Websites vs Web Applications Overview

Questions and Answers

Which of the following functions of a web application proxy helps limit access to sensitive information?

• SSL/TLS Termination
• Access Control (correct)
• Load Balancing
• Caching

What does SSL/TLS termination in a web application proxy accomplish?

• It provides detailed logs of user activity.
• It filters incoming traffic to block harmful requests.
• It spreads traffic across multiple servers.
• It encrypts and decrypts data for secure connections. (correct)

In which way does a web application proxy enhance security?

• By caching frequently accessed content.
• By monitoring and filtering incoming traffic. (correct)
• By managing user authentication.
• By balancing the load among web servers.

What is the primary benefit of load balancing in a web application proxy?

To ensure smooth operation during high traffic. (B)

What role does traffic monitoring and logging play in the functionality of a web application proxy?

It conducts security audits and optimizes performance. (C)

How does caching improve the performance of web application proxies?

By storing copies of frequently accessed content. (B)

Which function of a web application proxy directly aids in application deployment without causing downtime?

Application Delivery (B)

Which of the following attack types does a web application proxy aim to protect against?

SQL Injection (B)

What is the main purpose of a web application?

To enable users to perform specific tasks. (D)

Which of the following is NOT a characteristic of a website?

Real-time data processing. (B)

What technology is primarily used for developing a web application?

Extensive JavaScript and frameworks like React. (C)

How do users typically navigate through a web application?

Using task-oriented navigation to complete workflows. (B)

Which example best represents a web application?

An online banking platform. (C)

What is a common requirement for web applications in comparison to websites?

User authentication for personalized experiences. (A)

What describes the complexity of web applications compared to websites?

Web applications require complex back-end integration and real-time processing. (A)

Which statement is true regarding the response to user input in a website?

It is often limited and predefined. (B)

What is a major benefit of using web applications in terms of data management?

Data is stored centrally, allowing for real-time access and updates. (C)

Which statement best describes the scalability of web applications?

Web applications can dynamically scale resources through cloud integration. (B)

What is the main purpose of the Same-Origin Policy (SOP)?

To prevent malicious scripts from accessing sensitive data on other websites (A)

How do web applications enhance user experience across different devices?

By providing a consistent UI/UX across different platforms. (A)

Which components must match for two URLs to be considered the same origin?

Protocol, domain, and port number (C)

What advantage do web applications offer in terms of maintenance?

Updates are performed server-side, affecting all users simultaneously. (C)

What mechanism does Cross-Origin Resource Sharing (CORS) utilize to manage resource access?

CORS headers in the server response (D)

What is a key cost benefit of using web applications over native applications?

They typically have lower development and deployment costs. (D)

What action does a browser take if a script attempts to access resources from a different origin under SOP?

It blocks the request unless allowed explicitly (D)

Which capability supports the collaborative nature of web applications?

Multi-user environment facilitating simultaneous access. (B)

What does the Access-Control-Allow-Origin header do in CORS?

Specifies which origins are allowed to access the resource (D)

What feature allows web applications to incorporate new functionalities easily?

Modular architecture allowing for feature additions without major changes. (A)

In what scenario is a preflight request utilized in CORS?

For requests with custom headers or methods (B)

In what way do web applications support API integration?

They can easily integrate with web services and third-party APIs. (D)

How does the Same-Origin Policy affect user privacy and security?

It isolates data from different origins (A)

Which HTTP method is typically associated with preflight requests in CORS?

OPTIONS (A)

What is the primary purpose of OAuth tokens?

To grant limited access to user resources without sharing passwords (B)

Which component of a browser extension is responsible for interacting with web page content?

Content Scripts (A)

What is a common feature of productivity-enhancing browser extensions?

Task management tools (A)

What role does the manifest file play in a browser extension?

It describes the extension's name, version, and permissions (C)

How are OAuth tokens typically sent to the client after authentication?

Generated as a cookie for the browser (B)

What do ad-blocking extensions primarily aim to do?

Block unwanted content such as ads (B)

What functionality do background scripts serve in a browser extension?

Handle background tasks and browser events (A)

Which of the following is NOT a feature of browser extensions?

Managing network connections directly (C)

Flashcards are hidden until you start studying

Study Notes

Website vs. Web Application

• Websites provide information and content to users, typically with static content and limited user interaction.
• Web applications enable users to perform specific tasks and interact with functionalities using dynamic, changing content.
• Websites focus on delivering information like articles or images.
• Web applications offer specific functionalities, like booking tickets or managing data.

Benefits of Web Applications

• Accessibility
  • Cross-platform compatibility: Accessible from any device with a web browser, regardless of operating system.
  • No installation required: Users can access the application without installing any software.
• Centralized Data
  • Consistent data access: Data is stored centrally, allowing real-time access and updates by multiple users.
  • Data security: Centralized storage enables better control over data security and backup processes.
• Ease of maintenance
  • Single update point: Updates and maintenance are performed on the server side, ensuring all users have the latest version.
  • Reduced downtime: Maintenance can be carried out with minimal disruption to users.
• Scalability
  • Flexible resource management: Web applications can scale efficiently to handle increasing numbers of users and data.
  • Cloud Integration: Many web applications leverage cloud services to dynamically scale resources as needed.
• Cost-effectiveness
  • Lower development costs: Web applications are typically cheaper to develop and deploy compared to native applications for multiple platforms.
  • Reduced Hardware Requirements: Users do not need high-end hardware because processing is handled on the server side.
• Enhanced Collaboration
  • Real-Time Interaction: Supports real-time data sharing and collaboration among users.
  • Multi-User Environment: Facilitates simultaneous access and collaborative tasks, improving productivity.
• User Experience
  • Consistent UI/UX: Provides a uniform user experience across different devices and platforms.
  • Continuous Improvement: Easier to gather user feedback and implement improvements quickly.
• Integration Capabilities
  • API Integration: Easily integrates with other web services and third-party APIs for extended functionality.
  • Modular Architecture: Supports adding new features and integrations without significant rework.

Web Application Proxy

• A proxy acts as an intermediary between users and web applications, handling requests and responses.
• Key Functions of a Web Application Proxy:
  • Access Control: Enforces user authentication and authorization to protect sensitive information.
  • Security Protection: Protects web applications from attacks like DDoS, SQL injection, and cross-site scripting.
  • SSL/TLS Termination: Handles encryption and decryption of secure connections for improved performance.
  • Load Balancing: Distributes incoming traffic across multiple servers to ensure seamless service.
  • Caching: Stores frequently accessed content for faster delivery and reduced server load.
  • Traffic Monitoring and Logging: Provides detailed logs of user activity for troubleshooting, security audits, and performance optimization.
  • Application Delivery: Ensures smooth deployment of updates and improvements without downtime.

Same-Origin Policy (SOP)

• Implemented by web browsers to restrict how resources from one origin can interact with resources from another origin for security purposes.
• How it works:
  • Origin: An origin consists of the protocol, domain, and port number, and two URLs have the same origin if all components are identical.
  • Policy: A web page can typically only access resources from the same origin, not from a different one.
• Purpose:
  • Security: Helps prevent malicious scripts from accessing sensitive data on other websites.
  • Data Isolation: It isolates data from different origins, enhancing user privacy and security.

Cross-Origin Resource Sharing (CORS)

• A mechanism that allows web servers to specify which origins are allowed to access resources on their server, relaxing SOP restrictions.
• How it works:
  • CORS Headers: The server can include CORS headers in the response to indicate which origins are allowed access.
  • Preflight Requests: For requests with custom headers or methods, the browser may first send a preflight request to check if the server permits the actual request.
• CORS Headers:
  • Access-Control-Allow-Origin: Specifies which origins are allowed to access the resource.
  • Other CORS Headers: Access-Control-Allow-Methods and Access-Control-Allow-Headers specify allowed HTTP methods and headers.

OAuth Tokens

• Used in OAuth frameworks to grant limited access to user resources without sharing passwords.
• How it works:
  • Token Generation: Upon successful authentication, the server generates a token containing encoded user information and permissions.
  • Token Transmission: The token is sent to the client, often stored in local storage or as a cookie.
  • Token Use: The client includes the token in the Authorization header of subsequent requests.
  • Token Validation: The server verifies the token's signature and decodes its claims to authenticate and authorize the user.

Browser Extensions

• Small software programs that customize the browsing experience by adding functionality to web browsers.
• Key Features and Functions:
  • User Interface Enhancements: Modifications to the browser interface, such as toolbars, buttons, or sidebars.
  • Content Filtering: Blocking unwanted content like ads, pop-ups, and specific types of media.
  • Productivity Tools: Enhancements like task managers, note-taking apps, and software integrations.
  • Privacy and Security: Functionality such as password managers, anti-tracking tools, and VPNs.

How Browser Extensions Work

• Components:
  • Manifest File: A JSON file that describes the extension, including its name, version, permissions, and main components.
  • Background Scripts: Scripts that run in the background, handling tasks like managing the extension's state and listening for browser events.
  • Content Scripts: Scripts injected into web pages, to interact with page content, modify the page's appearance or behavior with limited access compared to background scripts.
  • User Interface Elements:
    • Pop-ups: Small windows that appear when the extension's icon is clicked.
    • Options Pages: Settings pages where users can configure the extension’s behavior.
    • Toolbars: Additional buttons or menus added to the browser.