The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Software startups can be subject to extreme money and time constraints while hoping for delivering reliable software. In a harsh startup environment, software may face quality downgrade either by improper process management or incapable human resources. Among the many, security is a fragile software quality characteristic responsible for severe negative consequences such as jeopardizing a startup's...
There is no doubt that agile methods have become mainstream and with their increased use unanswered questions start to appear: How do we address cross-cutting concerns when software is developed vertically? Does value prioritization lead to increases in technical debt by promoting feature development over refactoring? Isn’t the reticence to write initial specifications on the premise of change an...
Cyber security is becoming an important aspect in every industry like in banking sector, power and automation sectors. Servers are critical assets in these industries where business critical sensitive data is stored. These servers often incorporates web servers in them through which any business data and operations are performed remotely. Hence, it is obvious that for a reliable operation, security...
Passing university entrance examination is a big challenge for Afghan University applicants. In this paper, we propose an online examination support environment namely e-KEPS Exam Prep System (e-KEPS). The architecture is comprised mainly of three layers: (i) Presentation logic, (ii) Business Logic, and (iii) Data Access Logic. The system design methodology is incremental which supports the user involvements...
We present Web Mate, a tool for automatically generating test cases for Web applications. Given only the URL of the starting page, Web Mate automatically explores the functionality of a Web application, detecting differences across multiple browsers or operating systems, as well as across different revisions of the same Web application. Web Mate can handle full Web 2.0 functionality and explore sites...
The agile software development approach makes developing secure software challenging. Existing approaches for extending the agile development process, which enables incremental and iterative software development, fall short of providing a method for efficiently ensuring the security of the software increments produced at the end of each iteration. This article (a) proposes a method for security reassurance...
Today's ongoing trend towards intense usage of web service based applications in daily business and everybody's daily life poses new challenges for security testing. Additionally, such applications mostly not execute in their own runtime environment but instead are deployed in some data center, run alongside multiple other applications, and serve different purposes for sundry user domains with diverging...
Cloud computing has become one of the most crucial part in accessing the set of resources when it comes to Information Technology (IT) domain, where it reduces the cost of their resource ownership and its services. Since cloud computing is believed to be a suitable and adaptable one for small business, the public cloud dominates in storing an organization resource with ease. However one of the most...
We describe the SPaCIoS project, illustrating its main objectives, the results obtained so far and those that we expect to achieve, in particular, the development of the SPaCIoS Tool, an integrated platform that takes as input a formal description of the system under validation, the expected security goals, and a description of the capabilities of the attacker, and automatically generates and executes...
With the large-scale distributed system plays an increasingly important role in such fields as national security, critical infrastructure and social life, its vulnerability analysis problem has become a growing focus nowadays. As a vulnerability analysis object, a multi-layer model is put forward firstly, and then a multi-dimension vulnerability analysis framework of large-scale distributed system...
Electronic commerce for tourism has a trend of rapid development. The operation mode for Caissa China Travel Agency official web site is analyzed, and the advantages and disadvantages of network marketing operation mode for Caissa Travel Agency in electronic commerce are studied by SWOT analysis method. The convenience and satisfaction of Caissa Travel Agency web site for network group is analyzed...
This paper reports on ongoing work on SWAT, a new toolkit for security workflow analysis. SWAT provides a platform for the realization and testing of well-founded methods to detect information leaks in workflows, both for the workflow certification and for audit based upon the execution traces. Besides presenting the SWAT's functionality and high-level architecture, an example illustrates its operation.
The Disaster Tolerant backup System is an important aspect of constructing management information system security. In terms of the analysis on management information system data, this paper offer principles, steps and strategies to construct the backup system.
We present a solution for test-based security certification of services that models the service under certification using a Symbolic Transition System (STS). The STS-based model is readily derivable from the Web Service Description Language (WSDL) and Web Service Conversation Language (WSCL) of the service, and can be enriched with details about test-based conditions on inputs and outputs, implementation...
Records management has evolved over the centuries and the concept of electronic records is quickly becoming the major trends in managing electronic information compared to traditional recordkeeping which required tedious and complexity of works. This paper is discussed about the management of records from paper based into electronic through the implementation of Vehicle Observation System, an IT collaboration...
A fuzzy comprehensive evaluation method of user experience is proposed to the problem on user experience quality which is difficult to accurately evaluate on the E-commerce web using. Firstly, being accordance with usability testing theory and the analysis of the user experience elements on E-commerce web using process, a evaluation index architecture is structured with views including human-computer...
We describe a framework and methodology for managing the privacy policy of an enterprise, including creation (based on factors like legislation and consumer preferences), validation and verification, deployment and enforcement, and compliance testing for business processes and software. To evaluate this approach, one module of our framework (compliance testing) is implemented for an existing prominent...
The difficulties of e-commerce protocol security are mainly reflected in two aspects: First, the industry has not yet come to a uniform conclusion for the requirements of the security properties of e-commerce, while new properties are continually proposed and updated. The second is the difficulty of the protocol design and verification. This paper makes a new explanation of the protection of individual's...
Service-oriented architecture (SOA) has become an increasingly popular mechanism for achieving business agility and reuse. However, organizations implementing SOA-based solutions are facing new implementation challenges related to validation and verification activities in an SOA environment, especially of runtime system quality attributes such as interoperability, security, reliability, and performance...
In this paper, we consider typical applications in which the business logic is separated from the access control logic, implemented in an independent component, called the Policy Decision Point (PDP). The execution of functions in the business logic should thus include calls to the PDP, which grants or denies the access to the protected resources/functionalities of the system, depending on the way...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.