What are the three distinct pieces of a three-tier client/server system?
Client Tier - web browser
Processing Tier - web server. Handles interaction between the client tier and the data storage tier
Data Storage Tier - data server. Stores data in a database/file system and returns requests presented by the processing tier
What does HTTP stand for?
HyperText Transfer Protocol
What does the phrase ‘HTTP is stateless’ mean?
Treats ever interaction as a new request
No info is passed from on request to another
Only allows a browser to request a single document from a server
What is a URI, and what does it do?
Uniform Resource Identifier
Used to name/identify resources on the web
Pointers to resources that you can request and potentially generate different responses with HTTP
Resources can be anywhere on the Internet
Post popular type is the Uniform Resource Locator (URL)
Explain CRUD
Acronym used to help remember the HTTP Request Methods
Create = Post. Submits data to be processed. Data included in request body.
Read = Get. Requests a representation of the specified resource. Should not be used for operations that cause side effects.
Update = Post. Uploads a representation of the specified resource.
Delete = Delete. Deletes the specified resource.
What is a web application?
Software system that a user runs in browser
Used HTTP to transmit data and allow applications to communicate
All websites do this
What is a web service?
APIs
Software system that supports interoperable machine-to-machine interaction over a network
Examples are Google Analytics and Google Maps API
Two leading methods:
- SOAP
- REST
What is REST, and what are its core features?
Representational State Transfer
A design concept for managing state information in a web service
Messages represented in JSON/XML
Uses HTTP
HTTP verbs (GET etc) are used for access/manipulation commands
URIs used to uniquely identify a message
HTTP authentication for security
No formal method for expressing the interface contract
What is REST, and what are its core features?
Simple Object Access Protocol
A messaging protocol specification for exchanging information using web services
Messages represented in a standardised XML SOAP ‘envelope’
Can be count to various protocols including HTTP and SMTP
Access to and manipulation of data are application specific
Does not describe security, needs to be provided by a developer
XML schemas or Document Type Definitions used to define contract between client and service
Features of server-side scripting
Code resides in a server computer
Server reads code and processes it based on client requests
Creates a HTML web page and other resources
Server sends the result back to the requesting web clients
What is the difference between Web Application Frameworks and Content Management Systems?
Web Application Framework:
- A set of libraries and tools that help build a web app with a fully layered workflow
- Server-Side is mostly MVC based, like Laravel (PHP) and Express (Node.js)
- Client side examples are Bootstrap, React.js and Angular.js
Content Management System:
- Application built to provide rich tools to maintain, organise and add content dynamically to a website
- Examples are Wordpress and Drupal
What are the two most important concepts in web security?
Authentication
- Tell a web app who you are
- Basic HTTP Authentication: transmit credentials as user ID/password pairs, encoded in Base 64
- HTTPS: typically used in conjunction with basic authentication
Authorisation
- Appropriate authorisation level is granted by the web application after successful authentication
- Access to a resource (eg directory on a hard disk) because the permissions configured
Name 4 things you should be testing for when creating a web application
5 of:
Is the site content meaningful?
How easy is it to use the application?
Does the site handle intended activities correctly?
How well does it work on different browsers?
How reliable are the technologies used? Will they be maintained for the foreseeable future?
Do the servers have enough power?
Can the application handle the expected number of users?
