An Analysis of Security and Performance Concerns in Mobile Web Application Development: Challenges and Open Issues

The paper focuses on security and performance concerns in mobile web development. The approach used in the study involved surveying journal publications to identify security and performance concerns. The paper highlights some of the contemporary issues currently being faced by application developers as they create, update and maintain mobile web applications including Cross-Site Scripting, Cookie hijacking/theft, location hijacking, history theft, behaviour analysis, session hijacking, API design, security and the type of web server used considered.

[1]  Nataliia Bielova Survey on JavaScript security policies and their enforcement mechanisms in a web browser , 2013, J. Log. Algebraic Methods Program..

[2]  Youki Kadobayashi,et al.  Web Server Protection against Application Layer DDoS Attacks Using Machine Learning and Traffic Authentication , 2015, 2015 IEEE 39th Annual Computer Software and Applications Conference.

[3]  Anup P. Ranekar,et al.  Survey of DOS defense mechanisms , 2015, 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS).

[4]  Novia Admodisastro,et al.  Current state of research on cross-site scripting (XSS) - A systematic literature review , 2015, Inf. Softw. Technol..

[5]  Zaipuna O. Yonah,et al.  Security frameworks in the converged web and mobile applications: A review , 2014, Proceedings of the 2nd Pan African International Conference on Science, Computing and Telecommunications (PACT 2014).

[6]  Shaohua Wang,et al.  What Do Client Developers Concern When Using Web APIs? An Empirical Study on Developer Forums and Stack Overflow , 2016, 2016 IEEE International Conference on Web Services (ICWS).

[7]  Wei-Tek Tsai,et al.  Multi-factor web API security for securing Mobile Cloud , 2015, 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD).

[8]  Yang Li,et al.  A lightweight web server anomaly detection method based on transductive scheme and genetic algorithms , 2008, Comput. Commun..

[9]  Lwin Khin Shar,et al.  Automated removal of cross site scripting vulnerabilities in web applications , 2012, Inf. Softw. Technol..

[10]  Nuno Laranjeiro,et al.  Assessing the security of web service frameworks against Denial of Service attacks , 2015, J. Syst. Softw..

[11]  Vijay Varadharajan,et al.  A New Security Scheme for Integration of Mobile Agents and Web Services , 2007, Second International Conference on Internet and Web Applications and Services (ICIW'07).

[12]  Marco Vieira,et al.  Assessing and Comparing Security of Web Servers , 2008, 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing.

[13]  Ana Pont,et al.  Analyzing web server performance under dynamic user workloads , 2013, Comput. Commun..

[14]  C. Kruegel,et al.  A Large-Scale Study of Mobile Web App Security , 2015 .

[15]  Ying Zhao,et al.  A Dynamic Weight-Based Dynamic Requests Scheduling Model in Multi-core Web Server , 2014, 2014 International Conference on Service Sciences.

[16]  Filip De Turck,et al.  Design of a security mechanism for RESTful Web Service communication through mobile clients , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[17]  Sen-Tarng Lai,et al.  An Interface Design Secure Measurement Model for Improving Web App Security , 2011, 2011 International Conference on Broadband and Wireless Computing, Communication and Applications.

[18]  Josune Hernantes,et al.  Mobile Web Apps , 2013, IEEE Software.

[19]  Andre Charland,et al.  Mobile application development , 2011, Commun. ACM.

[20]  Angelos D. Keromytis,et al.  The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[21]  Dan Boneh,et al.  Who killed my battery?: analyzing mobile browser energy consumption , 2012, WWW.

[22]  Andy Zaidman,et al.  Web API growing pains: Loosely coupled yet strongly tied , 2014, J. Syst. Softw..

[23]  Lei Guo,et al.  CCNxTomcat: An extended web server for Content-Centric Networking , 2014, Comput. Networks.

[24]  Andy Zaidman,et al.  Web API Fragility: How Robust is Your Mobile Application? , 2015, 2015 2nd ACM International Conference on Mobile Software Engineering and Systems.

[25]  Nicholas C. Zakas The evolution of web development for mobile devices , 2013, CACM.