Unit 35 Web Application Development Assignment

1 Concept of Web Application Development

1.1 Evaluate the Functions and Advantages of Web Applications

Applications are part of any website and do different processes depending by website type. Some of the most used and common web applications are shopping cart, payment gateway, order reserve, manage user profile, web content management, forum, newsletter, intern search engine, online auction etc.
An evaluation of some web applications met on eBay website is done bellow. Web applications are analyzed generally and how eBay uses these web applications.

1.1.1 Functions of different web applications

Shopping cart, known also as Shopping basket, is a web application which facilitate buying multiple products from a merchant website. Once selected a product it can be added to the cart. If you want to buy other products, then returns to the website search. After finishing the shopping is chosen to make the payment. The application calculates the total cost of products from the list, plus shipping costs and delivery.
eBay uses a Shopping basket also. It is same as many other similar application.

Figure 1: Shopping basket (eBay.co.uk, 2015)

Payment gateway is an application doing payment transactions between the shopper and merchant. This web application verifies payment transactions and assures payment security, both for merchant and buyer (webopedia.com, 2015). This is a vital application regarding security issues.
eBay uses two options to make payments, via credit/debit card or via PayPal application. The second one offers very good security for transaction and buyer.

Figure 2: Payment Gateway (eBay.co.uk, 2015)

Reserve Order is the application which allows buyer to reserve products and collect them later from the shop selected. This is useful to avoid disappointment of not finding the products wanted when somebody goes direct to the shop to buy a specific item. Many websites of different organizations, such as Asda, Currys, PC World etc., have this web application on their website. This application is also important for better organizing and efficiency.
As eBay has no physical shops, due to type of seller, eBay UK newly introduced a similar application. Some sellers use this option and buyers can choose day, time and location for collection. The most known and wide spread in UK is ARGOS shop.

Figure 3: Click & Collect application (ebay.co.uk, 2015)

Manage user profile is another important web application. It helps to create and managing the profiles of users. A profile stores information about users, such as personal details and all documents related to the user. All information stored can be used by different applications.
eBay, as all other website, uses an application to manage users profiles made by users themselves, via Register application.

Figure 4: Registered User Login (eBay.co.uk, 2015)

Web content management is an application which allows non-technical people to manage the content of the website. The website design and structure can remain unchanged, but the content has to be permanently updated. This application is very useful for reducing the cost of website maintenance, as the employees can use it very easy.
For eBay, this Manage content management application is related to the process of selling on eBay. Registered users can sell their products following the steps on Sell section. In this way the eBay website is updated continuously by users.

Figure 5: Selling steps (eBay.co.uk, 2015)

Forum is an web-based application which allows users to share information. Information can be found based on a specific topic. User can find answers for their queries from other users experience and knowledge. Usually there is a person which manages the forum content and users.
eBay website has a forum application on Community section, named Discussion Board. Users can ask or find answers there.
Forum
Figure 6: Forum (eBay.co.uk, 2015)
Internal search engine is a very important application to facilitate users finding information on the company website.

Figure 7: Internal search engine (eBay.co.uk, 2015)

Newsletter web-based application is useful for organizations to inform their customers with news regarding the organization policies and offers or customer service. This application uses an agreement between customer and organization, and uses email correspondence to send information.
eBay uses correspondence via email to inform customers. Users can personalize their email newsletter, so the information received is according to their interests.

Figure 8: Newsletter (eBay.co.uk, 2015)

Online auction is an application which facilitates auction processes via Internet. The rules are similar to physical auction. eBay is a shopping and one of the most known online auction website. Registered users can place their bid, every product for bidding has start price, last price and time left until auction is closed.

Figure 9: Online auction (eBay.co.uk, 2015)

1.1.2 Advantages of Web Applications

Web applications are not browser or operating system specific. They can work on any system having internet connectivity and with any configuration.
As these applications do not have to be installed every time and do not have specific hardware requirement to run, these become cost effective; a computer or mobile environment is required with internet connectivity.
Internet applications can work on range of devices like computers, personal data assistants, mobile phones, iPod etc.
Web applications are accessible and easily customizable. We can carry laptops and mobiles anywhere (place must have internet connectivity or data must be enabled) and application will work.
Web applications are installed on dedicated server computers which are monitored and maintained by experienced server administrators. Therefore there is no need to install the application on multiple client computers.
Applications can be built using any of the core technologies like Sun Microsystems j2EE (JSP and Java Servlet), Microsoft .Net platform (ASP and ASP.net) with SQL server or open source language like PHP with MySQL.
Web applications are easy to install and maintain.
It is easy to secure them against malicious attacks using antivirus and antispyware software.
You do not have to release entire software or build for adding new functionality in web application. One web page can be added and integrated to run with the application without touching other functionality.
Advertisements and commercials can get displayed on the web pages, increasing the popularity and readability.
No additional installer is required. Additional plug-in software and scripts can be enabled in browser itself (magicwebsolution.co.uk, 2015).

1.2 Compare Various Types of Client Side and Server Side Scripting Languages

Client Side Scripting Language	Server Side Scripting Language
Application programs that run on client computers or browsers are called client side scripting languages	Scripting languages those run on web server are called client side scripting languages.
When the user requests the page, server processes this request and sends it to user; page gets displayed in web browser.	To generate dynamic HTML page, user’s request is fulfilled by running script directly in web server; afterwards this HTML is sent to client browser.
These languages are used to enhance the functionality of web applications like adding validations, adding effects, animations, image effect etc.	These languages are used to build up the application as a whole and add basic functionality like search, cart, login, sign up etc.
Examples: HTML, JavaScript, CSS (explanations bellow)	Examples: Microsoft ASP.net, Sun Microsystems Java, Open Source PHP
Client side scripting languages depend upon server side scripting languages for completing their functionality. Application program cannot be built alone by the help of client scripting language without making use of server scripting language.	These can work independently. Client side scripting languages are just there to enhance their functionality (sqa.ork.uk, 2015).

Client Side Scripting Language:

HTML stands for Hyper Text Markup Language and is used to create web pages. HTML consists of tags. A tag is an instruction or declaration code written in angle brackets < >. Web browsers can interpret the instructions and display the HTML document accordingly.
CSS Cascading Style Sheets are files which contain instructions for formats and layout of documents created with markup languages. There is no need to write these style formats instructions to each single HTML document. One CSS file can be used by many different HTML documents linked to it (w3school.com, 2015).
JavaScript is a programming language released by Netscape Inc. and it is used to create animation and interactivity for static web pages. JavaScript is different from Java, and can be run only on web browsers. It cannot create stand alone applications or applets (Java.com, 2015).

Server Side Scripting Language:

Java is an OOP (Object Oriented Programming) language released by Sun Microsystems. It is used to write stand alone applications and applets. Written codes in Java have to be compiled and then executed. Java can run on a virtual machine or on different web browsers. There is no similarity between Java and JavaScript. They are different (Java.com, 2015).
Microsoft ASP.netis open source and was created by Microsoft to compete Java from Sun. It is used to create dynamic web pages, applications and services. ASP.net is part of .NET Framework (msdn.microsoft.com, 2015).
PHP is a programming language, open source, for web development. PHP allows modifying web pages before they reach the client. So, the PHP code within tags <?php and ?> is executed on server and HTML is generated. Also, PHP can access external resources, send emails, access databases etc. (php.net, 2015)

1.3 Security of Web Applications and Give Suggestions for Improvement

Web applications access their data from databases so the need to secure web applications arises. Security testing is done to ensure that confidential data remains confidential and only authorized people are able to access it.
Some security threats to web applications are discussed here:
Cracking of passwords: Sometimes hackers may use some password cracking tool or they might simply guess it.
Manipulating the URL through HTTP GET methods: Important information in form of parameters is passed via query string between clients and servers. Parameters can be altered by buggers to check if server accepts that value or not.
SQL Injection: Attackers also try to fetch useful information from the database by the use of SQL injection. User input must not get executed along with the query or characters like single quote must not be allowed within the text box. Attackers can insert SQL statements as user inputs to retrieve vital information from the database.
Cross Site Scripting (XSS): Programmers must design the web application such as it does not accept executable files, HTML or scripts. Hackers can make these scripts run on client browsers and fetch valuable information.
Spoofing: Attackers can create exact replica of the websites which may prompt users to click over them and enter confidential details. There are many hoax emails used by hackers for stealing user information.
Even if you think that your website does not contain any important information that may be useful for hackers, still you have to be careful while building and maintaining them as web applications are never secure enough over internet and are compromised most of the time. Some measures must be taken to safeguard our online application from malicious attacks:
Keeping application up to date: Always run up to date antivirus software over server.
Error Message: Give only relevant and precise information along with the error messages. Make use of generic messages like ‘username or password incorrect’ instead of ‘password incorrect’.
Validation: Apply client side and server side validations, i.e. on server side as well as over browser.
Password: Password used for authentication must be a combination of letters, numbers and special characters and need be at least 8 characters long. Avoid making use of your name as password.
File upload: Programmers must design their websites in manner so that they do not allow uploading files as they might contain malicious scripts which might open up complete website when executed on server. If it is too important to upload files, then they must be fully scanned before getting uploaded.
Secured Socket Layer (SSL): This is a protocol which is used to safeguard the applications over internet. While passing confidential information between web server and website, it is good practice to make use of secured socket layer. These are useful in e-commerce websites, where payment gateway is used.
Website Security Tools: After implementing all the website security measures it is essential to check the security of our website. Various tools are available in market for checking this: Netsparker, openVAS etc. (Creativebloq.com, 2015).

Recommendations to improve security

The algorithm that will be selected for encrypting the password as implemented in the website should be rigorously tested to ensure that it will not be easily compromised by attackers.
Web applications should be designed to comply with the security policy of every organization. Such design should be reviewed from time to time.
In addition, to avoid sudden denial of services on the network, there should be maximum size of files that can be uploaded and transported across the website. This will help to regulate the possibility of suddenly utilizing the available resources on the network.

For complete copy of this solution, order from Assignment Help