P1.

1 Function and advantages of Web application

What is Web Application

A web application is a computer application that appropriates web browsers and web technology to
make tasks over the Internet which is a software program that operates on a web server. Unlike
common desktop applications, which are lanced by your operating system, web apps must be obtained
through a web browser.

The Function of a Web application

Millions of businesses use the Internet as a cost-effective communications channel. It allows them
replacing information with their victim market and gives fast, secure transactions. However, effective
action is only possible when the business is able to apprehend and store all the necessary data and have
a means of concocting this information and granting the effects to the user.

What can you do in a Web Application?

Analyses Campaigns of data collected from distrusted offices across country or world
Pretension details in Graphical Form
Order Advantages with Online Catalog, easy searching enables the consumer to maintain a record of
traditions and resource
Create Appraisals - Draw visitors to your site. You obtain details of what they are occupied. You are
prepared 24/7
Train your workforce eg lifestyle
Lifestyle questionnaire for employees, advises on a range of well-being issues including diet,
exercise, & drinking.
Stock product data online
Give duty information for workers on site via mobile devices
Support remote works to start job achievement and get sign off on position
Client-Server Nature
Web applications utilize a sequence of server-side scripts (PHP and ASP) to manage the storage and
retrieval of the knowledge, and client-side scripts (JavaScript and HTML) to display information. This
permits users to communicate with the company using online information, content administration
arrangements, shopping carts and more. In addition, the software empowers workers to organize
reports, share erudition, cooperate on projects, and act on common records despite situation or project.

Advantages of Web Applications

Web Applications deliver many business benefits compared to office-based solutions.

No install - all computer has a browser

Decrease business expenses - shorter time wasted speaking to consumers over the
telephone; reduce lettered matters; allow users to update their own parts.
Centralized information is protected and comfortable to auxiliary.
Agile and secure updates.
Transfer anybody, everywhere in the universe.
Available 24 hours a day, 7 days a week.
Low designation PCs or smartphones can be applied.
Online Education can be performed at user's own time and movement.
Through the passage of latest information - for Employees where every they are
determined.

In web applications, there is the client and the server. The “client” is a web browser, like Internet
Explorer, Google Chrome, Firefox, etc. The “server” is a web application server at a remote location
that will process web requests and send pages to the client. Web applications can contain code that is
processed on the client’s browser or on the web server. However, web applications have a disconnected
architecture, which means that there is never a live, constant connection between the page displayed in
the client’s browser and a web or database server. The majority of the processing will be done at the
server and not on the client’s internet browser. When a database needs to be accessed on a server, the
web application will post the page back to the web server and server-side code will process the request.
Server-Side Code
There are various server-side technologies that can be applied when generating web applications. The
common popular is Microsoft’s ASP.NET.

In ASP.NET, the server-side code follows the .NET Framework and is formulated in languages like C#
and VB.NET. Server-side processing is used to interact with persistent storage like databases. The
server will also provide pages to the customer and method user facts. Server-side processing occurs
while a page is first inquired and when pages are posted back to the server. Examples of server-side
processing are user validation, storing and regaining data, and operating to other pages.

The trouble of server-side method is the page postback: it can precede processing expenses that can
reduce production and drive the user to pause to the side to be treated and recreated. When the page is
posted back to the server, the customer needs a pause for the server to treat the request and transfer the
page back to the customer

Client-Side Code
The goods of client-side processing in an ASP.NET web application are programming languages like
C# and VB.NET with the .NET Framework. Languages like C# and VB.NET sit on top of the .NET
framework and have all the advantages of object-oriented designs like heritage, executing interfaces
and polymorphism.
Indifference to server-side code, client-side lines are inserted on the user's side and treated on the user’s
internet browser. Client-side code is recorded in some sort of scripting language similar JavaScript and
mix undeviatingly with the page’s HTML components like text boxes, buttons, list-boxes, and tables.
HTML and CSS are also used in the user. In sequence for the client-side script to process, the client’s
internet browser need maintain these languages.

Comparison Between Client side and Server side scripting languages

Client-Side Programming Languages
Scripts that perform on the client side. In the
context of websites, it is scripts that effect in the
browser of the user. Eg: JavaScript, VB etc.
Communicate with temporary storage
Posts requests to the server and Retrieval of data
from Server
Gives remote access for client-server program
No database require
Here are many client-side scripting languages.
1.JavaScript 2. VBScript 3. HTML (Structure)
4.CSS (Designing) 5.AJAXjQuery etc.
Server-Side Programming Languages
Scripts that perform on the Server. In the context
of the website, it is scripts that execute on
application servers. Eg: PHP, Python, Ruby etc
Synergy with servers/storages and with databases
It concocts the user input and Displays the
inquired pages
Encoding of data inside HTML
Questioning the database and Operations over
databases like delete, update.
There are many languages that can be used for
server-side programming: 1. PHP ASP.NET (C#
OR Visual Basic) 2. C++ 3. Java Python Ruby
on Rails and so on.
Web Security Concerns
Cross Site Scripting (XSS)

The possible intimidation of XSS is allowing the performance of scripts in the victim's
the browser that could hijack user sessions, deface websites, and possibly inject worms, etc. This
imperfection is made by the incorrect validation of user-supplied data when an application exerts that
data and carries it to a web browser without
initial authenticating or encrypting the content.

Malicious File Execution

The possible intimidation to code unsafe to remote file inclusion (RFI) is that it could let attackers the
chance to insert hostile code and data, producing
in overwhelming attacks, such as a total settlement of the server. Malicious file execution attacks can
modify PHP, XML and any framework that allows filenames or files from users.

Information Leakage and Irregular Error Handling

The latent threat from this imperfection is that attackers can do this vulnerability to hijack sympathetic
data, or send more serious attacks. Applications can
accidentally leak information about their configuration, internal workings, or break privacy through a
variety of application problems.

Insecure Cryptographic Storage

This possible fulmination occurs when hackers use poorly defended information to convey
identification burglary and other violations, such as credit card scam. This fault is due to web requests
not addressing individual use of cryptographic purposes to preserve data and credentials.

Insecure Communications

This imperfection issues from the potential leakage of painful knowledge over the network information
support. This is effected by a bankrupt to encrypt network transit when it’s unavoidable to guard
sympathetic publications.

Recommendation of web security improvements

HTTP Security Concerns

Programmers should not assume or on HTTP REFERER headers, form fields or cookies to deliver
security determinations, as this sort of information can be tricked.

Except secure cryptographic methods are applied to check the probity of HTTP headers, do not grant
these parameters reaching in of a user side. And, don't pretend unknown parameters cannot be modified
by the user, as confused parameters can be simply managed by invaders.
Hold sensitive assembly charges on the server to limit user-side qualification

Do not place sympathetic knowledge in all user browser cookies. If sympathetic conditions have to be
deposited in a user browser, secure cryptographic methods should be exercised to preserve the
confidentiality and sincerity of the data.

Encrypt pages holding sensorial information and limit storing

Pages including sympathetic information should be encrypted with proper method and keys such as
SSL and TLS while carrying data. Worth signed Java applets to acquire and present sensorial data, and
insert the relevant HTTP header credits to block saving, by browser or proxy, of a page should that
page include sensible data.