Академический Документы
Профессиональный Документы
Культура Документы
WhatAreWebApplications?
1/6
7/9/2016
WhatAreWebApplications?
For the more technically oriented, Web applications query the content server (essentially a content
repository database) and dynamically generate web documents to serve to the client (people surng the
website). The documents are generated in a standard format to allow support by all browsers (e.g., HTML or
XHTML). JavaScript (http://www.acunetix.com/websitesecurity/javascript/) is one form of client side script
that permits dynamic elements on each page (e.g., an image changes once the user hovers over it with a
mouse). The web browser is key it interprets and runs all scripts etc. while displaying the requested pages
and content. Wikipedia brilliantly terms the web browser as the universal client for any web application.
Another signicant advantage of building and maintaining web applications is that they perform their
function irrespective of the operating system and browsers running client side. Web applications are quickly
deployed anywhere at no cost and without any installation requirements (almost) at the users end.
As the number of businesses embracing the benets of doing business over the web increases, so will the
use of web applications and other related technologies continue to grow. Moreover, since the increasing
adoption of intranets and extranets, web applications become greatly entrenched in any organizations
communication infrastructures, further broadening their scope and possibility of technological complexity
and prowess.
Web applications may either be purchased o-the-shelf or created in-house.
(http://www.acunetix.com/wp-content/uploads/2012/10/web-apps.gif)
The gure below shows how the initial request is triggered by the user through the browser over the
Internet to the web application server. The web application accesses the databases servers to perform the
requested task updating and retrieving the information lying within the database. The web application then
presents the information to the user through the browser.
http://www.acunetix.com/websitesecurity/webapplications/
2/6
7/9/2016
WhatAreWebApplications?
http://www.acunetix.com/websitesecurity/webapplications/
3/6
7/9/2016
WhatAreWebApplications?
Websites and related web applications must be available 24 hours a day, 7 days a week, to provide the
required service to customers, employees, suppliers and other stakeholders.
Firewalls and SSL provide no protection against web application hacking, simply because access to the
website has to be made public All modern database systems (e.g. Microsoft SQL Server, Oracle and
MySQL) may be accessed through specic ports (e.g., port 80 and 443) and anyone can attempt direct
connections to the databases eectively bypassing the security mechanisms used by the operating
system. These ports remain open to allow communication with legitimate trac and therefore constitute
a major vulnerability.
Web applications often have direct access to backend data such as customer databases and, hence,
control valuable data and are much more dicult to secure. Those that do not have access will have
some form of script that allows data capture and transmission. If a hacker becomes aware of weaknesses
in such a script, he may easily reroute unwitting trac to another location and illegitimately hive o
personal details.
Most web applications are custom-made and, therefore, involve a lesser degree of testing than o-theshelf software. Consequently, custom applications are more susceptible to attack
Web applications, therefore, are a gateway to databases especially custom applications which are not
developed with security best practices and which do not undergo regular security audits. In general, you
need to answer the question: Which parts of a website we thought are secure are open to hack attacks?
and what data can we throw at an application to cause it to perform something it shouldnt do?.
This is the work of a web vulnerability scanner.
http://www.acunetix.com/websitesecurity/webapplications/
4/6
7/9/2016
WhatAreWebApplications?
Enter E-Mail
Learn More
SQL Injection (http://www.acunetix.com/websitesecurity/sql-injection/)
Cross-site Scripting (http://www.acunetix.com/websitesecurity/cross-site-scripting/)
Web Site Security (http://www.acunetix.com/websitesecurity/web-site-security/)
Directory Traversal (http://www.acunetix.com/websitesecurity/directory-traversal/)
AJAX Security (http://www.acunetix.com/websitesecurity/ajax/)
Troubleshooting Apache (http://www.acunetix.com/websitesecurity/troubleshooting-tips-for-apache/)
WordPress Security (http://www.acunetix.com/websitesecurity/wordpress-security-top-tips-securewordpress-application/)
Drupal Security (http://www.acunetix.com/blog/articles/drupal-security-top-tips-to-secure-your-drupalapplication/)
Joomla! Security (http://www.acunetix.com/blog/articles/joomla-security-measures/)
Find Us on Facebook
Acunetix
LikePage
12klikes
Product Information
HTML5 Security (http://www.acunetix.com/vulnerability-scanner/html5-website-security/)
AcuSensor Technology (http://www.acunetix.com/vulnerability-scanner/acusensor-technology/)
DeepScan Technology (http://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/)
Blind XSS Detection (http://www.acunetix.com/vulnerability-scanner/acumonitor-blind-xss-detection/)
http://www.acunetix.com/websitesecurity/webapplications/
5/6
7/9/2016
WhatAreWebApplications?
Website Security
Cross-site Scripting (http://www.acunetix.com/websitesecurity/cross-site-scripting/)
SQL Injection (http://www.acunetix.com/websitesecurity/sql-injection/)
DOM-based XSS (http://www.acunetix.com/websitesecurity/improving-dom-xss-vulnerabilities-detection/)
CSRF Attacks (http://www.acunetix.com/websitesecurity/csrf-attacks/)
Directory Traversal (http://www.acunetix.com/websitesecurity/directory-traversal/)
Learn More
PHP Security (http://www.acunetix.com/websitesecurity/php-security-1/)
Web Service Security (http://www.acunetix.com/websitesecurity/web-services-wp/)
WordPress Security (http://www.acunetix.com/websitesecurity/wordpress-security-top-tips-secure-wordpress-application/)
AJAX Application Security (http://www.acunetix.com/websitesecurity/ajax/)
PCI Compliance (http://www.acunetix.com/websitesecurity/pci-compliance-wp/)
Documentation
FAQs (http://www.acunetix.com/support/faq/)
Videos (http://www.acunetix.com/support/videos/)
Web Vulnerabilities (//acunetix.com/vulnerabilities/web/)
Network Vulnerabilities (//www.acunetix.com/vulnerabilities/network/)
Trojans and Backdoors (//www.acunetix.com/vulnerabilities/trojans/)
http://www.acunetix.com/websitesecurity/webapplications/
6/6