Capstone Project -Internship
During my senior year at FIU, I was granted the opportunity to be a National Science Foundation (NSF) Research Experience for Undergraduates (REU) intern at FIU EC's Cyber-Physical Systems Security Lab. My mentor was Dr. Selcuk Uluagac, but I received support from some post-docs and graduate students whilst in the lab. My goal was to understand the prevalence of a new web API, namely The File System Access API.
ESMERALDA :A New Crawler Framework for Emerging Web APIs
Introduction
Application Programming Interface (API) exist to facilitate the communication between applications through a set a functions that can vary with each individual API. Web is evolving, along with web APIs, especially JavaScript-based APIs, are playing a crucial role in this evolution. It becomes imperative to understand how these new APIs are being used (i.e., benign or malicious) on the Internet. APIs are not visible when accessing a web application, they occur in the background and to the ordinary user, they are often unaware of this processing of data occurring on their behalf from the requests initiated. Through the duration of this research, we found that locating these API specific keywords used in programming scripts to be quite challenging because the implementation of the API differs per web developer. Since the current web crawling tools are currently sub par to our needs, we created a new framework called ESMERALDA that would essentially crawl the HTML script and JavaScript source code to locate the API’s corresponding keywords. We propose this approach a novel way to properly evaluate whether a website is using an API, and in our case, the File System Access API.
The purpose of this research is to be able to identify JavaScript-based API web application and understand their prevalence in the wild. For this particular paper, we conducted our experiment using the Native File System Access API as our use-case and tested the efficacy ESMERALDA to identify this API in the wild.
Research Project Reflection
During this summer internship, I fully immersed myself in the research and dedicated several months to produce a successful project. Through the research program, I was able to learn a lot about myself and improve upon many of my skills. First and foremost, I realized that motivation, passion, and dedication fueled me to be able to handle the long working hours. Many days, I would begin working around 7 am and would not leave until about 8 or 9 pm. Most long says were spent either researching, writing code and recording data from each site that has been successfully crawled. It also made me realize conducting research is extremely time-consuming and requires an immense amount of self-discipline to produce respectable work. Once the internship was over, I presented my research in an FIU Research Symposium where all the other FIU REU cohorts would be gathered. Participating in the Research Symposium allowed me to significantly improve upon my public speaking and professional communication skills. Finally, I was required to write a research paper on my work and my findings; and through this, I was able to refine my technical writing, research, and communication skills.
This amazing experience allowed me to learn and grow immensely. I also finally understood how difficult and rigorous the research process can be, but also, learned how rewarding it felt afterward. Even though I thought research was not going to be in my future, I came to love lab-based research and would be willing to consider a career in the field in the late future. wasn’t for me. I really enjoyed the repetition, paying attention to small details, and the routine of working in the lab. As much as I enjoyed the experience, I think my biggest take-away is that I need to learn how to manage stress better because often, I had a tendency of finding myself overwhelmed by the insufficient hours in a day. With the skills I’ve acquired through the research, I know I am better prepared to handle the future challenges that lie ahead and I am much better equipped to serve as an effective employee in the Technology work field.
