web application Security - research note 1

profiledidosld
WebApplicationTechnologies-AnIn-DepthLook.pptx
Home>Information Systems homework help>web application Security - research note 1

Web Application Technologies – An In-Depth Look

ITC 766-899

WEB APPLICATION SECURITY

Spring 2022

Dr. Ravi Thambusamy

Information Technology and Cybersecurity

College of Business

Missouri State University

1

Outline

Web Application Server

Client Machine

Browser

Internet

Website Address / Uniform Resource Locator (URL)

2

Outline (contd.)

Domain Name System (DNS) Servers

HyperText Transfer Protocol (HTTP)

HyperText Markup Language (HTML)

Cascading Style Sheets (CSS)

JavaScript

Java / .NET / C# / Python, etc.

3

Web Application Server

4

Serves as the host for web applications

Refers to the “server” portion of the client-server architecture

Receives the HyperText Transfer Protocol (HTTP) request message from the client machine’s browser

Authenticates the client based on the user-supplied credentials

Examples: Apache Tomcat, Microsoft IIS, IBM WebSphere, Oracle WebLogic, Red Hat JBoss EAP, etc.

Web Application Server

5

Authorizes the client’s access to the requested web application after authentication

Sends an HTTP response header back to the client machine with the response code 200 for successful requests or the response code 404 for page not found (maybe due to a broken link)

Uses ports to make services available to clients

Common port numbers: 80 for HTTP traffic, 25 for SMTP traffic, 21 for FTP traffic, 23 for telnet traffic, etc.

Web Application Server (contd.)

6

Traditional three-tier web hosting architecture

Web Application Server (contd.)

Source: 2021 Amazon Web Services: Web Application Hosting in the AWS Cloud –

https://d1.awsstatic.com/whitepapers/aws-web-hosting-best-practices.pdf

7

Client Machine

8

Refers to the “client” portion of the client-server architecture

Is an Internet-connected device that allows a user to not only request services from a server, but also to view the results returned by the server

Is typically a workstation (at work) or a personal computer (at home)

Client Machine

9

Runs on a specific operating system (Microsoft Windows 10 Version 21H1, Apple macOS 12.0 Monterey, Google Android OS 12.0, Apple iOS 15.3, Linux Mint 20.3)

Has a browser (Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, etc.) installed on it

Client Machine (contd.)

10

Browser

11

Is installed on the client machine

Is used to request the web application from the web application server

Accepts website address in the form of a Uniform Resource Locator (URL)

Sends the URL to a Domain Name System (DNS) server to translate the URL into an Internet Protocol (IP) address

Browser

12

Uses the IP address received from the DNS server to send an HTTP request message to the web application server

Parses the information sent back from the web application server

Assembles and displays the web application to the end user on the client machine by converting HTML/CSS/JavaScript code into text, images, and videos

Browser (contd.)

13

Browser (contd.)

Source: OpenCanvas –

https://www.youtube.com/watch?v=z0HN-fG6oT4

How Web Browsers Function? – OpenCanvas

14

Internet

15

Is a network of networks (infrastructure)

Is needed to connect the client to the server in the client-server architecture

Allows access to the web using HTTP

Also allows other traffic (SMTP, FTP, SNMP, DHCP, etc.)

Is provided by an Internet Service Provider (ISP) for a fee

Internet

16

Website Address / Uniform Resource Locator

17

Is made up of protocols, host names, domain names, top level domain, port numbers, file paths, file names, parameter strings, and anchors

Is maintained by a registrar (example: GoDaddy.com, Wix.com, etc.)

Lets clients access a web application using the name of the organization (amazon.com) that owns it instead of having to remember an IP address (204.246.162.5)

Website Address / Uniform Resource Locator

18

Website Address / URL (contd.)

Source: GCFLearnFree.org –

https://www.youtube.com/watch?v=5Jr-_Za5yQM

Internet Tips: Understanding URLs – GCFLearnFree.org

19

Domain Name System (DNS) Servers

20

Is a protocol that operates on layer 7 (Application Layer) in the 7-layer Open Systems Interconnection (OSI) model

Resolves a given website address or URL (example: amazon.com) into its corresponding IP address (example: 204.246.162.5)

Is made up of resolvers, root servers, Top Level Domain (TLD) servers, and authoritative name servers

Domain Name System (DNS) Servers

21

DNS Servers (contd.)

Source: PowerCert Animated Videos - https://www.youtube.com/watch?v=mpQZVYPuDGU

How a DNS Server works? – PowerCert

22

HyperText Transfer Protocol (HTTP)

23

HyperText Transfer Protocol (HTTP)

Is another protocol that operates on layer 7 (Application Layer) in the 7-layer Open Systems Interconnection (OSI) model

Specifies the communication language for sending and receiving data between the client and the server in a client-server architecture

An overview of HTTP – MDN (source: Mozilla MDN web docs, 2021)

24

HyperText Transfer Protocol (HTTP) (contd.)

Source: Code.org - https://www.youtube.com/watch?v=kBXQZMmiA4s

The Internet: HTTP & HTML – Code.org

25

HyperText Markup Language (HTML)

26

Instructs the browser to assemble and display the web application to the end user

Is the code that describes the structure and content of a web application

Uses start tags (<>) and end tags (</>) to represent different components of a web application such as head, title, body, paragraph, table, form, etc.

HTML Tutorial (Source: w3schools.com)

HyperText Markup Language (HTML)

27

Cascading Style Sheets (CSS)

28

Cascading Style Sheets (CSS)

CSS is a language that specifies how HTML components such as head, title, body, paragraph, table, form, etc. are displayed on a browser

amazon.com with CSS and without CSS

HTML has basic formatting tags

CSS allows a lot more flexibility in terms of how web applications appear

CSS Tutorial (Source: w3schools.com)

29

Cascading Style Sheets (CSS) (contd.)

CSS Basics (Part 1) – What is CSS? – DevTips

Source: DevTips - https://www.youtube.com/watch?v=s7ONvIgOWdM

30

JavaScript

31

Allows web applications to be interactive

Is the code required to handle user-triggered events (behavior)

Is not the same as Java since it is a client-side scripting language (runs inside a browser)

Is placed inside of HTML code using the <script> & </script> tags

JavaScript Tutorial (Source: w3schools.com)

Utilizes other concepts such as JSON, DOM, AJAX, etc. (Source: w3schools.com)

JavaScript

32

Java / .NET / C# / Python, etc.

33

Java / .NET / C# / Python

Used as a part of the application tier in the 3-tier web application architecture to code the business logic behind the web applications

Are all examples of Object-Oriented Programming (OOP) languages which emphasize encapsulation, inheritance, and polymorphism

Java / .NET / C# / Python, etc.

34

Web applications require several different technologies to come together in order to work

These include:

Web application servers, client machines, browsers, Internet, website address/URL, DNS servers, HTTP, HTML, CSS, JavaScript, Java/.NET/C#/Python, etc.

Before we can comprehend what vulnerabilities exist in web applications and how to fix those, we need to gain a better understanding of the technologies that enable a web application to work

Recap

35

Thank you!!!

36