Unit 1-3b.docx

Full Transcript

**Module 1-3. Information Technology Systems Fundamentals**

OBJECTIVE

3b. Identify relationship of basic facts and state general principles of
web fundamentals

\- Web Services

\- Web Language Types

**WEB SERVICES**

A Web Service is the technology or software system designed to support
interoperable machine-

to-machine interaction over a network. It represents a business or
data-tier component used by

web applications to receive information. Services in Service Oriented
Architecture are

connected using Web Services.

A web application is a server based application interacting with other
server based applications.

Web applications and Web Services are similar in they are both
applications and are web based;

however applications connect with users while services interact with
other services.

Languages for Secure Web Service Development

Each of the languages discussed in this section has its own set of sound
security-related

practices, but all benefit from a common set of secure coding practices
that include the

following:

\- Do not include sensitive data in user-viewable source code (i.e., Web
page code that can be

displayed by the user using the view source function of his/her browser)
or configuration

files.

\- Assemblies that support untrusted or partially trusted callers should
never expose objects

from assemblies that do not allow untrusted or partially trusted
callers.

\- Allow untrusted or partially trusted callers only after the developer
has carefully reviewed

the code, ascertained the security implications, and taken the necessary
precautions to defend

against attack.

\- Disable tracing, debugging, and other diagnostic development or
testing-related functions,

tools, and hooks before application deployment.

\- Do not issue verbose error information to the user.

Markup Languages

A Markup Language is a modern system for annotating a document in a way
syntactically distinguishable from the text.

There are three general categories of electronic markup: Presentational,
Procedural and

Descriptive. The most common markup languages seen on the web are
HyperText Markup

Language (HTML) and Extensible Markup Language (XML).

**HTML**

Hypertext Markup Language (HTML) is a markup language used for creating
documents for web

pages. It defines the structure and layout of a Web document by using a
variety of tags and

attributes. The JavaScript programming language resides inside HTML
documents providing

levels of interactivity to web pages.

**XML**

Content within SOAP messages is expressed in XML. Because of this, the
security technologies

used by Web services are based on those developed for XML. XML was
designed so that it

could be easily extensible and combined with itself. It should be
natural to provide integrity,

confidentiality and other security benefits to entire XML documents or
portions of these

documents in a way that does not prevent further processing by standard
XML tools.

In general, most of the risks posed by XML are not unique. They can
appear with many other

technologies and systems, new and old. Some of the risks are more severe
for XML than for

older systems simply because XML is more expressive, flexible and
powerful. Some of the risks

derive from the ways in which XML is used (e.g., for metadata) and would
appear whether using

XML or some other technology.

**Style Sheets**

A Web Style Sheet is a form of separation of presentation and content
for web design. It is a set

of rules that define the look and formatting of a document written in
HTML or XML language.

These rules determine how to display elements on a web page, including
layout, colors, fonts,

and more.

**Client Side Scripting Languages**

Client Side Scripting languages refer to the class of computer programs
on the web executed

client-side by the user\'s web browser instead of server-side (on the
Web Server). Client Side

Scripts help to move a page from static content to a dynamic environment
which can change due

to user interaction. Examples of Client Side Scripting languages
include: AJAX, DOM,

ActionScript, JavaScript and VBScript.

**Server Side Scripting Languages**

Server Side Scripting Languages are executed by the Web Server when the
user requests a

document. They produce an output in a format understandable by Web
Browsers (usually

HTML) and which are then sent to the user\'s computer. The user cannot
see the script\'s source code and may not even be aware a script was
executed. Server-side scripts require their

language\'s interpreter be installed on the server and produce the same
output regardless of the

client\'s browser, operating system or other system details. Examples of
Server Side Scripting

languages include: ASP, ASP.NET, ColdFusion, JSP, Perl, PHP, Python and
Ruby.

**Sandboxed Languages**

Sandbox Languages provide for application creation running in an
independent sandbox

environment. It refers to a controlled and restricted setup in which
certain programs or scripts are

executed. The purpose of this setup is to prevent these programs from
causing damage to the

system or accessing sensitive data. It\'s called a sandbox because it\'s
like giving a child a safe,

isolated box filled with sand to play in, where they can\'t do any harm.

Examples of Sandboxed Languages are: ActiveX, Flash, Java, Shockwave,
and Silverlight.

**Python**

Python has a unique culture and community based on its core design
philosophy of readability

and syntax that enables you to write concise programs. Python is an
object-oriented language and

is considered open source, which means it\'s free to obtain, modify, use
for any purpose, and

redistribute. It\'s quick to learn, which means that you get up to
speed, programming, very

rapidly. It\'s easy to read and understand, which makes it easy to
maintain your programs over

time. It\'s very powerful, with many different modules provided for lots
of capabilities, and you\'ll

find it used throughout many different programming domains.