Ecommerce - Lesson 2

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 14

Lesson 2: The Digital World and the World Wide Web

Introduction:

The phrase digital world is most commonly used in when defining citizenship, digital fluency,
and digital literacy. The digital world is the availability and use of digital tools to communicate on
the Internet, digital devices, smart devices and other technologies.

Humanities and education discussions of the 'digital era' tend to create variations when
categorizing and defining the mass of mediated technologies and human interactions that are suggested
as part of the digital world. The phrase 'digital world' is used loosely as a mass noun with many possible
meanings and variations.

Examples: An informal example is devices given to toddlers entering the digital era. Formal
usage includes educational policies referring to the digital world, especially in standardizing digital
access.  Children suffering a lack of access to the digital world are part of the digital divide. The One
Laptop per Child program is an example of (digital world) inclusion for children living in poverty and
suffering as part of the digital divide.

The phrase digital world was being used in electrical engineering studies before the creation of
the World Wide Web. Originally it was used to describe the prevalence of digital electronic devices as
opposed to analogue electronic devices. Articles relating to education in the digital world became more
common in the 1990s.

            The World-Wide Web is a hypertext-based information system.  Any word in a hypertext
document can be specified as a pointer to a different hypertext document where more information
pertaining to that word can be found.  The reader can open the second document by selecting the word
(using different methods depending on the interface; in a mouse-based system, a user would probably
place the mouse over the word and click the mouse button); only the part of the linked document which
contains relevant information will be displayed.

            The second document may itself contain links to further documents.  The reader need not know
where the referenced documents are, because they will be obtained and presented as they are needed.

            World-Wide Web uses hypertext over the Internet:  The linked documents may be located at
different Internet sites.  WWW can handle different text formats and different methods of organizing
information.

            World-Wide Web (W3) is the universe of network-accessible information, an embodiment of


human knowledge.  It is an initiative started at “CERN”, now with many participants.  It has a body of
software, and a set of protocols and conventions.  W3 uses “hypertext” and multimedia techniques to
make the web easy for anyone to roam browse, and contribute to.

Lesson Proper:
Hypertext

            The terminology of the World-Wide Web was closely based on text.  So the basic element that a
user created or read was called a ‘page’ and a page contained text that the user saw and information
that told the web server how to make the page look.  These instructions are like the ‘markup’ used by
printers and newspaper editors.  So Berners-Lee named the language Hypertext Mark-up Language or
html.  Berners-Lee wrote a language that would instruct a computer which was continuously connected
to the Web, a ‘web-server’, to store the text file written by the user, and to give it an address of
universal (now more commonly ‘uniform’) resource locator or URL.  Unlike the linear medium of a book,
each page could be connected to any other by embedding URL addresses within the page.   These
connections were conceived as being a kind of link over the text and were name hypertext links.

Email and Webmail

An early development of the World Wide Web was the facility for sending text messages to a specified
recipient.  These electronic mails or emails needed special programs that allowed text to be input,
encoded using a standard protocol such as Unicode, and sent via the Internet to the host computer
specified in the email address.  The program has to reverse this process so that received emails could be
read.  The email has become the dominant method of exchanging mail in many industry sectors,
particularly in the academic world.  Email is gradually replacing post for many professionals, but its
advantages are also its major drawbacks: it is instantaneous and it is as easy to send an email to many
people as it is to one.  Sending an email creates the expectation that there will be an immediate
response.  Not only is immediate response expected, but it is expected from many people.   This new
phenomenon of interactivity has become a major problem for professionals, who spend more and more
time dealing with emails and expurgating rubbish emails or ‘spam’.

HISTORY OF THE WEB

            Tim Berners-Lee inted the World-Wide Web in 1989, about 20years after the first connection was
established over what is today known as the Internet.  At the time, Tim was a software engineer at
CERN, the large particle physics laboratory near Geneva, Switzerland.  Many scientists participated in
experiments at CERN for extended periods of time, and then returned to their laboratories around the
world.

            Tim’s proposal which specified a set of technologies that would make the Internet truly accessible
and useful to people in late 1989 was not accepted, however, Tim persevered by October of 1990, he
had specified the three fundamental technologies that remain the foundation of today’s Web.

1. HTML (Hyper Text Markup Language): The publishing format for the Web, including the ability to
format documents and link to other documents and resources.
2. URI (Uniform Resource Identifier): A kind of “address” that is unique to each resource on the
Web.
3. HTTP (Hypertext Transfer Protocol): Allows for the retrieval of linked resources from across the
Web.
Tim also wrote the first Web page editor/browser (‘World Wide Web”) and the first Web server by
the end of 1990, the first Web page was served.  By 1991, people outside of CERN joined the new Web
community.  Very important to the growth of the Web, CERN announced in April 1993 that the World
Wide Web technology would be available for anyone to use on a royalty-free basis.

Tim Berners-Lee and other realized that for the Web to reach its full potential, the underlying
technologies must become global standards, implemented in the same way around the world. 
Therefore, in 1994, Tim founded the World Wide Web Consortium (W3C) as a place for stakeholders to
reach consensus around the specification and guidelines to ensure that the Web works for everyone and
that it evolves in a responsible manner.  W3C standards have enabled a single World Wide Web
information and people, and an increasingly-rich set of capabilities: Web 2.0 (personal and dynamic),
Web 3.0 (a semantic Web of linked data), Web services, voice access, mobile access, accessibility for
people with disabilities and for people speaking many languages, richer graphics and video, etc.  The
Web Foundation supports the work of W3C to ensure that the Web and the technologies that underpin
it remain free and open to all.

BENEFITS OF INTERNET USE

1. The Internet has an enormous amount of publications added on it every day and it’s evolving as
the most powerful source of information.
2. Use of the Internet has made jobs easier and oversimplified tasks that would take an enourmous
amount of time before.
3. The Internet has become a great tool for avoiding the hassles of the bak, offering the chance to
make the transactions quickly and safely.
4. It also offers a powerful source for shopping and the easiness of having products delivered
straight to house, should we decide do not want to go out.
5. The widespread use of Internet has opened new areas of jobs in all countries and expanded the
availabilities of working from home.
6. The Internet in one of the most valuable tools in education since it provides an enormous
amount of information and is the greater source of reference for educators and students.

Internet Evolution

The available material, programs, websites and other services of the internet are multiplied
every day, revolutionizing the technology being used.  Its applications grow exponentially and it would
be impossible to outline everything in this booklet.  The most important aspect of the Internet evolution
however, is that its exponential growth allows it to ease and transform people’s life and increase their
knowledge.

Preciousness of Time

            Some people say “time is money”.  Some others say that time are precious and should not be
wasted.  Whatever applies to however, one thing is true: Todays needs and demands of society have
taken over our time that feels it’s not enough for doing everything we need to be doing every day.   The
appearance of the Internet saving matter came as a life saver for many tasks that would take days to
complete before.  The ability of the Internet to store materials, its ability to calculate instantly almost
anything, and its worldwide application databases had made tasks much easier and less time consuming
in almost every industry on the planet.

Internet Bank

The advanced technologies of the Internet managed to free people from the hassles of losing an
enormous amount of time waiting in the line to be served at the bank branches.  Internet banking is the
easy way of dealing with bank transactions that can be done including bill payments and transfers. 
Internet banking is convenient also in that it is available twenty-four hours a day.

International Market

The Internet enables us to buy anything we need from the comfort of own house.   Many
supermarkets take online orders and deliver the stock within the day at our doorstep.   Many consumer
stores offer online purchases about almost anything we can imagine.  Online shopping can save time and
money since it offers a wide range of specials in much cheaper prices than what we will find in the actual
stores. 

Unemployment Agent

Another benefit that the internet has brought into our lives is that ever since the internet has
been introduced, new areas of jobs and careers have opened up to the public.   Web designing,
computer technician and programmer, are among the many that are found at their peak demand for
employers.  Alost every company nowadays, needs to have a website that promotes its products and
patents that web designers are among the most highly requested professionals needed. Housewives,
mothers and disabled people, can now have a chance to work from their house and earn money that
would otherwise be difficult to obtain.

Treasure Bank

The biggest benefit of the internet can be found in the educational sector.  Educators can obtain
learning material from it, prepare courses online and deliver audio/visual information to students.   For
Instructors, it is a valuable source for referencing material and enhancing the knowledge of their
students.  The Internet provides a great place for conferencing and collaborating with students from all
over the world.  Students can search for information regarding their school courses via electronic
libraries who offer a great variety of journals and scientific articles.  The resources available over the net
cover almost every aspect of the school curriculum and students have a valuable machine for enhancing
their knowledge and expanding their assigned work.

BROWSING THE WEB

            A Web browser, or browser, is application software that allows users to access and view
Webpages or access Web 2.0 programs.  To browse the Web, we need a computer or mobile device that
is connected to the Internet and has a Web browser.  The more widely used Web browsers for personal
computers are Internet Explorer, Firefox, Opera, Safari, and Google Chrome.  With an Internet
connection established, we start a Web browser.  The browser retrieves and displays a starting Web
page, sometimes called the browser’s home page.  The initial home page at any time.  Another use of
the term, home page, refers to the first page that a Web site displays.  Similar to a book cover or a table
of contents for a Web site, the home page provides information about the Web site’s purpose and
content.  Many Websites allow personalizing the home page so that it contains areas of interest to us. 
The home page usually contains links to other documents, Webpages, or Websites.  A link, short for
hyperlink, is a built-in connection to another related Web page or part of a Web page.

WEB APPLICATIONS OR WEBSITE WIDGETS

Over the past decade or so, the web has been embraced by millions of businesses as an
inexpensive channel to communicate and exchange information with prospects and transactions with
customers.

Web Applications

            From a technical view-point, the web is a highly programmable environment that allows mass
customization through the immediate deployment of a large and diverse range of applications, to
millions of global users.  Two important components of a modern website are flexible web browsers and
web applications; both available to all and sundry at no expense.

            Web browsers are software applications that allow users to retrieve data and interact with
content located on Web pages within a website.  Web pages may also run client-side scripts that
“change” the Internet browser into an interface for such applications as web mail and interactive
mapping software. (example, Yahoo Mail and Google Maps).

            Most importantly, modern websites allow the capture, processing, storage and transmission of
sensitive customer data for immediate and recurrent use.  And, this is done through web applications. 
Such Web applications as webmail, login pages, support and product request forms, shopping carts and
content management systems, shape modern websites and provide business with the means necessary
to communicate with prospects and customers.  These are all common examples of web applications.

Web applications – are computer programs allowing website visitors to submit and retrieve data
to/from a database over the Internet using their preferred web browser.  The data is then presented to
the user within their browser as information is generated dynamically (in a specific format, example, in
HTML, using CSS) by the web application through a web server.

For the more technically oriented, Web applications query the content server (essentially a content
repository database) and dynamically generate web documents to serve to the client (people surfing the
website).  The documents are generated in a standard format to allow support by all browsers (example:
HTML or XHTML).
JavaScript – is one form of client side script that permits dynamic elements on each page (Example: an
image changes once the user hovers over it with a mouse).

The Web browser is key, it interprets and runs all scripts etc. while displaying the requested
pages and content.  Another significant advantage of building and maintaining web applications is that
running client side.  Web applications are quickly deployed anywhere at no cost and without any
installation requirements (almost) at the user’s end.  Web applications may either be purchased off-the-
shelf or created in-house.

How do Web Applications Work?

The Figure below details the three-layered web application model.  The first layer is normally a web
browser or the user interface; the second layer is the dynamic content generation technology tool such
as Java services (JSP) OR Active Server Pages (ASP), and the third layer is the database containing
content (example news) and customer data.

The Figure below shows how the initial request is triggered by the user through the browser over the
Internet to the web application server.  The web application accesses the databases servers to perform
the requested task updating and retrieving the information lying within the database.  The web
application then presents the information to the user through the browser.

Web Security Issues

Despite their advantage, web applications do raise a number of security concerns stemming from
improper coding.  Serious weaknesses or vulnerabilities, allow hackers to gain direct and public access to
databases in order to churn sensitive data.  Many of these databases contain valuable information
(example: personal and financial details) making them a frequent target of hackers.   Although such acts
of vandalism as defacing corporate websites are still commonplace, nowadays, hackers prefer gaining
access to the sensitive data residing on the database server because of the immense pay-offs in selling
the data.

In the framework described, it is easy to see how a hacker can quickly access the data residing on the
database through a dose of creativity and. With luck, negligence or human error, leading to
vulnerabilities in the web applications.

As stated, websites depend on databases to deliver the required information to visitors.  If web
applications are not secure, i.e., vulnerable to, at least one of the various forms of hacking techniques,
then entire database of sensitive information is at serious risk.

Some hackers, for example, may maliciously inject code within vulnerable web applications to trick users
and redirect them towards phishing sites.  This technique is called Cross-Site Scripting and may be used
even though the web servers and database engine contain no vulnerability themselves.

Recent research shows that 75% of cyber-attacks are done at web application level.
 Websites and related web applications must be available 24 hours a day, 7 days a week, to
provide the required service to customers, employees, suppliers and other stakeholders.
 Firewalls and SSL provide no protection against web application hacking, simply because access
to the website has to be made public – all modern database systems may be accessed through
specific ports and anyone can attempt direct connections to the databases effectively bypassing
the security mechanisms used by the operating system. These ports remain open to allow
communication with legitimate traffic and therefore constitute a major vulnerability.
 Web applications often have direct access to backend data such as customer databses and,
hence, control valuable data and are much more difficult to secure. Those that do not have
access will have some form of script that allows data capture and transmission.   If a hacker
becomes aware of weaknesses in such a script, he may easily reroute unwitting traffic to
another location and illegitimately hive off personal details.
 Most web applications are custom-made and, therefore, involve a lesser degree of testing than
off-the-shelf software. Consequently, custom applications are more susceptible to attack.

Web applications, therefore, are a gateway to databases especially custom applications which are not
developed with security best practices and which do not undergo regular security audits.  In general,
“Which parts of a website we thought are secure are open to hack attacks?” and “what data can we
throw at an application to cause it to perform something it should not do?”

Lesson 2: The Digital World and the World Wide Web

Introduction:

The phrase digital world is most commonly used in when defining citizenship, digital fluency,
and digital literacy. The digital world is the availability and use of digital tools to communicate on
the Internet, digital devices, smart devices and other technologies.

Humanities and education discussions of the 'digital era' tend to create variations when
categorizing and defining the mass of mediated technologies and human interactions that are suggested
as part of the digital world. The phrase 'digital world' is used loosely as a mass noun with many possible
meanings and variations.

Examples: An informal example is devices given to toddlers entering the digital era. Formal
usage includes educational policies referring to the digital world, especially in standardizing digital
access.  Children suffering a lack of access to the digital world are part of the digital divide. The One
Laptop per Child program is an example of (digital world) inclusion for children living in poverty and
suffering as part of the digital divide.

The phrase digital world was being used in electrical engineering studies before the creation of
the World Wide Web. Originally it was used to describe the prevalence of digital electronic devices as
opposed to analogue electronic devices. Articles relating to education in the digital world became more
common in the 1990s.

            The World-Wide Web is a hypertext-based information system.  Any word in a hypertext
document can be specified as a pointer to a different hypertext document where more information
pertaining to that word can be found.  The reader can open the second document by selecting the word
(using different methods depending on the interface; in a mouse-based system, a user would probably
place the mouse over the word and click the mouse button); only the part of the linked document which
contains relevant information will be displayed.

            The second document may itself contain links to further documents.  The reader need not know
where the referenced documents are, because they will be obtained and presented as they are needed.

            World-Wide Web uses hypertext over the Internet:  The linked documents may be located at
different Internet sites.  WWW can handle different text formats and different methods of organizing
information.

            World-Wide Web (W3) is the universe of network-accessible information, an embodiment of


human knowledge.  It is an initiative started at “CERN”, now with many participants.  It has a body of
software, and a set of protocols and conventions.  W3 uses “hypertext” and multimedia techniques to
make the web easy for anyone to roam browse, and contribute to.

Lesson Proper:

Hypertext

            The terminology of the World-Wide Web was closely based on text.  So the basic element that a
user created or read was called a ‘page’ and a page contained text that the user saw and information
that told the web server how to make the page look.  These instructions are like the ‘markup’ used by
printers and newspaper editors.  So Berners-Lee named the language Hypertext Mark-up Language or
html.  Berners-Lee wrote a language that would instruct a computer which was continuously connected
to the Web, a ‘web-server’, to store the text file written by the user, and to give it an address of
universal (now more commonly ‘uniform’) resource locator or URL.  Unlike the linear medium of a book,
each page could be connected to any other by embedding URL addresses within the page.   These
connections were conceived as being a kind of link over the text and were name hypertext links.

Email and Webmail


An early development of the World Wide Web was the facility for sending text messages to a specified
recipient.  These electronic mails or emails needed special programs that allowed text to be input,
encoded using a standard protocol such as Unicode, and sent via the Internet to the host computer
specified in the email address.  The program has to reverse this process so that received emails could be
read.  The email has become the dominant method of exchanging mail in many industry sectors,
particularly in the academic world.  Email is gradually replacing post for many professionals, but its
advantages are also its major drawbacks: it is instantaneous and it is as easy to send an email to many
people as it is to one.  Sending an email creates the expectation that there will be an immediate
response.  Not only is immediate response expected, but it is expected from many people.   This new
phenomenon of interactivity has become a major problem for professionals, who spend more and more
time dealing with emails and expurgating rubbish emails or ‘spam’.

HISTORY OF THE WEB

            Tim Berners-Lee inted the World-Wide Web in 1989, about 20years after the first connection was
established over what is today known as the Internet.  At the time, Tim was a software engineer at
CERN, the large particle physics laboratory near Geneva, Switzerland.  Many scientists participated in
experiments at CERN for extended periods of time, and then returned to their laboratories around the
world.

            Tim’s proposal which specified a set of technologies that would make the Internet truly accessible
and useful to people in late 1989 was not accepted, however, Tim persevered by October of 1990, he
had specified the three fundamental technologies that remain the foundation of today’s Web.

4. HTML (Hyper Text Markup Language): The publishing format for the Web, including the ability to
format documents and link to other documents and resources.
5. URI (Uniform Resource Identifier): A kind of “address” that is unique to each resource on the
Web.
6. HTTP (Hypertext Transfer Protocol): Allows for the retrieval of linked resources from across the
Web.

Tim also wrote the first Web page editor/browser (‘World Wide Web”) and the first Web server by
the end of 1990, the first Web page was served.  By 1991, people outside of CERN joined the new Web
community.  Very important to the growth of the Web, CERN announced in April 1993 that the World
Wide Web technology would be available for anyone to use on a royalty-free basis.

Tim Berners-Lee and other realized that for the Web to reach its full potential, the underlying
technologies must become global standards, implemented in the same way around the world. 
Therefore, in 1994, Tim founded the World Wide Web Consortium (W3C) as a place for stakeholders to
reach consensus around the specification and guidelines to ensure that the Web works for everyone and
that it evolves in a responsible manner.  W3C standards have enabled a single World Wide Web
information and people, and an increasingly-rich set of capabilities: Web 2.0 (personal and dynamic),
Web 3.0 (a semantic Web of linked data), Web services, voice access, mobile access, accessibility for
people with disabilities and for people speaking many languages, richer graphics and video, etc.  The
Web Foundation supports the work of W3C to ensure that the Web and the technologies that underpin
it remain free and open to all.

BENEFITS OF INTERNET USE

7. The Internet has an enormous amount of publications added on it every day and it’s evolving as
the most powerful source of information.
8. Use of the Internet has made jobs easier and oversimplified tasks that would take an enourmous
amount of time before.
9. The Internet has become a great tool for avoiding the hassles of the bak, offering the chance to
make the transactions quickly and safely.
10. It also offers a powerful source for shopping and the easiness of having products delivered
straight to house, should we decide do not want to go out.
11. The widespread use of Internet has opened new areas of jobs in all countries and expanded the
availabilities of working from home.
12. The Internet in one of the most valuable tools in education since it provides an enormous
amount of information and is the greater source of reference for educators and students.

Internet Evolution

The available material, programs, websites and other services of the internet are multiplied
every day, revolutionizing the technology being used.  Its applications grow exponentially and it would
be impossible to outline everything in this booklet.  The most important aspect of the Internet evolution
however, is that its exponential growth allows it to ease and transform people’s life and increase their
knowledge.

Preciousness of Time

            Some people say “time is money”.  Some others say that time are precious and should not be
wasted.  Whatever applies to however, one thing is true: Todays needs and demands of society have
taken over our time that feels it’s not enough for doing everything we need to be doing every day.   The
appearance of the Internet saving matter came as a life saver for many tasks that would take days to
complete before.  The ability of the Internet to store materials, its ability to calculate instantly almost
anything, and its worldwide application databases had made tasks much easier and less time consuming
in almost every industry on the planet.

Internet Bank

The advanced technologies of the Internet managed to free people from the hassles of losing an
enormous amount of time waiting in the line to be served at the bank branches.  Internet banking is the
easy way of dealing with bank transactions that can be done including bill payments and transfers. 
Internet banking is convenient also in that it is available twenty-four hours a day.

International Market
The Internet enables us to buy anything we need from the comfort of own house.   Many
supermarkets take online orders and deliver the stock within the day at our doorstep.   Many consumer
stores offer online purchases about almost anything we can imagine.  Online shopping can save time and
money since it offers a wide range of specials in much cheaper prices than what we will find in the actual
stores. 

Unemployment Agent

Another benefit that the internet has brought into our lives is that ever since the internet has
been introduced, new areas of jobs and careers have opened up to the public.   Web designing,
computer technician and programmer, are among the many that are found at their peak demand for
employers.  Alost every company nowadays, needs to have a website that promotes its products and
patents that web designers are among the most highly requested professionals needed. Housewives,
mothers and disabled people, can now have a chance to work from their house and earn money that
would otherwise be difficult to obtain.

Treasure Bank

The biggest benefit of the internet can be found in the educational sector.  Educators can obtain
learning material from it, prepare courses online and deliver audio/visual information to students.   For
Instructors, it is a valuable source for referencing material and enhancing the knowledge of their
students.  The Internet provides a great place for conferencing and collaborating with students from all
over the world.  Students can search for information regarding their school courses via electronic
libraries who offer a great variety of journals and scientific articles.  The resources available over the net
cover almost every aspect of the school curriculum and students have a valuable machine for enhancing
their knowledge and expanding their assigned work.

BROWSING THE WEB

            A Web browser, or browser, is application software that allows users to access and view
Webpages or access Web 2.0 programs.  To browse the Web, we need a computer or mobile device that
is connected to the Internet and has a Web browser.  The more widely used Web browsers for personal
computers are Internet Explorer, Firefox, Opera, Safari, and Google Chrome.  With an Internet
connection established, we start a Web browser.  The browser retrieves and displays a starting Web
page, sometimes called the browser’s home page.  The initial home page at any time.  Another use of
the term, home page, refers to the first page that a Web site displays.  Similar to a book cover or a table
of contents for a Web site, the home page provides information about the Web site’s purpose and
content.  Many Websites allow personalizing the home page so that it contains areas of interest to us. 
The home page usually contains links to other documents, Webpages, or Websites.  A link, short for
hyperlink, is a built-in connection to another related Web page or part of a Web page.

WEB APPLICATIONS OR WEBSITE WIDGETS


Over the past decade or so, the web has been embraced by millions of businesses as an
inexpensive channel to communicate and exchange information with prospects and transactions with
customers.

Web Applications

            From a technical view-point, the web is a highly programmable environment that allows mass
customization through the immediate deployment of a large and diverse range of applications, to
millions of global users.  Two important components of a modern website are flexible web browsers and
web applications; both available to all and sundry at no expense.

            Web browsers are software applications that allow users to retrieve data and interact with
content located on Web pages within a website.  Web pages may also run client-side scripts that
“change” the Internet browser into an interface for such applications as web mail and interactive
mapping software. (example, Yahoo Mail and Google Maps).

            Most importantly, modern websites allow the capture, processing, storage and transmission of
sensitive customer data for immediate and recurrent use.  And, this is done through web applications. 
Such Web applications as webmail, login pages, support and product request forms, shopping carts and
content management systems, shape modern websites and provide business with the means necessary
to communicate with prospects and customers.  These are all common examples of web applications.

Web applications – are computer programs allowing website visitors to submit and retrieve data
to/from a database over the Internet using their preferred web browser.  The data is then presented to
the user within their browser as information is generated dynamically (in a specific format, example, in
HTML, using CSS) by the web application through a web server.

For the more technically oriented, Web applications query the content server (essentially a content
repository database) and dynamically generate web documents to serve to the client (people surfing the
website).  The documents are generated in a standard format to allow support by all browsers (example:
HTML or XHTML).

JavaScript – is one form of client side script that permits dynamic elements on each page (Example: an
image changes once the user hovers over it with a mouse).

The Web browser is key, it interprets and runs all scripts etc. while displaying the requested
pages and content.  Another significant advantage of building and maintaining web applications is that
running client side.  Web applications are quickly deployed anywhere at no cost and without any
installation requirements (almost) at the user’s end.  Web applications may either be purchased off-the-
shelf or created in-house.

How do Web Applications Work?

The Figure below details the three-layered web application model.  The first layer is normally a web
browser or the user interface; the second layer is the dynamic content generation technology tool such
as Java services (JSP) OR Active Server Pages (ASP), and the third layer is the database containing
content (example news) and customer data.

The Figure below shows how the initial request is triggered by the user through the browser over the
Internet to the web application server.  The web application accesses the databases servers to perform
the requested task updating and retrieving the information lying within the database.  The web
application then presents the information to the user through the browser.

Web Security Issues

Despite their advantage, web applications do raise a number of security concerns stemming from
improper coding.  Serious weaknesses or vulnerabilities, allow hackers to gain direct and public access to
databases in order to churn sensitive data.  Many of these databases contain valuable information
(example: personal and financial details) making them a frequent target of hackers.   Although such acts
of vandalism as defacing corporate websites are still commonplace, nowadays, hackers prefer gaining
access to the sensitive data residing on the database server because of the immense pay-offs in selling
the data.

In the framework described, it is easy to see how a hacker can quickly access the data residing on the
database through a dose of creativity and. With luck, negligence or human error, leading to
vulnerabilities in the web applications.

As stated, websites depend on databases to deliver the required information to visitors.  If web
applications are not secure, i.e., vulnerable to, at least one of the various forms of hacking techniques,
then entire database of sensitive information is at serious risk.

Some hackers, for example, may maliciously inject code within vulnerable web applications to trick users
and redirect them towards phishing sites.  This technique is called Cross-Site Scripting and may be used
even though the web servers and database engine contain no vulnerability themselves.

Recent research shows that 75% of cyber-attacks are done at web application level.

 Websites and related web applications must be available 24 hours a day, 7 days a week, to
provide the required service to customers, employees, suppliers and other stakeholders.
 Firewalls and SSL provide no protection against web application hacking, simply because access
to the website has to be made public – all modern database systems may be accessed through
specific ports and anyone can attempt direct connections to the databases effectively bypassing
the security mechanisms used by the operating system. These ports remain open to allow
communication with legitimate traffic and therefore constitute a major vulnerability.
 Web applications often have direct access to backend data such as customer databses and,
hence, control valuable data and are much more difficult to secure. Those that do not have
access will have some form of script that allows data capture and transmission.   If a hacker
becomes aware of weaknesses in such a script, he may easily reroute unwitting traffic to
another location and illegitimately hive off personal details.
 Most web applications are custom-made and, therefore, involve a lesser degree of testing than
off-the-shelf software. Consequently, custom applications are more susceptible to attack.

Web applications, therefore, are a gateway to databases especially custom applications which are not
developed with security best practices and which do not undergo regular security audits.  In general,
“Which parts of a website we thought are secure are open to hack attacks?” and “what data can we
throw at an application to cause it to perform something it should not do?”

You might also like