Browsing by Subject "PHP"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Experimental Techniques In The Recording And Display Of Archaeological Materials(2011-08-08) Koepnick, SamuelIn the area of the display of data and images from archaeological sites there is very little uniformity. Universities, museums, and institutions use a variety of techniques and software. Because of the lack of a common framework for storing information gathered from the field a great deal of time is lost converting between disparate file formats and learning new program structures. The goal of this project is to create an open platform to accomplish the specialized tasks of recording and displaying data from the field, specifically dealing with the unique problems associated with sites in an underwater context. The final result should be freely available and adaptable. Many challenges were overcome over the course of this project. Providing security, estimating the user?s level of technical ability, creating a simple but effective interface, creating a three dimensional object viewer, and using only tools freely available for public use were the primary problems. The software chosen to author the platform as well as the hardware requirements were intentionally left to a minimum to ensure that users without access to the latest hardware would still be able to use these tools. In addition to these requirements, the final product would have to be hardware agnostic, as well as operating system neutral. As tempting as it would be to call this project complete, it is very much still an evolving work in progress. As new challenges arise the platform should be robust enough to be able to adapt. The modular design of the platform will ensure that future users will be able to adjust and even create completely new components to add functionality and customize the software to their needs.Item Toward better server-side Web security(2014-05) Son, Sooel; Shmatikov, Vitaly; McKinley, Kathryn S.Server-side Web applications are constantly exposed to new threats as new technologies emerge. For instance, forced browsing attacks exploit incomplete access-control enforcement to perform security-sensitive operations (such as database writes without proper permission) by invoking unintended program entry points. SQL command injection attacks (SQLCIA) have evolved into NoSQL command injection attacks targeting the increasingly popular NoSQL databases. They may expose internal data, bypass authentication or violate security and privacy properties. Preventing such Web attacks demands defensive programming techniques that require repetitive and error-prone manual coding and auditing. This dissertation presents three methods for improving the security of server-side Web applications against forced browsing and SQL/NoSQL command injection attacks. The first method finds incomplete access-control enforcement. It statically identifies access-control logic that mediates security-sensitive operations and finds missing access-control checks without an a priori specification of an access-control policy. Second, we design, implement and evaluate a static analysis and program transformation tool that finds access-control errors of omission and produces candidate repairs. Our third method dynamically identifies SQL/NoSQL command injection attacks. It computes shadow values for tracking user-injected values and then parses a shadow value along with the original database query in tandem with its shadow value to identify whether user-injected parts serve as code. Remediating Web vulnerabilities and blocking Web attacks are essential for improving Web application security. Automated security tools help developers remediate Web vulnerabilities and block Web attacks while minimizing error-prone human factors. This dissertation describes automated tools implementing the proposed ideas and explores their applications to real-world server-side Web applications. Automated security tools are effective for identifying server-side Web application security holes and a promising direction toward better server-side Web security.