submit CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Indexed in the SCIE (2018 Impact Factor 0.854), and in Scopus

Journal of Web Engineering

Martin Gaedke, Chemnitz University of Technology, Germany
Geert-Jan Houben, Delft University of Technology, The Netherlands
Bebo White, Stanford University, USA

ISSN: 1540-9589 (Print Version),

ISSN: 1544-5976 (Online Version)
Vol: 17   Issue: 5

Published In:   August 2018

Publication Frequency: 8 issues per year

Search Available Volume and Issue for Journal of Web Engineering

Journal Description        Read Full Articles        Editorial Board        Subscription        Indexed

Filesync and Era Literaria: Realistic Open SourceWebs To Develop Web Security Skills

Jose Manuel Redondo López 1, and Leticia Del Valle Varela 2

1Department of Computer Science, University of Oviedo, C/Calvo Sotelo S/N Oviedo (Asturias), 33007, Spain
2GADD Grupo Meana S. A., Palacio de Lieres s/n Lieres (Asturias), 33580, Spain

Abstract: [+]    |    Download File [ 439KB ]    |   Read Article Online

Abstract: A great variety of services and applications are currently offered using web sites. Unfortunately, this also caused the proliferation of attacks targeting their potential vulnerabilities. Therefore, the demand for security-trained professionals that identify, prevent and find solutions to security vulnerabilities is greatly increasing. This also increased the need for adequate training tools that show how real attacks are performed and prevented. In this paper we describe the design, implementation and usage examples of two websites designed to facilitate web security training. These websites have a realistic set of features and have been developed using different popular technologies. They deliberately incorporate examples of a large subset of common security vulnerabilities, complemented with learning and training materials. They are also open source to allow the development of customizations and adaptations to different scenarios and facilitate learning secure code development techniques.

Keywords: Web security, pentesting, OWASP, vulnerability, training.

Acquisition and Modelling of Short-Term User Behaviour on the Web: A Survey

Ondrej Kassak, Michal Kompan and Maria Bielikova

Faculty of Informatics and Information Technologies, Slovak University of Technology, Ilkovicova 2, Bratislava, 841 04, Slovakia

Abstract: [+]    |    Download File [ 1222KB ]    |   Read Article Online

Abstract: User behaviour in data intensive applications such as the Web-based applications represents a complex set of actions influenced by plenty of factors. Thanks to this complexity, it is extremely hard for human to be able to understand all its aspects. Despite of this, by observing user actions from multiple views, we are able to extract and to model typical behaviour and its deviations on theWeb. The website itself, together with transaction server logs, includes information about the site structure, content and about the actual user actions (clicks) within the site. User actions logically reflect the behaviour, while other sources indicate his/her context. Combination of these data sources allows to model the typical user behaviour and his/her preferences. The longterm behaviour describes relatively stable user preferences based on extensive user history.As theWeb has become more and more dynamic, modelling user behaviour from the long-term perspective does not satisfy requirements of current Web based applications. On the other side, the short-term behaviour describes current user activity and his/her actual intent. However, this source of information is often noisy. To address these shortcomings the state-ofthe- art combines both perspectives, which allows to meaningful and timely modelling of user behaviour. In this paper,we provide a comprehensive survey of user modelling techniques. We analyse types of data sources used for the modelling and approaches for its acquisition. Additionally, we discuss approaches considering actual trends of dynamically changing websites. This trend brings new challenges, which have to be addressed in design and implementation of novelWeb applications.

Keywords: User modelling, Short-term user behaviour, Session, User preference,Web-site mining, Usage data mining.

STAFF: Automated Signature Generation for Fine-Grained Function Traffic Identification

Yazhe Tang1, Xun Li1 and Lishui Chen2

1Xi’an Jiaotong University, Shaanxi, China
2The 54th Research Institute of China Electronics Technology Group Corporation, Shijiazhuang, China

Abstract: [+]    |    Download File [ 2033KB ]    |   Read Article Online

Abstract: Identifying a user operating application function can reflect the user behavior, or even can help to improve the user experience. It is the focus of the real application in big data analytics technology. Unlike Coarse-grained Traffic Identification (CTI) which only identify application/protocol that a packet is related to, Fine-grained Function Traffic Identification (FFTI) maps the traffic packet to a meaningful user operation or an application function. In this paper, our focus is to identify the fine-grained function signature. We propose an automatic and stable signature generation method, so-called STAFF, to identify different application functions. STAFF treats data packets as long strings. The aim of our method is to find all the string fragments whose length is longer than a prescribed length and whose occurrence is higher than a prescribed frequency. The final signature will be presented as pairs of string fragments and their corresponding occurrence frequency. The experimental results show that STAFF can automatically generate finegrained function signatures in different applications with average 93.65% identification accuracy and the method is noise insensitive.

Keywords: automated signature generation, application function signature, application traffic identification.

River Publishers: Journal of Web Engineering