Chapter 3  ■ Web Application Technologies

Server-Side Functionality

The early World Wide Web contained entirely static content. Web sites con-

sisted of various resources such as HTML pages and images, which were sim-

ply loaded onto a web server and delivered to any user who requested them.

Each time a particular resource was requested, the server responded with the

same content.

Today’s web applications still typically employ a fair number of static

resources. However, a large amount of the content that they present to users is

generated dynamically. When a user requests a dynamic resource, the server’s

response is created on the fly, and each user may receive content that is

uniquely customized for them.

Dynamic content is generated by scripts or other code executing on the

server. These scripts are akin to computer programs in their own right — they

have various inputs, perform processing on these, and return their outputs to

the user.

When a user’s browser makes a request for a dynamic resource, it does not

normally simply ask for a copy of that resource. In general, it will also submit

various parameters along with its request. It is these parameters that enable

the server-side application to generate content that is tailored to the individual

user. There are three main ways in which HTTP requests can be used to send

parameters to the application:

■■

In the URL query string.

■■

In HTTP cookies.

■■

In the body of requests using the 

POST

method.

In addition to these primary sources of input, the server-side application

may in principle use any part of the HTTP request as an input to its processing.

For example, an application may process the 

User-Agent

header to generate

content that is optimized for the type of browser being used.

Like computer software in general, web applications employ a wide range

of technologies on the server side to deliver their functionality. These include:

■■

Scripting languages such as PHP, VBScript, and Perl.

■■

Web application platforms such as ASP.NET and Java.

■■

Web servers such as Apache, IIS, and Netscape Enterprise.

■■

Databases such as MS-SQL, Oracle, and MySQL.

■■

Other back-end components such as file systems, SOAP-based web ser-

vices, and directory services.

All of these technologies and the types of vulnerabilities that can arise in

relation to them will be examined in detail throughout this book. Some of the

Download 5,76 Mb.

Do'stlaringiz bilan baham: