DOCSLIB.ORG

Hacking Exposed-Web

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Hacking Exposed ™ Web 2.0 Reviews “In the hectic rush to build Web 2.0 applications, developers continue to forget about security or, at best, treat it as an afterthought. Don’t risk your customer data or the integrity of your product; learn from this book and put a plan in place to secure your Web 2.0 applications.” —Michael Howard Principal Security Program Manager, Microsoft Corp. “This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites. The authors give solid, practical advice on how to identify and mitigate these threats. This book provides valuable insight not only to security engineers, but to application developers and quality assurance engineers in your organization.” —Max Kelly, CISSP, CIPP, CFCE Sr. Director, Security Facebook “This book could have been titled Defense Against the Dark Arts as in the Harry Potter novels. It is an insightful and indispensable compendium of the means by which vulnerabilities are exploited in networked computers. If you care about security, it belongs on your bookshelf.” —Vint Cerf Chief Internet Evangelist, Google “Security on the Web is about building applications correctly, and to do so developers need knowledge of what they need to protect against and how. If you are a web developer, I strongly recommend that you take the time to read and understand how to apply all of the valuable topics covered in this book.” —Arturo Bejar Chief Security Officer at Yahoo! “This book gets you started on the long path toward the mastery of a remarkably complex subject and helps you organize practical and in-depth information you learn along the way.” —From the Foreword by Michal Zalewski, White Hat Hacker and Computer Security Expert This page intentionally left blank HACKING EXPOSED™ WEB 2.0: WEB 2.0 SECURITY SECRETS AND SOLUTIONS RICH CANNINGS HIMANSHU DWIVEDI ZANE LACKEY New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright © 2008 by The McGraw-Hill Companies. All rights reserved. Manufactured in the United States of America. Except as permit- ted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. 0-07-159548-1 The material in this eBook also appears in the print version of this title: 0-07-149461-8. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at [email protected] or (212) 904-4069. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. DOI: 10.1036/0071494618 Professional Want to learn more? We hope you enjoy this McGraw-Hill eBook! If you’d like more information about this book, its author, or related books and websites, please click here. I dedicate this book to sprout! <3 —Rich Cannings This book is dedicated to my daughter, Sonia Raina Dwivedi, whose neverending smiles are the best thing a Dad could ask for. —Himanshu Dwivedi To my parents, who always encouraged me and taught me everything I know about cheesy dedications. —Zane Lackey ABOUT THE AUTHORS Rich Cannings Rich Cannings is a senior information security engineer at Google. Prior to working for Google, Rich was an independent security consultant and OpenBSD hacker. Rich holds a joint MSc. in theoretical mathematics and computer science from the University of Calgary. Himanshu Dwivedi Himanshu Dwivedi is a founding partner of iSEC Partners, an information security organization. Himanshu has more than 12 years’ experience in security and information technology. Before forming iSEC, Himanshu was the technical director of @stake’s Bay Area practice. Himanshu leads product development at iSEC Partners, which includes a repertoire of SecurityQA products for web applications and Win32 programs. In addition to his product development efforts, he focuses on client management, sales, and next genera- tion technical research. He has published five books on security, including Hacking Exposed: Web 2.0 (McGraw-Hill), Hacking VoIP (No Starch Press), Hacker’s Challenge 3 (McGraw-Hill), Securing Storage (Addison Wesley Publishing), and Implementing SSH (Wiley Publishing). Himanshu also has a patent pending on a storage design architecture in Fibre Channel SANs VoIP. Zane Lackey Zane Lackey is a senior security consultant with iSEC Partners, an information security organization. Zane regularly performs application penetration testing and code reviews for iSEC. His research focus includes AJAX web applications and VoIP security. Zane has spoken at top security conferences including BlackHat 2006/2007 and Toorcon. Additionally, he is a coauthor of Hacking Exposed: Web 2.0 (McGraw-Hill) and contributing author of Hacking VoIP (No Starch Press). Prior to iSEC, Zane focused on Honeynet research at the University of California, Davis, Computer Security Research Lab, under noted security researcher Dr. Matt Bishop. ABOUT THE CONTRIBUTING AUTHORS Chris Clark Chris Clark possesses several years of experience in secure application design, penetra- tion testing, and security process management. Most recently, Chris has been working for iSEC Partners performing application security reviews of Web and Win32 applications. Chris has extensive experience in developing and delivering security training for large organizations, software engineering utilizing Win32 and the .Net Framework, and ana- lyzing threats to large scale distributed systems. Prior to working for iSEC Partners, Chris worked at Microsoft, assisting several product groups in following Microsoft’s Secure Development Lifecycle. Alex Stamos Alex Stamos is a founder and VP of professional services at iSEC Partners, an information security organization. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and he has taught multiple classes in network and application security. He is a leading researcher in the field of web application and web services security and has been a featured speaker at top industry conferences such as Black Hat, CanSecWest, DefCon, Syscan, Microsoft BlueHat, and OWASP App Sec. He holds a BSEE from the University of California, Berkeley. ABOUT THE TECHNICAL EDITOR Jesse Burns Jesse Burns is a founding partner and VP of research at iSEC Partners, where he performs penetration tests, writes tools, and leads research. Jesse has more than a decade of experience as a software engineer and security consultant, and he has helped many of the industry’s largest and most technically-demanding companies with their application security needs. He has led numerous development teams as an architect and team lead; in addition, he designed and developed a Windows-delegated enterprise directory management system, produced low-level security tools, built trading and support systems for a major US brokerage, and architected and built large frameworks to support security features such as single sign-on. Jesse has also written network applications such as web spiders and heuristic analyzers. Prior to iSEC, Jesse was a managing security architect at @stake. Jesse has presented his research throughout the United States and internationally at venues including the Black Hat Briefings, Bellua Cyber Security, Syscan, OWASP, Infragard, and ISACA. He has also presented custom research reports for his many security consulting clients on a wide range of technical issues, including cryptographic attacks, fuzzing techniques, and emerging web application threats.
Recommended publications
  • Ts 124 623 V9.3.0 (2011-10)

    Ts 124 623 V9.3.0 (2011-10)

    ETSI TS 124 623 V9.3.0 (2011-10) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Extensible Markup Language (XML) Configuration Access Protocol (XCAP) over the Ut interface for Manipulating Supplementary Services (3GPP TS 24.623 version 9.3.0 Release 9) 3GPP TS 24.623 version 9.3.0 Release 9 1 ETSI TS 124 623 V9.3.0 (2011-10) Reference RTS/TSGC-0124623v930 Keywords GSM,LTE,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
  • Javascript Hijacking Brian Chess, Yekaterina Tsipenyuk O'neil, Jacob West

    Javascript Hijacking Brian Chess, Yekaterina Tsipenyuk O'neil, Jacob West

    JavaScript Hijacking Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West March 12, 2007 Summary An increasing number of rich Web applications, often called AJAX applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read sensitive data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed the 12 most popular AJAX frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET AJAX (a.k.a. Atlas), XAJAX and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation. Many programmers are not using any of these frameworks, but based on our findings with the frameworks, we believe that many custom-built applications are also vulnerable. An application may be vulnerable if it: • Uses JavaScript as a data transfer format • Handles sensitive data We advocate a two-pronged mitigation approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate. 1. Introduction1 Although the term “Web 2.0” does not have a rigorous definition, it is commonly used in at least two ways.
  • Knowledge Extraction for Hybrid Question Answering

    Knowledge Extraction for Hybrid Question Answering

    KNOWLEDGEEXTRACTIONFORHYBRID QUESTIONANSWERING Von der Fakultät für Mathematik und Informatik der Universität Leipzig angenommene DISSERTATION zur Erlangung des akademischen Grades Doctor rerum naturalium (Dr. rer. nat.) im Fachgebiet Informatik vorgelegt von Ricardo Usbeck, M.Sc. geboren am 01.04.1988 in Halle (Saale), Deutschland Die Annahme der Dissertation wurde empfohlen von: 1. Professor Dr. Klaus-Peter Fähnrich (Leipzig) 2. Professor Dr. Philipp Cimiano (Bielefeld) Die Verleihung des akademischen Grades erfolgt mit Bestehen der Verteidigung am 17. Mai 2017 mit dem Gesamtprädikat magna cum laude. Leipzig, den 17. Mai 2017 bibliographic data title: Knowledge Extraction for Hybrid Question Answering author: Ricardo Usbeck statistical information: 10 chapters, 169 pages, 28 figures, 32 tables, 8 listings, 5 algorithms, 178 literature references, 1 appendix part supervisors: Prof. Dr.-Ing. habil. Klaus-Peter Fähnrich Dr. Axel-Cyrille Ngonga Ngomo institution: Leipzig University, Faculty for Mathematics and Computer Science time frame: January 2013 - March 2016 ABSTRACT Over the last decades, several billion Web pages have been made available on the Web. The growing amount of Web data provides the world’s largest collection of knowledge.1 Most of this full-text data like blogs, news or encyclopaedic informa- tion is textual in nature. However, the increasing amount of structured respectively semantic data2 available on the Web fosters new search paradigms. These novel paradigms ease the development of natural language interfaces which enable end- users to easily access and benefit from large amounts of data without the need to understand the underlying structures or algorithms. Building a natural language Question Answering (QA) system over heteroge- neous, Web-based knowledge sources requires various building blocks.
  • Ajax for Dummies (2006).Pdf

    Ajax for Dummies (2006).Pdf

    01_785970 ffirs.qxp 1/20/06 10:51 AM Page iii Ajax FOR DUMmIES‰ by Steve Holzner, PhD 01_785970 ffirs.qxp 1/20/06 10:51 AM Page ii 01_785970 ffirs.qxp 1/20/06 10:51 AM Page i Ajax FOR DUMmIES‰ 01_785970 ffirs.qxp 1/20/06 10:51 AM Page ii 01_785970 ffirs.qxp 1/20/06 10:51 AM Page iii Ajax FOR DUMmIES‰ by Steve Holzner, PhD 01_785970 ffirs.qxp 1/20/06 10:51 AM Page iv Ajax For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc.
  • Copyrighted Material

    Copyrighted Material

    15_043067 bindex.qxd 6/15/06 7:38 PM Page 330 INDEX accessing XML on server, 172–173 A downloading and installing, 170–171, 176 absolute positioning, 288–289 downloading XML data, 174–175 add function, 40–41 stripping out whitespace, 172, 173, 174 addition function for XML data extraction, 82–83 URL encoding, 171 addition operator (+) (JavaScript), 40, 44, 45 alert boxes Ajax (Asynchronous JavaScript + XML). See also Ajax display by JavaScript function, 30–31 XMLHttpRequest frameworks; object displaying, 28–29 advantages, 2, 3, 62 displaying text from text fields, 37 attributes, 29, 262–263 aligning text in CSS, 278–279 downloading JavaScript, 94–95 AND logical operator (JavaScript), 53 event attributes, 29 anonymous JavaScript functions, 68 example of data Submit and fetch, 4–5 Apache Tomcat Java-based server, 231 XMLHttpRequest importance of object, 62 Apple Safari, 63 server-side scripts and PHP used with, 76–77 arguments, passing to functions, 38–39 Ajax frameworks arithmetic operators (JavaScript), 45 ! caution: importance of files and placement, 152 assignment operators (JavaScript), 44, 45 resultXML ! caution: naming global variable “ ”, 171, 175 asynchronous versus synchronous requests, ! caution: on use of global variables, 155, 159 178, 180 advantages, 152–153 attributes (Ajax), 29, 262–263 Ajax tag library, 236–239 autocomplete capability AJAXLib Ajax framework, 170–175 example demonstration site, 8–9 browser-based versus server-side, 152 support for, in Ajax tag library, 236–237 downloadable and free, 182 installing and allowing
  • Javascript Hijacking

    Javascript Hijacking

    JavaScript Hijacking Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West {brian, katrina, jacob}@fortifysoftware.com March 12, 2007 Summary An increasing number of rich Web applications, often called Ajax applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read confidential data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed 12 popular Ajax frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET Ajax (a.k.a. Atlas), xajax and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation. Many programmers are not using any of these frameworks, but based on our findings with the frameworks, we believe that many custom-built applications are also vulnerable. An application may be vulnerable if it: • Uses JavaScript as a data transfer format • Handles confidential data We advocate a two-pronged mitigation approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate. 1. Introduction Although the term “Web 2.0” does not have a rigorous definition, it is commonly used in at least two ways.
  • Ajax, State of The

    Ajax, State of The

    AjAjaax,x, ststaattee ooff tthhee aarrtt Tarek Ziadé, Nuxeo [email protected] WWhhoo aamm ii ● I am engineer at Nuxeo ● I work on CPS, the famous ECM Plateform ;) ● I©ve been lately in charge of Ajax stuff in CPS ● I read Ajax related feeds before I go to bed WWhhaatt iiss AAjjaaxx ?? A dutch football club (a good one) A cleanser (really works) AA WWeebb 22..00 tteechchnnoollooggyy Asynchronous Javascript And XML WWhhaatt©©ss WWeebb 22..00 ?? TTiimm OO©©RReeiillllyy©©ss ©©ccoommppaacctt©© ddeeffiinniittiioonn:: Web 2.0 is the network as platform, spanning all connected devices; Web 2.0 applications are those that make the most of the intrinsic advantages of that platform: delivering software as a continually-updated service that gets better the more people use it, consuming and remixing data from multiple sources, including individual users, while providing their own data and services in a form that allows remixing by others, creating network effects through an "architecture of participation," and going beyond the page metaphor of Web 1.0 to deliver rich user experiences. MMaarrkkuuss AAnnggeerrmmeeiieerr©©ss vviieeww ooff WWeebb 22..00:: (courtesy of Markus Angermeier) WWeebb 22..00 AAppppss ✔ del.icio.us ✔ flickr ✔ Voo2do ✔ Digg ✔ Google Mail (Gmail) ✔ Writely ✔ Basecamp ✔ ... AjAjaaxx bbiigg ppiictctuurere 11//22 (courtesy of J. J. Garett) AjAjaaxx bbiigg ppiictctuurere 22//22 (courtesy of J. J. Garett) TThhee LLiistst ooff tthhiinnggss AjAjaaxx rereaallllyy bbririnnggss ✔ Increases interactivity ✔ Save bandwidth ✔ Helps avoiding some interactive
  • Integrating AJAX Approach Into GIS Visualization Web Services

    Integrating AJAX Approach Into GIS Visualization Web Services

    Integrating AJAX Approach into GIS Visualization Web Services Ahmet Sayar1, 2, *, Marlon Pierce1 and Geoffrey Fox 1, 2, 3, 4 1 Community Grids Lab, Indiana University, Bloomington, Indiana, 47404, USA 2Department of Computer Science, Indiana University 3Department of Physics, Indiana University 4School of Informatics, Indiana University {asayar, mpierce, gcf}@cs.indiana.edu Abstract XML and HTTP as AJAX does. Since AJAX and Web Services are XML based structures they are able to As the Web platform continues to mature, we see an leverage each others strength. increasing number of amazing technologies that take Geographic Information Systems (GIS) visualization In this paper, we first give some background applications to new levels of power and usability. By information about the web technologies we have been integrating new powerful technologies into GIS using in our proposed architecture. These are basically systems, we get higher performance results with AJAX, Web Services, and GIS Web Services. In additional functionalities. The most recent Section 3 we mention some related works about the development capturing the attention of the browser AJAX and Web Services. In Section 4 we first give a based application developers is AJAX (Asynchronous generic architecture for integration of any Web JavaScript and XML). In this paper we present a Services and AJAX. Then, we give sample usage generic and performance efficient framework for scenarios to prove our integration concepts; one of integrating AJAX models into the browser based GIS them is for Google and GIS Data Server (WFS) Visualization Web Services systems. integration and the other one is for Google and GIS Mapping Server (WMS) integration.
  • D 5.2.2 Semantic Annotation 2

    D 5.2.2 Semantic Annotation 2

    SEMANTIC ANNOTATION 2 MARCH 2017 DELIVERABLE Project Acronym: SDI4Apps Grant Agreement number: 621129 Project Full Title: Uptake of Open Geographic Information Through Innovative Services Based on Linked Data D5.2.2 SEMANTIC ANNOTATION 2 Revision no. 03 Authors: Otakar Čerba (University of West Bohemia) Project co-funded by the European Commission within the ICT Policy Support Programme Dissemination Level P Public X C Confidential, only for members of the consortium and the Commission Services D5.2.2 Semantic Annotation 2 REVISION HISTORY Revision Date Author Organisation Description 01 07/03/2016 Otakar Čerba UWB Initial draft 02 29/03/2016 Martin Tuchyna, SAZP/CCSS Internal review Karel Charvát 03 30/03/2016 Otakar Čerba UWB Final version Statement of originality: This deliverable contains original unpublished work except where clearly indicated otherwise. Acknowledgement of previously published material and of the work of others has been made through appropriate citation, quotation or both. Disclaimer: Views expressed in this document are those of the individuals, partners or the consortium and do not represent the opinion of the Community. Page 3 of 15 © SDI4Apps Consortium 2017 D5.2.2 Semantic Annotation 2 TABLE OF CONTENTS Revision History ................................................................................................................. 3 Table of Contents .............................................................................................................. 4 List of Figures ..................................................................................................................
  • Applications of Smart Points of Interest

    Applications of Smart Points of Interest

    Applications of Smart Points Of Interest Otakar Čerba University of West Bohemia, Plzeň, Czech Republic Outline I About Smart Points of Interest (SPOI) I Examples of applications – map client I Future steps of SPOI development Motivation – Why did we start to develop SPOI 1. Request for open data for tourism, including promotion of services or regions → data focused on interesting places or features (points of interest) 2. Need to interconnect this data with existing data, but also non-structured information (photos, maps, text documents, records. ) → Linked Data approach 3. Demand on seamless data (without state borders) → one global dataset enabling any type of data querying (GeoSPARQL) 4. Low costs on data production and management → data from various existing resources, but published in the uniform data model and with use standards 5. Possibility of an attractive visualization (maps), integration to external application and simple editing → support by independent simple tools based on standards Smart Points of Interest (SPOI) I ~27 000 000 points published as 5* Linked Open Data I Data access I Map client (within editing) I SPARQL endpoint (results exported to JSON, CSV, RDF. ) I Web page: gis.zcu.cz/spoi I SPOI description I Links to map client and SPARQL endpoint I Data model, harmonization scheme, list of changes, metadata DOAP a VoID SPOI Populating I 49 external data resources I Global datasets – OpenStreetMap, Natural Earth, GeoNames.org I Local data from Citadel on the Move project I Local data – small regions from Italy, Belgium,
  • The Effect of Knowledge Management Systems On

    The Effect of Knowledge Management Systems On

    THE ARTS This PDF document was made available from www.rand.org as a public CHILD POLICY service of the RAND Corporation. CIVIL JUSTICE EDUCATION ENERGY AND ENVIRONMENT Jump down to document6 HEALTH AND HEALTH CARE INTERNATIONAL AFFAIRS NATIONAL SECURITY The RAND Corporation is a nonprofit research POPULATION AND AGING organization providing objective analysis and effective PUBLIC SAFETY solutions that address the challenges facing the public SCIENCE AND TECHNOLOGY and private sectors around the world. SUBSTANCE ABUSE TERRORISM AND HOMELAND SECURITY TRANSPORTATION AND INFRASTRUCTURE Support RAND WORKFORCE AND WORKPLACE Browse Books & Publications Make a charitable contribution For More Information Visit RAND at www.rand.org Explore Pardee RAND Graduate School View document details Limited Electronic Distribution Rights This document and trademark(s) contained herein are protected by law as indicated in a notice appearing later in this work. This electronic representation of RAND intellectual property is provided for non-commercial use only. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. Permission is required from RAND to reproduce, or reuse in another form, any of our research documents for commercial use. For information on reprint and linking permissions, please see RAND Permissions. This product is part of the Pardee RAND Graduate School (PRGS) dissertation series. PRGS dissertations are produced by graduate fellows of the Pardee RAND Graduate School, the world’s leading producer of Ph.D.’s in policy analysis. The dissertation has been supervised, reviewed, and approved by the graduate fellow’s faculty committee. The Effect of Knowledge Management Systems on Organizational Performance Do Soldier and Unit Counterinsurgency Knowledge and Performance Improve Following “Push” or “Adaptive-Push” Training? S.
  • Collaborative Writing with Web 2.0 Technologies: Education Students’ Perceptions

    Collaborative Writing with Web 2.0 Technologies: Education Students’ Perceptions

    Journal of Information Technology Education: Volume 10, 2011 Innovations in Practice Collaborative Writing with Web 2.0 Technologies: Education Students’ Perceptions Cornelia Brodahl, Said Hadjerrouit, and Nils Kristian Hansen University of Agder, Kristiansand, Norway [email protected] [email protected] [email protected] Executive Summary Web 2.0 technologies are becoming popular in teaching and learning environments. Among them several online collaborative writing tools, like wikis and blogs, have been integrated into educa- tional settings. Research has been carried out on a wide range of subjects related to wikis, while other, comparable tools like Google Docs and EtherPad remain largely unexplored in the litera- ture. This work presents a case study investigating education students’ perceptions of collabora- tive writing using Google Docs and EtherPad. Both tools provide opportunity for multiple users to work on the same document simultaneously, have a separate space for written metacommuni- cation, and are promoted by software designers to be fairly intuitive to adopt without prior train- ing. The work investigates if perceptions depend on factors such as gender, age, digital compe- tence, interest in digital tools, educational settings, and choice of writing tool, and examines if the tools are easy to use and effective in group work. This paper focuses on quantitative results of survey questionnaires. Further qualitative analysis will be presented in a later paper. The theoretical framework is drawn from two learning theories, the social-constructivist learning theory and the community of practice, and their relationships to collaborative tools. Related re- search literature is characterized by a number of issues: positive elements of use, advantages of using Web 2.0 technologies, critical issues regarding the pedagogical value of Web 2.0, and the role of the teacher in using these technologies.