In a couple of
years, there has been increasing the popularity of web based applications.
There are some factors that contribute to that tremendous rise in their use by
organizations and individuals in the provision of access to a variety of
services. Today many organizations and individuals use the web-based
applications to in securing critical environments like financial, medical and
military systems. Web-based systems
consist of infrastructure components like databases and servers, as well as
application specific codes like server-side CGI programs and HTML-embedded
scripts (Kalani & Kalani, 2004). Experienced programmers are the ones that
develop infrastructure components, and the programmers have little security
training and have to develop the codes under a strictly time constraint. As a
result, they develop and deploy to the whole Internet web-based applications
that are vulnerable, creating easily exploitable points that can lead to
compromising of the entire networks. The
amelioration of those security issues of web-based applications requires that
you design and develop a web-based application that is secure. Testing of the
web-based application also vital but it cannot take pace minus a thorough
analysis of the current security threats.
Overview of Web-based Application
Today many
enterprises are utilizing the web-based application as a solution that offers
low-cost as well as a flexible way of distributed collaborative work. A web-based application not only disseminates
work, but it also interacts with the users in the processing for their business
tasks so that they can accomplish their business goals. Thus, programming and
analysis of web-based application need an approach that is different from the
one for websites that offer information in a uni-directional manner on the
user’ requests (Nielsen, 1995).
Programming the web application requires that the developer emphasizes
on a good visual design and offer a systematic way of designing the logical
structure of the application. There also
exists a method for designing a web-based application. Those models are very
useful in the modeling of kiosk-type applications that help in navigating the
users to the desired information on the web in a systematic manner.
However, for the
users of web-based applications, the access of particular information they want
is only part of their business goals.
There are other business goals such as processing of their business
data, communicating and collaborating with their colleagues through the use of
the web-based application. The formal
methods that exist do not provide solutions to critical questions pertaining
the programming and analyzing of the web-based application (KolĖsek,
2002). Some of those questions that
remain unanswered include, “How can users achieve their business goals while
using web-based applications?” “How do users interact with their colleagues
while using the web-based application?” Maintenance is also another crucial
issue as websites are increasing in size.
Tools that exist such as the WebAnalyzer are useful in identifying the
broken vulnerabilities, but they fail to offer a solution to or the way of
avoiding those problems. Organizations
can reduce their maintenance costs if they can detect errors in the design and
analysis phases (Davis, 1990; Humphrey, 1989).
Technologies
There has been a
continuous evolution of technologies for implementing web-based applications
since the inception of the first mechanism for creating dynamic websites. In the subsequent paragraphs, there are the steps
in that evolution.
Common
Gateway Interface
The Common
Gateway Interface (CGI) was the one of the first mechanisms used in the
generation of content (Laverty & Scarpino, 2009). The common gateway
standard defines a mechanism the server uses in interacting with external
applications. It specifies the rules of
that interaction; however, it does not dictate the usage of a specific
technology for implementing those external applications. That means the programmer can write the CGI
programs in any language and execute them on virtually all web servers. The goals of invoking the CGI were to offer a
web-based interaction with the legacy systems (Kalani & Kalani, 2004). In that case, a CGI program functions as a
gateway between the legacy system and the web server. There is the CGI specification that defines
various ways on how the web server communicates with a CHI program.
Embedded
Web Application Frameworks
Nowadays, the most common method of
approaching the implementation of a web-based application is the use of a
middle way between the CGI mechanism and the sever-specific APIs (Umar, 1997).
In this technology, you provide the web server with an extension that
implements the frameworks for developing web applications. Examples of those frameworks include the
compiler or interpreter that is useful in encoding the application’s components
and defining the rules that control the interaction between the application
components and the server. Frameworks do
vary greatly depending on the support provided by the application developer.
There are frameworks that only provide mechanisms for handling HTTP-specific
features like cookies, connection handling, and authenticating mechanism among
others. These web application frameworks
have provision through such programming languages such as Perl, Python, PHP,
Java, Visual Basic, and JScript and C # (Keig, 2013).
Importance of Web-based Application
Web-based applications are the way to take
advantage of the current technology in enhancing the productivity and efficiency
in organizations. They provide
businesses with an opportunity of accessing their information from anywhere
across the globe anytime (Grove, 2010).
It also helps the organizations to save money and time as well as in
improving the interactivity with their clients and partners. A web-based application also allows the
administration staff to perform their duties from any location and the sales
staff has the ability for accessing the information from a remote location 24
hours a day and seven days a week (Curphey et al., 2005). The only thing that one needs is to have
their computers connected to the Internet, have a web browser, the username,
and the password and then they can access the corporate systems from anywhere.
A web-based
application is easy to use, and it can have an implementation without any
interruption to the existing work process of the organization. Whether an organization requires an
e-commerce system or a content managed solution, they can develop a customized
web application that can meet their business requirements (Grove, 2010). The web-based software enables companies to
interact with their applications as well as their data in a highly responsive
and fluid manner. With the right
expertise in the creation and implementation of a web-based application, a
company can have an edge over its competitors.
Proposal
My internship in
Sriven Technologies will help in performing web-based applications programming
and analysis that will be of benefit to the organization at large and me. I
will have an engagement in critical tasks such as the review of codes, the
design, development, testing and supporting of the web-based applications. The
internship will consist of five iterations with each having a cycle of
planning, acting observing and reflecting to offer an opportunity to refine
further the actions.
Iteration
1: The Employment Process at Sriven Technologies
In this first
iteration at Sriven Technologies Inc, I will carry out an inquiry to find out
the employment process in the company in light of programming and analysis of
web-based applications. I will meet with the human resource personnel from the
company, and they will guide me through the employment process as a web-based
application programmer and developer. The Web will also be of great help as it
will be the platform of interacting with those resource persons.
Iteration
2: Brainstorming
In this
iteration on brainstorming, I will meet with the company’s web-based
application developers who will take me through the skills I require to qualify
to be an expert in web-based application programming and analysis. Many web-based application developers will be
in the meeting so as to provide me with the knowledge of the skills I require to
be competent in the area of web-based application design, development, and
analysis.
Iteration
3: Training
In the training
iteration, I will meet with the web-based analysts and the project manager to
help me in understanding how to conduct a web-based application development and
analysis. They will train me on various approaches to developing a web-based
application and enhancing the proper security features on the same. The project
manager will also guide me trough the stages of project development and the
deliverables in the various stages of the work breakdown structure.
Interpretation
4: Understanding the Analysis and Design of a Web-application
In this
iteration on understanding the analysis and design of a web-based application,
I will meet with the web application developers, and they will help me with the
way to go and the right methodology to use in designing and analyzing a
web-based application. That will be the
background for the next phase of performing a penetration test project on a
client’s web application. The method I will understand is the one that entails
entity relations analysis, scenario analysis, and architecture design since it
is one of the most reliable methods of analyzing and designing a web-based
application.
Iteration
5: Project on Penetration testing of the Client’s Website
In this
iteration, I will have involvement in conducting a penetration test for one of
the company’s clients as my main project in the company. I will use the skills
gained from the previous iterations and ensure that I perform comprehensive
penetration tests for the client. I will carry out this task with one of the
company’s junior web-based application analyst to act as my supervisor. I will
carry out all my activities while consulting that supervisor. The quality
assurance team will then help in the remediation of any vulnerability found as
will deem appropriate.
References
Nielsen, J. (1995). Multimedia and Hypertext the
Internet and Beyond. Academic Press.
Laverty,
J. & Scarpino, J. (2009). Web Application Security Instructional Paradigms
and the IS Curriculum. Issues in
Information Systems, 10(1), 87-96.
Kolsek, M.
(2002). Session Fixation Vulnerability in Web based Applications. Technical report,
ACROS Security.
Curphey,
M., Wiesman, A., Van der Stock, A. & Stirbei, R. (2005). A Guide to
Building Secure Web Applications and Web Services. OWASP.
Grove, R.
F. (2010). Web-based application development. Sudbury, Mass: Jones and
Bartlett Publishers.
Umar, A.
(1997). Application (re)engineering: Building web-based applications and
dealing with legacies. Upper Saddle River, N.J: Prentice-Hall.
Kalani,
A., & Kalani, P. (2004). Exam Cram 2: Developing and implementing web
applications with Visual c# .Net and Visual Studio .Net ; [exam 70-315].
Indianapolis, Ind.: Que Certification.
Keig, A. (2013). Advanced Express Web Application Development. Packt Publishing:
Birmingham.
Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in write my research paper cheap if you need a similar paper you can place your order for buy custom essay papers online.
No comments:
Post a Comment