Web Applications Security What are web Applications?

Slides:



Advertisements
Similar presentations
Microsoft Research March 20, 2000 A Programming Language for Developing Interactive Web Services Claus Brabrand BRICS, University of Aarhus, Denmark.
Advertisements

Introduction to Model-View-Controller (MVC) Web Programming with TurboGears Leif Oppermann,
Server-Side vs. Client-Side Scripting Languages
Introduction to ASP.NET. 2 © UW Business School, University of Washington 2004 Outline Static vs. Dynamic Web Pages.NET Framework Installing ASP.NET First.
Kashif Jalal CA-240 (072) Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 2 of…
Lecture 2 Web application architecture. Themes Architecture : The large scale structure of a system, especially a computer system Design choice: The need.
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 1.
Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias
Introduction to Web Interface Technology (CSE2030)
Active Server Pages Chapter 1. Introduction Understand how browsers and servers interacted when the Web was young Understand what early Internet and intranet.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Website Development with PHP and MySQL Introduction.
1 Java Server Pages Can web pages be created specially for each user? What part does Java play?
Advanced Distributed Software Architectures and Technology group ADSaT 1 Application Architectures Ian Gorton, Paul Greenfield.
Tutorial -01. Objective In this session we will discuss about : 1.What is MVC? 2.Why MVC? 3.Advantages of MVC over ASP.NET 4.ASP.NET development models.
Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc
Web Development Methodologies Yuan Wang(yw2326). Basic Concepts Browser/Server (B/S) Structure Keywords: Browser, Server Examples: Websites Client/Server.
Server Side Scripting Norman White. Where do we do processing? Client side – Javascript (embed code in html) – Java applets (send java program to run.
.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.
Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
1 Web Database Processing. Web Database Applications Static Report Publishing a report is prepared from a database application and exported to HTML DB.
Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.
Introduction to ASP.NET. Prehistory of ASP.NET Original Internet – text based WWW – static graphical content  HTML (client-side) Need for interactive.
CIS 285 ROBINSON WINTER 2005 CIS 285 Web Application Development with Java CIS 285 Sinclair Community College Instructor: Mary Robinson.
Basics of Web Databases With the advent of Web database technology, Web pages are no longer static, but dynamic with connection to a back-end database.
Modern Software Technologies Java™, J2EE™, JSP™, JDBC™ by Radoslav Tr. Ivanov
Lecture 19 Web Application Frameworks Boriana Koleva Room: C54
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
Website Design Lecture 1. Outline Introduction to the module Outline of the Assessment Schedule Lecture Static XHTML, client side and server side Why.
CIS 451: ASP.NET Concepts Dr. Ralph D. Westfall January, 2009.
Active Server Pages (ASP), also known as Classic ASP or ASP Classic, was Microsoft's first server-side script engine for dynamically generated web pages.
1 A Framework for Automatic Web Application Generation Marc Battyani - Fractal Concept.
ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.
ASP.NET (Active Server Page) SNU OOPSLA Lab. October 2005.
CITA 310 Section 7 Installing and Testing a Programming Environment (Textbook Chapter 7)
Web Technologies Lecture 8 Server side web. Client Side vs. Server Side Web Client-side code executes on the end-user's computer, usually within a web.
ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.
Web Page Designing With Dreamweaver MX\Session 1\1 of 9 Session 1 Introduction to PHP Hypertext Preprocessor - PHP.
Introduction to ASP.NET development. Background ASP released in 1996 ASP supported for a minimum 10 years from Windows 8 release ASP.Net 1.0 released.
Chapter 10 1 Figure 10-1: Database-enabled intranet-internet environment.
Presented By Sushil K. Chaturvedi Assistant Professor SRCEM,Banmore 1.
ASP – Web Programming Class  Ravi Anand. ASP – Active Server Pages What is ASP? - Microsoft Technology - Can Run using IIS/PWS/Others - Helps us create.
Introduction The concept of a web framework originates from the basic idea that every web application obtains its foundations from a similar set of guidelines.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
Java Server Pages Can web pages be created specially for each user?
CX Introduction to Web Programming
Building Web Applications with Microsoft ASP
Web Technologies Computing Science Thompson Rivers University
Introduction Servlets and JSP
WWW and HTTP King Fahd University of Petroleum & Minerals
MVC and other n-tier Architectures
Web Software Model CS 4640 Programming Languages for Web Applications
Building Web Applications with Microsoft ASP
Haritha Dasari Josue Balandrano Coronel -
Web Applications Security INTRO
PHP / MySQL Introduction
Web App vs Mobile App.
Enterprise Application Architecture
Introduction to Web Applications
Module 1: Getting Started
Web Development Using ASP .NET
Java Servlet Ziad A. Al-Sharif.
Lecture 1: Multi-tier Architecture Overview
Web Application Architectures
ASP.NET Module Subtitle.
Web Application Architectures
IntroductionToPHP Static vs. Dynamic websites
Web Technologies Computing Science Thompson Rivers University
Web Application Architectures
Web Application Development Using PHP
Presentation transcript:

Web Applications Security What are web Applications? IT College, Andres Käver, 2017-2018, autumn semester Web: http://enos.Itcollege.ee/~akaver/WebSec Skype: akaver Email: akaver@itcollege.ee

TODO Download and modify for your choice of VM engine https://sourceforge.net/projects/owaspbwa/files/ Install into windows Microsoft Threat Modeling Tool 2016 http://aka.ms/tmt2016

Web Applications - overview Initial web was just static pages, no dynamic interaction with user was possible CGI (Common Gateway Interface) was developed – allows input from user to be sent to an external program/script and then result rendered back to the user. CGI is very rare now, but the concept is parent to all current web technologies.

WebApp - Technologies CGI – mostly not used today. Very fast, applications are written in C/C++. Low level languages don’t have direct HTML output. Write-compile-deploy cycle is slow. CGI does not support session/authorization controls. Language barrier is high. C and C++ suffer fro buffer overflow and resource leaks.

WebApp - Technologies Filters – low level components (C/C++), living within execution context of webserver itself. Apache server modules, MS ISAPI. Perl, PHP, MS ASP

WebApp - Technologies Scripting – interpreters run script code within the web server process. Not compiled – write-deploy-run cycle is quicker. Usually do not suffer from buffer overflows or resource leaks. Most are not strongly typed and do not promote good programming practices. Slower. As apps grow, codebase becomes unmaintainable. Multi-tier large scale apps are hard to implement. ASP, Perl, PHP,…

WebApp - Technologies Application frameworks – J2EE, ASP.NET J2EE Fast (almost on the level of C++) Large distributed apps Session and auth controls Strongly typed- prevents many common security and programming issues Hard to learn (similar to C)

WebApp - Technologies MS ASP.NET .NET framework, just in time MSIL compiler Lot of J2EE problem areas are improved Easier to do smaller apps Supports many languages, garbage collection, buffer overflow protection Fast (near to C++ speed) Strongly typed Used to be windows centric – but not anymore. Native support on most platforms (.net core)

WebApp – small scale apps Most applications are small/medium scale. Usual architecture is simple linear procedural script. Can be written in any language/platform (rarer on J2EE or ASP.NET) Easy to write, few skills are needed to maintain the code Many typical issues Dynamic db queries constructed from direct user input Bad user input validation Poor error handling Weak session/auth control

WebApp – large scale apps Need a different architecture to that of simple survey or feedback form. Scalable architecture becomes necessity (rather than being an luxury) – when more than 5 tables in db or more than 20-50 functions to user are provided. Often divided into tiers and broken down into re-usable chunks - allows distributed application (at the expense of complexity). MVC is common pattern.

THE END

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.