SE/IST Research Articles

Latest IT Research Article

Web Application Security: A Pragratic Exposé

By Clement C. Aladi

Recommended Citation

Clement C. Aladi. 2024. Web Application Security: A Pragmatic Exposé. Digital Threats Just Accepted (February 2024). https://doi-org.ccl.idm.oclc.org/10.1145/3644394

Abstract

Many individuals, organizations, and industries rely on web applications for the daily operations of their businesses. With the increasing deployment and dependence on these applications, significant attention has been directed towards developing more accurate and secure mechanisms to safeguard them from malicious web-based attacks. The slow adoption of the latest security protocols, coupled with the utilization of inaccurate and inadequately tested security measures, has hindered the establishment of efficient and effective security measures for web apps. This paper reviews recent research and their recommendations for web security over the last four years. It identifies code injection as one of the most prevalent web-based attacks in recent times. The recommendations presented in this paper offer a practical guide, enabling individuals and security personnel across various industries and organizations to implement tested and proven security measures for web applications. Furthermore, it serves as a roadmap for security developers, aiding them in creating more accurate and quantifiable measures and mechanisms for web security. 

.

Automating School Fees Transactions in Nigerian Universities and Tertiary Institutions: A Systems Engineering and System Management Approach

By Clement C. Aladi

Recommended Citation: Aladi Clement, “Automating School Fees Transactions in Nigerian Universities and Tertiary Institutions: A Systems Engineering and System Management Approach” (2019). LMU/LLS Theses and Dissertations. 943. https://digitalcommons.lmu.edu/etd/943

Abstract: This project uses system engineering and system management principles to analyze the problem of transactions in Nigerian universities and tertiary institutions. System management principles shall be used to highlight the imperfections in the transaction method currently in use, especially the disconnect between the bank and the institutions using their services. It will explore other payment systems available in the country. This project will provide a recommendation for how to implement a better payment option by automating the process of school payments by using a system with cloud-based educational software at the school bursary office and through online payment processing on the school website. The system software will enable cashiering and payment management: centralized data, automated reports, and inventory controls. It will generate automatic invoices and receipts. This system will bridge the disconnect between the bank and the school since students would not need to deposit cash directly into the school account but into their accounts and then pay with their debit cards. The system will provide debit card encryption and protection using the Secure Socket Layer technology.

APPLICATION OF THE THEORY OF CONSTRAINTS IN IMPROVING ATM TRANSACTIONS IN NIGERIA

The theory of constraints is an important tool for improving process flows. The implications of the theory are far-reaching in terms of understanding bottlenecks to a process and better managing these bottlenecks to create an efficient process flow.

The theory of constraints is an important tool for operations managers to manage bottlenecks and improve process flows. Made famous by Eliyahu M. Goldratt in his book The Goal, the implications of the theory are far-reaching in terms of understanding bottlenecks to a process and better managing these bottlenecks to create an efficient process flow. Simply put the theory states, “the throughput of any system is determined by one constraint (bottleneck).” Thus, to increase the throughput, one must focus on identifying and improving the bottleneck or constraint.

Goldratt in another book, Theory of Constraints, outlines a five-step process to applying the theory:

1. Identify the process’ constraints

2. Decide how best to exploit the process constraints

3. Subordinate everything else to the above decisions

4. Evaluate the process constraint

5. Remove the constraint and re-evaluate the process

PROBLEM STATEMENT

Long queues could be very frustrating in any bank and much more in Nigeria. Most times one must wait for more than 30 minutes at the bank to withdraw money from the Automated Teller Machine (ATM) and this affects some other schedules for the day. During my last Holidays, while I was in the queue at one of the Banks in Nigeria, I made some useful observations that I thought could help our people and Banks, especially in reducing the waste arising from long wait times at the ATM. On average, it takes 47 seconds to 1 minute of a single withdrawal, to withdraw money from the ATM in the US. Long queues build up when customers do not follow the best practices or are not considerate of others and this could be seen here as excess inventory which slows the efficiency of the ATM Banking system and has a potential effect on other banking departments. So, this post offers some principles and ideas from “the goal” that could be applied to minimize and/or eliminate long wait times to make ATM transactions more efficient.

THE GOAL

 To decongest long queues at the ATM to ensure customer satisfaction.

THE CONSTRAINTS IDENTIFIED

The major constraints identified in the process is poor customer attitude and occasionally, poor Internet service or machine downtime.  The constraints are observed in the following practice wrong practices:

1. Many who come to the ATM to transfer money and pay bills and struggle with their phones to retrieve information for the transaction.

2. Many come to activate their debit card Pins and spent time thinking on the new password to use.

3. Many elderly men and women with no knowledge of ATM operation, seek help from people around to carry out their transaction when it is their turn to use the ATM, this leads to waste of valuable time

4. Many come with cards that are worn out or bent because of misuse, and the machine keeps rejecting the card, while they keep trying.

 5. Problems arising from unstable Networks at the ATM (Out-of-service error display).

Having identified the constraints, we shall apply the theory of constraints to improve the process.

1. EXPLOIT

Exploit the identified constraints ( bottlenecks) by  Customer re-orientation/ Education through mails and adverts. Improved banking services.

2. SUBORDINATE

Every other Customer coming to the bank must be informed to comply with the best practices at the ATM, and customer care must ensure compliance and offer support at all times to customers that need help.

3.  ELEVATE

 The following actions are necessary to eliminate the constraints:

 1. Self-service machines designated for other banking services other than withdrawing money and for the disabled. 

2. Queuing up in a row at the ATM helps minimize chaos and maintain a steady flow. 

3. Transaction details if not memorized,  should be copied out in a paper or ready on the phone when going to the ATM.

4. Withdrawals must be made in bulks(pre-set) or own the desired amount, to reduce the number of withdrawal cycles.

5. Counting money after withdrawal from the ATM should be avoided. The ATM is error-proof.

6. Checking balances after withdrawal should be avoided.

7. Multiple card removal and insertion in a transaction must be avoided.

8. More education in using e-banking services can decongest long queues at the ATM. Why go to the ATM to pay bills, buy airtime, or even make transfers when you can log into your mobile app or dial some code to carry it out at the comfort of your home? 95% of Nigerians who go to the ATM, go to Withdraw money so this should be given priority.

ENTERPRISE INITIATIVES

1. Provision of designated E-service ATM machines inside the banks or any secure place outside the bank to enable customers who come to the bank for any other business other than withdrawing money, like fund transfers and bills payments.

2. Improved ATM functionality by increasing internet bandwidth and preventive maintenance on the ATM to avoid long downtime.

THINK LEAN

Have you heard of Lean Thinking? If you haven’t, let me quickly say it is a process of minimizing waste in order to increase productivity in manufacturing and in every other activity that is accomplished through various steps. Lean thinking has five principles which include: Identifying value, mapping the value stream, creating flow, establishing pull, and seeking perfection. There is always a constraint in every system which affects the overall productivity of the system; identify those constraints(bottleneck), exploit, elevate it and keep on improving the process while being watchful for potential bottlenecks. When you think lean, there won’t be room for waste, hence resources will be well managed and productivity maximized. The slides posted below, describe the application of lean principles to school fees transaction. For further tutoring on Lean thinking do well to contact me here, to schedule an online session. Before then, I would recommend you read this masterpiece called THE GOAL by Eliyahu M. Goldratt and Jeff Cox.

Visual Stream Mapping

Value Stream mapping •https://www.youtube.com/watch?v=vbnLl285gyY •https://www.youtube.com/watch?v=t6UkLqk6q28 •

Value stream map for making pizza: •http://jensen.sdsmt.edu/IENG451/Materials/IENG%20451%20Assignment%2001.pdf •

Building process: •http://www.leansimulations.org/2011/09/value-stream-map-examples.html

QUALITATIVE RESEARCH

In probing on one of our major interview questions:
“When you go into the store with self-service checkout technology are you interested in using it or prefer the cashier?”
We found that all of our subjects had used SSTs, and that none stated they would not use them because the technology was too difficult. This emerged as a major theme, in that “ perceived ease of use did significantly predict people’s preference to select an SST confirming Davis’ “Perceived ease-of-use construct.” See Figure 2 for representative subject quotes associated with this theme.

We looked further into what degree our subjects using SSTs would find these systems free from effort to use when deciding between a cashier and SST. We understood that for the shoppers, their major objective is to get through the checkout process. We treated the shopper’s decision to select the SST or Cashier related to the “Perceived Usefulness” construct to the degree to which a shopper believes that using a SST would enhance their checkout process. Four axial codes lead us to this construct: Fastness/Slowness, Personal Interaction, Convenience, and Personal Feelings. See Figure 3 for representative subject quotes associated with these categories. We determined these categories were the themes associated with this construct and should not be consolidated any further.

However, from our minor codes, additional sub-themes did spin off as facilitating conditions, consumers’ perception of the resources and support available to perform a behavior (Venkatesh et al 2003), from our major themes related to the use of technology and when people chose to use Cashier or either. We did find a subset of cases where subjects were ambivalent about the use of either SST or Cashier or would choose between SST and Cashier simply based on how long the line was that day. We also found one case where the subject confirmed his perceived ease of use and perceived usefulness of SST, but still stated he would always prefer to use the cashier whenever possible demonstrating the need for more refined data collection techniques to uncover what may be psychological or sociological connections to a preference.
Finally, we found particular situations where subjects would choose the cashier because they perceived the SST as too difficult. The best example of this was the necessity to lookup barcodes for fruits and vegetables. In almost all cases, our subjects felt this would cause them to use the cashier. The second best example of this was where the subjects had a large number of items, in which case they would consider using the cashier for various reasons, for example, such as to be courteous to other shoppers, or because they did not feel like scanning a large number of items and bagging them. Overall, we saw these last two example cases again confirmed the PEOU and PU inasmuch as when a subject perceived the technology to be too difficult or not useful, they would choose the cashier.

Conclusion
Our research has shown that “perceived ease of use” and “perceived usefulness” have a significant effect on the intention to use SSTs, but preference for SSTs is further moderated by facilitating conditions. Our research has also shown that the “perceived ease of use ” construct in TAM has a direct significant effect on the behavioral intention of a shopper when it comes to preference for SST within the context of checkout in brick-and-mortar shops. However, in making preference between SST’s or cashiers within the context of shopping (which is a voluntary usage setting where shoppers have to make the choice of SST or the cashier), there is an interplay of situational factors such as; the number of people in the queue (on both SST’s or cashiers), quantity or type of goods purchased, and personal factors such as: “convenience,” all of which significantly affect individual intentions to choose either SST or cashier.
The intended contribution of this work to the existing research would be to make designers of SSTs aware of the need to improve barcode scanners and streamline the design of the future generation of SST’s to make the shopping experience in every shop the same and easy for shoppers to use. It is also a call on brick-and-mortar shops to pay more attention to labeling the items sold in the shop with barcodes that can be easily scanned. Additional research should be carried out to explore the extent to which convenience could impact user preferences between an SST and cashier. Furthermore, sub-themes should be further analyzed to understand to what extent they have a moderating effect on the overall TAM construct effect.

References:
Cheng Wang, Jennifer Harris, Paul G Patterson(2016). Modeling the habit of self-service technology usage. Volume: 42 issue: 3, 462-481
Corbin, J.M., Strauss, A. Grounded theory research: Procedures, canons, and evaluative criteria. Qual Sociol 13, 3–21 (1990).
Darrow, B. (October 20, 2015). Yay! Human cashiers prevail over automation at some CVS stores.
Davis, F. D., Bagozzi, R. P., & Warshaw, P. R. (1989). User acceptance of computer technology: A comparison of two. Management Science, 35(8), 982. Retrieved from
Fernandes, T., Pedroso, R. The effect of self-checkout quality on customer satisfaction and repatronage in a retail context. Serv Bus 11, 69–92 (2017).
The Semiotics of Alterity: A Comparison with Hermeneutics Author(s): Peter Haidu Source: New Literary History, Vol. 21, No. 3, New Historicisms, New Histories, and Others (Spring, 1990), pp. 671-691
Lee H.-J., Lyu J. Personal values as determinants of intentions to use self-service technology in retailing (2016) Computers in Human Behavior, 60, 322-332.
Meuter, M. L., Ostrom, A. L., Roundtree, R. I., & Bitner, M. J. (2000). Self-service technologies: understanding customer satisfaction with technology-based service encounters. Journal of Marketing, 64, 50–64.
Meuter, M. L., Bitner, M. J., Ostrom, A. L., & Brown, S. W. (2005). Choosing among alternative service delivery modes: an investigation of customer trial of self-service technologies. Journal of Marketing, 69(2), 61–83.
Scherer, K. R. (2005). What are emotions? And how can they be measured? Social Science Information, 44(4), 695–729.
Viswanath Venkatesh, Michael G. Morris, Gordon B. Davis and Fred D. Davis Source: MIS Quarterly, Vol. 27, No. 3 (Sep., 2003), pp. 425-478 Published by: Management Information Systems Research Center, University of Minnesota Stable URL: https://www.jstor.org/stable/30036540 Accessed: 04-05-2020 18:42 UTC
Walker, R. H., & Johnson, L. W. (2006). Why consumers use and do not use technology-enabled services. Journal of Services Marketing, 20(2), 125–135.

Download