Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Applications Security What are web Applications?

Published byZoe Parsons Modified over 6 years ago

Similar presentations

Presentation on theme: "Web Applications Security What are web Applications?"— Presentation transcript:

1 Web Applications Security What are web Applications?
IT College, Andres Käver, , autumn semester Web: Skype: akaver

2 TODO Download and modify for your choice of VM engine
Install into windows Microsoft Threat Modeling Tool 2016

3 Web Applications - overview
Initial web was just static pages, no dynamic interaction with user was possible CGI (Common Gateway Interface) was developed – allows input from user to be sent to an external program/script and then result rendered back to the user. CGI is very rare now, but the concept is parent to all current web technologies.

4 WebApp - Technologies CGI – mostly not used today. Very fast, applications are written in C/C++. Low level languages don’t have direct HTML output. Write-compile-deploy cycle is slow. CGI does not support session/authorization controls. Language barrier is high. C and C++ suffer fro buffer overflow and resource leaks.

5 WebApp - Technologies Filters – low level components (C/C++), living within execution context of webserver itself. Apache server modules, MS ISAPI. Perl, PHP, MS ASP

6 WebApp - Technologies Scripting – interpreters run script code within the web server process. Not compiled – write-deploy-run cycle is quicker. Usually do not suffer from buffer overflows or resource leaks. Most are not strongly typed and do not promote good programming practices. Slower. As apps grow, codebase becomes unmaintainable. Multi-tier large scale apps are hard to implement. ASP, Perl, PHP,…

7 WebApp - Technologies Application frameworks – J2EE, ASP.NET J2EE
Fast (almost on the level of C++) Large distributed apps Session and auth controls Strongly typed- prevents many common security and programming issues Hard to learn (similar to C)

8 WebApp - Technologies MS ASP.NET
.NET framework, just in time MSIL compiler Lot of J2EE problem areas are improved Easier to do smaller apps Supports many languages, garbage collection, buffer overflow protection Fast (near to C++ speed) Strongly typed Used to be windows centric – but not anymore. Native support on most platforms (.net core)

9 WebApp – small scale apps
Most applications are small/medium scale. Usual architecture is simple linear procedural script. Can be written in any language/platform (rarer on J2EE or ASP.NET) Easy to write, few skills are needed to maintain the code Many typical issues Dynamic db queries constructed from direct user input Bad user input validation Poor error handling Weak session/auth control

10 WebApp – large scale apps
Need a different architecture to that of simple survey or feedback form. Scalable architecture becomes necessity (rather than being an luxury) – when more than 5 tables in db or more than functions to user are provided. Often divided into tiers and broken down into re-usable chunks - allows distributed application (at the expense of complexity). MVC is common pattern.

11 THE END

Download ppt "Web Applications Security What are web Applications?"

Similar presentations

Microsoft Research March 20, 2000 A Programming Language for Developing Interactive Web Services Claus Brabrand BRICS, University of Aarhus, Denmark.

Microsoft Research March 20, 2000 A Programming Language for Developing Interactive Web Services Claus Brabrand BRICS, University of Aarhus, Denmark.
Introduction to Model-View-Controller (MVC) Web Programming with TurboGears Leif Oppermann, 24.04.2008.

Introduction to Model-View-Controller (MVC) Web Programming with TurboGears Leif Oppermann,
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
Introduction to ASP.NET. 2 © UW Business School, University of Washington 2004 Outline Static vs. Dynamic Web Pages.NET Framework Installing ASP.NET First.

Introduction to ASP.NET. 2 © UW Business School, University of Washington 2004 Outline Static vs. Dynamic Web Pages.NET Framework Installing ASP.NET First.
Kashif Jalal CA-240 (072) Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 2 of…

Kashif Jalal CA-240 (072) Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 2 of…
Lecture 2 Web application architecture. Themes Architecture : The large scale structure of a system, especially a computer system Design choice: The need.

Lecture 2 Web application architecture. Themes Architecture : The large scale structure of a system, especially a computer system Design choice: The need.
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 1.

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 1.
Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias

Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
Active Server Pages Chapter 1. Introduction Understand how browsers and servers interacted when the Web was young Understand what early Internet and intranet.

Active Server Pages Chapter 1. Introduction Understand how browsers and servers interacted when the Web was young Understand what early Internet and intranet.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Website Development with PHP and MySQL Introduction.

Website Development with PHP and MySQL Introduction.
1 Java Server Pages Can web pages be created specially for each user? What part does Java play?

1 Java Server Pages Can web pages be created specially for each user? What part does Java play?
Advanced Distributed Software Architectures and Technology group ADSaT 1 Application Architectures Ian Gorton, Paul Greenfield.

Advanced Distributed Software Architectures and Technology group ADSaT 1 Application Architectures Ian Gorton, Paul Greenfield.
Tutorial -01. Objective In this session we will discuss about : 1.What is MVC? 2.Why MVC? 3.Advantages of MVC over ASP.NET 4.ASP.NET development models.

Tutorial -01. Objective In this session we will discuss about : 1.What is MVC? 2.Why MVC? 3.Advantages of MVC over ASP.NET 4.ASP.NET development models.
Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc

Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc
Web Development Methodologies Yuan Wang(yw2326). Basic Concepts Browser/Server (B/S) Structure Keywords: Browser, Server Examples: Websites Client/Server.

Web Development Methodologies Yuan Wang(yw2326). Basic Concepts Browser/Server (B/S) Structure Keywords: Browser, Server Examples: Websites Client/Server.
Server Side Scripting Norman White. Where do we do processing? Client side – Javascript (embed code in html) – Java applets (send java program to run.

Server Side Scripting Norman White. Where do we do processing? Client side – Javascript (embed code in html) – Java applets (send java program to run.
.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.

.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.
Windows.Net Programming Series Preview. Course Schedule - 2014 CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Similar presentations

Ads by Google