Java Reference
In-Depth Information
Chapter
3
Introducing Web
Application Security
Information is perhaps the greatest asset for any organization. In today's highly connected
world, the Web plays a crucial role in information interchange. Web applications facilitate mil-
lions of business transactions every day involving sensitive information over the Internet super-
highway. Cybercriminals have understood the power of Web applications and are technically
proicient at accessing sensitive information that is stored, processed, or transmitted by these
applications. herefore, these Web applications are under constant attack and attackers have
incessantly been exploiting Web application vulnerabilities to steal sensitive information for
their own inancial gains. Web application security is the need of the hour, as Web applications
continuously are the victims of major security breaches the world over and this trend is likely
continue. his chapter delves into the reasons for a strong Web application security practice
and the challenges faced by organizations and individuals in protecting Web applications. his
chapter also discusses several Web application security incidents that have shaped the evolution
of Web application security.
3.1 Web Applications in the enterprise
3.1.1 What Is a Web Application?
A Web application may be crisply deined as an application that executes on a Web server that is
accessed via Web browser application on a desktop or on devices over the Internet or an intranet.
A Web application is essentially a software application that is coded for a browser by a browser-
supported language (e.g., HTML, JavaScript, Java) and is reliant on a common Web browser to
render the application executable. A simple representation of any Web application architecture is
shown in Figure 3.1.
he three main constituents make a Web application work are:
37
Search WWH ::
Custom Search