MétaCan
Menu
Back to cohort

Securing Web Applications with Secure Coding Practices and Integrity Verification

2018· article· en· W2790829532 on OpenAlex

Why this work is in the frame

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

affAt least one author lists a Canadian institution in the pinned OpenAlex snapshot.
fundA Canadian funder is recorded on the work.

Bibliographic record

Venuenot available
Typearticle
Languageen
FieldComputer Science
TopicWeb Application Security Vulnerabilities
Canadian institutionsQueen's University
FundersMitacs
KeywordsComputer scienceComputer securityCross-site scriptingWeb application securitySecure codingJavaScriptWeb applicationScripting languageClient-sideWorld Wide WebSoftware security assuranceWeb developmentSecurity serviceInformation securityThe InternetOperating system

Abstract

fetched live from OpenAlex

The concept of security in web applications is not new. However, it is often ignored in the development stages of the applications. Being multitiered and spread across different domains, it is challenging to come up with a security solution that works for all web applications. Moreover, developers are more inclined to implement features and often do not practice secure coding. Therefore, countless web applications are launched with security vulnerabilities like cross-site scripting, injection attacks and resource alterations. In addition, code tampering on the client side is a serious security risk for web applications. In our opinion, integrating security features should be a part of the development process. Without practicing secure coding and having an integrity verification system in place, it is difficult to defend security attacks. In this paper, we present a system that helps developers to implement security measures on the client side code based on the best practices of secure coding. We also develop an integrity verification module to prevent code tampering attacks on the client side. The proposed approach can be integrated with both new and existing web applications. We implement our approach for a number of JavaScript-based applications and the results show that our approach increased the security of the applications and prevented any modifications performed on the client side.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

Full frame distilled prediction

Teacher imitation

Not calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

metaresearch head score (Codex)0.000
metaresearch head score (Gemma)0.000
Version: codex-gemma-dda1882f352aValidation status: machine_predicted_unvalidated
Candidate categoriesnone
Consensus categoriesnone
DomainCandidate signal: none · Consensus signal: none
Study designCandidate signal: Theoretical or conceptual · Consensus signal: none
GenreCandidate signal: Empirical · Consensus signal: none
Teacher disagreement score0.922
Threshold uncertainty score0.384

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0000.000
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0000.000
Science and technology studies0.0000.000
Scholarly communication0.0000.001
Open science0.0000.000
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

Opus teacher head0.030
GPT teacher head0.295
Teacher spread0.265 · how far apart the two teachers sit on this one work
Validation statusscore_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it

Quick stats

Citations6
Published2018
Admission routes2
Has abstractyes

Explore more

Same topicWeb Application Security VulnerabilitiesFrench-language works237,207