Refine your search
Collections
Co-Authors
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Zulzalil, Hazura
- Feasibility Study of Aspect Mining at Requirement Level
Abstract Views :195 |
PDF Views:0
Authors
Affiliations
1 Faculty of Computer Science and Information Technology, Universiti Selangor (UNISEL), MY
2 Computer Science and Information Technology, Universiti Putra Malaysia (UPM), MY
1 Faculty of Computer Science and Information Technology, Universiti Selangor (UNISEL), MY
2 Computer Science and Information Technology, Universiti Putra Malaysia (UPM), MY
Source
Indian Journal of Science and Technology, Vol 7, No 5 (2014), Pagination: 559-565Abstract
Modularity is categorized as quality characteristic which can increase the maintainability of a software program. Although modularity is gaining popularity, yet it is hard to be realized since there are many crosscutting concerns scattered and tangled in object oriented programs. Thus, more efforts are needed to maintain the software program which uses object oriented approach. On the other hand, aspect oriented approach has been viewed as it can encourage modularization. Since majority of the existing application is using object oriented approach, restructuring process known as refactoring become essential in increasing the program modularity. Refactoring means the process of restructuring the internal section without changing the system behaviour. Even though refactoring becomes the solution for this yet it does not seem to increase the modularity of a software program. This is due to lack of a comprehensive aspect mining method which helps in extracting the crosscutting concern from the existing applications before the refactoring takes place. At the present time, software practitioner preferred to conduct aspect mining at coding level which resulted in incomplete crosscutting concern extraction. Since the requirement stage being the initial stage before coding, it is believed to have the ability to extract more crosscutting concerns. Thus, it creates a space for aspect mining at requirement level as an alternative to aspect mining at coding level. In that case, the feasibility of aspect mining at requirement level becomes a need. This study aims to demonstrate the opportunity of conducting aspect mining at requirement level. Interview conducted among the Certified Professional Requirement Engineers (CPRE) has revealed that aspect mining at the requirement level is feasible and needed. The result of this study represented in SWOT analysis matrix is useful in justifying the alternative method of aspect mining. This alternative analysis also highlighted on the frequency of crosscutting concern that used among the CPRE indicating the worthiness of aspect mining at the requirement level.Keywords
Aspect Mining, Feasibility Study, Refactoring- Removing Cross-Site Scripting Vulnerabilities from Web Applications using the OWASP ESAPI Security Guidelines
Abstract Views :114 |
PDF Views:0
Authors
Affiliations
1 Department of Software Engineering and Information System, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang - 43400 UPM, Selangor, MY
1 Department of Software Engineering and Information System, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang - 43400 UPM, Selangor, MY
Source
Indian Journal of Science and Technology, Vol 8, No 30 (2015), Pagination:Abstract
Software security vulnerabilities are present in many web applications and have led to many successful attacks on a daily basis. These attacks, including cross-site scripting, have caused damages for both web site owners and users. Cross-site scripting vulnerabilities are easy to exploit but difficult to eliminate. Most solutions provided only focus on preventing attacks or detecting the vulnerabilities. Very few research works have addressed eliminating these vulnerabilities from the web applications source codes. In this paper, we propose an approach to remove cross-site scripting vulnerabilities from the source code before an application is deployed. We make use of the OWASP cross-site scripting prevention rules as guideline in our approach. The proposed approach is, so far, only implemented and validated on Java-based Web applications, although it can be implemented in other programming languages with slight modifications. Initial evaluation results have indicated promising results.Keywords
Cross-Site Scripting, Software Security, Vulnerability Removal- Cross-Site Scripting Detection Based on an Enhanced Genetic Algorithm
Abstract Views :133 |
PDF Views:0
Authors
Affiliations
1 Department of Software Engineering and Information System, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, UPM, Serdang - 43400, Selangor, MY
1 Department of Software Engineering and Information System, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, UPM, Serdang - 43400, Selangor, MY
Source
Indian Journal of Science and Technology, Vol 8, No 30 (2015), Pagination:Abstract
Software security vulnerabilities have led to many successful attacks on applications, especially web applications, on a daily basis. These attacks, including cross-site scripting, have caused damages for both web site owners and users. Cross-site scripting vulnerabilities are easy to exploit but difficult to mitigate. Many solutions have been proposed for their detection. However, the problem of cross-site scripting vulnerabilities present in web applications still persists. In this paper, we propose to explore an approach based on genetic algorithms that will be able to detect cross-site scripting vulnerabilities in the source code before an application is deployed. The proposed approach is, so far, only implemented and validated on Java-based web applications, although it can be implemented in other programming languages with slight modifications. Initial evaluations have indicated promising results.Keywords
Cross-Site Scripting, Genetic Algorithm, Software Security, Vulnerability Detection- Gap Analysis in Specifying Porting Requirements for Mobile Application
Abstract Views :174 |
PDF Views:0
Authors
Affiliations
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400 UPM Serdang, Selangor, MY
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400 UPM Serdang, Selangor, MY
Source
Indian Journal of Science and Technology, Vol 9, No 31 (2016), Pagination:Abstract
Background/Objectives: To propose gap analysis technique is to gather porting requirements for mobile application porting project. Methods/Statistical Analysis: Static-group Comparison method was used to evaluate the effectiveness of this technique. 3 mobile development organizations that are specializing in mobile application porting project were participated in this study. All together 10 participants were involved. Interview and questionnaire technique were used to identify the characteristics and issues during gathering of porting requirements. From the analysis, at the moment porting requirements are gathered using ad-hoc method or using their own intuitions. Hence the porting requirements are ambiguous and not consistent. Findings: Formalizing the porting requirement activity is essential to ensure the completeness and quality of the ported requirements. Gap analysis technique is significantly faster with precise requirements than the ad-hoc techniques. Application/Improvements: Gap analysis offers a formalized way to gather porting requirement to ensure the completeness and quality of a ported mobile application.Keywords
Gap Analysis, Mobile Application, Platform, Porting Requirements.- SQL Injection Attack Roadmap and Fusion
Abstract Views :203 |
PDF Views:0
Authors
Kabir Umar
1,
Abu Bakar Md Sultan
1,
Hazura Zulzalil
1,
Novia Admodisastro
1,
Mohd Taufik Abdullah
1
Affiliations
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Selangor, MY
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Selangor, MY
Source
Indian Journal of Science and Technology, Vol 9, No 28 (2016), Pagination:Abstract
With SQL Injection, an attacker can change the intended effect of dynamically generated query in a web Application. This can lead to unauthorized access to the database underlying web application, and harmful transactions on the potentially sensitive information contained in the database. Clear understanding of a problem always assists in finding stronger solution to the problem. In this paper, we conducted an extensive review of several empirical studies on SQL injection attacks and vulnerabilities, with the goal of providing the research community with better insight into possible relationship that exists between different types of SQL Injection Attacks (SQLIAs), and the types of vulnerabilities exploited by each. Consequently, the result of our study is presentation of SQLIAs fusion which shows how different types of SQLIAs lead to one another, and also presentation of step by step SQLIA roadmap. We are very optimistic that our study can help the research community with clearer understanding of SQL Injections, and thus facilitates emergence of stronger solutions to the long standing problem.Keywords
Attack Intents, Attack Mechanism, Inter-attacks Relationship, Vulnerabilities Exploitation, Web Applications.- Enhanced Pushdown Automaton based Static Analysis for Detection of SQL Injection Hotspots in Web Application
Abstract Views :204 |
PDF Views:0
Authors
Kabir Umar
1,
Abu Bakar Md Sultan
1,
Hazura Zulzalil
1,
Novia Admodisastro
1,
Mohd Taufik Abdullah
1
Affiliations
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Selangor, MY
1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Selangor, MY