Подход к динамической визуализации больших объемов пространственной информации на основе геостатистического анализа

Interaction and visualization are two significant methods for both business people and scientists to find “gold nuggets” buried in raw data. These two methods can simplify complex theories and make it easier for people from different research areas to cooperate. Many prevalent web-based data interaction and visualization tools and libraries are not as effective as before because of big data. Most of the traditional client/server web application visualization tools and libraries process visualization and interaction in the client side. This workflow requires the server side to transfer data to the client side. If the data size is very big, the data transferring time is unbearable. In this paper, we propose a fast and new method for client/server web application to interact and visualize big data. The method visualizes data in the server side with multiple CPU cores and transfers result images to the client side. The client side collects users' interaction information and the server side updates visualization results based on the interaction information. We tested the workflow with large volume datasets and it is much faster than traditional workflows.

EmintWeb: Creation of embedded web applications in C++ for specific systems

Validation of user input data is very important in web application. Not only it protects the system from various exploits, but it also improves the user experience. User immediately sees what values are missing or are not valid and should be fixed. It is important to validate code on client side in the browser, but that does not mean that the validation on server side can be omitted. The golden rule of the web applications is not to trust user input and validate code on server side as well. The user input validation is therefore duplicated -- it validates the input values first on client side using JavaScript before the data is sent to server and then the received data is validated again on the server side. Changes made to the validation code must be synchronized in code on both sides. All implementations must be also unit tested, multiple sets of unit tests must be created and maintained. We will describe how we extended white-box testing tool Pex to generate user input validation code for web applications created on .NET platform. The JavaScript client side validation code is generated from the controller code written in C#. The code then validates input values on the client side. Most of the testing can be automated executing generated test. Testing resources -- i.e time spent on testing and number of testers involved people -- are saved.

Information visualization and data visualization are often viewed as similar, but distinct domains, and they have drawn an increasingly broad range of interest from diverse sectors of academia and industry. This study systematically analyzes and compares the intellectual landscapes of the two domains between 2000 and 2014. The present study is based on bibliographic records retrieved from the Web of Science. Using a topic search and a citation expansion, we collected two sets of data in each domain. Then, we identified emerging trends and recent developments in information visualization and data visualization, captivated in intellectual landscapes, landmark articles, bursting keywords, and citation trends of the domains. We found out that both domains have computer engineering and applications as their shared grounds. Our study reveals that information visualization and data visualization have scrutinized algorithmic concepts underlying the domains in their early years. Successive literature citing the datasets focuses on applying information and data visualization techniques to biomedical research. Recent thematic trends in the fields reflect that they are also diverging from each other. In data visualization, emerging topics and new developments cover dimensionality reduction and applications of visual techniques to genomics. Information visualization research is scrutinizing cognitive and theoretical aspects. In conclusion, information visualization and data visualization have co-evolved. At the same time, both fields are distinctively developing with their own scientific interests.

Purpose – By reviewing different information visualization techniques for securing web information systems, this paper aims to provide a foundation for further studies of the same topic. Another purpose of the paper is to discover directions in which there is a lack of extensive research, thereby encouraging more investigations.Design/methodology/approach – The related techniques are classified first by their locations in the web information systems architecture: client side, server side, and application side. Then the techniques in each category are further classified based on attributes specific to that category.Findings – Although there is much research on information visualization for securing web browser user interface and server side systems, there are very few studies about the same techniques on web application side.Originality/value – This paper is the first published paper reviewing extensively information visualization techniques for securing web information systems. The classification used her...

Context: Most approaches to automated white-box testing consider the client side and the server side of a web application in isolation from each other. Such testers lack a whole-program perspective on the web application under test. Inquiry: We hypothesise that an additional whole-program perspective would enable the tester to discover which server side errors can be triggered by an actual end user accessing the application through the client, and which ones can only be triggered in hypothetical scenarios. Approach: In this paper, we explore the idea of employing such a whole-program perspective in testing. To this end, we develop , a novel concolic tester which operates on full-stack JavaScript web applications, where both the client and the server side are JavaScript processes communicating via asynchronous messages -- as enabled by the WebSocket or Socket.IO-libraries. Knowledge: We find that the whole-program perspective enables discerning high-priority errors, which are reachable from a particular client, from low-priority errors, which are not accessible through the tested client. Another benefit of the perspective is that it allows the automated tester to construct practical, step-by-step scenarios for triggering server side errors from the end user's perspective. Grounding: We apply on a collection of web applications to evaluate how effective testing is in distinguishing between high- and low-priority errors. The results show that correctly classifies the majority of server errors. Importance: This paper demonstrates the feasibility of testing as a novel approach for automatically testing web applications. Classifying errors as being of high or low importance aids developers in prioritising bugs that might be encountered by users, and postponing the diagnosis of bugs that are less easily reached.

In the recent years, everything is in web.It may be Organization's administration software, Custom ERP application, Employee portals or Real estate portals.The Social networking sites like Face book, Twitter, MySpace which is a web application is been used by millions of users around the world.So web applications have become very popular among users.Hence they are observed and may be exploited by hackers.Researchers and industry experts state that the Cross-site Scripting (XSS) is the one of the top most vulnerabilities in the web application.The cross-site scripting has become a common vulnerability of many web sites and web applications.XSS consists in the exploitation of input validation flaws, with the purpose of injecting arbitrary script code which is later executed at the web browser of the victim.According to OSWAP, Cross-site scripting attacks on web applications have experienced an important rise in recent year.This demands an efficient approach on the server side to protect the users of the application as the reason for the vulnerability primarily lies on the server side.The actual exploitation is within the victim's web browser on the client-side.Therefore, an operator of a web application has only very limited evidence of XSS issues.However, there are many solutions for this vulnerability.But such techniques may degrade the performance of the system.In such scenarios challenge is to decide which method, platform, browser and middleware can be used to overcome the vulnerabilities, with reasonable performance over head to the system. Inspired by this problem, we present performance comparison of two mitigation techniques forCross-site Scripting (XSS) at the server side based on the parameters like application's platform, middleware technology and browser used by the end user.We implemented Mitigation parsing technique using database and replace technique in different platforms, middleware and checked its performance.We calculated the time taken by different browsers to render the pages using two techniques under different platform and middleware.In this paper we proposed the best combination of development platform, browser and the middleware for the two mitigation technique with respect to developer and end users.

Web applications are one of the most prevalent platforms for information and service delivery over the Internet today. As they are increasingly used for critical services, web applications have become a popular and valuable target for security attacks. Although a large body of techniques have been developed to fortify web applications and mitigate attacks launched against them, there has been little effort devoted to drawing connections among these techniques and building the big picture of web application security research. This article surveys the area of securing web applications from the server side, with the aim of systematizing the existing techniques into a big picture that promotes future research. We first present the unique aspects of the web application development that cause inherent challenges in building secure web applications. We then discuss three commonly seen security vulnerabilities within web applications: input validation vulnerabilities, session management vulnerabilities , and application logic vulnerabilities , along with attacks that exploit these vulnerabilities. We organize the existing techniques along two dimensions: (1) the security vulnerabilities and attacks that they address and (2) the design objective and the phases of a web application during which they can be carried out. These phases are secure construction of new web applications, security analysis/testing of legacy web applications , and runtime protection of legacy web applications . Finally, we summarize the lessons learned and discuss future research opportunities in this area.

The impact of software faults present in components to the larger system is currently a relevant and still open research topic. Web-based applications are simultaneously a relevant type of system for our society and are typically exposed to many software components in the server side. The impact of faults in these components to the web servers is an important aspect when evaluating the dependability properties of the entire web-serving system. This paper proposes an experimental approach to evaluate and compare the impact of software faults present in web applications on typical web servers. This approach consists in emulating realistic software faults in server-side web applications and monitoring the behavior of web server from both the server side (e.g., resource consumption) and the client side (e.g., response time, response correctness) perspective. We exemplify our methodology in case studies using three different servers and a realistic e-commerce web application and show that software faults existing in server side components can indeed affect the web server in a quantifiable manner which allow us to use our methodology for comparative purposes towards benchmarking and selecting the most robust web server.

With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers’ lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable asset in any organization. SQL injection is an attack technique used to exploit code by altering back-end SQL statements through manipulating input. An attacker can directly compromise the database, that’s why this is a most threatening attack. SQL injection attack occupies first position in top ten vulnerabilities as specified by Open Web Application Security Project [12]. It is probably the most common Website vulnerability today! Current scenarios which provide solutions to SQL injection attack either have limited scope i.e. can’t be implemented in all platforms or do not cover all types of SQL injection attacks. In this work we implement Detection Block model against SQL injection attacks. The model works both on client and server side. Client side implements a filter function and server side is based on information theory. MAC static and dynamic query which is derived from entropy is compared to detect an attack.

This paper proposes to design and implement a new XQuery-based framework for generating web application. It supports the development of both client and server side program in a uniform way using XQuery. Further more, through translating the fully XQuery based web application into corresponding client and server side code in appropriate target language, it enables web application developed using our framework to run as normal J2EE application. An online book-shop application is given as an example to illustrate how to build a web application using our framework. It shows how our framework can simplify web application development and improves flexibility.KeywordsXQueryweb programmingHTML

Nowadays, web developers are required to choose between Single-Page Application (SPA) or Server-Side Rendering (SSR). Both types of web applications have their own advantages and disadvantages. Currently, most developers use Javascript to be able to perform computations on the client side even though the web application built is SSR. Scripts in Javascript are compiled by the web browser before the functions in the script can be used by the user. These functions will be executed on the client side so that computation does not need to be done on the server side. Since the use of Javascript is by sending source code to the client to be compiled and executed, WebAssembly (Wasm) allows the server to send those functions in precompiled binary files. The functions contained in the binary can be used by web applications and will be executed on the client side, so the browser doesn't need to compile it first to use existing functions. In this paper, we utilize Wasm to perform data processing on the client side of the SSR web application by performing some queries to preserved data.

Web applications are one of the most useful platforms for the delivery of the information and service over the internet today. Day-to-Day the popularity of web application usage is increasing. Hence the web apps has to be designed for secure transformation of information from web client to web server and to mitigate the vulnerabilities. This paper presents a research survey report on constructing a secure web applications at the client side, server side and even in browsers. This paper initially gives an overview of web application, then followed by techniques or tools along with the attacks at the client side and serverside. It gives a big picture with the aim of promoting future research in this area.

This paper focuses on defense mechanisms for cross-site scripting attacks, the top threat on web applications today. It is believed that input validation (or filtering) can effectively prevent XSS attacks on the server side. In this paper, we discuss several recent real-world XSS attacks and analyze the reasons for the failure of filtering mechanisms in defending these attacks. We conclude that while filtering is useful as a first level of defense against XSS attacks, it is ineffective in preventing several instances of attack, especially when user input includes content-rich HTML. We then propose XSS-Guard , a new framework that is designed to be a prevention mechanism against XSS attacks on the server side. XSS-Guard works by dynamically learning the set of scripts that a web application intends to create for any HTML request. Our approach also includes a robust mechanism for identifying scripts at the server side and removes any script in the output that is not intended by the web application. We discuss extensive experimental results that demonstrate the resilience of XSS-Guard in preventing a number of real-world XSS exploits.

A lot of service requires identity of users to mitigate undesirable incidents such as fraud. To cut down probability of potential fraud, ID Card of users are collected to be verified so people can verify users whenever an undesirable activity happens. However, to verify identity through an ID card, a repository for the ID Card is required. To verify ID cards, the ID Card repository will be connected to an automated ID Card Verification API. The ID Card repository is meant to be used both on mobile phones and desktop computers, so the concept of progressive web application is used. To be able to upload images smoothly and build progressive web application, the ID Card repository is built using ReactJS and Ant Design. Server side is powered by Strapi and MongoDB. GraphQL API is utilized to connect client side and server side. It involves queries to fetch data. To fetch data on the client side, Apollo client is used to in ReactJS. Git is utilized for version control system which gives contribution to Continuous Integration and Continuous Delivery. In this paper, we will discuss why Strapi is best suited on server side and how Ant Design, a library to style components in a web page, can provide required components in this web application.