Web applications are computer programs allowing website
visitors to submit and retrieve data to/from a database over the Internet using
their preferred web browser. The data is then presented to the user within
their browser as information is generated dynamically (in a specific format,
e.g. in HTML using CSS) by the web application through a web server. Web
browsers are software applications that allow users to retrieve data and
interact with content located on web pages within a website.
Most importantly, modern web sites allow the capture,
processing, storage and transmission of sensitive customer data (e.g., personal
details, credit card numbers, social security information, etc.) for immediate
and recurrent use. And, this is done through web applications. Such features as
webmail, login pages, support and product request forms, shopping carts and
content management systems, shape modern websites and provide businesses with
the means necessary to communicate with prospects and customers. These are all
common examples of web applications.
Common Gateway Interface (CGI) is another standard that
handles moving data from a Web server to a Web browser. CGI’s main role is
passing data between a Web server and a Web browser. It accomplishes this
through scripting languages like Perl or others to creating dynamic web pages.
The critical piece or part is for the security tester to
understand the vulnerabilities of Web Application. Security professionals need
to access the system and examine potential methods for attacking it. When
conducting security tests on Web applications determine whether dynamic web
pages were used, whether the web application connects to a back end database,
whether a separate sever is used for authenticating users and what platform was
used to develop the Web application.
No comments:
Post a Comment