.

This research, with respect to the state of the art, focuses attention on developers’ social networks in an enterprise context, integrating the developers’ credibility assessment and implementing the social network-based data service selection on top of a rich framework based on a multi-perspective model for data services.

The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened.

A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS).

After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system.

Data limitation.

The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

This article aims to describe how information and communications technology (ICT) has introduced a new approach in the handling of spatial data and related services and how Regione Autonoma della Sardegna, one of the Italian local governments, has been involved in an interesting growth that adopts ICT to provide spatial data and related services to itself and to its territory.

This article considers three aspects data and services interoperability and the implications of spatial data delivered through a multi-channel environment; the use of social web as a platform for volunteered geographical information in the public administration environment; and the application of mobile technologies.

The article represents the summary of recent activities in the Sardinia region and may constitute a paradigmatic example for other realities.

The research and activities conducted represent a point of view advanced and innovative in the field of territorial sciences and spatial planning on a regional scale.