Vyoms
Bookmark and Share Rss Feeds
Click here to register on Shine.com - India's Fastest growing Job site!
Web Application Security Testing - Part 1 | Articles | Recent Articles | News Article | Interesting Articles | Technology Articles | Articles On Education | Articles On Corporate | Company Articles | College Articles | Articles on Recession
Hot Jobs
leftMenu Bullet Freshers Jobs
leftMenu Bullet Experienced Jobs
leftMenu Bullet Government Jobs
leftMenu Bullet Walkin Jobs
Placement Section
leftMenu Bullet Company Profiles
leftMenu Bullet Interview Questions
leftMenu Bullet Placement Papers
Interview Ebook
Get 9,000+ Interview Questions & Answers in an eBook.
Interview Questions & Answers Kit
  • 9,000+ Interview Questions
  • All Questions Answered
  • 5 FREE Bonuses
  • Free Upgrades
Resources @ VYOMS
leftMenu Bullet Companies In India
leftMenu Bullet Consultants In India
leftMenu Bullet Colleges In India
leftMenu Bullet Exams In India
leftMenu Bullet Latest Results
leftMenu Bullet Notifications In India
leftMenu Bullet Call Centers In India
leftMenu Bullet Training Institutes In India
leftMenu Bullet Job Communities In India
leftMenu Bullet Courses In India
leftMenu Bullet Jobs by Keyskills
leftMenu Bullet Jobs by Functional Areas
Learn @ VYOMS
leftMenu Bullet GATE Preparation
leftMenu Bullet GRE Preparation
leftMenu Bullet GMAT Preparation
IAS Preparation
leftMenu Bullet SAP Preparation
leftMenu Bullet Testing Preparation
leftMenu Bullet MBA Preparation
News @ VYOMS
leftMenu Bullet Freshers News
leftMenu Bullet Job Articles
leftMenu Bullet Latest News

VYOMS TOP EMPLOYERS

Wipro Technologies
Tata Consultancy Services
Accenture
IBM
Satyam
Genpact
Cognizant Technologies

Home » Articles » Web Application Security Testing - Part 1

Web Application Security Testing - Part 1



Search Jobs:
(For ex: Software Testing Jobs, Java Jobs, .Net Jobs)
 


Article Posted On Date : Friday, February 05, 2010


Web Application Security Testing - Part 1
Advertisements

 Web application and Client-Server, are they same? This question is very common in software testing interviews, if you are part of some e-groups related to testing, you might have heard it many times from different people.There are numerous differences in Client-Server and Web application architecture. As a tester if you are testing Web applications, it is important to understand what Client-Server architecture is and how Web is different from traditional Client-Server architecture.
 
Web is a specialized version of client server network, but it has got noticeable differences. In client server network, computing resources are conserved by delegating complex and time consuming task to powerful, expensive computers called server. These server machines are much more powerful in terms of large storage and computing power. They do all the computing and delivers result back to the machines called client over a communication path. Thus client-server architecture comprises of server, client and communication path connecting them.

If you see at the lower level, client server architecture is not that simple. In order to connect two computers, you need network level protocol, you need proper software at client side and server side to send and receive data over network. You need to take care of data loss during transmission, bandwidth issues, dropped connectivity etc. Most of these issues are already addressed by protocols like TCP/IP, UDP, ARP etc. and developers face very little problem in implementing them. These protocols are backbone of the client server architecture.

WWW was developed on top of existing client server architecture. It came into existence as a replacement for FTP and email as a mechanism of sharing files and data. New development in servers to handle more requests, new client software to connect and browse resources on server; new development like HTTP, HTML etc fueled the growth of Web. Main component of the Web architecture is the Web Server, which can serve request from any client. Initially, web started serving static content and soon it was explored for the possibility of doing much more than just static content.

Even though Web is built on top of client server, there are noticeable differences. For example

    * Web is a special case of client server architecture in which fat clients are used to communicate with the server using variety of protocols and standards like HTTP, HTML, XML, SOAP etc.
    * In client server architecture, both client and server exist within the walls of a single company, thus operates in a protected environment. Clients in that case become the trusted user. Web is different, since client can connect server from anywhere thus not a single connection can be treated as trusted.
    * Because client server is typically within a company's firewall, issues related to security are not as important as in Web applications.
    * In client server architecture, clients are controlled as in who can access, how clients will communicate and use server's resources etc. In Web, mostly anyone with a browser can connect to the Web.
    * In client server architecture, every client is known; every request received by server will have information on who originated this request. In Web, users are anonymous thus pose a greater security risk.
    * Web gives more opportunity to malicious users to tamper data at the client side as well as at the network level. Chances of data being tampered in the traditional client server architecture are much lesser as compare to Web.
    * Number of clients that can be connected to the server is predictable and can be controlled in the traditional client server, but it can not be controlled in the Web.
    * Clients are much more controlled in client-server. Which OS they will use, which platform they will run on, what browser will be used every thing can be controlled. In comparison to that, nothing can be controlled in Web.

 Because of the fact that both are different, testing applications in client server, or web will also be different. The main areas where the testing gets affected can be summarized as:

    * Business Logic: Mostly in the cases of Client-Server client side business logic needs to be tested which is mostly not needed in for the web-based applications.
    * Platform / OS Dependence: The web based applications are O/S independent; they just need to be tested on different browsers. The Client-Server applications depend upon the Platform/ OS used, which accentuate their testing on different Platforms and OS.
    * Scalability: Web based Application have to be tested for performance against thousands of simultaneous users. This number will be considerably less for Client Server application
    * Security: This forms an integral part of web based applications but it might be relaxed just a bit for Client Server applications. The reason for this relaxation is based on the fact that the in case of Client-server interaction is taking place mostly between the trusted/known sources which is not the case for web based applications.

 In a nutshell it can be stated that although web-based applications are a special case of client-server applications, yet their testing differ in many areas. All the areas identified above need to be addressed adequately in your testing, specially security since every client connected in the web environment is a potential threat to the system.

Hope with this article you can appreciate the difference between client-server architecture and web application architecture. Also, how testing applications based on these architecture is different from one another. Importance of security testing in the web application testing is also established in this article.

Next article will take this subject further and discuss various techniques and tools to perform security testing for web applications.

These articles are influenced by the book ( "How to Break Web Software" from Mike Andrews and James A. Whittaker ) I have recently read and should be a good read for you if you need information on web application security testing. 



Latest News Alerts
A diabetes breakthrough from India
A team of Indian scientists has discovered a novel form of insulin that could drastically reduce the suffering diabetics face in controlling their blood sugar. For the diabetics, daily painful pinpricks to inject doses of insulin is a routine affair, now in a new discovery scientists claim a single shot of insulin [...]
TamilNadu Open University (TNOU) Distance Education B.ED. Admission 2010
Tamil Nadu Open University (TNOU) ADMISSION NOTIFICATION FOR B.Ed 2010-11 Tamil Nadu Open University Dote Campus Chennai 60025 Website: www.tnou.ac.in B.Ed/B.Ed Special Education (Tamil/English medium) TNOU invites application for admission to Bachelor of Education (B.Ed) (recognized by govt of Tamilnadu, NCTE/DEC) Bachelor of Education in Special Education (B.Ed SE) (recognized by govt of Tamilnadu/RCI, New Delhi) For eligibility [...]
Yeddyurappa rejects CBI probe into illegal mining issue
Even after the high-drama helmet protest by Opposition MLAs, Karnataka CM BS Yeddyurappa on Tuesday rejected the demand of CBI probe into the illegal mining issue, according to reports. Earlier on Monday, raising the pitch on the illegal mining scam, opposition Congress and JD(S) MLAs and MLCs spent the entire night [...]
Cash-less hospitalisation scrapped, patients hit
Insurance companies are scrapping cash-less hospitalisation across the country which is going to affect those in need of medical treatment. Five days ago 34-year-old Nandita was admitted to a hospital with severe anemia. Three days later she has shelled out Rs 70,000 rupees for treatment in cash as despite paying for cashless hospitalisation [...]
KVPY 2010 Kishore Vaigyanik Protsahan Yojana
Applications are invited for KVPY Fellowships for school and college students interested in research careers The department of science and technology, govt of India, offers attractive fellowships (Rs 4000 to Rs 7000 p.m.) and contingency grants (equivalent of four months fellowships per annum) to students studying in XI standard to B.Sc/B.S./Integrated M.Sc [...]
Evening storm lashes Delhi, kills 11
The Capital received the heaviest rainfall of the season on Monday evening. But the respite from three days of heat and sweat was also mired by reports of 11 deaths from across the Capital after the downpour. Six people — two at Dariba Kalan in Chandni Chowk and one at Mori Gate [...]
MS Dhoni signs Rs 200-cr endorsement deal
Team India captain MS Dhoni has signed a 200 crore rupees endorsement deal with a talent management company, taking him past Sachin Tendulkar who earlier held the contract crown. The current deal with a joint venture company, Rhiti Sports Management and Mindscapes One, is for three years. They will manage the Indian skipper’s endorsements [...]
Infosys Profit Unexpectedly Falls After Cut in Prices, Increase in Taxes
Infosys Technologies Ltd., India’s second-largest software exporter, reported profit fell during the first quarter after it cut prices to retain contracts and paid higher taxes. Net income fell 2.6 percent to 14.9 billion rupees ($318 million) in the quarter ended June 30, from 15.3 billion rupees a year earlier, after income taxes [...]


SPONSORS

FREE JOBS NEWSLETTER
3,11,757 [96,218 + 2,15,539] MEMBERS!
Contact Us | Feedback | Link to Us
Copyright © 2001-2009 VYOMS.com. All Rights Reserved. Home | About Us | Jobs | Contact Us | Privacy Policy | Terms & Conditions.
Disclaimer: VYOMS.com has taken all reasonable steps to ensure that information on this site is authentic. Applicants are advised to research bonafides of advertisers independently. VYOMS.com shall not have any responsibility in this regard.
Placement Papers | FREE SMS | C++ Interview Questions | C Interview Questions | Report a Bug | Romantic Shayari | CAT 2009