Learning outcome LO1. 1. Understand the concepts of web application development. (Assignment 1)

Similar documents
Security issues. Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith

FB Image Contest. Users Manual

PHPBasket 4 Administrator Documentation

Web Applications Development

WEBSITES PUBLISHING. Website is published by uploading files on the remote server which is provided by the hosting company.

11 Most Common. WordPress Mistakes. And how to fix them

The following pages within this guide will explain to you stepby-step how to set up your sites.

Client Side Scripting. The Bookshop

Breakdown of Some Common Website Components and Their Costs.

Website/Blog Admin Using WordPress

If you like this guide and you want to support the community, you can sign up as a Founding Member here:

: : FULL-FEATURE LISTING

Locate your Advanced Tools and Applications

Unit code: R/601/1288 QCF Level 4: BTEC Higher National Credit value: 15

CURZON PR BUYER S GUIDE WEBSITE DEVELOPMENT

Amazon Marketing Services User Guide

ONLINE EVALUATION FOR: Company Name

VIVVO CMS Plug-in Manual

Contents. Acknowledgments

Webshop Plus! v Pablo Software Solutions DB Technosystems

All India Council For Research & Training

(toll free) Website Wizards Website0Wizard

ParaChat v9.12 Hosted Documentation - PDF

Dreamweaver MX The Basics

Powered by. start guide. Discover what you can achieve with Easy Website In A Box

Basic & Pro Resellers

Web Hosting Control Panel

Table of Contents. 1. Introduction 1. 1 Overview Business Context Glossary...3

Analysis, Dekalb Roofing Company Web Site

to Stay Out of the Spam Folder

User Manual. version 1.6-r1

Quick Online Shop Documentation

All-In-One Cloud-Based Blaster

Introduction. Installation. Version 2 Installation & User Guide. In the following steps you will:

Legal Notice: COPYRIGHT: Copyright 2012 Hitman Advertising, all rights reserved. LIMITS OF LIABILITY / DISCLAIMER OF WARRANTY:

Our goal is to help you create, manage and grow your successful online business. We offer a full range of website design and development services.

Telkomtelstra Corporate Website Increase a Business Experience through telkomtelstra Website

MARKETING VOL. 3

Efed Management Suite

Easy List Building System

Architecture. Steven M. Bellovin October 31,

Resellers Guide Managing your Reseller Account

Quick Start to Web Version

3. WWW and HTTP. Fig.3.1 Architecture of WWW

Strong signs your website needs a professional redesign

How to Stay Compliant with SMS Marketing

How many people are online? As of Sept. 2002: an educated guess suggests: World Total: million. Internet. Types of Computers on Internet

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

Custom Fields With Virtuemart 2. Simple Custom Fields. Creating a Custom Field Type

This document is for informational purposes only. PowerMapper Software makes no warranties, express or implied in this document.

IT & DATA SECURITY BREACH PREVENTION

Data locations. For our hosted(saas) solution the servers are located in Dallas(USA), London(UK), Sydney(Australia) and Frankfurt(Germany).

Author: Group 03 Yuly Suvorov, Luke Harvey, Ben Holland, Jordan Cook, Michael Higdon. All Completed SRS2 Steps

THE DEFINITIVE GUIDE

Blog site (cont.) theme, 202 view creations, 205 Browser tools, 196 Buytaert, Dries, 185

GOOGLE ANALYTICS 101 INCREASE TRAFFIC AND PROFITS WITH GOOGLE ANALYTICS

SEO For Security Guard Companies

Web Hosting Control Panel

Introduction. The website. E-newsletter. Use of cookies

11 Database Management

WIKISYS TECHNOLOGY INTERNSHIP PROGRAM

About the Tutorial. Audience. Prerequisites. Copyright & Disclaimer. Drupal

Website Designs Australia

Developing ASP.NET MVC 4 Web Applications

Page Title is one of the most important ranking factor. Every page on our site should have unique title preferably relevant to keyword.

Get in Touch Module 1 - Core PHP XHTML

ProcessWorld User Guide. (October 2017)

By Paul Botelho WEB HOSTING FALSE POSITIVES AVOIDING SPAM

PLR-MRR-Products.com 1

Smart Bulk SMS & Voice SMS Marketing Script with 2-Way Messaging. Quick-Start Manual

WHICH PLATFORM For My Website

The Ultimate Digital Marketing Glossary (A-Z) what does it all mean? A-Z of Digital Marketing Translation

Introduction to List Building. Introduction to List Building

Marketing & Back Office Management

Creating an with Constant Contact. A step-by-step guide

CONVERSION TRACKING PIXEL GUIDE

Episerver CMS. Editor User Guide

BF Survey Pro User Guide

Website Designing for

Joomla User Guide Ver 3

SEO: SEARCH ENGINE OPTIMISATION

The ebuilders Guide to selecting a Web Designer

Openfolio, LLC Privacy Policy

Accounts and Passwords

About the Tutorial. Audience. Prerequisites. Copyright & Disclaimer. WordPress

Add Your Product to Clickbank

Wordpress Training Manual

We welcome any feedback and suggestions that would make the system easier to use for you. Please us at with your suggestions.

Web Programming Paper Solution (Chapter wise)

21 Lessons Learned From Sending Over 110,000 s

12 Key Steps to Successful Marketing

Joomla 3.X Global Settings Part III Server Settings

ASPPlayground.net Version 3.x User FAQ s v1.0

Advanced Google Local Maps Ranking Strategies for Local SEO Agencies

Guidelines for work on the Genebank KB site

Dealer Reviews Best Practice Guide

eshop Installation and Data Setup Guide for Microsoft Dynamics 365 Business Central

Topics Covered: 6. SSL Certificates. 1. Website Design 2. Domain Names 3. Hosting 4. Data Entry 5. SEO. 7. Website Updates.

Privacy Policy May 2018

A quick guide to... Permission: Single or Double Opt-in?

Transcription:

2015 2016

Phil Smith

Learning outcome LO1 1. Understand the concepts of web application development. (Assignment 1)

Previously We looked at types of users. Site analysis Accessibility Legislation

Today Functionality: functions, eg shopping cart, reserve order, manage user profile, web content management, upload files Scripting languages: server side eg ASP (Active Server Pages), ASP.NET, PHP (Hypertext Preprocessor), JSP (Java Server Pages), Cold Fusion, Perl, Java Applet, Flash; advantages eg faster processing time, data processing, data storage; client side eg JavaScript, VBScript Security: security requirements, eg user accounts, account restrictions, procedures for granting and revoking access, terms of use, system monitoring

Advantages and Disadvantages of Websites Focus on business need. There are several advantages and disadvantages to having a website for your business or limited company. In the modern age, more and more businesses are getting online. Research from Direct Line for Business found that eight million people in the UK are operating as an 'online business from home', either reselling goods for a profit or making their own products to sell. (Feb 2016)

Advantages and Disadvantages of Websites If you don t take your business onto the World Wide Web, you could miss out on potential customers, sales and profits.

Advantages of Websites The first and perhaps most obvious advantage of a business website is the potential for reaching a wider audience. The internet is used by literally millions of people, all of them are looking for something and some of them might be looking for you! Another advantage of having a website is your business information and details about your products and services can be accessed by anyone, no matter where they are on the planet or what time of day it is. The internet is online 24 hours a day, 7 days a week. So even if your business isn t open your website will be!

Advantages of Websites With a website, customers can easily access information about your business. They can see what products or services you sell, your prices, your location and much more. Whatever you decide to tell them, they can find it with a few clicks of a mouse. Once a website is designed, you can keep it up to date to be relevant to your business and encourage more visitors (and potential sales). More and more people are using a blog to promote their business. In fact, research shows that Businesses That Blog Get More Traffic.So using a blog to keep content fresh and attract attention could mean a big difference to your business.

Advantages of Websites You may think of the advantages of a website in terms of advertising and publicity for your business. The costs of having a business website are actually quite low. Having a website for your business is not just an advantage; it s an essential way to protect your business brand online.

Disadvantages of Websites There are a few disadvantages of having a website for your business. Generally though, they are outweighed by numerous advantages. Reliability The information on your website might be unreliable if not updated on a regular basis. You need to ensure that changes are made when necessary and have a disclaimer with regards to the reliability of the information contained within.

Disadvantages of Websites A website that crashes is no good to anyone. This is a serious disadvantage for a business. If your website is constantly crashing or unavailable then people will not be able to find information about your business and you could miss out on potential sales. An unreliable connection could also mean a plummet in a websites search engine ranking. This is the reason why You Need Good Webhosting For Your Business.

Disadvantages of Websites Because of the nature of the internet and the sheer number of businesses already on the World Wide Web, you may find it difficult to reach the right target audience with your website. Competition within your market may be strong and the battle for the illusive No.1 spot on Google maybe a difficult one, against a wealth of other businesses in your sector.

Disadvantages of Websites We all hate spam. The internet equivalent of junk mail. This is one of the disadvantages of a website which can cause you some grief. With a contact form or your e mail address published on your website, you ll soon find your inbox filling up with spam e mails unless you useformguard or a captcha tool.

Disadvantages of Websites Having a website risks attracting bad publicity. If a customer is unhappy with your service or products, then they may feel the need to vent their frustrations online and reference your website in their review/comments. This could be potentially damaging, hurting both your reputation and your search engine ranking.

Disadvantages of Websites Then of course there are Denial of service attacks. Sql injection Phishing etc

Functionality What can websites offer? Functions of web sites shopping cart reserve order (wish lists) manage user profile (for order tracking) web content management (static, dynamic, content, web controls upload files Data files PDF Web pages Web components (e.g. Twitter bootstrap files)

Functionality web content management (static, dynamic content, web controls. Static web pages need to be updated offline inside the actual page template which then has to be re uploaded. Dynamic web pages get their content in real time usually from a database. Changes need only be made in the database, usually by a back end application. Web controls are small panels of dynamic content which can communicate with other panels. This is a feature of Microsoft sharepoint.

Task 1 List the functions used in your web application from unit 14. Is your site static or dynamic?

Scripting languages Server side scripting ASP (Active Server Pages) uses vbscript. ASP.NET (Managed code) PHP (Hypertext Preprocessor) JSP (Java Server Pages) Cold Fusion (creates an exe, similar to activex) Perl Java Applet Flash; advantages e.g. faster processing time, data processing

Scripting languages client side JavaScript, VBScript

Task 2 Setting up our database in MySql. There are three ways we can get our tables and data from Microsoft Access in MySql on the hosting site. 1. Manually 1. Create the same tables in MySql using phpmyadmin. 2. Then either key in the data or 3. Attempt to export the data from Access and then imort into the relevant table in MySql.

Security security requirements user accounts, (Login, profiles) account restrictions (limits based upon level of privilege) procedures for granting and revoking access (Admin rights) terms of use, system monitoring (log files etc) Prevention of cyber attacks.

Security security requirements user accounts, (Login, profiles) E commerce sites need to ensure payment is secure. Use of registration is the norm User enters an email address and password. User is sent an email requesting activation (proves email is valid) User clicks on link in email to activate their account. User can then login.

Security account restrictions. Some users(usually back office workers) can have elevated access rights (Admin). These types of users can have access to all application registrations for various purposes. On blogs and forums some users may have Admin rights (access all areas) Moderator rights (limited rights to certain parts of the application) These are limits based upon level of privilege

Security procedures for granting and revoking access Usually reserved for users with full admin rights. Can for example Suspend registrations and logins. Remove registrations and logins. Reset a users password. Add new registrations and logins. Grant and revoke access to parts of the applications. etc

Security terms of use. Many blog, chat, forums have a terms of use policy which usually the new user will have to accept before being allowed onto the system. E.g. http://www.mywebapplication.com/terms of use/

Security Why is it so important to have written terms and conditions in place when you do business? Here are the seven main reasons. 1. Written terms and conditions help to create certainty as to the agreement. 2. Written terms and conditions help to minimise legal disputes and the chances of you being taken to court. 3. Written terms and conditions help you to cover all of the important matters and not overlook the things that are less obvious. 4. Written terms and conditions help you to enforce your agreement. 5. Written terms and conditions help you to provide good customer service. 6. Written terms and conditions help to avoid mismatched expectations. 7. Written terms and conditions help you comply with the law. http://realbusiness.co.uk/article/12861 why you shouldnt do business without terms and conditions

Security System Monitoring Websites and blogs are becoming an integral part of your brand and business. We live in an information and knowledge economy that values finding information in an increasingly web world. Google will penalize your search results ranking if your site is slow and produces a poor experience for the user. In many industries over 90% of purchasing decisions start with an online search. These two facts alone highlight the importance of ensuring your website is both online and is performing well. If you cannot be found because your website is down you lose credibility, customer leads and sales. http://www.monitor.us/free monitoring features/website uptimemonitoring

Security Prevention of cyber attacks. Clean Browser input. Do not put all files in the root folder. Validate all input on the server. Log suspicious errors.

Clean browser input The problem: Input containing special characters such as! and & could cause the web server to execute an operating system command or have other unexpected behaviour User input stored on the server, such as comments posted to a web discussion program, could contain malicious HTML tags and scripts. When another user views the input, that user's web browser could execute the HTML and scripts.

Clean browser input The solution: never trust any input from a browser. strip unwanted characters, invisible characters and HTML tags from user input

Clean browser input Example Check if the "url" input of the "POST" type exists If the input variable exists, sanitise (take away invalid characters) and store it in the $url variable http://www.w3ååschøøools.com/ becomes http://www.w3schools.com/ PHP has functions to help (so called helper functions) http://php.net/manual/en/filter.filters.sanitize.php e.g. FILTER_SANITIZE_ EMAIL "email" Remove all characters except letters, digits and!#$%&'*+ =?^_`{ }~@.[].

Don t put everything in the html directory on the server The problem Every file in the HTML directory can be accessed by a web browser if the URL is known. If you had a file called dbconnect.php that contained the login details for the database, the name could be easily guessed and then a hacker could navigate directly to it. The solution Put all data files in a directory outside the html directory or its subfolders.

Use POST instead of GET The problem GET sends all form input to the web application as part of the URL If this is a user name or password it can be read http://www.example.com/cgibin/cart.cgi?username=jsmith&password=puppy The solution POST method sends form input in a data stream The data is not visible in the browser location window and is not recorded in web server log files

Validate on the server A hacker can save an HTML form, disable the embedded Javascript which does validation use the modified form to submit bad data back to the web application. the application expects all input validation to have already been done by the web browser and therefore doesn't double check the input

Validate on the server The solution Make sure the server script validates all input. Use Browser scripting for dropdown lists, mandatory entry and basic validation e.g. number entered into a number field.

Log suspicious errors The problem web applications are frequently attacked by hackers Without error logging, you may not know you are being attacked. The solution trap and recover from errors, but also log events that may indicate an attack.

Log suspicious errors Evidence of attack attempts to access a non existent file or one the browser doesn't have privileges to read Detect if a form is submitted with GET instead of POST Forms submitted without required fields (hacker may be using a false copy of the form) Input with.. suggests an attacker is trying to access files with a relative path Requests from multiple IP addresses suggest a denial of service attack

Further reading cross site scripting SQL injection See http://php.net/manual/en/function.htmlentities.php http://www.php.net/manual/en/security.database.sql injection.php

Task 3 Add a users table to your database. E.g. CREATE TABLE user ( userid int not null auto_increment, primary key(userid), loginname varchar(20) not null, password varchar(20) not null, firstnames varchar(50) not null, surname varchar(50), ); Populate your user table with a few logins using phpmyadmin.

Task 4 Add a new field to the users table. Name this field adminuser, make the default 0 (zero) and its datatype is Boolean. Modify one of your users to add a 1 to the adminuser field. This user will have admin rights in your new dynamic application.

Finally You can now do Assignment 1.

What have we learnt today? Over to you?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback