As a business you most probably use the web as an inexpensive channel to communicate and exchange information with your prospects and transactions with your customers.
As a marketer you probably want to get to know the people visiting your site and start communicating with them. One way of doing this is asking your web visitors to subscribe to your newsletter or to submit an application form when requesting information on your products. This data must be captured and stored so that it is presented to you in an intelligible way at a later date, when you need it.
Web applications are therefore fundamental to you as you strive to leverage your online presence to create long-lasting and profitable relationships with your prospects and customers.
Web applications defined
From a technological view-point, the web is a highly programmable environment that allows mass customization through the immediate deployment of a large and diverse range of web applications to millions of global users. Two important components of a modern website are flexible web browsers available to all at no expense and web applications.
Web browsers are software applications that allow users to retrieve data and interact with content located on web pages within a website.
Today’s websites are a far cry from the static text and graphics showcases of the early and mid-nineties: modern web pages allow personalized dynamic content to be pulled down by users according to individual preferences and settings. Furthermore, web pages may also run client-side scripts that “change” the Internet browser into an interface for such applications as web mail and interactive mapping software (e.g., Yahoo Mail and Google Maps). Most importantly, modern web sites allow the capture and storage of sensitive customer data (e.g., personal details, credit card numbers, social security information, etc.) for immediate and recurrent use.
Implementing such websites and pages involves web applications
Web applications are computer programs. These programs allow website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. The data is then presented to the user within the browser as information is generated dynamically (in a specific format, e.g. in HTML using CSS) by the web application through a web server.
Such features as login pages, support and product request forms, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.
As the number of businesses embracing the benefits of doing business over the web increases, so will the use of web applications and other related technologies continue to grow.
How do web applications work?
The figure below details the three-layered web application model. The first layer is normally a web browser or the user interface; the second layer is the content generation technology tool such as Java servlets (JSP) or Active Server Pages (ASP), and the third layer is the company database containing content (e.g., news) and customer data (e.g., usernames and passwords, social security numbers and credit card details).
The figure below shows how the initial request is triggered by the user through the browser over the Internet to the web application server. The web application accesses the databases servers to perform the requested task updating and retrieving the information lying within the database. The web application then presents the information to the user through browser.
Web Security Issues
Websites depend on databases to deliver the required information to visitors. Many of these databases contain valuable information (e.g., personal and financial details) making them a frequent target of hackers.
Although such acts of vandalism as defacing corporate websites are still commonplace, nowadays, hackers prefer gaining access to the sensitive data residing on the database server because of the immense pay-offs in selling the data.
Hackers will attempt at gaining access to your database server through two main routes including:
Web and database servers – all modern database systems (e.g. Microsoft SQL Server, Oracle and MySQL) may be accessed through specific ports and anyone can attempt direct connections to the databases effectively bypassing the security mechanisms used by the operating system. These ports remain open to allow communication with legitimate traffic and therefore constitute a major vulnerability. Other weaknesses relate to the actual database application itself and the use of weak or default passwords by administrators. Vendors patch their products regularly; however, hackers always find new ways of attack. In general, you need to answer the question: “Which elements of our network infrastructure we thought are secure are open to hack attacks?”. Web applications – web applications are a gateway to databases especially custom applications which are not developed with security best practices and which do not undergo regular security audits. In general, you need to answer the question: “Which parts of a website we thought are secure are open to hack attacks?” and “what data can we throw at an application to cause it to perform something it shouldn’t do?”.
Proof of such exploits are readily available on the Internet.
“Vulnerabilities in any of the layers of the web application will ultimately lead to a security breach of the whole application”.