Phenomenological inquiry into the experience of web project managers

The advent of the Internet and the World Wide Web has been instrumental in bringing about the growth in the implementation of web-based information systems (WBIS). Such systems are designed with the aim of improving productivity, data accuracy, and the reduction of paperwork and administrative overheads. Moreover, unlike their conventional non-web-based predecessors, the WBIS are commonly aimed at users who are casual and untrained, geographically distributed and non-homogenous. The dissemination of WBIS necessitates additional infrastructure support in the form of a security system, workflow and transaction management, and web administration. WBIS are commonly developed using an evolutionary approach, whereby the version of the application, acquired from the vendor, is first deployed as a pilot, in order to gather feedback from the target users before the evolutionary cycles commence. While a number of web development methodologies have been proposed by existing research, there is a dearth of empirical evidence that elucidates the experiences of project initiators in pursuing the evolution of web services, a process that undoubtedly involves dealing with stakeholder issues. This research project presents a phenomenological investigation of the experiences of project managers with the implementation of web-based employee service systems (ESS), a domain that has witnessed a sharp growth in Australia in recent times. However, the project managers’ rich, multidimensional account of their experiences with the implementation of ESS revealed the social obstacles and fragility of intra-organizational relationships that demanded a cautious and tactful approach. Thus, the study provides a socio-organizational perspective to web projects in contrast to the functionalist paradigm of current web development methodologies. The research also confirms that consideration of the concerns of stakeholders by project managers is crucial to the successive cycles of ESS evolution. Project managers address stakeholder concerns by pursuing actions that are aimed at encouraging ESS usage, but at the same time, such actions can have consequences necessitating subsequent iterations of system enhancement and improvement. Finally, the research also discovered that despite the different socio-political climate prevalent in various organizations, in which ESS are being implemented, the experiences of project managers in dealing with stakeholder concerns can be captured and independently confirmed in terms of their perceived relevance and usefulness in problem-solving within the application domain.

Security Issue challenging facebook

The advancement in Internet and bandwidth has resulted in a number of new applications to be developed; many of these newer applications are described as being Web 2. A web 2 application such as Facebook has allowed people around the world to interact together. One of the interesting aspects of Facebook is the use of third parties applications and the interactions that this allows.

Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism also exist in online environment, and Web 2 applications are not exception to these issues. This paper explores and categorises several security issues within the Facebook environment. It contributes to practice and research by emphasising the importance of security awareness for businesses and the general public in the use of Web 2 applications such as Facebook.

Protecting web services from distributed denial of service attacks

The outcome of the research was the development of three network defence systems to protect corporate network infrastructure. The results showed that these defences were able to detect and filter around 94% of the DDoS attack traffic within a matter of seconds.

Defending grid web services from XDoS attacks by SOTA

Grid Web Services are still relevantly a new to business systems, and as more systems are being attached to it, any threat to it could bring collapse and huge harm. Some of these potential threats to Grid Web services come in a new form of a new denial of service attack (DoS), called XML Denial of Service or XDOS attacks. Though, as yet, there have not been any reported attacks from the media, we have observed these attacks are actually far less complex to implement than any previous Denial of Service (DoS), but still just as affective. Current security applications for grid web services (WS-Security for example), based on our observations, and are not up to job of handling the problem. In this paper, we build on our previous work called Service Oriented Traceback Architecture (SOTA), and apply our model to Grid Networks that employ web services. We further introduce a filter defence system, called XDetector, to work in combination with SOTA. Our results show that SOTA in conjunction with XDetector makes for an effective defence against XDoS attacks and upcoming DXDoS.

A layered security approach for cloud computing infrastructure

This paper introduces a practical security model based on key security considerations by looking at a number of infrastructure aspects of Cloud Computing such as SaaS, Utility, Web, Platform and Managed Services, Service commerce platforms and Internet Integration which was introduced with a concise literature review. The purpose of this paper is to offer a macro level solution for identified common infrastructure security requirements. This model with a number of emerged patterns can be applied to infrastructure aspect of Cloud Computing as a proposed shared security approach in system development life cycle focusing on the plan-built-run scope.

OST : A transaction based online social trust model for social network and file sharing security

The continuous growth of the users pool of Social Networking web sites such as Facebook and MySpace, and their incessant augmentation of services and capabilities will in the future, meet and compare in contrast with today's Content distribution Networks (CDN) and Peer-to-Peer File sharing applications such as Kazaa and BitTorrent, but how can these two main streams applications, that already encounter their own security problems cope with the combined issues, trust for Social Networks, content and index poisoning in CDN? We will address the problems of Social Trust and File Sharing with an overlay level of trust model based on social activity and transactions, this can be an answer to enable users to increase the reliability of their online social life and also enhance the content distribution and create a better file sharing example. The aim of this research is to lower the risk of malicious activity on a given Social Network by applying a correlated trust model, to guarantee the validity of someone's identity, privacy and trustfulness in sharing content.

Anonymous web browsing through predicted pages

Anonymous web browsing is an emerging hot topic with many potential applications for privacy and security. However, research on low latency anonymous communication, such as web browsing, is quite limited; one reason is the intolerable delay caused by the current dominant dummy packet padding strategy, as a result, it is hard to satisfy perfect anonymity and limited delay at the same time for web browsing. In this paper, we extend our previous proposal on using prefetched web pages as cover traffic to obtain perfect anonymity for anonymous web browsing, we further explore different aspects in this direction. Based on Shannon’s perfect secrecy theory, we formally established a mathematical model for the problem, and defined a metric to measure the cost of achieving perfect anonymity. The experiments on a real world data set demonstrated that the proposed strategy can reduce delay more than ten times compared to the dummy packet padding methods, which confirmed the vast potentials of the proposed strategy.

Improvement of DDoS attack detection and web access anonymity

The thesis has covered a range of algorithms that help to improve the security of web services. The research focused on the problems of DDoS attack and traffic analysis attack against service availability and information privacy respectively. Finally, this research significantly advantaged DDoS attack detection and web access anonymity.

Reliable aggregation on network traffic for web based knowledge discovery

The web is a rich resource for information discovery, as a result web mining is a hot topic. However, a reliable mining result depends on the reliability of the data set. For every single second, the web generate huge amount of data, such as web page requests, file transportation. The data reflect human behavior in the cyber space and therefore valuable for our analysis in various disciplines, e.g. social science, network security. How to deposit the data is a challenge. An usual strategy is to save the abstract of the data, such as using aggregation functions to preserve the features of the original data with much smaller space. A key problem, however is that such information can be distorted by the presence of illegitimate traffic, e.g. botnet recruitment scanning, DDoS attack traffic, etc. An important consideration in web related knowledge discovery then is the robustness of the aggregation method , which in turn may be affected by the reliability of network traffic data. In this chapter, we first present the methods of aggregation functions, and then we employe information distances to filter out anomaly data as a preparation for web data mining.

Web application protection against SQL injection attack

SQL injection vulnerabilities poses a severe threat to web applications as an SQL Injection Attack (SQLIA) could adopt new obfuscation techniques to evade and thwart countermeasures such as Intrusion Detection Systems (IDS). SQLIA gains access to the back-end database of vulnerable websites, allowing hackers to execute SQL commands in a web application resulting in financial fraud and website defacement. The lack of existing models in providing protections against SQL injection has motivated this paper to present a new and enhanced model against web database intrusions that use SQLIA techniques. In this paper, we propose a novel concept of negative tainting along with SQL keyword analysis for preventing SQLIA and described our that we implemented. We have tested our proposed model on all types of SQLIA techniques by generating SQL queries containing legitimate SQL commands and SQL Injection Attack. Evaluations have been performed using three different applications. The results show that our model protects against 100% of tested attacks before even reaching the database layer.

User preference of cyber security awareness delivery methods

Operating systems and programmes are more protected these days and attackers have shifted their attention to human elements to break into the organisation's information systems. As the number and frequency of cyber-attacks designed to take advantage of unsuspecting personnel are increasing, the significance of the human factor in information security management cannot be understated. In order to counter cyber-attacks designed to exploit human factors in information security chain, information security awareness with an objective to reduce information security risks that occur due to human related vulnerabilities is paramount. This paper discusses and evaluates the effects of various information security awareness delivery methods used in improving end-users’ information security awareness and behaviour. There are a wide range of information security awareness delivery methods such as web-based training materials, contextual training and embedded training. In spite of efforts to increase information security awareness, research is scant regarding effective information security awareness delivery methods. To this end, this study focuses on determining the security awareness delivery method that is most successful in providing information security awareness and which delivery method is preferred by users. We conducted information security awareness using text-based, game-based and video-based delivery methods with the aim of determining user preferences. Our study suggests that a combined delivery methods are better than individual security awareness delivery method.

Detecting and mitigating HX-DoS attacks against cloud web services

Cyber-Physical Systems allow for the interaction of the cyber world and physical worlds using as a central service called Cloud Web Services. Cloud Web Services can sit well within three models of Cyber- Physical Systems, Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a- Service (IaaS). With any Cyber-Physical system use Cloud Web Services it inherits a security problem, the HX-DoS attack. HX-DoS attack is a combination of HTTP and XML messages that are intentionally sent to flood and destroy the communication channel of the cloud service provider. The relevance of this research is that TCP/IP flood attacks are a common problem and a lot of research to mitigate them has previously been discussed. But HTTP denial of service and XML denial of service problem has only been addressed in a few papers. In this paper, we get closer to closing this gap on this problem with our new defence system called Pre- Decision, Advance Decision, Learning System (ENDER). In our previous experiments using our Cloud Protector, we were successful at detecting and mitigate 91% with a 9% false positive of HX-DoS attack traffic. In this paper, ENDER was able to improve upon this result by being trained and tested on the same data, but with a greater result of 99% detection and 1% false positive.

Microsoft and Amazon : a comparison of approaches to cloud security

Research has shown that data security has always been an important aspect of quality of service for data service providers; but cloud computing poses new and challenging security threats. The most common security concerns for users of cloud storage are data confidentiality, integrity and availability. Microsoft has considered these concerns and responded with the Azure virtual private storage based on Searchable Encryption. Amazon has also responded to these security issues with its Amazon Web Services. In this paper, we investigate and compare in depth the features of Microsoft Azure and Amazon Web Services deemed to provide security with a particular focus on confidentiality, integrity and availability of data.

Crime toolkits : the current threats to web applications

Increasingly, web applications are being developed over the Internet. Securing these web applications is becoming important as they hold critical security features. However, cybercriminals are becoming smarter by developing a crime toolkit, and employing sophisticated techniques to evade detection. These crime toolkits can be used by any person to target Internet users. In this paper, we explore the techniques used in crime toolkits. We present a current state-of-the-art analysis of crime toolkits and focus on attacks against web applications. The crime toolkit techniques are compared with the vulnerability of web applications to help reveal particular behaviour such as popular web application vulnerabilities that malicious writers prefer. In addition, we outline the existing protection mechanism, and observe that the possibility for damage is rising, particularly as specialization and scale increase in cybercrime.

Using response action with Intelligent Intrusion detection and prevention System against web application malware

Findings: After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system.