PRESENTED BY ESHWARI MENTE, NAVEEN DANTURI, AGASTHESWAR
Dr. Kevin Gary is an associate professor in College of Technology and Innovation at Arizona State University. His research interests includes: Software engineering Systems architecture Web applications Databases Enterprise computing Image guided surgery Computational intelligence Technology supported teaching and learning.
IGSTK - Technology assisted surgical procedures Robotic Notes (Robotic Natural Orifice Transluminal Endoscopic Surgery) Cochlear Implants The Software Enterprise Courses offered at ASU: o CSE515-Multimedia & Web Databases o CST533 - DB-centric Enterprise App. Dev o CST Software Enterprise: Inception and Elaboration
The software industry is currently experiencing a paradigm shift towards web based software. There is an impending mismatch between web and software development Mashware software that leverages source code and software components that are downloaded dynamically from all over the world. The trend towards Mashware will aggravate the gap between web and software development.
First phase: Simple page structured documents Second phase: Increasingly interactive with graphics, animation and plug–in. Recent trend is towards desktop-style web applications.
A mashup is a web site that combines content from multiple web sites into an integrated experience. Allows unparalleled sharing and reuse of software, data, layout and visualization information, or any other content across the planet. This increases productivity and reusability.
The principles and practices for web development evolved rather independently of the principles and practices for software engineering
Software engineering principle violations Usability and user interaction issues Networking and security issues Browser inoperability and incompatibility issues Development style and testing issues Deployment model changes Performance issues.
So far, web engineering and software engineering have evolved as separate fields. It is time to forget the origins of the browser as a document viewing environment and to start treating the Web as a real, full-fledged application platform – one whose capabilities will eventually far exceed those of the earlier software platforms.
FINDING EMERGENT PROPERTIES OF WEB APPLICATION DEVELOPMENT PLATFORMS BY ULRICH STÄRK, LUTZ PRECHELT, ILIJA JOLEVSKI
“What is a Web Development Framework” Functions of Web application Framework Types of frameworks “What web framework should we use” xkcd.com/292 by Randall Munroe
Package to support construction of dynamic web applications. Alleviating the repetitive overhead of development patterns. Develop apps compatible with different Browsers. More sophisticated, interactive, and well- managed
Provide Core Functionality. Promote reusability and pluggability. Good at organizing large projects. Program actions and logic are separated from the HTML, CSS and design files. Implement complex functionalities in efficient manner. Enforce best coding practices.
Model–view–controller (MVC) Push-based vs. pull-based Three-tier organization Content management systems
10 BEST FREE WEB APPLICATION FRAMEWORKS Web Application Frameworks Ruby on Rails MVC ruby based framework geared for web application development CodeIgniter Powerful PHP framework with a very small footprint Django Python framework which encourages rapid development and clean design CakePHP MVC rapid application development framework for PHP Zend Framework Simple, straightforward, open-source software framework for PHP 5 Yii High-performance component-based PHP framework Pylons Python web framework emphasizing flexibility and rapid development Catalyst Elegant MVC Web Application Framework Symfony Full-stack framework TurboGears Next generation TurboGears built on Pylons
PERFORMANCE COMPARISON Speed and agility of building applications in Rails. ROR syntax is more cryptic than that of Perl. Python with Django combination yields high performance. PHP with Symfony is the easiest language to code in, has security issues. Java still chugging on Struts 1.X, JSF is promising. Perl code tends to be small in size.
Whitepaper will provide a unique insight into the state of web application security Number of Issues in Web Application penetration test increased in 2011 Most Prevalent issues Server Misconfiguration Information Leakage Cross Scripting effect 2/3 rd and SQL Injection effect 1/5 th applications in 2011 Input Validation Issues have decreased from 2010 to 2011 In General issues identified remains constant indicates “Developers Tend to make Same Issues”
Server Configuration Information Leakage Authentication Weakness Session Management Weakness Authorization Weakness Input Validation Weakness Encryption Vulnerabilities Other
Injection (SQL, LDAP, XPATH, OS command) Cross-Site Scripting (XSS) Broken Authentication and Session Management Insecure Direct Object References Cross-Site Request Forgery (CSRF) Security Misconfiguration Insecure Cryptographic Storage Failure to Restrict URL Access Insufficient Transport Layer Protection Un-validated Redirects and Forwards
WWW: World-Wide Web Conference WebDB: International Workshop on the Web and Databases WCW: Web Caching Workshop WIDM: International Workshop on Web Information and Data Management International Journal of Web Applications International Journal of Web Services Research
Issues, Challenges and Opportunities for Research in Software Engineering by Manish K Anand, Vasudeva Varma Conference on Software Engineering and Applications (SEA 2004), November 09- 1, 2004, MIT Cambridge, USA. Major Issues in Software Engineering Project Management RICHARD H. THAYER, MEMBER, IEEE, ARTHUR B. PYSTER, MEMBER, IEEE, AND ROGER C. WOOD, MEMBER, IEEE Web Application Vulnerability Statistics Alex Hopkins PlatForms 2011: Finding Emergent Properties of Web Application Development Platforms- Ulrich Stärk, Lutz Prechelt, Ilija Jolevski The Mashware Challenge: Bridging the Gap Between Web Development and Software Engineering - Tommi Mikkonen, Antero Taivalsaari