Web Application Security Fundamentals Quiz

Web Application Security Fundamentals

• Web application security involves understanding the evolution of web applications, common web application functions, and common web application vulnerabilities.

The Internet and WWW

• The Internet is a system of interconnected networks that enables global communication and access to data resources.
• The Internet is managed by organizations that create global protocols, such as the Internet Assigned Numbers Authority (IANA).
• The World Wide Web (WWW) is a collection of information that can be accessed via the Internet.
• WWW is a service built on top of the Internet's infrastructure.
• The Internet provides other services besides WWW.

Client-Server Model

• The client-server model is a distributed application structure that partitions tasks or workloads between servers and clients.
• Every machine on the Internet is either a server or a client.
• Servers provide services to other machines, while clients utilize these services.
• The client-server model uses a request-response mechanism.

The WWW

• The WWW is a distributed system made up of both client and server software.
• Web browsers are client programs that request services from Web servers.
• Users can interfere with data transmitted between the client and server, and can send requests in any sequence.

The OWASP Foundation

• The Open Web Application Security Project (OWASP) provides free and open resources.
• The OWASP Foundation is a non-profit organization.
• The OWASP Top 10 - 2017 is a published result of recent research based on comprehensive data.

OWASP Top 10

• The OWASP Top 10 - 2017 lists the top 10 web application security risks, including:
  • SQL injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging and Monitoring

Web Applications

• A Web application (Web app) is an application program stored on a remote server and delivered over the Internet through a browser interface.
• Web applications are mostly dynamic pages and provide two-way communication to interact with users.
• Encryption and authentication are essential in web applications.
• Web applications have evolved from passive viewing to dynamic, interactive pages with encryption and authentication.

Popularity of Web Apps

• Web applications are popular due to the lightweight and connectionless protocol (HTTP).
• Every user has a browser installed on their computer and mobile device.
• Browsers are highly functional, enabling rich and satisfying user interfaces.
• Core technologies and languages used to develop web applications are relatively simple.

Enterprise Web Applications

• Enterprise web applications are large-scale software solutions designed to meet the complex needs of organizations and businesses.
• These applications are accessed through web browsers and provide a range of functionalities to support various business processes.
• Examples of enterprise web applications include CRM, ERP, HRMS, and project management tools.
• Characteristics of enterprise web applications include scalability, with the ability to handle a large number of users and data.