Understanding Web Application Technologies Overview

slide1 n.w
1 / 11
Embed
Share

Delve into the evolution of web applications from static pages to complex frameworks like J2EE and ASP.NET. Explore the shift from CGI to modern scripting interpreters and application frameworks, highlighting the strengths and challenges of each technology. Discover the significance of session controls, authorization, security considerations, and performance factors. Consider the impact on development cycles, maintainability, and scalability as web applications grow in complexity.

  • Web Applications
  • CGI
  • Scripting
  • J2EE
  • ASP.NET
rayaanacharya
col_de Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. 1 Web Applications Security What are web Applications? TalTech IT College, Andres K ver, 2018-2019, Fall semester Web: http://enos.Itcollege.ee/~akaver/WebSec Skype: akaver Email: akaver@itcollege.ee

  2. Web Applications - overview 2 Initial web was just static pages, no dynamic interaction with user was possible CGI (Common Gateway Interface) was developed allows input from user to be sent to an external program/script and then result rendered back to the user. CGI is very rare now, but the concept is parent to all current web technologies.

  3. WebApp - Technologies 3 CGI mostly not used today. Very fast, applications are written in C/C++. Low level languages don t have direct HTML output. Write-compile-deploy cycle is slow. CGI does not support session/authorization controls. Language barrier is high. C and C++ suffer from buffer overflow and resource leaks.

  4. WebApp - Technologies 4 Filters low level components (C/C++), living within execution context of webserver itself. Apache server modules, MS ISAPI. Perl, PHP, MS ASP

  5. WebApp - Technologies 5 Scripting interpreters run script code within the web server process. Not compiled write-deploy-run cycle is quicker. Usually do not suffer from buffer overflows or resource leaks. Most are not strongly typed and do not promote good programming practices. Slower. As apps grow, codebase becomes unmaintainable. Multi-tier large scale apps are hard to implement. ASP, Perl, Python, PHP,

  6. WebApp - Technologies 6 Application frameworks J2EE, ASP.NET J2EE Fast (almost on the level of C++) Large distributed apps Session and auth controls Strongly typed- prevents many common security and programming issues Hard to learn (similar to C)

  7. WebApp - Technologies 7 MS ASP.NET .NET framework, just in time MSIL compiler Lot of J2EE problem areas are improved Easier to do smaller apps Supports many languages, garbage collection, buffer overflow protection Fast (near to C++ speed), ASP.NET Core is even faster Strongly typed Used to be windows centric but not anymore. Native support on most platforms (.net core)

  8. WebApp small scale apps 8 Most applications are small/medium scale. Usual architecture is simple linear procedural script. Can be written in any language/platform (rarer on J2EE or ASP.NET) Easy to write, fewer skills are needed to maintain the code Many typical issues Dynamic db queries constructed from direct user input Bad user input validation Poor error handling Weak session/auth control

  9. WebApp large scale apps 9 Need a different architecture to that of simple survey or feedback form. Scalable architecture becomes necessity (rather than being an luxury) when more than 5 tables in database or more than 20-50 functions to user are provided. Often divided into tiers and broken down into re-usable chunks - allows distributed application (at the expense of complexity). MVC is common pattern. Microservices, docker. Good automatic scalability, high complexity.

  10. 10 THE END

  11. TODO 11 Download and modify for your choice of VM engine OWASP Broken Web Applications Project https://sourceforge.net/projects/owaspbwa/files/ Install into windows Microsoft Threat Modeling Tool 2016 http://aka.ms/tmt2016

Related


Enhancing Cybersecurity with Bluedog VAPT Services

Enhancing Cybersecurity with Bluedog VAPT Services

rosanna
WebApp Component-Level Design and Algorithm Implementation Guide

WebApp Component-Level Design and Algorithm Implementation Guide

emer_14

More Related Content