Journal articles on the topic 'Web 2.0 security'

e13093 Background: Recently a novel clinical trial generation based on a therapeutic strategy driven by early treatment response assessment to therapy by functional imaging was conceived and a central review of the images became necessary. We describe hear the application of a new web-based tool for imaging exchange and online review of PET scan (WIDEN) conceived for the prospective multicenter clinical trial HD0607. Methods: In the HD 0607 clinical trial 367 patients affected by advanced-stage Hodgkin Lymphoma (HL), are treated with 2 ABVD courses and a PET scan performed afterwards (PET-2). PET-2 positive patients shift to an aggressive treatment, PET-2 negative patients continue with ABVD. PET-2 along with the baseline scan (PET-0) is uploaded to a dedicated web site thanks to WIDEN and hence distributed to six expert reviewers. The latter report the scans within 72 hours from the upload and determine the choice whether intensify or not the treatment intensity (NCT identifier 00795613). Results: The average (median) time per scan upload and download were 6’39” (1’35”) and 3’26” (1’53”) respectively. The average (median) PET scan size were 133.8 MB (121.5 MB), with a minimum size of 51.2 MB and a maximum size of 469.8 MB. The average (median) time frame between the case files upload by the submitting centre and the case review reporting was 48h 45‘ (40h 31’). 7% of the cases were reviewed among the forth and the fifth days. 3% cases were reviewed after the fifth days. In all cases of a review time spanning over more than three days the delay depended on the presence of a week-end of other holiday time. Concordance rate among reviewers measured with Krippendorff,s alpha was 0.799. Conclusions: WIDEN proved to be an effective tool for medical imaging exchange and review. Data security, simplicity, low cost, feasibility and prompt scan review were demonstrated. Its applicability in any clinical trial in which imaging is decisional for treatment modulation is warranted

Background: When performing partial toe-transfer flaps with a short vascular pedicle, as the flap becomes smaller, the likelihood of securing veins in the flap decreases. The purpose of this study was to clarify how frequently the partial toe-transfer flap with a short pedicle (free vascularized half-big toenail flap) contains veins and elucidate how frequently we can secure the veins with an artery via the first web space approach alone, using the Genial Viewer (a near-infrared light transmission imaging device). Methods: We observed the dorsal vein images of the bilateral big toes of 250 volunteers (male, n = 125; female, n = 125) using the device. We counted the total number of dorsal veins in the big toe, the veins that crossed the margin of the region equivalent to the half-big toenail flap, and the veins that branched off from the fibular side of the flap area. An unpaired Student’s t-test was used for the statistical analyses. Results: All of the dorsal big toes contained veins. The mean number of the veins was 2.3 (range, 1–4). Branched-off veins were observed in the area equivalent to the half-big toenail flap in 496 (99.2%) of the big toes, and the mean number of veins was 1.9 (range, 0–4). In four cases, the region contained no veins (unilaterally). Branched-off veins were observed in the first web space in 440 (88.0%) of the big toes, and the mean number of veins was 0.9 (range, 0–2). Conclusions: The present study indicated high consistency of the veins in partial toe-transfer flaps with a short vascular pedicle and the high possibility of harvesting a flap with only exposing the first web space. In addition, in most cases, the flap will include one or, at most, two veins in the first web space.

During the COVID 19 pandemic, round-the-clock demand for COVID -19 laboratory tests exceeded capacity, placing a significant burden on laboratory staff and infrastructure. The use of laboratory information management systems (LIMS) to streamline all phases of laboratory testing (preanalytical, analytical, and postanalytical) has become inevitable. The objective of this study is to describe the architecture, implementation, and requirements of PlaCARD, a software platform for managing patient registration, medical specimens, and diagnostic data flow, as well as reporting and authentication of diagnostic results during the 2019 coronavirus pandemic (COVID -19) in Cameroon. Building on its experience with biosurveillance, CPC developed an open-source, real-time digital health platform with web and mobile applications called PlaCARD to improve the efficiency and timing of disease-related interventions. PlaCARD was quickly adapted to the decentralization strategy of the COVID 19 testing in Cameroon and, after specific user training, was deployed in all COVID 19 diagnostic laboratories and the regional emergency operations center. Overall, 71% of samples tested for COVID 19 by molecular diagnostics in Cameroon from 05 March 2020 to 31 October 2021 were entered into PlaCARD. The median turnaround time for providing results was 2 days [0–2.3] before April 2021 and decreased to 1 day [1– 1] after the introduction of SMS result notification in PlaCARD. The integration of LIMS and workflow management into a single comprehensive software platform (PlaCARD) has strengthened COVID 19 surveillance capabilities in Cameroon. PlaCARD has demonstrated that it can be used as a LIMS for managing and securing test data during an outbreak.

Traffic analysis and monitoring is needed to improve network service quality by using statistical analysis to obtain traffic characteristics. These statistics provide important signals about service quality and network throughput. Because of the heterogeneity of the bandwidth requirements of the traffic flow resulting from different applications, the resulting data can be used to determine the nature of IP traffic and to consider its characteristics. The first data type is data available from the Simple Network Management Protocol (SNMP) to the network nodes. The second is from IP current monitoring. The combination of these two data types provides a solid foundation for traffic analysis and monitoring. Which in this case we will apply to Mikrotik, dude applications, Internet of Things, Social Media, Website, SNMP, Probe, Zabbix, Security Information and Event Management (SIEM).Monitoring results are displayed in graphical form on the Network Monitoring System Web Application, so that users can find out more information. The network monitoring system developed is also very effective because the packet sent in one transaction is very small, which is 309 bytes when compared to the larger SNMP protocol. The results of the configuration of hardware and software with Zabbix NMS went well with the success of monitoring the service by detecting status changes on each host with 2 ownership statuses Ok and Warning. The availability value is influenced by the Uptime and Downtime of a device. The greater the Uptime value, the greater the availability value. The availability test results show that the application made has an error rate of 0% when compared with the calculation results. Using a network monitoring system using the SNMP protocol on the Mikrotik router and dude application, can help in network management

<p>Abstrak </p><p>Data <em>logging</em> yang diterapkan pada suatu alat bertujuan untuk mencatat setiap kondisi yang terjadi. Oleh karena itu dibutuhkan sistem <em>log</em> yang bersifat <em>real time</em> dan fleksibel agar pengguna dapat melakukan monitoring perangkat dengan mudah. <em>Internet of Things</em> (IoT) yang merupakan suatu konsep dimana suatu sistem dapat terhubung dengan perangkat lain melalui jaringan internet yang terintegrasi dapat dikembangkan untuk memaksimalkan fungsionalitasnya dengan menggabungkan antara IoT dan <em>cloud</em>. Penelitian ini bertujuan melakukan penerapan IoT dengan membuat sistem keamanan kontrol kunci pintu rumah dengan sistem <em>log</em> berbasis <em>cloud</em>. Sistem keamanan kontrol kunci pintu rumah menggunakan keakuratan pengenalan biometrik berupa wajah sebagai verifikasi penghuni rumah. Ketika verifikasi wajah dilakukan maka akan dikirimkan <em>log</em> informasi berupa hasil dari verifikasi tersebut ke <em>database</em> dan Aplikasi Telegram menggunakan <em>service cloud</em>. Hasil Penelitian ini telah berhasil dalam merancang dan membangun sistem <em>log</em> berbasis <em>cloud</em> menggunakan <em>service</em> dari <em>Amazon Web Service </em>(AWS) berupa AWS IoT <em>Core</em> yang digunakan sebagai broker untuk meng-<em>handle</em> data <em>log</em> dari ESP32-<em>cam</em> ke DynamoDB dan Amazon SNS. Dalam melakukan penyimpanan data log didapatkan nilai <em>successful</em> <em>rate</em> sebesar 100% dan notifikasi berhasil dikirim ke Aplikasi Telegram dengan <em>delay</em> 2 hingga 3 detik. Pengujian performa pengiriman data didapatkan rata-rata <em>delay</em> sebesar 245,9374 mili detik dengan kategori Bagus, rata-rata nilai <em>throughput</em> 3.686 bps dengan kategori Sangat Bagus dan <em>packet loss</em> sebesar 0% dengan kategori Sangat Bagus berdasarkan standar TIPHON.</p><p>Abstract</p><p><em>Data logging applied to a device aims to record every condition that occurs. Therefore, a log system that is real time and flexible is needed so that users can monitor the device easily. IoT (Internet of things) which is a concept where a system can connect with other devices through an integrated internet network can be developed to maximize its functionality by combining IoT and Cloud. This research aims to implement IoT by creating a home door lock control security system with a cloud-based log system. To be able to send logs from IoT devices to the cloud requires good data transmission performance so that users can monitor home conditions. The home door lock control security system uses the accuracy of biometric recognition in the form of faces as verification of home occupants. When face verification is done, information logs will be sent in the form of the results of the verification to the database and Telegram application using cloud services. The results of this study have succeeded in designing and building a cloud-based log system using services from AWS (Amazon Web Service) in the form of AWS IoT Core which is used as a broker to handle log data from ESP32-cam to DynamoDB and Amazon SNS. In storing log data, the successful rate value is 100% and the notification is successfully sent to the Telegram application with a delay of 2 to 3 seconds. Testing the performance of data transmission obtained an average delay of 245.9374 milliseconds in the Good category, the average throughput value of 3,686 bps in the Very Good category and packet loss of 0% in the Very Good category based on the TIPHON standard.</em></p>

The World Trade Center Attack or 9/11 tragedy has awakened the international community, particularly the United States (US) to sharpen its foreign policy in facing security threats coming from ‘weak states’. One of the most prominent weak states examples that pose a grave threat to other countries are the Northern Triangle Countries of Central America that referred to Guatemala, Honduras, and El Salvador. Hence, this paper will discuss the rationale behind US initiatives in dealing with security threats in El Salvador as one of the Northern Triangle Countries. In analyzing the case, the writers will use the weak state concept and national interest concept. The result of this paper finds that El Salvador corresponds to the elements of a weak state and further poses security threats by giving rise to transnational criminal organizations, drug trafficking, and migrant problems in which overcoming those security threats has become US vital national interest. However, we also find that although decreasing security threats and strengthening El Salvador government capacity is highly correlated, strengthening El Salvador governance through the providence of aid and assistance is actually classified as US important national interest. Keywords: Security threats; Northern Triangle; weak state; El Salvador; national interest REFERENCES Ambrus, Steven. “Guatemala: The Crisis of Rule of Law and a Weak Party System.” Ideas Matter, January 28, 2019. https://blogs.iadb.org/ideas-matter/en/guatemala-the-crisis-of-rule-of-law-and-a-weak-party-system/. Andrade, Laura. Transparency In El Salvador. 1st ed. 1. El Salvador: University Institute for Public Opinion, Asmann, Parker. “El Salvador Citizens Say Gangs, Not Government 'Rule' the Country.” InSight Crime, August 19, 2020. https://insightcrime.org/news/brief/el-salvador-citizens-say-gangs-not- government-rules-country/. Accessed July 11, 2021. Art, Robert J. A. Grand Strategy for America. Ithaca: Century Foundation/Cornell UP, 2004. BBC News Indonesia "Kisah Di Balik MS-13, Salah Satu Geng Jalanan Paling Brutal Di Dunia." BBC News Indonesia. BBC, April 21, 2017.https://www.bbc.com/indonesia/majalah-39663817.Accessed July 11, 2021. Bureau of Western Hemisphere Affairs “U.S. Relations With El Salvador - United States Department of State.” U.S. Department of State. U.S. Department of State, April 14, 2021.https://www.state.gov/u-s-relations-with-el-salvador/. Accessed July 11, 2021. “Bureau of International Narcotics and Law ENFORCEMENT Affairs: El Salvador Summary -United States Department of State.” U.S. Department of State. U.S. Department of State, February3, 2021. https://www.state.gov/bureau-of-international-narcotics-and-law-enforcement-affairs-work-by-country/el-salvador-summary/. Central Intelligence Agency. Central Intelligence Agency, July 6, 2021. https://www.cia.gov/the-world-factbook/countries/el-salvador/. Accessed July 11, 2021. Dudley, Steven, and Avalos, Silva “MS13 In the Americas: How the World’s Most Notorious Gang Defies Logic, Resists Destruction. National Institute of Justice”, 2018. “El Salvador Homicides Jump 56 Percent as Gang Truce Unravels.” Reuters, December 30,2014.https://www.reuters.com/article/us-el-salvador-violence-idUSKBN0K81HR20141230. Eizenstat, Stuart E., John Edward Porter, and Jeremy M. Weinstein. “Rebuilding Weak States.”Foreign Affairs 84, no. 1 (2005): 134. https://doi.org/10.2307/20034213. FOXBusiness. “How MS-13, One of America's Most Dangerous Gangs, Is Funded.” Fox Business.Fox Business, April 19, 2017.https://www.foxbusiness.com/features/how-ms-13-one-of-americas-most-dangerous-gangs-is-funded. Accessed July 11, 2021. Fukuyama, Francis.Cornell University Press. Ithaca, USA: Cornell University Press, 2004. Galdamez, Eddie. “Water Pollution in El Salvador. Getting Worse Every Year.” El Salvador INFO,June 30, 2021. https://elsalvadorinfo.net/water-pollution-in-el-salvador/. Accessed July 11, 2021. Gies, Heather. “Once Lush, El Salvador Is Dangerously Close to Running out of Water.” Environment. National Geographic, May 4, 2021.https://www.nationalgeographic.com/environment/article/el-salvador-water-crisis-drought-climate-change. Accessed July 11, 2021. Giedraityte, Ieva. “Empire, Leadership OR Hegemony: US Strategies towards the Northern Triangle Countries in the 21st Century.” Latin American Yearbook – Political Science and International Relations 7 (2019): 175. https://doi.org/10.17951/al.2019.7.175-192. “Government Revenues.” Government Revenues - Countries - List. Accessed August 4, 2021.https://tradingeconomics.com/country-list/government-revenues. “Guatemala: An Assessment of Poverty.” Poverty Analysis - Guatemala: An Assessment of Poverty. Accessed August 4, 2021. https://web.archive.org/web/20161225194831/http://web.worldbank.org/WBSITE/EXTERNAL/ TOPICS/EXTPOVERTY/EXTPA/0,,contentMDK:20207581~menuPK:443285~pagePK:148956~piPK:216618~theSitePK:430367,00.html. Herningtyas, Ratih. "Weak State As A Security Threat: A Case Study Of Colombia." Journal of International Relations 2, no. 2 (2014): 146-156. “Honduras.” World Bank. Accessed August 4, 2021. https://www.worldbank.org/en/country/honduras#:~:text=Honduras%20is%20a%20low%20middle,than%20US%241.90%20per%20day. Iesue, Laura. “The Alliance for Prosperity Plan: A Failed Effort for Stemming Migration,” COHA, November 21, 2019, https://www.coha.org/the-alliance-for-prosperity-plan-a-failed-effort-for-stemming-migration/. Accessed July 11, 2021 Indexmundi. “Countries Ranked by Intentional Homicides (per 100,000 People)." Countries ranked by Intentional homicides (per 100,000 people), n.d.,https://www.indexmundi.com/facts/indicators/VC.IHR.PSRC.P5/rankings. Accessed July 11,2021. Insight Crime. “Central America Regional Security Initiative (CARSI)." InSight Crime, October 18,2011, https://insightcrime.org/uncategorized/central-america-regional-security-initiative/. Accessed July 11, 2021 “Income Held by Top 20 Percent in El Salvador.” Statista, July 5, 2021.https://www.statista.com/statistics/1075313/el-salvador-income-inequality/. International Monetary Fund. “El Salvador: Selected Issues.” IMF Staff Country Reports 16, no. 206 (2016): 1. https://doi.org/10.5089/9781498342346.002. Interpol "El Salvador." El Salvador, n.d.,https://www.interpol.int/en/Who-we-are/Member-countries/Americas/EL-SALVADOR. Accessed July 11, 2021. “Key Issues AFFECTING Youth in El Salvador - OCDE.” Key Issues affecting Youth in El Salvador - OCDE. Accessed August 8, 2021.https://www.oecd.org/fr/pays/elsalvador/youth-issues-in-el-salvador.htm. Lakhani, Nina. “Gang Violence in El Salvador Fuelling Country's Child Migration Crisis.” The Guardian. Guardian News and Media, November 18, 2014.https://www.theguardian.com/world/2014/nov/18/el-salvador-gang-violence-child-migration-crisis. Accessed July 11, 2021. “Life under Gang Rule in El Salvador.” Crisis Group, December 10, 2018. https://www.crisisgroup.org/latin-america-caribbean/central-america/el-salvador/life-under-gang-rule-el-salvador. Löwenheim, Oded. “Transnational Criminal Organizations and Security: The Case against Inflating the Threat.” International Journal 57, no. 4 (2002): 513–36. https://doi.org/10.2307/40203690. “Mano Dura: El Salvador Responds to Gangs.” Taylor & Francis. Accessed August 5, 2021.https://www.tandfonline.com/doi/abs/10.1080/09614520701628121?journalCode=cdip20.Menjivar, Cecilia, and Andrea Gomez Cervates. “El Salvador: Civil War, Natural Disasters, and Gang Violence Drive Migration.” migrationpolicy.org, May 11, 2021.https://www.migrationpolicy.org/article/el-salvador-civil-war-natural-disasters-and-gang-violence-drive-migration. Accessed July 11, 2021. Meyer, Peter J., and Ribando Clare Seelke. Central America Regional Security Initiative: Background and Policy Issues for Congress. Washington, D.C.: Library of Congress, Congressional Research Service, 2014. Michaels, Peter S. Lawless Intervention: United States Foreign Policy in El Salvador and Nicaragua, 6, 7, no. 2 (January 5, 1987). https://doi.org/https://core.ac.uk/download/pdf/71463263.pdf. OSAC. “El Salvador 2020 Crime & Safety Report,” https://www.osac.gov/Content/Report/b4884604- 977e-49c7-9e4a-1855725d032e. Days on July 9, 2021. “Overview.” World Bank. Accessed August 4, 2021. https://www.worldbank.org/en/country/elsalvador/overview. Patrick, Stewart. “Weak States and Global Threats: Assessing Evidence of Spillovers.” SSRN Electronic Journal, 2006, 1–31. https://doi.org/10.2139/ssrn.984057. Published by Teresa Romero, and Jul 5. “Gini Coefficient: Wealth Inequality in El Salvador.” Statista,July 5, 2021.https://www.statista.com/statistics/983230/income-distribution-gini-coefficient-el-salvador/. “Remarks by President Obama after Meeting with Central American Presidents.” National Archives and Records Administration. National Archives and Records Administration. Accessed August 8, 2021. https://obamawhitehouse.archives.gov/the-press-office/2014/07/25/remarks-president-obama-after-meeting-central-american-presidents. Riney, Lt Col Thomas J. “How Is MS-13 a Threat to US National Security? .” AIR WAR COLLEGE AIR UNIVERSITY , February 12, 2009. https://apps.dtic.mil/sti/pdfs/ADA540139.pdf. Rivera, Mauricio. “Drugs, Crime, and NONSTATE Actors in Latin America: Latin American Politics and Society.” Cambridge Core. Cambridge University Press, October 12, 2020. https://www.cambridge.org/core/journals/latin-american-politics-and-society/article/abs/drugs-crime-and-nonstate-actors-in-latin-america/67CF0B66AB8673D0C50F2F99AC93A1B7. Schneider, Mark. “Where Are the Northern Triangle Countries Headed? And What Is U.S. Policy?” Center for Strategic and International Studies (CSIS), July 9, 2021. https://www.csis.org/analysis/where-are-northern-triangle-countries-headed-and-what-us-policy. Seelke, Clare Ribando. “CRS Report for Congress.” El Salvador: Political, Economic, and Social Conditions and U.S. Relations, November 18, 2008. https://doi.org/https://www.refworld.org/pdfid/4951ec75e.pdf. Silva Avalos, Hector. “Corruption in El Salvador: Politicians, Police, and Transportistas.” SSRN, April 2, 2014. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2419174. Sleinan, Julett Pineda. “Salvadoran Court: Ex-President and Wife Guilty of Illicit Enrichment.” OCCRP. Accessed August 5, 2021. https://www.occrp.org/en/daily/13586-salvadoran-court-ex- president-and-wife-guilty-of-illicit-enrichment. The United States Department of Justice. “MS-13's Highest-Ranking Leaders Charged with Terrorism Offenses in the United States.”, January 19, 2021. https://www.justice.gov/opa/pr/ms-13-s-highest-ranking-leaders-charged-terrorism-offenses-united-states. Retrieved July 9, 2021. Transformation Index. “BTI 2020 El Salvador Country Report.” BTI Blog, 2020. https://www.bti-project.org/en/reports/country-report-SLV.html. Accessed July 11, 2021. “U.S. Strategy for Engagement in Central America Results Architecture – Overall Summary.”State.gov. Accessed August 8, 2021. https://www.state.gov/wp-content/uploads/2019/04/U.S.-Central-America-Strategy-Objectives.pdf. United Nations High Commissioner for Refugees. “Death Threats and Gang Violence Forcing More Families to FLEE Northern Central America – UNHCR and Unicef Survey.” UNHCR. Accessed August 5, 2021. https://www.unhcr.org/news/press/2020/12/5fdb14ff4/death-threats-gang-violence-forcing-families-flee-northern-central-america.html. U.S. Department of Homeland Security, “Combating Gangs,” https://www.ice.gov/features/gangs.Diakses pada 9 Juli 2021. USAID, “GENERATING HOPE: USAID IN EL SALVADOR, GUATEMALA, AND HONDURAS,”https://www.usaid.gov/generating-hope-usaid-el-salvador-guatemala-and honduras. Diakses pada 8 Juli 2021. United States General Accounting Office, “EL SALVADOR Military Assistance Has Helped Counter but Not Overcome the Insurgency,” https://www.gao.gov/assets/nsiad-91-166.pdf. Retrieved July 8, 2021. U.S. Immigration and Customs Enforcement “Combating Gangs.”, January 27, 2021. https://www.ice.gov/features/gangs. Accessed July 9, 2021. Valencia, Robert. “MS-13 and Barrio 18 Gangs Allegedly Employ More People in El Salvador than the Country's Largest Employers.” Newsweek. Newsweek, November 2, 2018.https://www.newsweek.com/ms-13-barrio-18-gangs-employ-more-people-el-salvador-largest-employers-1200029. Accessed July 11, 2021 Wang, Shaoguang. "China's Changing of the Guard: The Problem of State Weakness." Journal of Democracy 14, no. 1 (2003): 36-42. doi:10.1353/jod.2003.0022. Weber, Max. “Economy and society: An outline of interpretive sociology. Vol. 1. Univ of California Press, 1978. Welsh, Teresa. “US to Resume Northern Triangle Aid, Pompeo Says.” devex, 2019.https://www.devex.com/news/us-to-resume-northern-triangle-aid-pompeo-says-95846. Whelan, Robbie. “Why Are People Fleeing Central America? A New Breed of Gangs Is Taking Over.” The Wall Street Journal. Dow Jones & Company, November 2, 2018. https://www.wsj.com/articles/pay-or-die-extortion-economy-drives-latin-americas-murder-crisis-1541167619. Retrieved July 8, 2021. Williams, Phil. "Transnational criminal enterprises, conflict, and instability." Turbulent Peace: The challenges of managing international conflict (2001): 97-112. World Bank. “Overview.” World Bank, October 9, 2020.https://www.worldbank.org/en/country/elsalvador/overview. Retrieved July 8, 2021.

The speed of technological development has made it possible for all people to be connected to one another. The creation of web-based information systems that help in all areas, including government, health, and education, is one of the forces behind the development of technology. With these technological advancements, websites are susceptible to cybercrimes that could end in the theft of crucial data. Top 10 Web Application Security Risks is the most effective prevention process for decrease company information leaks. On the website tangerangkota.go.id, the researcher will conduct a test using the Top 10 Web Application Security Risks technique. Top 10 Web Application Security Risks consist of Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, Identification and Authentication Failures, Software and Data Integrity Failures, Security Logging and Monitoring Failures, Server-Side Request Forgery. The penetration testing results found on the Tangerang City website which are 4 injections, 2 broken access controls, 1 security misconfiguration.

The level of security of web applications is constantly growing every year, but new ratings of the most common security threats indicate that the problem of ensuring their security is very relevant and constantly changing. Therefore, it is essential to understand the importance of using automatic security scans of web applications and objectively assess their real effectiveness. The paper considers the process of testing web applications for vulnerabilities (and examples of their detection), using free web crawlers (with open-source) by the "black box" method. In this case, scanners interact with applications in the same way as a typical user through a web interface, through the HTTP protocol. The main purpose of the testing is to compare several open-source scanners and determine their effectiveness. It is underlined that it is impossible to evaluate all the indicators of scanners due to the existence of many factors. - Therefore, in the framework of this work, all judgments and conclusions were made only based on an analysis of the received reports of each test scanner. This article provides information about the individual parameters and the number of vulnerabilities found. The testing results indicate that the practice of using only one scanner is not effective, so you need to use several different solutions at once when testing. This will allow you to get more objective results in terms of detecting both already known security threats and finding new vulnerabilities (with their addition to the final report). The work will be useful to those interested in assessing the security state of modern web applications.

This study investigates the effect of website security, as a key dimension of e-service quality, on purchase intention, perceived value and brand loyalty in business-to-consumer (B2C) e-commerce context. Hypotheses were developed based on previous literature. Afterwards, an empirical research was conducted with the data collected from 464 e-commerce customer to verify the hypotheses. Structured equation modeling was used to test the hypotheses. Having analyzed the results, it is found out that website security in e-commerce affects customer purchase intention directly. Furthermore, website security indirectly affects purchase intention through brand loyalty and perceived value. The study has important managerial implications stressing the importance of customer perception regarding security level of B2C e-commerce web sites.  

Fast Identity Online 2 (FIDO2) emerges as a transformative solution to the vulnerabilities inherent in traditional password-based authentication methods. Leveraging public key cryptography and authenticators, it establishes a passwordless authentication paradigm, extending its relevance beyond web applications to diverse realms such as online payments and government services. This paper explores FIDO2's emphasis on a seamless user experience while bolstering security measures through innovative credential management techniques. The acceptance of FIDO2 on major browsers ensures its usability on mobile devices, with most modern devices equipped to support FIDO2 authentication, thus expanding its reach and applicability. Additionally, its adoption by major tech companies and standards bodies underscores its credibility and potential for widespread adoption. However, challenges remain, including overcoming legacy systems, addressing compatibility issues, and ensuring user education. Despite these challenges, FIDO2 represents a significant advancement in online authentication, offering strong security, usability, and privacy features, positioning it as a key enabler of the passwordless authentication paradigm. Keywords: Public key cryptosystem, challenge, relying party, web browser and web authentication.

This article presents (1) the results of a literature review on social web mining and sentiment analysis on public security; (2) the idea of a framework for the analytical process involved in the literature review themes; and (3) a research agenda with a perspective for future studies, considering some elements of the analytical process. The literature review was based on searches of five databases: Scopus, IEEE Xplore, Web of Science, ScienceDirect, and Springer Link. Search strings were applied to retrieve literature material of four kinds, without defining an initial time milestone, to get the historical register of publications associated with the main thematic. After some filtering, primary and secondary findings were separated, enabling the identification of elements for the framework. Finally, the research agenda is presented, containing a set of three research artifacts related to the proposed framework.

The goal of “No Child Left Behind” is to implement a statewide accountability system that ensures students will be proficient or better in reading and mathematics. The teachers and parents collaborate to do their part in the education process by instilling values and discipline at home and in school to achieve this goal. This study developed a website application in reading comprehension for Grades 4, 5, and 6 to help the learners enhance their reading comprehension using a website that uses interactive visualizations and real-time feedback. The utilization of this technology may improve the reading comprehension of language learners particularly the struggling learners. The use of technology offers various tools and approaches that can enhance reading comprehension skills and improve the learning experiences of students. The results of this study were used to determine the website's effectiveness in improving reading comprehension and to identify any areas for improvement in the website design. This study used the Developmental research, a type of research method that involves studying the change of a phenomenon over time. Using the developed evaluation form, the respondents from Grade 4 to Grade 6 students, English Teachers, and Information Technology (IT) Experts evaluated the characteristics of website based on accuracy, flexibility, reliability, graphical user interface, security, and help options. The Random Sampling Technique was utilized in getting the sample size. The data were analysed by applying descriptive and inferential statistics such as the frequency, weighted mean, and t-test. The assessment of the respondents revealed that the Website Application in Reading Comprehension is Strongly Acceptable in terms of accuracy, flexibility, reliability, graphical user interface, security, and help options. Overall, the integration of technology in the classroom promote student participation as well as increased achievement. Findings showed no significant difference among respondents’ assessment in website application in terms of accuracy, reliability, user interface design, security options, and help options. Meanwhile, there is significant differences in the assessments of the three groups of respondents on the website application as to flexibility. Further, the incorporation of additional features like dictionaries, text-to-speech, and speech-to- text are very helpful to students who have difficulty in understanding difficult words is suggested.

The complexity of the developed web applications is growing every year, which, in turn, makes it difficult to ensure their security. That is why it is advisable to pay special attention to the critical problems of software protection. The ability to assess risks and prevent vulnerabilities at the product design stage is an extremely important task, which reduces the potential difficulties in the operation of the application. In recent years, the number of data breaches in all market sectors has decreased, but their consequences have become more dangerous. Among all attacks, attacks on web applications account for more than 50 percent. According to the OWASP Top Ten list of the vulnerabilities, the relevant categories of vulnerabilities and directions of attacks on existing web applications were worked out in the work. Effective ways of their prevention are considered. Recommendations for implementing and maintaining the security of applications developed using the ReactJS library are provided. The most common security threats to React-based products throughout the application life cycle have been identified. Modern way of ReactJS optimization are considered.

Various fields of endeavours have seen the increasing application of multi criteria decision making (MCDM) methods, this includes web application security as new challenges arise in the sector. More MCDM methods are being created and existing methods are combined to give better solutions. This paper performs a review of selected works that are related to the use of MCDM in web application security, examining the methods used, applications and results. Twenty one works were reviewed, with ten papers critically analysed, all published between 2014 and 2023. They were analysed based on MCDM techniques used and security evaluation methods. Results from this review shows that combined MCDM methods were more effective in addition to AHP, TOPSIS and fuzzy-techniques being prevalent. The review carried out in this paper provides a clear insight on various potential applications of MCDM in web application security. Keywords: Multi Criteria Decision Making (MCDM); Web Application Security; Literature Review Proceedings Citation Format Abdulraheem, A.O., Adepoju, S.A., Ojerinde A.O. & Abisoye, O.A (2023): A Brief Overview on Applications of Multi Criteria Decision Making Methods in Web Application Security. Proceedings of the Cyber Secure Nigeria Conference. Nigerian Army Resource Centre (NARC) Abuja, Nigeria. 11-12th July, 2023. Pp 59-66. https://cybersecurenigeria.org/conference-proceedings/volume-2-2023/ dx.doi.org/10.22624/AIMS/CSEAN-SMART2023P8

The Internet of Things (IoT) technology is experiencing significant growth and integration into various aspects of daily life. With the rising number of connected devices, diverse security challenges are emerging as substantial threats to IoT. Cross-Site Scripting (XSS) is one of the major security risks in web services and so is within the application layer of IoT. Many existing web applications remain susceptible to XSS vulnerabilities. In this paper, we propose an XSS detection scheme aimed at enhancing the security of IoT, particularly concerning web application services. To achieve this, we developed a framework for combining symbolic execution and dynamic taint analysis to provide a comprehensive security assessment. Our objective is to increase the ratio of vulnerability detection while avoiding false alarms and keeping the required analysis time as minimal. To realize our idea, we have defined an instrumentation scheme for taint analysis and concolic executions and automated the process of vulnerability detection for a web application. Our framework is capable of pinpointing the precise locations of security vulnerabilities and the exact input datasets at risk of XSS threats. Subsequently, the detected flaws can be easily removed. The experimental results demonstrate the validity of the proposed scheme. We achieved a detection rate of XSS threats of 90.62% using a test set of SecuriBench Micro and 69.11% using OWASP while showing 0% false positives.

Los autores de este artículo nos proponen que «lo educativo» también está impregnado por «lo económico» y que empresas e instituciones educativas se enfrentan hoy a unos problemas derivados de las herramientas y canales que, cada vez más, están empleándose en los procesos educativos de enseñanza-aprendizaje.Una idea sobresaliente de este artículo es la consideración del alumno como un cliente que demanda un producto o servicio acorde con sus necesidades particulares.AbstractThe authors of this article suggests that what is «educational» is also related to what is «economical» and that companies and educational institutions have to face up to the problems generated by the tools and channels which are often used in teaching / learning educational processes .An excellent idea in this article is to consider the student a client who demands a product or service which matches his individual needs.

Authentication is a fundamental pillar of cybersecurity in the web industry, ensuring secure access to systems, services, and sensitive data. As cyber threats evolve, robust authentication mechanisms are essential for safeguarding digital assets against unauthorized access, identity theft, and data breaches.[^1] This paper explores various authentication methods, including knowledge-based, possession-based, inherence-based, multi-factor authentication (MFA), and emerging passwordless techniques. Each section delves into the operational mechanisms of these authentication methods, their security strengths and weaknesses, and their applicability across different contexts, such as enterprise environments, cloud computing, and IoT ecosystems. The analysis includes a comparative evaluation of traditional passwordbased systems, biometric authentication, hardware security tokens, and adaptive authentication strategies. Additionally, this paper discusses vulnerabilities associated with each method, such as phishing attacks, credential stuffing, biometric spoofing, and social engineering, alongside mitigation strategies. [^2] By providing a comprehensive assessment of authentication security, this paper aims to offer insights into best practices and future advancements in authentication technologies.

Web content mining describes the classification, clustering, and attribute analysis of a large number of text documents and multimedia files on the web. Special tasks include retrieval of data from the Internet search engine tool W; structured processing and analysis of web data. Today’s blog analysis has security concerns. We do experiments to investigate its safety. Through experiments, we draw the following conclusions: (1) Web log extraction can use efficient data mining algorithms to systematically extract logs from web servers, then determine the main access types or interests of users, and then to a certain extent, based on the discovered user patterns, analyze the user’s access settings and behavior. (2) No matter in the test set or the mixed test set, the curve value of deep mining is very stable, the curve value has been kept at 0.95, and the curve value of fuzzy statistics method and quantitative statistics method is stable within the interval of 0.90–095. The results also show that the data mining method has the highest identification accuracy and the best security performance. (3) Web usage analysis requires data abstraction for pattern discovery. This data abstraction can be achieved through data preprocessing, which introduces different formats of web server log files and how web server log data is preprocessed for web usage analysis. One of the most critical parts of the web mining field is web log mining. Web log mining can use powerful data mining algorithms to systematically mine the logs in the web server and then learn the user’s access or preferred interests and then conduct a certain degree of user preferences and behavior patterns according to the discovered user patterns. Based on the above analysis, the current web log analysis is faced with security problems. We conduct experiments to study to verify the security performance of web logs and draw conclusions through experiments.

The paper considers the main technologies (including socio-humanitarian ones) that pose challenges to ensure the security of communication in the Internet environment and require the development of new regulatory models. The correlation and interrelationships of the concepts of information, information-psychological, reputational and media security; information and cognitive sovereignty; information, cognitive and hybrid warfare; the phenomenon of «soft power», «sociological propaganda», which is important for the unification of the terminological apparatus in this area, are considered. For the first time, from the point of view of jurisprudence, the concept of cognitive sovereignty is comprehensively considered and its components are characterized, including media security, cultural sovereignty, technological sovereignty, managerial sovereignty, and legal security. The research section devoted to the comprehensive consideration of the phenomenon of social engineering is also new, not only as a set of methods of psychological influence aimed at obtaining unauthorized access to data, but also as other complexes of socio-humanitarian technologies for managing meanings, methods and techniques of information and psychological influence on human behavior. The place of legal social engineering in the system of social engineering is considered and the role of the lawyer-strategist (lawyer-lawmaker) is justified as a social engineer who develops models for rationing not only current, but also emerging, predictable social relations. The analysis of the development of cyberspace from the point of view of the concept «Web 1.0 — Web 2.0 — Web 3.0 — Web 3» allowed, firstly, to develop an author’s feature model of various «types» (stages) of the development of the Internet environment and, secondly, to identify challenges to the law caused by the need to ensure media security and cognitive sovereignty, and also the adaptation of new economic models.

BackgroundCoronavirus Disease (covid 19) negatively impacted psychosocial health, health care accessibility and exercise regimen but problem’s scope and potential solutions remain elusive. We conducted a patient based online survey to understand these impacts and discussed potential solutions.ObjectivesAssess impact of Covid 19 on rheumatological disease status, accessibility to health care, patient anxiety and behavior and continuation of physical activity during pandemic.MethodsGoogle form (18-question) based questionnaire was sent via SMS/WhatsApp in Aug 2020, at height of first pandemic and responses were collected over next month.ResultsOnly 339 /2700 patients (12.5 %) responded to the survey. Other authors (1)(2) have observed a similar low response rate to online surveys. We recognise questionnaires with fewer questions tend to generate more responses, which should be considered critical in constructing future health-related surveys. Patients’ global assessment of their disease score was 7/10, with 0 representing the worst disease status and10 representing best disease status, also 1/3 patients not felt need for rheumatological consultation during six months (March 2020- Aug 2020) of lockdown. These may imply adequate rheumatic disease control over long periods and during subsequent waves of pandemic, rheumatology patients can be shielded by avoiding non-urgent hospital follow up visits. Significant number of patients (20%) were unable to contact their rheumatologist, implying a significant impact of covid 19 and lockdown on rheumatology care, as suggested by other authors (1). As expected, there was switch to tele consultancy mode of communication, with 22 per cent of patients already using it within 3 months of its introduction, which appears to be a good indicator of future adaptability and feasibility of teleconsultation. Identifying specific profile of patients during physical consultation who can be easily managed via teleconsultation, may reduce unnecessary hospital visits while also improving healthcare delivery. 1/3 of our patients had anxiety about disease flare, and 41 %were concerned about increased risk of covid 19 infection as they were on immunosuppressive medications as noted by other authors (3). Improving access to health care and increasing public awareness could help alleviate this anxiety. Reaching out to isolated rheumatology patients through SMS / educational video may improve the sense of health security. Contrary to our expectations, overall medication adherence was reasonable, likely due to be management of supply chains by local authorities .15% completely stopped exercising and 25% reduced their exercise regimen by 50%. Shifting to home-based exercise, educational videos on physical therapy and online teleconsultation with physiotherapists could overall have positive impact.ConclusionCovid 19 has significantly impacted rheumatological patients in terms of increased anxiety, decreased healthcare accessibility and decreased exercise and physical activities. Modifications in teleconsultation methodology are needed in the future. Patients’ anxiety can be alleviated by educating them through digital and social media platforms and enrolling them in online patient support groups.References[1]Ganapati A, Padiyar S, Nair A, et al. Impact of COVID-19 Pandemic and Resultant Lockdown in India on Patients with Chronic Rheumatic Diseases: An Online Survey. Indian J Rheumatol. 2021;16(1):30. doi:10.4103/injr.injr_231_20[2]McKee P, Irvine A, Riddell C, Ball E. IMPACT OF THE COVID PANDEMIC ON RHEUMATOLOGY PATIENTS IN NORTHERN IRELAND - A WEB BASED CROSS-SECTIONAL SURVEY OF PATIENT REPORTED OUTCOMES. Ulster Med J. 2021;90(3):197[3]Hammad MAH, Eissa M, Dawa GA. Impact of coronavirus disease 2019 (COVID-19) pandemic on attitude, behavior, and mental health of patients with rheumatic diseases. Egypt Rheumatol Rehabil. 2020;47(1). doi:10.1186/s43166-020-00045-yDisclosure of InterestsNone declared

The aim of the article is to identify trends and key areas of research on energy security risks by conducting a structural-trend and bibliometric analysis of scientific publications. Analytical tools of scientometric databases Scopus, Web of Science, Google Trends and VOSviewer version 1.6.20 were used to conduct the study. The conducted trend analysis, using the Google Trends tools, showed a certain divergence of trends in scientific and user interest in energy security issues. In order to identify trends in the study of energy security risks using the analysis tools provided by the Scopus and Web of Science databases, the dynamics of the number of indexed publications on the subject under study, country affiliation, sectoral structure of publications were analyzed, the contribution of individual researchers in the field of energy security risks by the number of citations was allocated. The most cited articles on energy security risks, indexed in the Scopus and Web of Science databases, are devoted to: solving the problems of climate change, environmental pollution and energy instability; energy infrastructure; linking energy research with the social sciences; geography of energy transition; production of ethanol from biomass; development of hydrogen energy; identifying the causal relationship between CO2 emissions, nuclear energy consumption, renewable energy consumption and economic growth. The results of the study made it possible to identify the main scientific clusters in the field of energy security risks. Visualization of the network map of keywords made it possible to identify 8 clusters that characterize the key areas of research in the field of energy security risks: security, risk, energy, human health, climate change, renewable energy, environment. The results of the analysis contribute to the identification of new areas of research in the field of energy security risks.

The article discusses requirements for protected web-based applications and measures to ensure the availability, confidentiality and integrity of data being processed and stored. The most dangerous threats of web applications according to OWASP are analyzed. The most optimal and necessary measures and requirements for ensuring security of web applications were selected.

Various crimes that are security threats that can occur when we are socially networked, one of them is virtual theft. New Kuta Golf has tournament standard field and the first course with a layout model link. Large mobility companies also make data processing even bigger and more web sites that are concerned with transactions and promotional media. This is a reference to obtain information about the security of the New Kuta Golf website. The data that has been obtained are carried out for the project work step, are: (1) To conduct a Vulnerability assessment. (2) Analyze the results of the scan. (3) Calculate security metrics from the results obtained from the scanning process. (4) Documentation of the installation process, and calculating security metrics. The results of the research then analyzed and discussed with a review of the theory that was embraced. From the results of the tests, the following results are obtained: (1) In carrying out website security testing can be done by Vulnerability Assessment uses the acunetix application to find detailed results. (2) Determining the security of a website can be determined using security metrics. (3) The results of the vulnerability assessment on http://newkutagolf.co.id has a high value.

Investigation of this topic is relevant in light of the significant increase in the frequency and scale of cyber-attacks that affect various industries and organisations. The purpose of this study is to analyse existing data protection methods at the Front-end, which are able to effectively protect the confidentiality of user data in the face of modern cyber threats. Among the methods used, the analytical method, synthesis, classification, statistical and other methods should be noted. The study identified serious risks associated with storing confidential data on the client side. In particular, the use of cookies and local storage turned out to be vulnerable points that pose potential threats to data security. An analysis of existing web applications revealed the presence of cross-site scripting (XSS) vulnerabilities, which became a route for the introduction of malicious scripts. It was revealed that the generation and use of unique cross-site request forgery (CSRF) tokens for each request play a key role in preventing cross-site request forgery. The implementation of Governance as Code (GaC) technology has demonstrated potential for automating compliance with established architectural and security standards, thereby reinforcing front-end defenses against cyber threats. The findings emphasise the importance of educating end users on the basic principles of network security. The study highlights the importance of developers’ active involvement in Front-end security. Thus, a comprehensive overview of the Front-end security architecture with a focus on protecting user data and ensuring privacy is provided. The practical significance of the study lies in the provision of specific recommendations and practical solutions to improve Front-end security in web applications and represents a valuable set of tools and approaches that can be applied by developers and engineers to strengthen the security of web applications. The addition of Governance as Code technology introduces an innovative layer of automated security enforcement that is particularly suited to addressing emerging cybersecurity challenges in real-time.

The Security for the portable devices such as mobile phones,iPad and laptops becoming extremely important day by day.The intermediates such as gateway are the main source for communication through wireless media. In today's era, maintaining the transport level security amongst cellular devices like mobile phones and PDA(Personal Digital Assistant) become the most burning issue.During communications of smart phones with the web server through broadband method pass communication through the gateway known as Wireless Applications Protocol. The main purpose of WAP gateway is to transfer all the protocol used in WAP to the protocols used on the internet server. The WAP proxy server uses marshalling and unmarshalling methodology for the content to reduce the size of the data that has been sent through the wireless link. Further, the communication between the mobile phones and wireless application protocol is secured by using the security protocol called WTLS. The communication between the WAP gateway and web server is secured through the TLS/SSL security protocols. This paper simulates an assessment of wireless and wired networks using OPNET simulation tools. This paper simulated 2 different scenarios comparing wireless mobile client communication using WTLS gateway MD5_RSA encryption and Firewall gateway TLS encryption using MD5_RSA.The investigation results shows how the end to end security takes place between wireless clients to web servers using hybrid security protocol.

Structured Query Language SQL Injection is a code injection technique that exploits security vulnerability occurring in database layer of web applications 8 . According to Open Web Application Security Projects OWASP , SQL Injection is one of top 10 web based attacks 10 . This paper shows the basics of SQL Injection attack, types of SQL Injection Attack according to their classification. It also describes the survey of different SQL Injection attack detection and prevention. At the end of this paper, the comparison of different SQL Injection Attack detection and prevention is shown. Mr. Vishal Andodariya "SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-4 , June 2018, URL: https://www.ijtsrd.com/papers/ijtsrd13034.pdf

The security of web applications in an enterprise is of paramount importance. To strengthen the security of applications, the identification and mitigation of vulnerabilities through appropriate countermeasures becomes imperative. The Open Web Application Security Project (OWASP) Top 10 API Security Risks, 2023 Edition, indicates the prominent vulnerabilities of API security risks. Broken authentication, however, is placed in second position with level-3 exploitability, level-2 prevalence, level-3 detectability, and level-3 technical impact. To mitigate this vulnerability, many mitigation strategies have been proposed by using the cryptographic primitives wherein two techniques, namely hashing and PUF, are used. Some of the proposals have integrated the concepts of hashing and PUF. However, the unnecessarily lengthy and complex mathematics used in these proposals makes them unsuitable for current API-based application scenarios. Therefore, in this paper, the authors propose a privacy-preserving authentication protocol that incorporates the capability of both mechanisms in an easy and low-complexity manner. In addition to overcoming existing limitations, the proposed protocol is tested to provide more security properties over existing schemes. Analysis of their performance has demonstrated that the proposed solutions are secure, efficient, practical, and effective for API-based web applications in an enterprise environment.

Web attacks and web defacement attacks are issues in the web security world. Recently, website defacement attacks have become the main security threats for many organizations and governments that provide web-based services. Website defacement attacks can cause huge financial and data losses that badly affect the users and website owners and can lead to political and economic problems. Several detection techniques and tools are used to detect and monitor website defacement attacks. However, some of the techniques can work on static web pages, dynamic web pages, or both, but need to focus on false alarms. Many techniques can detect web defacement. Some are based on available online tools and some on comparing and classification techniques; the evaluation criteria are based on detection accuracies with 100% standards and false alarms that cannot reach 1.5% (and never 2%); this paper presents a literature review of the previous works related to website defacement, comparing the works based on the accuracy results, the techniques used, as well as the most efficient techniques.

Website ”XYZ” merupakan aplikasi yang mempunyai fungsi dalam layanan pembuatan dokumen kependudukan, layanan pendaftaran akses masuk, dan fitur login. Penilaian kerawanan secara berkala diperlukan untuk menjamin kehandalan dari aplikasi. Penilaian kerawanan dengan menggunakan tool uji saja sekarang tidak dirasa cukup sehingga memerlukan validasi. Salah satu validasi tersebut adalah menggunakan penetration testing. Uji penetrasi pada Website XYZ Kabupaten XYZ dilaksanakan dengan mengacu kepada Open Web Application Security Project (OWASP) Top 10-2021. Penetration testing dilaksanakan dengan metode black box untuk mendapatkan hasil pengukuran tingkat kerentanan pada aplikasi. Keseluruhan penilaian kerentanan dilakukan dalam empat tahap yaitu planning, information gathering, vulnerability scanning menggunakan 2 tools otomatis yaitu Vega dan OWASP ZAP sebagai upaya untuk mendapatkan cakupan yang lebih luas terkait kerentanan yang ditemukan dikuti dengan validasi dilanjutkan tahap analysis and reporting. Hasil tahap vulnerability scanning menghasilkan 9 jenis kerentanan dengan sebaran 2 high, 1 medium, dan 6 low. Pengujian penetrasi untuk validasi mengacu pada dokumen panduan Web Security Testing Guide (WSTG) versi 4.2. Hasil proses akhir berupa rekomendasi dapat digunakan sebagai referensi pengembang aplikasi web untuk menangani kerentanan khususnya hilangnya ketersediaan layanan dan kebocoran data.

Agencies or organizations are competing to create websites for their agencies, where this website to make work easier or disseminate information to the public in this study is a college or campus website. With this website, many people access it, so there is a possibility of security holes, which can be exploited by irresponsible people. So that data can be manipulated, retrieved or otherwise to the detriment of one-sided or several parties. For this reason, we tried to analyze the vulnerability of a website using a software called Nessus. From the results of the scan, it was found that several vulnerabilities were found from each website with different vulnerability levels. Of the 3 websites that have the most vulnerabilities, web 1 is 14. Meanwhile, the vulnerability at the medium level is on web 2, which is 22%. For the vulnerability lies in a weak DNS Server.

Internet users often have usernames and passwords at multiple web sites. To simplify things, many sites support federated identity management, which enables users to have a single account allowing them to log on to different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, all of the user’s accounts become compromised. Therefore a more secure authentication method is desirable. This paper implements 2-clickAuth, a multimedia-based challenge-response solution which uses a web camera and a camera phone for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is more secure than passwords while easy to use and distribute. 2-clickAuth is a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. This paper implements an identity provider in the OpenID federated identity management system that uses 2-clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge, and MySpace.

In recent years, the Transport Layer Security (TLS) protocol has enjoyed rapid growth as a security protocol for the Internet of Things (IoT). In its newest iteration, TLS 1.3, the Internet Engineering Task Force (IETF) has standardized a zero round-trip time (0-RTT) session resumption sub-protocol, allowing clients to already transmit application data in their first message to the server, provided they have shared session resumption details in a previous handshake. Since it is common for IoT devices to transmit periodic messages to a server, this 0-RTT protocol can help in reducing bandwidth overhead. Unfortunately, the sub-protocol has been designed for the Web and is susceptible to replay attacks. In our previous work, we adapted the 0-RTT protocol to strengthen it against replay attacks, while also reducing bandwidth overhead, thus making it more suitable for IoT applications. However, we did not include a formal security analysis of the protocol. In this work, we address this and provide a formal security analysis using OFMC. Further, we have included more accurate estimates on its performance, as well as making minor adjustments to the protocol itself to reduce implementation ambiguity and improve resilience.

Abstrak – Semakin berkembangnya teknologi kini layanan web E-commerce telah menyediakan berbagai fasilitas untuk menjangkau pelanggan di seluruh bagian ataupun seruluh penjuru dunia tanpa adanya batasan pasar geografis. Efeknya terhadap jumlah pelanggan yang bergantung pada internet untuk pembelian mengalami peningkatan yang signifikan. Adanya potensi ancaman atau serangan terhadap jaringan komputer pada web E-commerce, telah mendorong akan pentingnya sebuah keamanan. Telah dilakukan pada beberapa penelitian sebelumnya akan Upaya pengamanan terhadap sistem informasi telah dilakukan melalui penelitian tentang monitoring keamanan jaringan menggunakan snort pada tahun 2015 yang didapatkan hasil serta saran untuk mengembangkan dengan menambahkan fungsi Intrusion Prevension System (IPS) pada snort, Serta pada tahun 2017 adanya menelitian perbandingan antara sistem keamanan jaringan menggunakan snort dan netfilter, maka Berdasarkan saran dan penelitian terdahulu dilakukanlah penelitian OPTIMALISASI KEAMANAN JARINGAN KOMPUTER PADA WEB E-COMMERCE MENGGUNAKAN NETFILTER menggunakan Advanced Policy Firewall (APF) dan Mod Evasive sebagai sistem keamanan jaringan yang digunakan sebagai upaya meng-optomalisasi terhadap sistem keamanan jaringan pada layanan Web E-commerce yang sesuai untuk diimplementasikan. Berdasarkan penelitian analisis yang telah dilakukan didapatkan hasildiantaranya : (1) Perangkat keras yang digunakan oleh netfilter yaitu sebuah Server Netfilter. (2) Server Netfilter menggunakan memory yang cukup besar yaitu 867968 KiB (3) Rata-Rata Persentase pencegahan serangan dengan pengujian DoS/DDos, Ping Attact, dan Port Scanning pada Netfilter adalah 64,57%, dengan masing-masing hasil diantaranya : serangan Dod/DDos adalah sebesar 87,68%, Ping Attact adalah sebesar 15.72%, dan Port Scanning adalah sebesar 90,33%. Kata Kunci : Keamanan Jaringan, web E-commerce, Netfilter, Advanced Policy Firewall, Ping Attact, Mod Evasive, Port Scanning. --------------------- Abstract - With the development of technology, now E-commerce web services have provided various facilities to reach customers in all parts or all over the world without any geographic market boundaries. The effect on the number of customers who depend on the internet for purchases has increased significantly. The existence of potential threats or attacks on computer networks on E-commerce web, has pushed the importance of a security. It has been carried out in several previous studies that efforts to secure information systems have been carried out through research on monitoring network security using snort in 2015 which obtained results and suggestions for developing by adding the Intrusion Prevention System (IPS) function on snort, and in 2017 there was research Comparison between network security systems using snort and netfilter, then based on previous suggestions and research conducted research on OPTIMIZING COMPUTER NETWORK SECURITY ON E-COMMERCE WEB USING NETFILTER using Advanced Policy Firewall (APF) and Mod Evasive as a network security system that is used as an attempt to optimize against the network security system on the E-commerce Web service that is suitable to be implemented. Based on the analytical research that has been carried out, the results obtained include: (1) The hardware used by the netfilter is a Netfilter Server. (2) The Netfilter Server uses a large enough memory, namely 867968 KiB (3) Average Percentage of attack prevention by testing DoS / DDos, Ping Attact, and Port Scanning on the Netfilter is 64.57%, with each result including: attacks Dod / DDos is 87.68%, Ping Attact is 15.72%, and Port Scanning is 90.33%. Keywords: Network Security, E-commerce web, Netfilter, Advanced Policy Firewall, Ping Attact, Evasive Mod, Port Scanning.

Penelitian ini adalah penelitian dan pengembangan (R&D) yang bertujuan untuk mengetahui hasil pengembangan Sistem Informasi Pelaksanaan Prakerin Berbasis Web SMK Negeri 2 Kota Parepare dan mengetahui hasil uji sistem informasi berdasarkan standar kualitas ISO/IEC 25010. Penelitian ini menggunakan model pengembangan waterfall dengan tahapan: analisis kebutuhan, desain sistem, pengkodean sistem, pengujian sistem, dan pemeliharaan. Pengujian standar kualitas ISO/IEC 25010 dengan pengujian 8 aspek yakni functionality, reliability, portability, usability, maintainability, compatibility, performance efficiency dan security. Data dikumpulkan menggunakan pedoman observasi, dokumentasi dan angket. Hasil penelitian menunjukkan bahwa sistem informasi ini dapat digunakan untuk layanan pelaksanaan prakerin dan telah memenuhi standar ISO/IEC 25010. Berdasarkan hasil pengujian menggunakan ISO 25010 diperoleh hasil : (a) functionality suitability sistem dapat digunakan dengan baik dan berfungsi secara keseluruhan; (b) reliability menggunakan bantuan web server tool 8 dengan persentase kesuksesan dengan menggunakan click test, time test, ramp test adalah 100%; (c) portability menunjukkan sistem dapat berjalan dengan baik di beberapa situs browser dengan menggunakan bantuan browserstack.com; (d) pengujian performance efficiency dilakukan dengan menggunakan aplikasi GTMetriks diperoleh hasil 76% rata-rata load semua halaman adalah 76%, nilai ini termasuk pada kategori baik; (e) aspek maintainability telah memenuhi standar; (f) pengujian security diperoleh status aman; (g) pengujian compatibility adalah sistem dapat berjalan dengan baik; dan (h) usability dimana user menggunakan dan menanggapi sistem informasi dengan jumlah responden 30 orang memperoleh kategori sangat baik.

Perkembangan teknologi berbasis aplikasi web yang semakin pesat dalam beberapa tahun terakhir sehingga digunakan untuk berbagai sektor, salah satunya sektor perguruan tinggi. Namun perkembangan ini tidak terlepas dari tingginya isu dan bahaya keamanan informasi pada web sektor perguruan tinggi. Seperti pada Web terbaru Fakultas Ilmu Komputer UPN Veteran Jakarta dengan domain http://new-fik.upnvj.ac.id. Untuk mencegah hal ini dibutuhkan sebuah evaluasi risiko celah keamanan secara komprehensif pada web tersebut. Metode yang digunakan pada penelitian ini yaitu metode OSSTMM, metode tersebut bisa menguji seberapa tinggi tingkat keamanan suatu aplikasi web dengan penilaian RAV dan STAR. Metode ini diharapkan mendapat manfaat dan luaran berupa rekomendasi yang harus dilakukan kepada IT dan developer web Fakultas Ilmu Komputer UPN Veteran Jakarta baru. Hasil penilaian yang didapatkan yakni dengan nilai Actual Security 74.0088, yang menunjukkan bahwa keamanan website tersebut belum baik. Oleh karena itu untuk dapat mencapai nilai 100 harus ditingkatkan dengan membuat nilai Limitation yaitu Vulnerability, Weakness dan Concern bernilai 0.