submit CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Indexed in the SCIE (2018 Impact Factor 0.854), and in Scopus

Journal of Web Engineering

Editors-in-Chief:
Martin Gaedke, Chemnitz University of Technology, Germany
Geert-Jan Houben, Delft University of Technology, The Netherlands
Flavius Frasincar, Erasmus University Rotterdam, The Netherlands
Florian Daniel, Politecnico di Milano, Italy


ISSN: 1540-9589 (Print Version),

ISSN: 1544-5976 (Online Version)
Vol: 9   Issue: 1

Published In:   March 2010

Publication Frequency: 8 issues per year

Articles in 2020


Search Available Volume and Issue for Journal of Web Engineering


Journal Description        Read Full Articles        Editorial Board        Subscription        Indexed

Practical Elimination of External Interaction Vulnerabilities in Web Applications


James Mille and Toan Huynh

University of Alberta, Canada

Abstract: [+]    |    Download File [ 215KB ]

Abstract: External Interaction Vulnerabilities (EIVs) are currently the most common vulnerability for web applications. These vulnerabilities allow attackers to use vulnerable web applications as a vessel to transmit malicious code to external systems that interact with the web applications. The malicious code will modify the semantic content of the information sent to the external application. Current vulnerability detection approaches are black-box oriented and do not take advantage of the data flow information which is available in the source code. In this paper, we introduce a white-box approach called EIV analysis to eliminate web applications’ vulnerabilities. This strategy allows investigators to accurately identify all inputs entering the web application and model the input as it reaches external systems acting as data sinks. The strategy is partially automated resulting in substantial effort savings when compared with common industrial approaches; while also providing superior performance in terms vulnerability detection. A case study using a commercial, currently deployed, mission-critical web application is presented to demonstrate the validity of these claims.

Keywords: Security analysis, web applications, web security, case study

Investigating the Distributional Property of the Session Workload


James Mille and Toan Huynh

University of Alberta, Canada

Abstract: [+]    |    Download File [ 1219KB ]

Abstract: Companies now rely on the World Wide Web for communication with their customers. As reliance on web servers grows, the need for companies to better understand the workload placed upon these servers also increases. The session workload unit is a popular unit of measurement used to analyze recorded information from server logs. In fact, many web applications, from shopping carts to online banking systems, require session information to function correctly. Web data mining is also dependent on session workload information. However, the distributional properties of this session workload are not understood. Whether the session workload can be described as a short-tailed or heavy-tailed distribution is a fundamental question for the investigation of the session workload unit. This paper empirically explores claims that the session workload can be described using a heavytailed distribution. The paper concludes that, for the samples used in this paper, a method to accurately determine whether the session workload is drawn from a heavy-tailed distribution does not exist. Hence, the conclusion that they are drawn from such a distribution cannot be made.

Keywords: Web session length; Session workload property; Web log analysis

Augmenting a Web-Based Learning Environment through Blending Formative Assessment Services


I-Ching Chen1, Dong-Her Shih1 and Shuen-Cheng Hu2

1Department of Information Management,National Yunlin University of Science & Technology, Taiwan
2Department of Computer Science and Communication Engineering,Providence University, Taiwan

Abstract: [+]    |    Download File [ 447KB ]

Abstract: Web-based training gained popularity due to pervasive hypertext information systems, as well as its flexibility of time and place. However, the lack of orientation and interactions leads to higher dropout rates in those self-directed learning environments. From the perspectives of learners, formative assessment generates criticism and suggestions that guide them toward ultimate learning goals, which improves their sustaining rates in self-directed learning environments. This research work aims to investigate how a Webbased learning platform can blend external formative assessment services to foster learning activities as well as facilitate interactions between learners and mentors. Besides proposing a conceptual model, a proof-of-concept prototype has been developed, in which both fully-automatic and human-involved formative assessment works could be blended into a self-paced, Web-mediated learning process. An experiment indicated that the prototyped e-learning context did help to sustain learners. The result of this research implies that, with abundant pedagogical Web services in an open framework, high priced elearning resources could be easily shared and flexibly orchestrated to fulfill various educational goals.

Keywords: Web-based learning, dropout, pedagogical service, Web service, formative assessment, SCORM

Empirically Assessing the Impact of DI on the Development of Web Service Applications


Marco Crasso, Cristian Mateos, Alejandro Zunino, and Marcelo Campo

ISISTAN Research Institute, Universidad Nacional del Centro. Also CONICET.
Campus Universitario, Tandil (B7001BBO), Buenos Aires, Argentina.

Abstract: [+]    |    Download File [ 620KB ]

Abstract: Service-Oriented Computing (SOC) has been broadly conceived as the next big thing in distributed software development. The software industry has embraced SOC through Web Services –functionality that is accessible via ubiquitous protocols such as HTTP–. This technology provides the basis for reuse and interoperability of applications across the WWW. However, consuming Web Services is still an expensive task in terms of de- velopment costs, since developers still have to invest much effort not only into manually discovering services, but also on providing code to invoke them, which leads to software that is polluted with service-aware code and therefore is more difficult to modify and test. Recently, a technique that has become very popular for building software is Dependency Injection (DI), which allows applications to be far more testable and maintainable. In this paper, we quantitatively analyze some of the benefits and costs of DI for building Web Service applications. We base our experiments on a refined version of DI that com- bines text-mining, machine learning, and best practices from component-based software development to simplify the way Web Services are discovered and consumed. To our knowledge, this is the first study on the impacts of using DI in the context of SOC.

Keywords: service-oriented computing, Web Services, dependency injection, code-first outsourcing, text mining

River Publishers: Journal of Web Engineering