issuhub.com

CEH

(Jeff_L) #1

312 Chapter 13 ■ Web Servers and Web Applications


Data Layer Responsible for holding the data and information for the application as

a whole

All of these layers depend on the technology brought to the table in the form of the

World Wide Web, HTML, and HTTP. HTTP is the main protocol used to facilitate

communication between clients and servers, and it operates over port 80. However, other

protocols are sometimes used.

HTTPS (HTTP employing encryption mechanisms) can be used to protect

data in transit. This approach is common in applications such as webmail

and e-commerce.

Web applications make heavy use of an underlying web server technology such as

Microsoft’s Internet Information Services (IIS), Apache Server, and Oracle’s iPlanet Web

Server. Resources such as web pages are requested via the stateless HTTP protocol. The

client provides a uniform resource identifier (URI), which tells the server what information

is being requested and what to return.

Stateless refers to the fact that the protocol does not keep track of session

information from one connection to the next. In fact, each communication

in HTTP is treated as a separate connection.

Another common component of web applications is the feature known as cookies. A

cookie is a file stored on a client system that is used as a token by applications to store

information of some type (depending on the application). As far as applications are

concerned, cookies are a common element, but from a security standpoint they are viewed

as a liability since they can be easily copied.

Cookies emerged as a solution to the problems web developers

experienced with their websites. Cookies allow the owner and developer

of a site to store information on a client system. This information enables

a site to remember the state of the browser as well as store session

information. When a browser is used to visit a site, it will have a cookie

with a unique ID stored on its system. On subsequent visits, this ID will

allow the site to remember the visitor.

Another issue with web applications is vulnerability. No matter how strong the

security policy or standards, every web application is vulnerable to attack and suffers from

flaws. Attacks such as SQL injection, cross-site scripting (XSS), and session hijacking can

take place.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.