Saturday, March 2, 2013

Automated testing of complex Web 2.0 applications prevents security vulnerabilities

Automated testing of complex Web 2.0 applications prevents security vulnerabilities [ Back to EurekAlert! ] Public release date: 1-Mar-2013
[ | E-mail | Share Share ]

Contact: Gordon Bolduan
bolduan@mmci.uni-saarland.de
49-681-302-70741
Saarland University

"The police have discovered a new variant of internet fraud. The offender capitalizes on the complexity of social networks", reported a newspaper a month ago in Southern Germany. Valentin Dallmeier, postdoc at the software engineering chair at Saarland University, is not surprised. He says that the methods that web developers and responsible project leaders rely on to try to find programming errors and security holes in web applications have been too ineffective and inefficient. "This is still done manually and therefore causes not only very high costs, but also high levels of risk for companies and the community," Martin Burger explains. He works at the software engineering chair, too. Together the two postdocs want to change this serious deficit. Therefore they have developed the software system "Webmate", which determines automatically why Web 2.0 applications fail.

For the transfer of the technology to a spin-off, they have just received 500,000 Euros from the national support program "EXIST" run by the Federal Ministry of Economics and Technology (BMWi). The program is aimed at improving the entrepreneurial environment at universities and research institutions and at increasing the number of technology- and knowledge-based business start-ups.

So called Web 2.0 applications run centrally on an online server. Therefore, in contrast to conventional programs, they are not installed on the user's computer or laptop; instead, the user interacts with them via a web browser. In recent years, thanks to new web development technologies such as Asynchronous JavaScript and XML (AJAX), web applications can be used as smoothly as if they were installed on personal computers. AJAX takes care of organizing the transfer of data packets between the user's computer and server in such a way that the delays incurred by the connection are barely noticeable. Hence, not only private users but also companies and the public sector are adopting web applications more and more frequently. However, news about data theft and malfunctions is also reported on a daily basis.

Dallmeier and Burger want to prevent such worst-case scenarios and other breakdowns. Businesses and their responsible web administrators will only have to type in their Web address. Afterwards the system discovers automatically how the different components of the application are connected to each other and via which menus, buttons, and other control panels the users are interacting with the application. Subsequently, it generates and executes test scenarios. If it discovers, for example, that the application is not compatible with a certain version of a browser, or a control panel no longer exists in a new version of the application, the system informs the developer immediately likewise if a database is not connected, a server does not respond, or a link is dead. The web developer is able to repeat this test at any time.

Dallmeier, Burger and the three other persons planning to found the spin-off are sure that their technology will succeed. They estimate the market potential in Germany alone to be 120 million Euros annually.

###

Computer science research on the campus of Saarland University

The Department of Computer Science is not the only research institution which is exploring new aspects of computer science. Only a few yards from there, you can also find the Max Planck Institute for Computer Science, the Max Planck Institute for Software Systems, the Center for Bioinformatics, the Center for IT-Security, Privacy and Accountability, the German Research Center for Artificial Intelligence, the Intel Visual Computing Institute and the recently renewed Cluster of Excellence "Multimodal Computing and Interaction".

See also:

Website for Webmate: http://www.st.cs.uni-saarland.de/webmate/

For further information please contact:

Valentin Dallmeier
Tel: 49-681-302-70993
E-Mail: dallmeier@cs.uni-saarland.de

Gordon Bolduan, Science Communication
Cluster of Excellence "Multimodal Computing and Interaction"
During Cebit: 49-0511/ 89497024


[ Back to EurekAlert! ] [ | E-mail | Share Share ]

?


AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert! system.


Automated testing of complex Web 2.0 applications prevents security vulnerabilities [ Back to EurekAlert! ] Public release date: 1-Mar-2013
[ | E-mail | Share Share ]

Contact: Gordon Bolduan
bolduan@mmci.uni-saarland.de
49-681-302-70741
Saarland University

"The police have discovered a new variant of internet fraud. The offender capitalizes on the complexity of social networks", reported a newspaper a month ago in Southern Germany. Valentin Dallmeier, postdoc at the software engineering chair at Saarland University, is not surprised. He says that the methods that web developers and responsible project leaders rely on to try to find programming errors and security holes in web applications have been too ineffective and inefficient. "This is still done manually and therefore causes not only very high costs, but also high levels of risk for companies and the community," Martin Burger explains. He works at the software engineering chair, too. Together the two postdocs want to change this serious deficit. Therefore they have developed the software system "Webmate", which determines automatically why Web 2.0 applications fail.

For the transfer of the technology to a spin-off, they have just received 500,000 Euros from the national support program "EXIST" run by the Federal Ministry of Economics and Technology (BMWi). The program is aimed at improving the entrepreneurial environment at universities and research institutions and at increasing the number of technology- and knowledge-based business start-ups.

So called Web 2.0 applications run centrally on an online server. Therefore, in contrast to conventional programs, they are not installed on the user's computer or laptop; instead, the user interacts with them via a web browser. In recent years, thanks to new web development technologies such as Asynchronous JavaScript and XML (AJAX), web applications can be used as smoothly as if they were installed on personal computers. AJAX takes care of organizing the transfer of data packets between the user's computer and server in such a way that the delays incurred by the connection are barely noticeable. Hence, not only private users but also companies and the public sector are adopting web applications more and more frequently. However, news about data theft and malfunctions is also reported on a daily basis.

Dallmeier and Burger want to prevent such worst-case scenarios and other breakdowns. Businesses and their responsible web administrators will only have to type in their Web address. Afterwards the system discovers automatically how the different components of the application are connected to each other and via which menus, buttons, and other control panels the users are interacting with the application. Subsequently, it generates and executes test scenarios. If it discovers, for example, that the application is not compatible with a certain version of a browser, or a control panel no longer exists in a new version of the application, the system informs the developer immediately likewise if a database is not connected, a server does not respond, or a link is dead. The web developer is able to repeat this test at any time.

Dallmeier, Burger and the three other persons planning to found the spin-off are sure that their technology will succeed. They estimate the market potential in Germany alone to be 120 million Euros annually.

###

Computer science research on the campus of Saarland University

The Department of Computer Science is not the only research institution which is exploring new aspects of computer science. Only a few yards from there, you can also find the Max Planck Institute for Computer Science, the Max Planck Institute for Software Systems, the Center for Bioinformatics, the Center for IT-Security, Privacy and Accountability, the German Research Center for Artificial Intelligence, the Intel Visual Computing Institute and the recently renewed Cluster of Excellence "Multimodal Computing and Interaction".

See also:

Website for Webmate: http://www.st.cs.uni-saarland.de/webmate/

For further information please contact:

Valentin Dallmeier
Tel: 49-681-302-70993
E-Mail: dallmeier@cs.uni-saarland.de

Gordon Bolduan, Science Communication
Cluster of Excellence "Multimodal Computing and Interaction"
During Cebit: 49-0511/ 89497024


[ Back to EurekAlert! ] [ | E-mail | Share Share ]

?


AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert! system.


Source: http://www.eurekalert.org/pub_releases/2013-03/su-ato030113.php

winning lottery numbers megamillions winner kansas jayhawks mega millions results louisville lotto numbers susan powell

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.