Area overview and summary of papers

Download Report

Transcript Area overview and summary of papers

CST 500- COALESCED SUMMARY OF FACULTY
PRESENTATIONS AND AREAS
WEB APPLICATIONS
PRESENTED BY
ESHWARI MENTE, NAVEEN DANTURI, AGASTHESWAR
INTRODUCTION
Dr. Kevin Gary is an associate professor in
College of Technology and Innovation at Arizona
State University.
 His research interests includes:

Software engineering
 Systems architecture
 Web applications
 Databases
 Enterprise computing
 Image guided surgery
 Computational intelligence
 Technology supported teaching and learning.

DR. GARY’S PAST /CURRENT PROJECTS




IGSTK - Technology assisted surgical procedures
Robotic Notes (Robotic Natural Orifice Transluminal
Endoscopic Surgery)
Cochlear Implants
The Software Enterprise
Courses offered at ASU:
o
o
o
CSE515-Multimedia & Web Databases
CST533 - DB-centric Enterprise App. Dev
CST 515 - Software Enterprise: Inception and Elaboration
THE MASHWARE CHALLENGE: BRIDGING THE
GAP BETWEEN WEB DEVELOPMENT AND
SOFTWARE ENGINEERING- TOMMI MIKKONEN
ANTERO TAIVALSAARI
INTRODUCTION
The software industry is currently experiencing a
paradigm shift towards web based software.
 There is an impending mismatch between web
and software development
 Mashware software that leverages source code
and software components that are downloaded
dynamically from all over the world.
 The trend towards Mashware will aggravate the
gap between web and software development.

EVOLUTION OF THE WEB AS A SOFTWARE
PLATFORM



First phase: Simple page
structured documents
Second phase:
Increasingly interactive
with graphics, animation
and plug–in.
Recent trend is towards
desktop-style web
applications.
TOWARDS MASHWARE :WEB APPLICATIONS AS
MASHWARE
A mashup is a web site that
combines content from
multiple web sites into an
integrated experience.
 Allows unparalleled sharing
and reuse of software,
data, layout and
visualization information,
or any other content across
the planet.
This increases productivity
and reusability.

IMPLENDING MISMATCH

The principles and practices for web development evolved
rather independently of the principles and practices for
software engineering
INTERESTING RESEARCH AREAS:
Software engineering principle violations
 Usability and user interaction issues
 Networking and security issues
 Browser inoperability and incompatibility issues
 Development style and testing issues
 Deployment model changes
 Performance issues.

CALL FOR ACTION
So far, web engineering and software
engineering have evolved as separate fields.
 It is time to forget the origins of the browser as a
document viewing environment and to start
treating the Web as a real, full-fledged
application platform – one whose capabilities will
eventually far exceed those of the earlier
software platforms.

FINDING EMERGENT PROPERTIES OF WEB
APPLICATION DEVELOPMENT PLATFORMS
BY
ULRICH STÄRK, LUTZ PRECHELT, ILIJA JOLEVSKI
WEB APPLICATION DEVELOPMENT PLATFORMS
“What is a Web Development Framework”
 Functions of Web application Framework
 Types of frameworks
 “What web framework should we use”

xkcd.com/292 by Randall Munroe
WEB DEVELOPMENT FRAMEWORK
Package to support construction of dynamic web
applications.
 Alleviating the repetitive overhead of
development patterns.
 Develop apps compatible with different
Browsers.
 More sophisticated, interactive, and wellmanaged

FEATURES OF A FRAMEWORK
Provide Core Functionality.
 Promote reusability and pluggability.
 Good at organizing large projects.
 Program actions and logic are separated from the
HTML, CSS and design files.
 Implement complex functionalities in efficient
manner.
 Enforce best coding practices.

DIFFERENT FRAMEWORKS CATEGORIZED
Model–view–controller (MVC)
 Push-based vs. pull-based
 Three-tier organization
 Content management systems

10 BEST FREE WEB APPLICATION FRAMEWORKS
Web Application Frameworks
Ruby on Rails
MVC ruby based framework geared for web application development
CodeIgniter
Powerful PHP framework with a very small footprint
Django
Python framework which encourages rapid development and clean design
CakePHP
MVC rapid application development framework for PHP
Zend Framework
Simple, straightforward, open-source software framework for PHP 5
Yii
High-performance component-based PHP framework
Pylons
Python web framework emphasizing flexibility and rapid development
Catalyst
Elegant MVC Web Application Framework
Symfony
Full-stack framework
TurboGears
Next generation TurboGears built on Pylons
PERFORMANCE COMPARISON
Speed and agility of building applications in Rails.
 ROR syntax is more cryptic than that of Perl.
 Python with Django combination yields high
performance.
 PHP with Symfony is the easiest language to code
in, has security issues.
 Java still chugging on Struts 1.X, JSF is promising.
Perl code tends to be small in size.

WEB APPLICATIONS VULNERABILITY
STATISTICS
2010-2011- ALEX HOPKINS
SUMMARY

Whitepaper will provide a unique insight into the state of web application security

Number of Issues in Web Application penetration test increased in 2011

Most Prevalent issues

Server Misconfiguration

Information Leakage

Cross Scripting effect 2/3rd and SQL Injection effect 1/5th applications in 2011

Input Validation Issues have decreased from 2010 to 2011

In General issues identified remains constant indicates “Developers Tend to make
Same Issues”
CATEGORIES OF VULNERABILITIES
Server Configuration
 Information Leakage
 Authentication Weakness
 Session Management Weakness
 Authorization Weakness
 Input Validation Weakness
 Encryption Vulnerabilities
 Other

OWASP (OPEN WEB APPLICATION SECURITY PROJECT)
TOP 10 ISSUES

Injection (SQL, LDAP, XPATH, OS command)

Cross-Site Scripting (XSS)

Broken Authentication and Session Management

Insecure Direct Object References

Cross-Site Request Forgery (CSRF)

Security Misconfiguration

Insecure Cryptographic Storage

Failure to Restrict URL Access

Insufficient Transport Layer Protection

Un-validated Redirects and Forwards
CONFERENCES AND JOURNALS
WWW: World-Wide Web Conference
 WebDB: International Workshop on the Web and
Databases
 WCW: Web Caching Workshop
 WIDM: International Workshop on Web
Information and Data Management
 International Journal of Web Applications
 International Journal of Web Services Research

REFERENCES











http://www.isr.uci.edu/architecture/research.html
http://laser.cs.umass.edu/
http://www.cs.umass.edu/faculty/software-systems-and-architecture
Issues, Challenges and Opportunities for Research in Software Engineering by Manish K Anand,
Vasudeva Varma Conference on Software Engineering and Applications (SEA 2004), November 091, 2004, MIT Cambridge, USA.
Major Issues in Software Engineering Project Management RICHARD H. THAYER, MEMBER, IEEE,
ARTHUR B. PYSTER, MEMBER, IEEE, AND ROGER C. WOOD, MEMBER, IEEE
Web Application Vulnerability Statistics 2010-2011 Alex Hopkins :[email protected]
http://perso.crans.org/~genest/conf.html
http://www.igi-global.com/journal/international-journal-web-services-research/1079
http://dline.info/ijwa/
PlatForms 2011: Finding Emergent Properties of Web Application Development Platforms- Ulrich
Stärk, Lutz Prechelt, Ilija Jolevski
The Mashware Challenge: Bridging the Gap Between Web Development and Software Engineering
-Tommi Mikkonen , Antero Taivalsaari