Player, Shockwave Player, Real One Player, and Acrobat Reader. In light of how a page was planned, explicit modules might be needed to see some substance. Bugs If bugs exist inside the client's program programming or any introduced augmentations, an aggressor might have the option to take advantage of these by means of pernicious JavaScript or HTML. Now and again, bugs inside augmentations, for example, the Java VM have empowered assailants to perform two-way paired correspondence with non-HTTP administrations on the nearby PC or somewhere else. This empowers the aggressor to take advantage of weaknesses that exist inside different administrations recognized by means of port checking. Numerous product items (counting non-program based items) introduce ActiveX controls that might contain weaknesses. Source code investigation is equivalent to static code examination, where the source code is dissected essentially as code and the program isn't running. This eliminates the requirement for making and utilizing experiments, and may isolate itself from include explicit bugs like catches being an unexpected shading in comparison to what the details say. It focuses on discovering flaws in the program that might be adverse to its appropriate capacity like accident causing lines of code. Any sensibly useful application is probably going to contain a huge number of lines of source code, and as a rule the time accessible for you to audit it is probably going to be limited, maybe to a couple of days. A critical goal of compelling code audit, accordingly, is to recognize however many security weaknesses as could reasonably be expected, given a specific measure of time and exertion. To accomplish this, you should adopt an organized strategy, utilizing different strategies to guarantee that the \"easy pickins\" inside the codebase is immediately recognized, passing on schedule to search for issues that are more inconspicuous and harder to distinguish. In the creators' experience, a triple way to deal with inspecting a web application codebase is successful in recognizing weaknesses rapidly and without any problem. 11.8 KEYWORDS Scanning - is perusing a text rapidly to discover explicit data, for example figures or names. It tends to be stood out from skimming, which is perusing rapidly to find out about significance. Students need to learn diverse ways and comprehend that picking how to peruse is a significant stage in building understanding abilities. Browser- assaults are extremely normal and are probably going to prevail against frameworks that have not been solidified against them explicitly. A portion of the more ordinarily utilized programs, like Microsoft's Internet Explorer and Mozilla Firefox, presently incorporate somewhere around a simple type of insurance against such assaults. 251 CU IDOL SELF LEARNING MATERIAL (SLM)
Source -code investigation is the computerized testing of a program's source code fully intent on discovering issues and fixing them before the application is sold or circulated. SQL- Infusion weaknesses most usually emerge when different hard-coded strings are linked with client controllable information to shape a SQL question, which is then executed inside the data set. Vulnerability- Itis an opening or a shortcoming in the application, which can be a plan blemish or an execution bug, that permits an aggressor to make hurt the partners of an application. Partners incorporate the application proprietor, application clients, and different elements that depend on the application. 11.9 LEARNING ACTIVITY 1. Find the Five most Important elements in a website for an easy browsing. ___________________________________________________________________________ _________________________________________________________________________ 2. Find the person who have knowledge about ethical hacking and ask him some tricks in hacking. ___________________________________________________________________________ _________________________________________________________________________ 11.10 UNIT END QUESTIONS A. Descriptive Questions Short Questions 1. Discuss the browser attacks. 2. Write a short note on source code analysis. 3. Write a short note on approaches to code review. 4. What are signatures of common vulnerabilities? 5. Discuss the analysis of Java platform. Long Questions 1. Explain the browser attacks. 2. Discuss the source code analysis 3. Explain approaches to code review. 4. Describe the signatures of common vulnerabilities. 252 CU IDOL SELF LEARNING MATERIAL (SLM)
5. Explain analysis of Java platform. B. Multiple Choice Questions 1. Which of the following statements is true about the VPN in Network security? a. It is a type of device that helps to ensure that communication between a device and a network is secure. b. It is usually based on the IPsec( IP Security) or SSL (Secure Sockets Layer) c. It typically creates a secure, encrypted virtual \"tunnel\" over the open internet d. All of these 2. Which of the following type of text is transformed with the help of a cipher algorithm? a. Transformed text b. Complex text c. Scalar text d. Plain text 3. What is the term \"CHAP\" stands for? a. Circuit Hardware Authentication Protocols b. Challenge Hardware Authentication Protocols c. Challenge Handshake Authentication Protocols d. Circuit Handshake Authentication Protocols 4. Which type of the following malware does not replicate or clone them self's through infection? a. Rootkits b. Trojans c. Worms d. Viruses 5. Which of the following malware's type allows the attacker to access the administrative controls and enables his/or her to do almost anything he wants to do with the infected computers. a. RATs b. Worms c. Rootkits d. Botnets 253 CU IDOL SELF LEARNING MATERIAL (SLM)
Answers 1-d, 2-d, 3-c, 4-a, 5-a 11.11 REFERENCES References Mark, Dowd. John, McDonald&Justin Schuh. (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Viega&McGraw. (2001). Building Secure Software. Addison-Wesley. Howard&LeBlanc. (2002). Writing Secure Code. Second edition. Microsoft Press. Textbooks Michal, Zalewski. (2011). The Tangled Web: A Guide to Securing Modern Web Applications. Michal, Zalewski. (2011). The Tangled Web: A Guide to Securing Modern Web Applications. McGraw&Felton. (1999). Securing Java: Getting Down to Business with Mobile Code. Websites https://www.sciencedirect.com/ https://portswigger.net/ https://owasp.org/ https://www.researchgate.net/ 254 CU IDOL SELF LEARNING MATERIAL (SLM)
UNIT 12: USER ATTACKS PART 4 STRUCTURE 12.0 Learning Objectives 12.1 Introduction 12.2 Analysis of ASP. NET platform 12.3 Analysis of PHP 12.4 Analysis of Perl 12.5 Summary 12.6 Keywords 12.7 Learning Activity 12.8 Unit End Questions 12.9 References 12.0 LEARNING OBJECTIVES After studying this unit, you will be able to: Explain the role of analysis of ASP. NET platform. Explain the analysis of PHP. Explain analysis of Perl. 12.1 INTRODUCTION ASP.NET is an open-source, worker side web-application structure intended for web improvement to create dynamic website pages. It was created by Microsoft to permit software engineers to assemble dynamic sites, applications and administrations. It was first delivered in January 2002 with variant 1.0 of the .NET Framework and is the replacement to Microsoft's Active Server Pages (ASP) innovation. ASP.NET is based on the Common Language Runtime (CLR), permitting software engineers to compose ASP.NET code utilizing any upheld .NET language. The ASP.NET SOAP augmentation structure permits ASP.NET parts to handle SOAP messages. ASP.NET's replacement is ASP.NET Core. It is a re-execution of ASP.NET as a measured web system, along with different structures like Entity Framework. The new system utilizes the new open-source .NET Compiler Platform (codename \"Roslyn\") and is cross stage. 255 CU IDOL SELF LEARNING MATERIAL (SLM)
ASP.NET MVC, ASP.NET Web API, and ASP.NET Web Pages (a stage utilizing just Razor pages) have converged into a bound together MVC 6. It's not difficult to make extraordinary things in PHP, however bugs can sneak in simply. Song is a free and open-source static investigation instrument that assists you with recognizing issues in your code, so you can rest somewhat better. Hymn assists individuals with keeping a wide assortment of codebases – enormous and little, antiquated and current. On its strictest setting it can assist you with forestalling practically all sort related runtime mistakes, and empowers you to exploit safe coding designs mainstream in different dialects. Hymn additionally fixes messes with naturally, permitting you to work on your code gracefully. Sonar Source conveys what is most likely the best static code examination you can discover for PHP. In view of our own PHP compiler front-end, it utilizes the most developed strategies (design coordinating, dataflow examination) to break down code and discover Code Smells, Bugs, and Security Vulnerabilities. Similarly as with all that we create at Sonar Source, it was based on the standards of profundity, precision and speed. Sonar Source's PHP investigation has an incredible inclusion of grounded quality principles. This capacity is accessible in Eclipse and IntelliJ for designers (SonarLint) just as all through the advancement chain for robotized code audit with self-facilitated SonarQube or cloud- based Sonar Cloud. Perl: Analysis: Static concentrates data from your Perl sources. It's a tool stash for engineers to investigate their code. It looks at the code without running it. Perl is famously difficult to parse in light of its adaptable grammar. In this way, programs (and once in a while people) struggle telling where factors are announced, subroutines are called and in case they are utilized by any means. The devices in this dispersion desire to offer people and projects the necessary resources to get responses for inquiries regarding Perl code. 12.2 ANALYSIS OF ASP. NET PLATFORM What is ASP.NET? ASP.NET is a web application structure planned and created by Microsoft. ASP.NET is open source and a subset of the .NET Framework and replacement of the exemplary ASP (Active Server Pages). With adaptation 1.0 of the .NET Framework, it was first delivered in January 2002. Anyway, an inquiry strikes a chord what innovation we were utilizing before the year 2002 for creating web applications and administrations? Answer is Classic ASP. Thus, previously .NET and ASP.NET there was Classic ASP. 256 CU IDOL SELF LEARNING MATERIAL (SLM)
ASP.NET is based on the CLR (Common Language Runtime) which permits the software engineers to execute its code utilizing any .NET language (C#, VB and so on) It is uniquely intended to work with HTTP and for web engineers to make dynamic website pages, web applications, sites, and web administrations as it gives a decent incorporation of HTML, CSS, and JavaScript. .NET Framework is utilized to make an assortment of uses and administrations like Console, Web, and Windows, and so on However, ASP.NET is simply used to make web applications and web administrations. That is the reason we named ASP.NET as a subset of the .NET Framework. ASP.NET is a web advancement stage, which gives a programming model, a complete programming foundation and different administrations needed to develop hearty web applications for PC, just as cell phones. ASP.NET chips away at top of the HTTP convention, and utilizations the HTTP orders and approaches to set a program to-worker respective correspondence and participation. ASP.NET is a piece of Microsoft .Net stage. ASP.NET applications are aggregated codes, composed utilizing the extensible and reusable parts or items present in .Net structure. These codes can utilize the whole chain of importance of classes in .Net structure. The ASP.NET application codes can be written in any of the accompanying dialects: C# Visual Basic.Net Jscript J# ASP.NET is utilized to create intelligent, information driven web applications over the web. It comprises of countless controls, for example, text boxes, fastens, and names for collecting, arranging, and controlling code to make HTML pages. What is Web Application? A web application is an application introduced uniquely on the web worker which is gotten to by the clients utilizing an internet browser like Microsoft Internet Explorer, Google Chrome, Mozilla FireFox, Apple Safari, and so forth There is additionally some other innovation like Java, PHP, Perl, Ruby on Rails, and so on which can be utilized to foster web applications. Web applications give the cross-stage highlight. The client needs just an internet browser to get to a web application. The web applications which are created utilizing the .NET system or its subsets needed to execute under the Microsoft Internet Information Services (IIS) on the worker side. Crafted by IIS is to give the web application's produced HTML code result to the customer program which starts the solicitation as displayed in the beneath chart. 257 CU IDOL SELF LEARNING MATERIAL (SLM)
web-application Try not to confound in the terms ASP.NET, ASP.NET centre, ASP.NET MVC, and so on ASP (Active Server Pages) upholds a ton of advancement models which are as per the following: Exemplary ASP: It is the primary worker side prearranging language created by Microsoft. ASP.NET: It is web advancement structure and replacement of Classic ASP. ASP.NET 4.6 is the most recent adaptation. ASP.NET Core: In November 2015, Microsoft delivered the 5.0 adaptation of ASP.NET which get isolated later and known as ASP.NET Core. Likewise, it is considered as a significant upgrade of ASP.NET with the element of open-source and cross-stage. Prior to this variant, ASP.NET is just considered as Windows-just form. ASP.NET Web Forms: These are the occasion driven application model which are not viewed as a piece of the new ASP.NET Core. These are utilized to give the worker side occasions and controls to foster a web application. ASP.NET MVC: It is the Model-View-Controller application model which can be converged with the new ASP.NET Core. It is utilized to fabricate dynamic sites as it gives quick turn of events. ASP.NET Web Pages: These are the single page application which can be converted into ASP.NET Core. ASP.NET API: It is the Web Application Programming Interface (API). Likewise, to make web applications ASP.NET give the 3 advancement styles which are ASP.NET Web Pages, ASP.NET MVC, Web Forms. Below table illustrates the ASP.NET Versions History Year Version 2002 1.0 2003 1.1 2005 2.0 2006 3.0 2007 3.5 2008 3.5 SP 1 258 CU IDOL SELF LEARNING MATERIAL (SLM)
2010 4.0 2012 4.5 2013 4.5.1 2014 4.5.2 2015 4.6 2015 4.6.1 2016 4.6.2 2017 4.7 2017 4.7.1 Table 12.1: ASP.NET Versions History Note: In the year 2015, the adaptation 5 RC1 came and later this gets isolated from the ASP.NET and transforms into another venture called ASP.NET Core Version 1.0 with some progression. Why ASP.NET? There are a great deal of reasons which makes the ASP.NET famous among the engineers. A portion of the reasons are recorded underneath. Broadening .NET Framework: ASP.NET is a subset of .NET Framework as it expands the .NET Framework for certain libraries and apparatuses to foster web applications. What it adds to the .NET Framework is Libraries for normal web designs like MVC, Editor Extensions, the base system to deal with the web demands, and website page templating grammar like Razor, and so forth. Execution: It is quicker than the other web systems accessible on the lookout. Backend Code: With the assistance of ASP.NET you can compose the backend code for information access and any rationale in C#. Dynamic Pages: In ASP.NET, Razor gives the sentence structure to fostering the powerful site pages with the assistance of C# and HTML. ASP.NET can be incorporated with JS(JavaScript) and it likewise incorporates the systems like React and Angular for the SPA (Single Page Application.). 259 CU IDOL SELF LEARNING MATERIAL (SLM)
Supporting diverse OS: You can create and execute ASP.NET applications on Windows, Linux, Docker, and MacOS. The Visual Studio gives the instruments to assemble .NET applications distinctive OS. ASP.NET Web Forms Model ASP.NET web structures expand the occasion driven model of connection to the web applications. The program presents a web structure to the web worker and the worker returns a full markup page or HTML page accordingly. All customer side client exercises are sent to the worker for stateful handling. The worker measures the yield of the customer activities and triggers the responses. Presently, HTTP is a stateless convention. ASP.NET structure helps in putting away the data with respect to the condition of the application, which comprises of: Page state Session state The page state is the condition of the customer, i.e., the substance of different info fields in the web structure. The meeting state is the aggregate data acquired from different pages the client visited and worked with, i.e., the general meeting state. To clear the idea, let us take an illustration of a shopping basket. Client adds things to a shopping basket. Things are chosen from a page, say the things page, and the absolute gathered things and cost are displayed on an alternate page, say the truck page. No one but HTTP can't monitor all the data coming from different pages. ASP.NET meeting state and worker side foundation monitor the data gathered around the world over a meeting. The ASP.NET runtime conveys the page state to and from the worker across page demands while producing ASP.NET runtime codes, and joins the condition of the worker side parts in secret fields. Thusly, the worker becomes mindful of the general application state and works in a two- layered associated way. The ASP.NET Component Mode The ASP.NET part model gives different structure squares of ASP.NET pages. Fundamentally, it is an item model, which depicts: Worker side partners of practically all HTML components or labels, for example, <form> and <input>. Worker controls, which help in creating complex UI. For instance, the Calendar control or the Grid see control. 260 CU IDOL SELF LEARNING MATERIAL (SLM)
ASP.NET is an innovation, which deals with the .Net structure that contains all web-related functionalities. The .Net system is made of an article situated order. An ASP.NET web application is made of pages. At the point when a client demands an ASP.NET page, the IIS designates the preparing of the page to the ASP.NET runtime framework. The ASP.NET runtime changes the .aspx page into an example of a class, which acquires from the base class page of the .Net structure. Subsequently, each ASP.NET page is an item and every one of its parts i.e., the worker side controls are additionally protests. Components of Net Framework Prior to going to the following meeting on Visual Studio.Net, let us go through at the different parts of the .Net system 3.5. The accompanying table portrays the parts of the .Net system 3.5 and the work they perform. Components and their Description (1) Common Language Runtime or CLR It performs memory management, exception handling, debugging, security checking, thread execution, code execution, code safety, verification, and compilation. The code that is directly managed by the CLR is called the managed code. When the managed code is compiled, the compiler converts the source code into a CPU independent intermediate language (IL) code. A Just In Time (JIT) compiler compiles the IL code into native code, which is CPU specific. (2) .Net Framework Class Library It contains a huge library of reusable types. classes, interfaces, structures, and enumerated values, which are collectively called types. (3) Common Language Specification It contains the specifications for the .Net supported languages and implementation of language integration. (4) Common Type System It provides guidelines for declaring, using, and managing types at runtime, and cross- language communication. (5) Metadata and Assemblies 261 CU IDOL SELF LEARNING MATERIAL (SLM)
Metadata is the binary information describing the program, which is either stored in a portable executable file (PE) or in the memory. Assembly is a logical unit consisting of the assembly manifest, type metadata, IL code, and a set of resources like image files. (6) Windows Forms Windows Forms contain the graphical representation of any window displayed in the application. (7) ASP.NET and ASP.NET AJAX ASP.NET is the web development model and AJAX is an extension of ASP.NET for developing and implementing AJAX functionality. ASP.NET AJAX contains the components that allow the developer to update data on a website without a complete reload of the page. (8) ADO.NET It is the technology used for working with data and databases. It provides access to data sources like SQL server, OLE DB, XML etc. The ADO.NET allows connection to data sources for retrieving, manipulating, and updating data. (9) Windows Workflow Foundation (WF) It helps in building workflow-based applications in Windows. It contains activities, workflow runtime, workflow designer, and a rules engine. (10) Windows Presentation Foundation It provides a separation between the user interface and the business logic. It helps in developing visually stunning interfaces using documents, media, two and three dimensional graphics, animations, and more. (11) Windows Communication Foundation (WCF) It is the technology used for building and executing connected systems. (12) Windows CardSpace It provides safety for accessing resources and sharing personal information on the internet. 262 CU IDOL SELF LEARNING MATERIAL (SLM)
(13) LINQ It imparts data querying capabilities to .Net languages using a syntax which is similar to the tradition query language SQL. Table 12.2: Components of .Net Framework 12.3 ANALYSIS OF PHP This section describes ways to acquire user-supplied input, ways to interact with the user’s session, potentially dangerous APIs, and security-relevant configuration options on the PHP platform. Identifying User Supplied Data PHP uses a range of array variables to store user-submitted data, as listed in Table 12.3 VARIABLE DESCRIPTION $_GET Contains the parameters submitted in $HTTP_GET_VARS the query strings. These are accessed by name. For example, in the following URL: https://wahh-app.com/search .php?query=foo the value of the query parameter is accessed using: $_GET[‘query’] $_POST Contains the parameters submitted in $HTTP_POST_VARS the request body. $_COOKIE Contains the cookies submitted in the $HTTP_COOKIE_VARS request. $_REQUEST Contains all the items in the $_GET, $_ POST, and $_COOKIE arrays. $_FILES Contains the fi les uploaded in the $HTTP_POST_FILES request. $_SERVER[‘REQUEST_METHOD’] Contains the method used in the HTTP 263 CU IDOL SELF LEARNING MATERIAL (SLM)
request. $_SERVER[‘QUERY_STRING’] Contains the full query string submitted in the request. $_SERVER[‘REQUEST_URI’] Contains the full URL contained in the request. $_SERVER[‘HTTP_ACCEPT’] Contains the contents of the HTTP Accept header. $_SERVER[‘HTTP_ACCEPT_CHARSET’] Contains the contents of the HTTP Accept-charset header. $_SERVER [‘HTTP_ACCEPT_ Contains the contents of the HTTP ENCODING’] Accept-encoding header. $_SERVER [‘HTTP_ACCEPT_ Contains the contents of the HTTP LANGUAGE’] Accept-language header $_SERVER[‘HTTP_CONNECTION’] Contains the contents of the HTTP Connection header. $_SERVER[‘HTTP_HOST’] Contains the contents of the HTTP Host header. $_SERVER[‘HTTP_REFERER’] Contains the contents of the HTTP Referrer header. $_SERVER[‘HTTP_USER_AGENT’] Contains the contents of the HTTP User-agent header. $_SERVER[‘PHP_SELF’] Contains the name of the currently executing script. Although the script name itself is outside an attacker’s control, path information can be appended to this name. For example, if a script contains the following code:<form action=” <? = $_ SERVER[‘PHP_SELF’]?>”> 264 CU IDOL SELF LEARNING MATERIAL (SLM)
an attacker can craft a cross-site scripting attack as follows:/search.php/”><script> and so on. Table 12.3: Identifying User Supplied Data You should remember different irregularities when endeavouring to recognize manners by which a PHP application is getting to client provided input: $GLOBALS is an exhibit containing references to all factors that are characterized in the content's worldwide extension. It could be utilized to get to different factors by name. If the setup mandate register_globals is empowered, PHP makes worldwide factors for all solicitation boundaries — that is, everything contained in the $_REQUEST exhibit. This implies that an application might get to client input essentially by referring to a variable that has a similar name as the pertinent boundary. On the off chance that an application utilizes this strategy for getting to client provided information, it might be absolutely impossible to recognize all examples of this other than through a cautious line-by-line survey of the codebase to discover factors utilized along these lines. In option to the standard HTTP headers distinguished already, PHP adds a section to the $_SERVER cluster for any custom HTTP headers got in the solicitation. For instance, providing the header: Foo: Bar causes: $_SERVER['HTTP_FOO'] = \"Bar\" Input boundaries whose names contain addendums in square sections are consequently changed over into clusters. For instance, mentioning this URL: https://wahh-app.com/search.php?query[a]=foo&query[b]=bar. makes the worth of the $_GET['query'] variable be an exhibit containing two individuals. This might bring about surprising conduct inside the application if an exhibit is passed to a capacity that anticipates a scalar worth. Session Interaction PHP uses the $_SESSION array as a way to store and retrieve information within the user’s session. For example: $_SESSION[‘MyName’] = $_GET[‘username’]; // store user’s name echo “Welcome “. $_SESSION[‘MyName’]; // retrieve user’s name 265 CU IDOL SELF LEARNING MATERIAL (SLM)
The $HTTP_SESSION_VARS array may be used in the same way. If register_globals is enabled (as discussed in the later section “Configuring the PHP Environment”), global variables may be stored within the current session as follows: $MyName = $_GET[‘username’]; session_register(“MyName”); Potentially Dangerous APIs This part depicts some normal PHP APIs that can present security weaknesses whenever utilized in a perilous way. File Access PHP implements a large number of functions for accessing fi les, many of which accept URLs and other constructs that may be used to access remote files. The following functions are used to read or write the contents of a specified file. If user-controllable data is passed to these APIs, an attacker may be able to exploit these to access arbitrary fi les on the server filesystem. fopen readfile file fpassthru gzopen gzfile gzpassthru readgzfile copy rename rmdir mkdir unlink file_get_contents file_put_contents parse_ini_file 266 CU IDOL SELF LEARNING MATERIAL (SLM)
The accompanying capacities are utilized to incorporate and assess a predetermined PHP script. On the off chance that an aggressor can make the application assess a record he controls; he can accomplish subjective order execution on the worker. include include once require require once virtual Note that regardless of whether it is beyond the realm of imagination to expect to incorporate far off records, order execution might in any case be conceivable in case there is an approach to transfer self-assertive documents to an area on the worker. The PHP design alternative allow_url_fopen can be utilized to forestall some document capacities from getting to far off records. In any case, as a matter of course this alternative is set to (implying that distant fi les are permitted), so the conventions recorded in can be utilized to recover a far off document. Data set Access The accompanying capacities are utilized to send a question to a data set and recover the outcomes: mysql_query mssql_query pg_query Dynamic Code Execution The following functions can be used to dynamically evaluate PHP code: eval call_user_func call_user_func_array call_user_method call_user_method_array create_function The semicolon delimiter can be utilized to bunch different articulations. On the off chance that client controllable information is passed into any of these capacities, the application is presumably helpless against script infusion. OS Command Execution These functions can be used to execute operating system commands: exec 267 CU IDOL SELF LEARNING MATERIAL (SLM)
passthru popen proc_open shell_exec system The backtick administrator (') In this load of cases, orders can be anchored together utilizing the | character. In the event that client controllable information is passed unfiltered into any of these capacities, the application is most likely defenceless against discretionary order execution. URL Redirection The following APIs can be used to issue an HTTP redirect in PHP: http_redirect header HttpMessage::setResponseCode HttpMessage::setHeaders The typical method to cause a divert is through the http_redirect work, which takes a string containing a family member or supreme URL. In the event that the worth of this string is client controllable, the application is likely helpless against a phishing vector. Sidetracks can likewise be performed by calling the header work with a proper Location header, which makes PHP derive that a HTTP divert is required. For instance: header (\"Location:/target.php\"); You ought to likewise survey any employments of the setResponseCode and setHeaders APIs. Considering that a divert essentially includes a 3xx reaction containing a HTTP Location header, an application might carry out diverts utilizing these APIs. Sockets The following APIs can be used to create and use network sockets in PHP: socket_create socket_connect socket_write socket_send socket_recv fsockopen 268 CU IDOL SELF LEARNING MATERIAL (SLM)
pfsockopen After an attachment is made utilizing socket_create, it is associated with a far off have by means of a call to socket_connect, which takes the objective's host and port subtleties as its boundaries. In the event that this host data is client controllable in any capacity, the application might be exploitable to cause network associations with discretionary hosts, either on the public Internet or on the private DMZ or inner organization on which the application is facilitated. The fsockopen and pfsockopen capacities can be utilized to open attachments to a predefined host and port and return a fi le pointer that can be utilized with ordinary fi le capacities, for example, fwrite and fgets. In the event that client information is passed to these capacities, the application might be defenceless, as portrayed beforehand. Configuring the PHP Environment PHP arrangement choices are indicated in the php.ini fi le, which utilizes similar design as Windows INI documents. Different choices can influence an application's security. Numerous choices that have generally caused issues have been taken out from the most recent form of PHP. Safe Mode On the off chance that the experimental mode order is empowered, PHP places limitations on the utilization of some perilous capacities. A few capacities are handicapped, and others are dependent upon restrictions on their utilization. Magic Quotes In the event that the magic_quotes_gpc order is empowered, any single statement, twofold statement, oblique punctuation line, and NULL characters contained inside demand boundaries are naturally evaded utilizing an oblique punctuation line. On the off chance that the magic_quotes_sybase mandate is empowered, single statements are rather avoided utilizing a solitary statement. This choice is intended to secure weak code containing dangerous information base calls from being exploitable by means of noxious client input. While exploring the application codebase to distinguish any SQL infusion defects, you ought to know about whether enchantment cites are empowered, in light of the fact that this influences the application's treatment of info. Utilizing enchantment cites doesn't forestall all SQL infusion assaults. an assault that infuses into a numeric field doesn't have to utilize single quotes. Moreover, information whose statements have been gotten away may in any case be utilized in a second-request assault when it is hence perused back from the data set. The wizardry cites alternative might bring about unwanted adjustment of client input, when information is being prepared in a setting that doesn't need any getting away. This can bring about the expansion of cuts that should be eliminated utilizing the strip slashes work. A few applications play out their own getting away of pertinent contribution by going individual boundaries through the add slashes work just when required. In the event that wizardry cites are empowered in the PHP design, this methodology brings about twofold got away from characters. Bent over cuts are deciphered as exacting oblique punctuation lines, leaving the 269 CU IDOL SELF LEARNING MATERIAL (SLM)
conceivably malevolent person unescaped. In view of the limits and peculiarities of the enchantment cites choice, it is suggested that pre-arranged explanations be utilized for safe information base access and that the wizardry cites alternative be debilitated. 12.4 ANALYSIS OF PERL This segment depicts approaches to get client provided input, approaches to communicate with the client's meeting, conceivably perilous APIs, and security-applicable design alternatives on the Perl stage. The Perl language is infamous for permitting engineers to play out a similar assignment in a large number of ways. Moreover, various Perl modules can be utilized to meet various prerequisites. Any uncommon or exclusive modules being used ought to be firmly audited to recognize whether they utilize any amazing or hazardous capacities and hence may present similar weaknesses as though the application utilized those capacities. CGI.pm is a generally utilized Perl module for making web applications. It gives the APIs you are probably going to experience when playing out a code audit of a web application written in Perl. Identifying User-Supplied Data The functions listed in Table 12.4 are all members of the CGI query object Function Description param Called without parameters, param returns a param_fetch list of all the parameter names in the request. Called with the name of a parameter, param returns the value of that request parameter. The param_fetch method returns an array of the named parameters. Vars Returns a hash mapping of parameter names to values. cookie The value of a named cookie can be set and raw cookie retrieved using the cookie function. The raw cookie function returns the entire contents of the HTTP Cookie header, without any 270 CU IDOL SELF LEARNING MATERIAL (SLM)
parsing having been performed. self_url Return the current URL, in the first case url including any query string. query string Returns the query string of the current request. Referrer Returns the value of the HTTP Referrer header. request method Returns the value of the HTTP method used in the request. user agent Returns the value of the HTTP User-agent header. http Return a list of all the HTTP environment https variables derived from the current request. Read Parse Creates an array named %in that contains the names and values of all the request parameters. Table 12.4: CGI Query Members Used to Acquire User-Supplied Data Session Interaction The Perl module CGISession.pm extends the CGI.pm module and provides support for session tracking and data storage. For example: $q- >session_data(“MyName”=>param(“username”)); // store user’s name print “Welcome “ . $q->session_data(“MyName”); // retrieve user’s name Potentially Dangerous APIs This part depicts some normal Perl APIs that can present security weaknesses whenever utilized in a dangerous way. File Access The following APIs can be used to access files in Perl. 271 CU IDOL SELF LEARNING MATERIAL (SLM)
open sysopen The open capacity peruses and composes the substance of a predetermined fi le. On the off chance that client controllable information is passed as the filename boundary, an aggressor might have the option to get to discretionary documents on the worker filesystem. Besides, if the filename boundary starts or finishes with the line character, the substance of this boundary are passed to an order shell. In the event that an assailant can infuse information containing shell metacharacters like the line or semicolon, he might have the option to perform self-assertive order execution. Database Access The selectall_arrayref work sends an inquiry to a data set and recovers the outcomes as a variety of clusters. The do work executes a question and just returns the quantity of lines influenced. In the two cases, the SQL proclamation is passed as a basic string. Dynamic Code Execution eval can be utilized to progressively execute a string containing Perl code. The semicolon delimiter can be utilized to cluster numerous assertions. In the event that client controllable information is passed into this capacity, the application is presumably defenceless against script infusion. OS Command Execution The following functions can be used to execute operating system commands system exec qx The backtick operator (`) In this load of cases, orders can be affixed together utilizing the | character. In the event that client controllable information is passed unfiltered into any of these capacities, the application is most likely powerless against subjective order execution. URL Redirection The divert work, which is an individual from the CGI inquiry object, takes a string containing a family member or total URL, to which the client is diverted. In the event that the worth of this string is client controllable, the application is most likely powerless against a phishing vector. 272 CU IDOL SELF LEARNING MATERIAL (SLM)
Attachments After an attachment is made utilizing attachment, it is associated with a far off have through a call to interface, which takes a sockaddr_in structure made out of the objective's host and port subtleties. In the event that this host data is client controllable in any capacity, the application might be exploitable to cause network associations with subjective hosts, either on the Internet or on the private DMZ or interior organization on which the application is facilitated. Configuring the Perl Environment Perl gives an impurity mode that forestalls client provided input from being passed to conceivably hazardous capacities. You can execute Perl programs in spoil mode by passing the - T banner to the Perl mediator as follows: #!/usr/container/perl - T At the point when a program is running in spoil mode, the translator tracks everything of information got from outside the program and treats it as corrupted. On the off chance that one more factor has its worth appointed based on a corrupted thing, it also is treated as polluted. For instance: $path = “/home/pubs” # $path is not tainted $ filename = param(“file”); # $filename is from request parameter and # is tainted $full_path = $path.$filename; # $full_path now tainted Although the taint mode mechanism is designed to help protect against many kinds of vulnerabilities, it is effective only if developers use appropriate regular expressions when extracting clean data from tainted input. If an expression is too liberal and extracts data that may cause problems in the context in which it will be used, the taint mode protection fails, and the application is still vulnerable. In effect, the taint mode mechanism reminds programmers to perform suitable validation on all input before using it in dangerous operations. It cannot guarantee that the input validation implemented will be adequate. 12.5 SUMMARY ASP.NET is a web application structure planned and created by Microsoft. ASP.NET is open source and a subset of the .NET Framework and replacement of the exemplary ASP (Active Server Pages). With form 1.0 of the .NET Framework, it was first delivered in January 2002. Anyway, an inquiry rings a bell what innovation we were utilizing before the year 2002 for creating web applications and administrations? Answer is Classic ASP. In this way, previously .NET and ASP.NET there was Classic ASP. This segment depicts approaches to obtain client provided input, approaches to collaborate with the client's meeting, conceivably hazardous APIs, and security- 273 CU IDOL SELF LEARNING MATERIAL (SLM)
important setup choices on the Perl stage. The Perl language is infamous for permitting designers to play out a similar assignment in a huge number of ways. Moreover, various Perl modules can be utilized to meet various prerequisites. Any surprising or exclusive modules being used ought to be firmly checked on to distinguish whether they utilize any amazing or hazardous capacities and subsequently may present similar weaknesses as though the application utilized those capacities. CGI.pm is a generally utilized Perl module for making web applications. It gives the APIs you are probably going to experience when playing out a code survey of a web application written in Perl. After an attachment is made utilizing attachment, it is associated with a far off have by means of a call to interface, which takes a sockaddr_in structure made out of the objective's host and port subtleties. On the off chance that this host data is client controllable in any capacity, the application might be exploitable to cause network associations with self-assertive hosts, either on the Internet or on the private DMZ or inward organization on which the application is facilitated. These regularly utilize one of the unchecked APIs for cradle control, of which there are many, including strcpy, strcat, memcpy, and sprintf, along with their wide-roast and different variations. A simple method to distinguish easy pickins inside the codebase is to look for all employments of these APIs and confirm whether the source support is client controllable. You likewise ought to confirm whether the code has unequivocally guaranteed that the objective cradle is adequately enormous to oblige the information being replicated into this is (on the grounds that the actual API doesn't do as such). Weak calls to hazardous APIs are regularly simple to distinguish. Many programming weaknesses are really archived inside source code remarks. This frequently happens on the grounds that designers know that a specific activity is hazardous, and they record a suggestion to fix the issue later, yet they never find time to do so. In different cases, testing has distinguished some peculiar conduct inside the application that was remarked inside the code however never completely explored. You ought to intently survey any local code utilized by the application for exemplary weaknesses that might be exploitable to execute subjective code. Unless they have been intentionally disguised by a pernicious developer, secondary passage passwords that have been utilized for testing or managerial purposes for the most part stand apart when you audit qualification approval rationale. 12.6 KEYWORDS ASP.NET -. It is a web application structure planned and created by Microsoft. ASP.NET is open source and a subset of the .NET Framework and replacement of the 274 CU IDOL SELF LEARNING MATERIAL (SLM)
exemplary ASP (Active Server Pages). With adaptation 1.0 of the .NET Framework, it was first delivered in January 2002. Content - It is characterized as what is inside or remembered for something. An illustration of content is beans within a container. An illustration of content is the words inside a book. Satisfied. Worker - It is a PC or framework that gives assets, information, administrations, or projects to different PCs, known as customers, over an organization. In principle, at whatever point PCs share assets with customer machines, they are viewed as workers. This implies that a gadget could be both a worker and a customer simultaneously. Provided - Data implies the information given by the Licensor to the End client as set out in Schedule. Header – It is text at the highest point of a page in an electronic archive or printed copy. For instance, in Microsoft Word, a header could be made in an archive to show the page number of each page. Paradoxically, a footer is at the lower part of a page in an electronic archive or printed copy. 12.7 LEARNING ACTIVITY 1. Find the person who faced a problem of web attacks & ask the actions taken by him to overcome attack. ___________________________________________________________________________ _________________________________________________________________________ 2. Make a survey on ‘most using antiviruses. ___________________________________________________________________________ _________________________________________________________________________ 12.8 UNIT END QUESTIONS A. Descriptive Questions Short Questions 1. What is ASP.NET? 2. Describe the ASP.NET web forms model. 3. What is analysis of PHP? 4. What is the ASP.NET component mode? 5. What is the components of .Net framework? Long Questions 275 CU IDOL SELF LEARNING MATERIAL (SLM)
1. Write the components of .Net framework. 2. What are the ASP.NET component mode? 3. Explain analysis of PHP. 4. Discuss analysis of Perl. 5. Explain analysis of ASP. NET platform. B. Multiple Choice Questions 1. Which of the following statements is true about the Trojans? a. Trojans perform tasks for which they are designed or programmed b. Trojans replicates them self's or clone them self's through an infections c. Trojans do nothing harmful to the user's computer systems d. None of these 2. Which of the following is just opposite to the Open Design principle? a. Security through obscurity b. Least common mechanism c. Least privileges d. Work factor 3. Which of the following is a type of independent malicious program that never required any host program? a. Trojan Horse b. Worm c. Trap Door d. Virus 4. Which of the following usually considered as the default port number of Apache and several other web servers? a. 20 b. 40 c. 80 d. 87 5. What does DNS translates a Domain name into ? 276 a. Hex b. Binary CU IDOL SELF LEARNING MATERIAL (SLM)
c. IP d. URL Answers 1-a, 2-a, 3-b, 4-c, 5-d 12.9 REFERENCES References Cheswick&Bellovin. 92003). Firewalls and Internet Security. Boyle&Panko. (2013). Corporate Computer Security. Prentice Hall. Paul, van, Oorschot. (2020). Computer Security and the Internet: Tools and Jewels. Textbooks Wenliang. Du. 92019). Computer Security: A Hands-on Approach. Stallings&Brown. (2014). Computer Security: Principles and Practice. Dieter, Gollmann. (2011). Computer Security. Wiley. Websites https://en.wikipedia.org/ https://searchsecurity.techtarget.com/ https://www.darkreading.com/ https://portswigger.net/ 277 CU IDOL SELF LEARNING MATERIAL (SLM)
UNIT 13: ANALYSIS OF JAVASCRIPT, ANALYSIS OF SQL STRUCTURE 13.0 Learning Objectives 13.1 Introduction 13.2 Analysis of JavaScript 13.3 Analysis of SQL 13.4 Summary 13.5 Keywords 13.6 Learning Activity 13.7 Unit End Questions 13.8 References 13.0 LEARNING OBJECTIVES After studying this unit, you will be able to: Define an Analysis of JavaScript. Explain the Analysis of SQL. Understand the Analysis of JavaScript. 13.1 INTRODUCTION JavaScript is a lightweight, cross-stage, and deciphered prearranging language. It is notable for the improvement of pages; numerous non-program conditions additionally use it. JavaScript can be utilized for Client-side advancements just as Server-side turns of events. JavaScript contains a standard library of items, similar to Array, Date, and Math, and a centre arrangement of language components like administrators, control constructions, and explanations. JavaScript is a unique PC programming language. It is lightweight and most generally utilized as a piece of pages, whose executions permit customer side content to interface with the client and make dynamic pages. It is a deciphered programming language with object- arranged abilities. JavaScript was first known as Live Script; however Netscape changed its name to JavaScript, perhaps in view of the fervor being created by Java. JavaScript showed up in Netscape 2.0 in 1995 with the name LiveScript. The broadly useful center of the language has been installed in Netscape, Internet Explorer, and other internet browsers. 278 CU IDOL SELF LEARNING MATERIAL (SLM)
In IT and business world hypes and crazes arise and vanish in an exceptionally fast speed. The highest point of the hype’s changes at regular intervals. Showcasing branches of practically all tech organizations contend in repackaging and rebranding old stuff proposing coolness and allure of their items (Buhl et.al, 2013). It appears to be the system works, essentially for a few. As Stonebraker put it, Big Data is the \"trendy expression of the day\", Stonebraker. Likewise with different trendy expressions, there is no thorough meaning of the term. What amount of information is huge. What are the contrasts between Big Data, information bases and information distribution centres, every one of them managing gigantic volumes of informationWeb based business destinations, sensors, cameras, portable applications all produces gigantic measure of information with various periodicity. This heap of information should be prepared and investigated to distinguish designs, to clarify business wonders, to make forecasts. The essential presumption of Big Data is we can gain from information. As per Jacobs, Big Data ought to be characterized anytime as information whose size drives us to look past the time tested strategies that are pervasive around then, while for Cuzzocrea etal. Big Data alludes to gigantic measures of unstructured information created by elite applications falling in a wide and heterogeneous group of use situations: from logical registering applications to interpersonal organizations, from government applications to clinical data frameworks, etc. In 1995, Netscape declared JavaScript as an \"simple to-utilize object prearranging language intended for making live online applications that interface together articles and assets on the two customers and workers\". From that point forward, it has turned into the true norm for customer side prearranging in Web programs yet numerous different applications likewise incorporate a JavaScript motor. This predominance has driven designers to compose huge projects in a language which has been imagined for prearranging, however not for programming in the huge. Henceforth, device support is gravely expected to help troubleshoot and keep up with these projects. The advancement of sound programming apparatuses that go past checking simple syntactic properties requires a type of program examination. Specifically, type investigation is vital to get portrayal blunders, which for example mistake numbers for strings or booleans with capacities, from the get-go in the improvement interaction. Type examination is a significant apparatus to a developer since it precludes this class of programming mistakes completely Applying type investigation to JavaScript is an unpretentious business since, as most other prearranging dialects, JavaScript has a powerless, unique composing discipline which settle numerous portrayal befuddles by quiet kind transformations. As JavaScript upholds objects, top of the line capacities, and special cases, following the progression of information and control is nontrivial. 279 CU IDOL SELF LEARNING MATERIAL (SLM)
JavaScript is an item based language that utilizes model items to show legacy. As for all intents and purposes all predefined tasks are gotten to by means of model items, it is basic that the investigation models these articles definitively. Articles are mappings from strings (property names) to values. As a rule, properties can be added and eliminated during execution and property names might be powerfully registered. Vague outcomes, for example, getting to a non-existing property of an item, are addressed by a specific worth unclear, yet there is an unobtrusive differentiation between an article that does not have a property and an article that has the property set to vague. 13.2 ANALYSIS OF JAVASCRIPT What is JavaScript? JavaScript is a powerful PC programming language. It is lightweight and most ordinarily utilized as a piece of website pages, whose executions permit customer side content to associate with the client and make dynamic pages. It is a deciphered programming language with object-situated capacities. JavaScript was first known as LiveScript; however Netscape changed its name to JavaScript, potentially as a result of the fervor being produced by Java. JavaScript showed up in Netscape 2.0 in 1995 with the name LiveScript. The broadly useful center of the language has been installed in Netscape, Internet Explorer, and other internet browsers. The ECMA-262 Specification characterized a standard variant of the center JavaScript language. JavaScript is a lightweight, interpreted programming language. Designed for creating network-centric applications. Complementary to and integrated with Java. Complementary to and integrated with HTML. Open and cross-platform. JavaScript (\"JS\" for short) is an undeniable unique programming language that can add intelligence to a site. It was created by Brendan Eich (fellow benefactor of the Mozilla project, the Mozilla Foundation, and the Mozilla Corporation). JavaScript is adaptable and fledgling amicable. With more experience, you'll have the option to make games, energized 2D and 3D illustrations, thorough data set driven applications, and significantly more! JavaScript itself is generally minimized, yet entirely adaptable. Engineers have composed an assortment of devices on top of the center JavaScript language, opening a tremendous measure of usefulness with least exertion. These incorporate: 280 CU IDOL SELF LEARNING MATERIAL (SLM)
Browser Application Programming Interfaces (APIs) incorporated into internet browsers, giving usefulness, for example, progressively making HTML and setting CSS styles; gathering and controlling a video transfer from a client's webcam, or producing 3D designs and sound examples. Third-party APIs that permit engineers to consolidate usefulness in destinations from other substance suppliers, like Twitter or Facebook. Third-party systems and libraries that you can apply to HTML to speed up crafted by building locales and applications. It's external the extent of this article—as a light prologue to JavaScript—to introduce the subtleties of how the center JavaScript language is not the same as the apparatuses recorded previously. You can learn more in MDN's JavaScript learning region, just as in different pieces of MDN. The part underneath presents a few parts of the center language and offers a chance to play with a couple of program API includes as well. Have a great time! There are following features of JavaScript: All mainstream internet browsers support JavaScript as they give worked in execution conditions. JavaScript follows the grammar and design of the C programming language. Accordingly, it is an organized programming language. JavaScript is a feebly composed language, where specific sorts are verifiably projected (contingent upon the activity). JavaScript is an article arranged programming language that utilizes models as opposed to utilizing classes for legacy. It is a light-weighted and deciphered language. It is a case-touchy language. JavaScript is legitimate in a few working frameworks including, Windows, macOS, and so forth It gives great control to the clients over the internet browsers. History of JavaScript In 1993, Mosaic, the principal mainstream internet browser, appeared. In the year 1994, Netscape was established by Marc Andreessen. He understood that the web expected to turn out to be more powerful. Along these lines, a 'stick language' was accepted to be given to HTML to make web planning simple for creators and low maintenance developers. Therefore, in 1995, the organization enlisted Brendan Eich proposing to carry out and install 281 CU IDOL SELF LEARNING MATERIAL (SLM)
Scheme programming language to the program. Yet, before Brendan could begin, the organization converged with Sun Microsystems for adding Java into its Navigator so it could rival Microsoft over the web advancements and stages. Presently, two dialects were there: Java and the prearranging language. Further, Netscape chose to give a comparative name to the prearranging language as Java's. It prompted 'JavaScript'. At long last, in May 1995, Marc Andreessen begat the primary code of JavaScript named 'Mocha'. Afterward, the showcasing group supplanted the name with 'LiveScript'. In any case, because of brand name reasons and certain different reasons, in December 1995, the language was at long last renamed to 'JavaScript'. From that point, JavaScript appeared. Application of JavaScript JavaScript is used to create interactive websites. It is mainly used for: Client-side validation, Dynamic drop-down menus, Displaying date and time, Displaying pop-up windows and dialog boxes (like an alert dialog box, confirm dialog box and prompt dialog box), Displaying clocks etc. Client-Side JavaScript Customer side JavaScript is the most widely recognized type of the language. The content ought to be remembered for or referred to by a HTML record for the code to be deciphered by the program. It implies that a website page need not be a static HTML, however can incorporate projects that collaborate with the client, control the program, and powerfully make HTML content. The JavaScript customer side component gives many benefits over conventional CGI worker side contents. For instance, you may utilize JavaScript to check if the client has entered a substantial email address in a structure field. The JavaScript code is executed when the client presents the structure, and just if every one of the passages are legitimate, they would be submitted to the Web Server. JavaScript can be utilized to trap client started occasions, for example, button clicks, interface route, and different activities that the client starts unequivocally or verifiably. Advantages of JavaScript The merits of using JavaScript are: Less worker cooperation: You can approve client input prior to sending the page off to the worker. This saves worker traffic, which implies less burden on your worker. 282 CU IDOL SELF LEARNING MATERIAL (SLM)
Immediate criticism to the guests: They don't need to sit tight for a page reload to check whether they have neglected to enter something. Increased intuitiveness: You can make interfaces that respond when the client drifts over them with a mouse or enacts them through the console. Richer interfaces: You can utilize JavaScript to incorporate such things as simplified parts and sliders to give a Rich Interface to your site guests. Limitations of JavaScript We cannot treat JavaScript as a full-fledged programming language. It lacks the following important features: Client-side JavaScript doesn't permit the perusing or composing of documents. This has been saved for security reason. JavaScript can't be utilized for systems administration applications on the grounds that there is no such help accessible. JavaScript doesn't have any multithreading or multiprocessor abilities. By and by, JavaScript is a lightweight, deciphered programming language that permits you to incorporate intelligence into in any case static HTML pages. JavaScript Development Tools One of significant qualities of JavaScript is that it doesn't need costly improvement devices. You can begin with a basic word processor like Notepad. Since it is a deciphered language inside the setting of an internet browser, you don't have to purchase a compiler. To simplify our life, different merchants have thought of exceptionally pleasant JavaScript altering apparatuses. Some of them are recorded here Microsoft FrontPage: Microsoft has fostered a mainstream HTML manager called FrontPage. FrontPage likewise gives web designers various JavaScript devices to aid the making of intuitive sites. Macromedia Dreamweaver MX: Macromedia Dreamweaver MX is an extremely mainstream HTML and JavaScript proof-reader in the expert web improvement swarm. It gives a few helpful prebuilt JavaScript parts, incorporates well with information bases, and adjusts to new guidelines like XHTML and XML. Macromedia HomeSite 5: HomeSite 5 is a popular HTML and JavaScript manager from Macromedia that can be utilized to oversee individual sites viably. Transfer Functions For every sort of hub n in the stream chart, a droning move work maps a theoretical state before n to a theoretical state after n. What's more, we give an exchange capacity to each predefined work in the ECMAScript standard library. A few edges (specifically, call and 283 CU IDOL SELF LEARNING MATERIAL (SLM)
return edges) likewise convey move capacities. Obviously, the before condition of hub n is the join of the after conditions of all archetypes of n. The exchange work for read-property fills in as an illustrative model. In case vobj isn't an item, it gets changed over into one. In the event that vobj abstracts many articles, the outcome is the join of perusing every one of them. The read activity for a solitary conceptual item slips the model chain and joins the aftereffects of looking into the property until the property was certainly present in a model. Assuming vprop is anything but a particular string, the default list and default different fields of the item and its models are additionally thought of. At long last, the impermanent variable target is overwritten with the outcome; everything fill-ins can be emphatically refreshed. As this model shows, it is fundamental that the investigation models all parts of the JavaScript execution model, including model chains and type intimidations. A unique case is the exchange work for the underlying capacities eval and Function that progressively develop new program code. The analyser can't demonstrate a particularly powerful augmentation of the program on the grounds that the fixpoint solver requires N and L to be fixed. Consequently, the analyser gives an admonition if these capacities are utilized. This methodology is possible good as these capacities are for the most part utilized stylized, for example for JSON information, as per an investigation of existing JavaScript code. JavaScript Datatypes One of the most central qualities of a programming language is the arrangement of information types it upholds. These are the sort of qualities that can be addressed and controlled in a programming language. JavaScript permits you to work with three crude information types: Numbers, e.g., 123, 120.50 etc. Strings of text, e.g. \"This text string\" etc. Boolean, e.g. true or false. JavaScript additionally characterizes two inconsequential information types, invalid and vague, every one of which characterizes just a solitary worth. Notwithstanding these crude information types, JavaScript upholds a composite information type known as item. We will cover protests exhaustively in a different part. Note: Java doesn't make a qualification between whole number qualities and coasting point esteems. All numbers in JavaScript are addressed as drifting point esteems. JavaScript addresses numbers utilizing the 64-bit coasting point design characterized by the IEEE 754 norm. JavaScript Variables In the same way as other programming dialects, JavaScript has factors. Factors can be considered as named holders. You can put information into these holders and afterward allude to the information essentially by naming the compartment. 284 CU IDOL SELF LEARNING MATERIAL (SLM)
Before you utilize a variable in a JavaScript program, you should pronounce it. Factors are pronounced with the var catchphrase as follows. <script type=\"text/javascript\"> <!-- var money; var name; //--> </script> JavaScript Variable Scope The scope of a variable is the region of your program in which it is defined. JavaScript variables have only two scopes. Global Variables: A global variable has global scope which means it can be defined anywhere in your JavaScript code. Local Variables: A local variable will be visible only within a function where it is defined. Function parameters are always local to that function. Inside the body of a capacity, a nearby factor overshadows a worldwide variable with a similar name. On the off chance that you pronounce a neighbourhood variable or capacity boundary with a similar name as a worldwide variable, you viably shroud the worldwide variable. Investigate the accompanying model. JavaScript Variable Names While naming your variables in JavaScript, keep the following rules in mind. You ought not utilize any of the JavaScript saved catchphrases as a variable name. These watchwords are referenced in the following segment. For instance, break or Boolean variable names are not substantial. JavaScript variable names ought not begin with a numeral (0-9). They should start with a letter or a highlight character. For instance, 123test is an invalid variable name yet _123test is a legitimate one. JavaScript variable names are case-touchy. For instance, Name and name are two distinct factors. What is an Operator? Let us take a simple expression 4 + 5 is equal to 9. Here 4 and 5 are called operands and ‘+’ is called the operator. JavaScript supports the following types of operators. Arithmetic Operators 285 CU IDOL SELF LEARNING MATERIAL (SLM)
Comparison Operators Logical (or Relational) Operators Assignment Operators Conditional (or ternary) Operators Let’s have a look at all the operators one by one. How to Run JavaScript? Being a prearranging language, JavaScript can't run all alone. Indeed, the program is answerable for running JavaScript code. At the point when a client demands a HTML page with JavaScript in it, the content is shipped off the program and it is dependent upon the program to execute it. The principle benefit of JavaScript is that all advanced internet browsers support JavaScript. Along these lines, you don't need to stress over whether your webpage guest utilizes Internet Explorer, Google Chrome, Firefox or some other program. JavaScript will be upheld. Likewise, JavaScript runs on any working framework including Windows, Linux or Mac. Consequently, JavaScript conquers the primary burdens of VBScript (Now belittled) which is restricted to simply IE and Windows. Tools You Need First and foremost, you need a word processor to compose your code and a program to show the website pages you create. You can utilize a word processor of your decision including Notepad++, Visual Studio Code, Sublime Text, Atom or some other content tool you are OK with. You can utilize any internet browser including Google Chrome, Firefox, Microsoft Edge, Internet Explorer and so on. Javascript – Enabling Every one of the cutting edge programs accompany worked in help for JavaScript. Oftentimes, you might have to empower or incapacitate this help physically. This section clarifies the strategy of empowering and crippling JavaScript support in your programs: Internet Explorer, Firefox, chrome, and Opera. JavaScript in Internet Explorer Here are the steps to turn on or turn off JavaScript in Internet Explorer: Follow Tools -> Internet Options from the menu. Select Security tab from the dialog box. Click the Custom Level button. Scroll down till you find the Scripting option. Select Enable radio button under Active scripting. Finally click OK and come out. 286 CU IDOL SELF LEARNING MATERIAL (SLM)
To disable JavaScript support in your Internet Explorer, you need to select Disable radio button under Active scripting. JavaScript in Firefox Here are the steps to turn on or turn off JavaScript in Firefox: Open a new tab -> type about: config in the address bar. Then you will find the warning dialog. Select I’ll be careful, I promise! Then you will find the list of configure options in the browser. In the search bar, type javascript.enabled. There you will find the option to enable or disable javascript by right-clicking on the value of that option ->select toggle. In the event that JavaScript. Empowered is valid; it converts to bogus after clicking switch. In case JavaScript is crippled; it gets empowered after clicking switch. JAVASCRIPT – SYNTAX JavaScript can be implemented using JavaScript statements that are placed within the <script>... </script> HTML tags in a web page. You can place the <script> tags, containing your JavaScript, anywhere within you web page, but it is normally recommended that you should keep it within the <head> tags. The <script> tag alerts the browser program to start interpreting all the text between these tags as a script. A simple syntax of your JavaScript will appear as follows. <script ...> JavaScript code </script> The script tag takes two important attributes: Language: This attribute specifies what scripting language you are using. Typically, its value will be javascript. Although recent versions of HTML (and XHTML, its successor) have phased out the use of this attribute. Type: This attribute is what is now recommended to indicate the scripting language in use and its value should be set to \"text/javascript\". So, your JavaScript syntax will look as follows. <script language=\"javascript\" type=\"text/javascript\"> JavaScript code </script> Your First JavaScript Code 287 CU IDOL SELF LEARNING MATERIAL (SLM)
Let us take a sample example to print out \"Hello World\". We added an optional HTML comment that surrounds our JavaScript code. This is to save our code from a browser that does not support JavaScript. The comment ends with a \"//-->\". Here \"//\" signifies a comment in JavaScript, so we add that to prevent a browser from reading the end of the HTML comment as a piece of JavaScript code. Next, we call a function document.writewhich writes a string into our HTML document. Whitespace and Line Breaks JavaScript ignores spaces, tabs, and newlines that appear in JavaScript programs. You can use spaces, tabs, and newlines freely in your program and you are free to format and indent your programs in a neat and consistent way that makes the code easy to read and understand. Semicolons are Optional Simple statements in JavaScript are generally followed by a semicolon character, just as they are in C, C++, and Java. JavaScript, however, allows you to omit this semicolon if each of your statements are placed on a separate line. For example, the following code could be written without semicolons. Case Sensitivity JavaScript is a case-sensitive language. This means that the language keywords, variables, function names, and any other identifiers must always be typed with a consistent capitalization of letters. So, the identifiers Time and TIMEwill convey different meanings in JavaScript. NOTE: Care should be taken while writing variable and function names in JavaScript. Comments in JavaScript JavaScript supports both C-style and C++-style comments. Thus: Any text between a // and the end of a line is treated as a comment and is ignored by JavaScript. Any text between the characters /* and */ is treated as a comment. This may span multiple lines. JavaScript also recognizes the HTML comment opening sequence <!--. JavaScript treats this as a single-line comment, just as it does the // comment. The HTML comment closing sequence --> is not recognized by JavaScript so it should be written as //-->. What Would the Web Look Like Without JavaScript? 288 CU IDOL SELF LEARNING MATERIAL (SLM)
Without JavaScript, all you would have on the web would be HTML and CSS. These alone limits you to a few web page implementations. 90% (if not more) of your webpages would be static, and you'd only have the dynamic changes like animations that CSS provides. How JavaScript Makes Things Dynamic HTML defines the structure of your web document and the content therein. CSS declares various styles for the contents provided on the web document. HTML and CSS are often called mark-up languages rather than programming languages, because they, at their core, provide mark-ups for documents with very little dynamism. JavaScript, on the other hand, is a dynamic programming language that supports Math calculations, allows you to dynamically add HTML contents to the DOM, creates dynamic style declarations, fetches contents from another website, and lots more. Before we go into how JavaScript does all of these things, let's look at a quick example. In the code pen, you'll see that as you type in the input field, the text shows on the screen. That is made possible by JavaScript. You cannot get this with HTML, CSS, nor both of them together. JavaScript can do a lot more than what I can cover in this article. But to get you started with JS, we'll look at: how to use JavaScript in HTML data types variables comments functions 13.3 ANALYSIS OF SQL SQL and Statistical Packages There is an enormous proposal of factual bundles committed to information investigation and different kinds of intricate preparing. Probably the most mainstream business items are: SPSS, SAS, Stata, S-PLUS, Minitab. They by and large give a huge swath of factual capacities and choices with cordial interfaces to the ordinary client (non-developers). Yet, some of them are likewise famous for their expenses. Little and Medium Business, just as a decent scope of colleges, can't stand to spend now and then great many dollars for a not really enormous number of licenses. Obviously, costs and permitting frameworks contrast, however from our experience the cost is as yet the most well-known boundary to their use. By and by, numerous colleges have obtained bundles like SPSS, SAS through gifts, research awards, projects with the business, and so on The new year’s saw an overall pattern in advanced 289 CU IDOL SELF LEARNING MATERIAL (SLM)
education and exploration world towards open-source measurable programming, primarily R, Tsoukalos et al. R is step by step turning into the predominant stage for colleges, organizations and specialists that couldn't spend a lot on programming particularly inside current monetary difficulties. R has an immense local area of devotee designers with persistently execute the latest headways in insights, information mining, AI, and so on with no expense for the last client. There are two fundamental impediments of R in connection with these papers' goals. One is R explicit and concerns the UI. Regardless of whether some open-source augmentations (like RStudio) relax some way or another the discourse, R depends on the order brief and scripts and furthermore programming-inclined. In other word, R is as yet distant from the class of business items. The subsequent restriction is innate to all factual bundles and concerns the information source. Studies and lab information can be entered straightforwardly in the factual bundle, however in reality organizations' information to be investigated live on a huge extent of stages: SQL data sets, web logs, sensors, versatile applications, Excel documents, and so forth As outcome, by and large some extraction-change load (ETL) instruments are required for social occasion information in R or other bundle. Normally factual bundles generally load their information to be handled utilizing at least one from the accompanying arrangements: Direct import from outer information records (Excel, CSV-Comma Separated Values, text documents and so forth) utilizing their menus (where accessible). Save middle of the road results from the information sources (data sets, Excel, and so forth) into normal configuration documents and afterward import these halfway records into the bundle; the most mainstream exchange designs are XML, CSV and JSON. Create information sources utilizing ODBC (Object Data Base Connectivity) or JDBC (Object Data Base Connectivity) drivers and afterward associate straightforwardly the bundle to ODBC/JDBC information sources. No moderate documents are required, information being imported straightforwardly into the bundle factors/tables. Lately, some new alternatives are accessible for information imports. Using unique ETL methodology which can be tweaked for both the information source and the objective bundle Connecting to extraordinary APIs (Application Programming Interfaces) or web/information administrations which give informational collections in designs simple to import. Google Analytics is such a help turning out to be more famous throughout the long term. Import information from web workers log utilizing client characterized or standard ETL methodology. This is a region where NoSQL frameworks have a solid presence. 290 CU IDOL SELF LEARNING MATERIAL (SLM)
In expansion to plain import through ODBC/JDBC associations, now and then is feasible to perform data set inquiry in a data set worker straightforwardly from the factual bundle. For instance, R clients can question SQLLite data sets straightforwardly and import the outcomes from the tables into the R work area. SQL Features for Data Analysis Essentially, SQL extricates record sets from tremendous information bases dependent on a social variable based math. SELECT is the center SQL, blessed with amazing conditions for sifting records, sections/ascribes, calculation, gathering, and so on The huge ubiquity of SQL (Michael Stonebraker once considered SQL the intergalactic data speak language is expected principally to its general punctuation (no writing computer programs is vital for the vast majority of the inquiries) and furthermore to its execution in numerous types DataBase Management Systems, from work area (Access) to open-source (MySQL, PostgreSQL) and business (Oracle, IBM DB2, Microsoft SQL Servers) ones. The expansive reception was worked with by the normalization of SQL by ISO with ANSI and different public offices. First SQL standard was distributed in 1986 (ANSI) and 1989 (ISO), and afterward in 1992, 1999, 2003, 2008 and 2011. As called attention to in past area, the aftereffect of SQL questions (SELECT orders) can be saved/put away inside the data set (primarily as table or view) yet in addition is inclined to be sent out from the DBMS to different targets and arrangements, for example another information base, Excel/CSV record, text document, HTML, ODBC/JDBC information source, and so forth Yet, SELECT orders don't simply concentrate and channel information from the data set. Its different provisions can do different preparing undertakings for all the outcome lines or for gatherings or lines (GROUP BY and HAVING conditions). Beginning with the main norm (1986/1989), all SQL vernaculars have executed the fundamental factual capacities called (measurable) total capacities with self-enlightening names: SUM, COUNT, AVG, MIN, MAX. Since 1999 quite possibly the main objective of SQL standard has been information examination, basically through OLAP (On Line Analytical Processing) highlights (some of the time likewise called window capacities). There are some OLAP contrasts among vernaculars. The most extravagant DBMSs for information investigation are Oracle and DB2 while open source frameworks are less liberal. Yet, some fundamental OLAP tasks, like positioning, are normal. For instance, current adaptation of PostgreSQL (9.3) executes, among different capacities, RANK, DENSE_RANK, PERCENT_RANK, CUME_DIST, LEAD, LAG, NTILE, NTH_VALUE, and so forth For some high level SQL OLAP highlights see next area. Less known and utilized in SQL are the factual capacities for normal measurable systems. Once more, business information base workers (Oracle, DB2, SQL Server) are supplied with the best factual provisions. Yet additionally open-source workers give valuable capacities like STDEV_POP (standard deviation for a populace), STDEV_SAMP (standard deviation for an example) CORR (connection), COVAR_POP (populace covariance), COVAR_SAMP (test covariance), REGR_INTERCEPT (y block of the least-squares-fit direct condition controlled 291 CU IDOL SELF LEARNING MATERIAL (SLM)
by the (x,y) sets), REGR_SLOPE (incline of the least-squares-fit straight condition), PostgreSQL (2013). As a primary agent of business information base workers Oracle is invested with a huge swath of measurable components. The majority of them are remembered for the Oracle SQL center tongue, however some different expansions are accessible, like Oracle Data Mining and Oracle R Enterprise. As indicated by Oracle data set documentation, Oracle (2013), the fundamental measurable alternatives accessible are: Descriptive statistics Hypothesis testing Correlation’s analysis (parametric and nonparametric) Ranking functions Cross Tabulations with Chi-square statistics Linear regression ANOVA Test Distribution fit Window Aggregate functions Statistical Aggregates LAG/LEAD functions Reporting aggregate functions Data Mining, Knowledge Discovery and OLAP Information Mining and Knowledge Discovery are comprehensively considered to frame the scholarly and innovative space of transforming crude information into important data helpful for business insight choice interaction. Indeed, Knowledge Discovery (KD) is considered as the methodological interaction and the Data Mining (DM) as a scope of devices and strategies to accomplish the objectives of such enlightening handling (Peng et al.,2008). The KD interaction is intensely subject to the data set help and thusly is frequently alluded as KDD - Knowledge Discovery in Database (Fayyad et al.,1996). It covers exercises like arranging and laying out examination objectives, setting the information assortments to be handled, information pre-handling through cleaning and arrangement strategies, information changing to rearrange and to adjust information designs to scientific information models, information mining with methods as looking through interpretative examples to address insightful information and, at long last, translation/assessment in addition to perception of the interpretative information designs extricated. In this way, the DM space covers the main information examination methods to separate the new prescient data utilizing strategies like order (learning capacities), relapse, grouping or rundown (Peng et al.,2008). The Online 292 CU IDOL SELF LEARNING MATERIAL (SLM)
Analytical Processing instruments vigorously use information scientific strategies, roused by factual activities, to fabricate their inquiry trees. They are typically related with information mix and information refinement exercises applied for the most part inside the third phase of the KDD interaction. In spite of the fact that there is no reasonable delimitation among OLAP and DM explicit instruments, the most recent ones use OLAP questions to set their own handling inputs. That is the reason the SQL-ROLAP is viewed as a vital part of the DM-KDD engineering, particularly with regards to multidimensional data sets based on social augmentations. Data Warehouses and OLAP Preceding taking care of the DM handling exercises, the scientific information should be displayed (multidimensional), put away (information warehousing) and appropriately questioned (utilizing OLAP administrators). Subsequently, the information stockrooms (DW) are regularly related with the multidimensional data sets viewed as subject-situated, coordinated, time-variation and non-volatile assortments of information expected to choice emotionally supportive networks. The first wellsprings of scientific information are most regular OLTP frameworks, principally social data sets. Additionally, organized or semi- organized outside information sources could take care of DW. The incorporation of these sorts of essentially heterogeneous information sources could be perhaps the most basic components in the structure of datum stockroom. That is the reason a whole scope of concentrate transform load devices (ETL) are important for DW engineering. These apparatuses are liable for separating, cleaning, coordination, changing and stacking information into DW and furthermore they address the issue of information reviving inside DW setting. In this manner, ETL apparatuses guarantee the entering entryway of information into the multidimensional data set of information distribution centres. On the other hand, the OLAP apparatuses are situated in some way or another as the external door of DW frameworks: guaranteeing the information access for the outside detailing devices or for the information mining instruments. The questions performed to multidimensional information bases of DW are prepared by the OLAP motors. There were created four principle OLAP information models and question motors: x MOLAP (Multidimensional OLAP) instruments support some insightful administrators applied on multidimensional information structures joined on ideas like measurements and measurements; x ROLAP (Relational OLAP) apparatuses support the scientific capacities utilizing devoted administrators executed as social expansions on multidimensional data sets planned with star-mapping or snowflake- pattern procedures; x HOLAP (Hierarchical OLAP) devices tackle some exhibition issues of ROLAP frameworks by utilizing particular stockpiling and ordering methods; x XML-OLAP devices devoted to XML Data Warehouses where dimensional realities are put away as XML reports. 293 CU IDOL SELF LEARNING MATERIAL (SLM)
13.4 SUMMARY JavaScript is a powerful PC programming language. It is lightweight and most generally utilized as a piece of site pages, whose executions permit customer side content to connect with the client and make dynamic pages. It is a deciphered programming language with object-arranged capacities. JavaScript was first known as LiveScript; however Netscape changed its name to JavaScript, perhaps due to the fervor being created by Java. JavaScript showed up in Netscape 2.0 in 1995 with the name Live Script. The universally useful center of the language has been implanted in Netscape, Internet Explorer, and other internet browsers. The ECMA-262 Specification characterized a standard rendition of the center JavaScript language. Client-side JavaScript is the most widely recognized type of the language. The content ought to be remembered for or referred to by a HTML record for the code to be deciphered by the program. It implies that a page need not be a static HTML, yet can incorporate projects that connect with the client, control the program, and progressively make HTML content. The JavaScript customer side system gives many benefits over customary CGI worker side contents. For instance, you may utilize JavaScript to check if the client has entered a substantial email address in a structure field. Being a prearranging language, JavaScript can't run all alone. Truth be told, the program is answerable for running JavaScript code. At the point when a client demands a HTML page with JavaScript in it, the content is shipped off the program and it is dependent upon the program to execute it. The fundamental benefit of JavaScript is that all cutting edge internet browsers support JavaScript. In this way, you don't need to stress over whether your website guest utilizes Internet Explorer, Google Chrome, Firefox or some other program. JavaScript will be upheld. Additionally, JavaScript runs on any working framework including Windows, Linux or Mac. In this manner, JavaScript defeats the principle hindrances of VBScript (Now expostulated) which is restricted to simply IE and Windows. There is a huge proposal of measurable bundles devoted to information investigation and different kinds of mind boggling handling. The absolute most famous business items are: SPSS, SAS, Stata, S-PLUS, Minitab. They for the most part give a huge range of factual capacities and choices with cordial interfaces to the ordinary client (non-software engineers). However, to some extent some of them are additionally infamous for their expenses. Little and Medium Business, just as a decent scope of colleges, can't stand to spend some of the time a great many dollars for a not really enormous number of licenses. Obviously, costs and permitting frameworks vary, however from our experience the cost is as yet the most well-known obstruction to their utilization. 294 CU IDOL SELF LEARNING MATERIAL (SLM)
Prior to taking care of the DM preparing exercises, the scientific information should be demonstrated (multidimensional), put away (information warehousing) and appropriately questioned (utilizing OLAP administrators). In this manner, the information stockrooms (DW) are regularly related with the multidimensional data sets viewed as subject-arranged, coordinated, time-variation and non-volatile assortments of information expected to choice emotionally supportive networks (Reddy et al., 2010). The first wellsprings of insightful information are most incessant OLTP frameworks, principally social data sets. Likewise, organized or semi- organized outside information sources could take care of DW. 13.5 KEYWORDS Redirecting conduct is a proactive technique for managing testing conduct. It amplifies a kid's commitment in learning by giving the youngster options in contrast to a conduct that educators consider dangerous. Diverting Behaviour is one in a progression of in-administration suites on conduct direction. Microsystem is an independent subsystem situated inside a bigger framework. It by and large comprises the littlest unit of investigation in frameworks hypothesis. Elements alludes to the volume of a sound or note. The term is additionally applied to the composed or printed melodic documentation used to demonstrate elements. Customarily, dynamic markings depend on Italian words, in spite of the fact that there isn't anything amiss with basically composing things like \"unobtrusively\" or \"stronger\" in the music. Clint is an individual or gathering that utilizes the expert exhortation or administrations of a legal counsellor, bookkeeper, promoting organization, designer, and so on an individual who is getting the advantages, administrations, and so on, of a social government assistance office, an administration department, and so forth a client. Microsoft is a US-based innovation organization. It was established by Bill Gates and Paul Allen in 1975 and immediately developed to turn into the biggest programming organization on the planet. Today, Microsoft is still broadly known for its product, yet the organization likewise creates equipment and gives various cloud administration. 13.6 LEARNING ACTIVITY 1. Find the top five reasons to website hacking. ___________________________________________________________________________ _________________________________________________________________________ 2. Visit your nearest library and read any book related to web security. 295 CU IDOL SELF LEARNING MATERIAL (SLM)
___________________________________________________________________________ _________________________________________________________________________ 13.7 UNIT END QUESTIONS A. Descriptive Questions Short Questions 1. What is JavaScript? 2. Discuss Analysis of SQL. 3. What are Advantages of JavaScript? 4. What are Limitations of JavaScript? 5. What is Client-Side JavaScript? Long Questions 1. Explain the Analysis of JavaScript. 2. Discuss Analysis of SQL. 3. What are SQL Features for Data Analysis, Data Warehouses and OLAP, Explain. 4. How to Use JavaScript in HTML? 5. Discuss the JavaScript – Enabling. B. Multiple Choice Questions 1. Which one of the following systems cannot be considered as an example of the operating systems? a. Windows 8 b. Red Hat Linux c. BSD Linux d. Microsoft Office 2. Which one of the following is not involved, in the CIA Triad? a. Availability b. Confidentiality c. Authenticity d. Integrity 3. Identify the correct option for the following: In an any organization, company, or firm the policies of information security come under__________ 296 CU IDOL SELF LEARNING MATERIAL (SLM)
a. CIA Triad b. Confidentiality c. Authenticity d. None of these 4. Why are the factors like Confidentiality, Integrity, Availability, and Authenticity considered as the fundamentals? a. They help in understanding the hacking process b. These are the main elements for any security breach c. They help to understand the security and its components in a better manner d. All of these 5. Which of the following to ensure the security of the data/ information, we need to the data: a. Encrypt b. Decrypt c. Delete d. None of these Answer 1-d, 2-c, 3-a, 4-c 5-a 13.8 REFERENCES References Don, Franke. (2016). Cyber Security Basics: Protect Your Organization by Applying the Fundamentals. Kevin, Mitnick. (2017). The Art of Invisibility SecondEdition. Little, Brown & Company. Lincoln, D, Stein. (1997). Web Security. Addison Wesley. Textbooks Mike, Shema. (2003). Hack Notes Web Security. McGraw-Hill Professional. Bret Hartman. (2009). Mastering Web Services Security. John Wiley & Sons Inc. Wu, Hanqing. (2013). Web security, Taylor & Francis Ltd. Websites 297 CU IDOL SELF LEARNING MATERIAL (SLM)
https://developer.mozilla.org/ https://www.udmercy.edu/ https://www.sciencedirect.com/ 298 CU IDOL SELF LEARNING MATERIAL (SLM)
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
