Web Applications

A web application is a website that also contains inherently more interactive elements for users to engage with. The distinctions between web applications and websites are often misunderstood, with the two terms incorrectly being used interchangeably. Websites are accessed through browsers and contain static information and content. A web application uses a browser to perform a specific function, and most are based on client-server architecture.

Websites vs. Web Applications

Websites and web applications are similar and related, with a few key differences. Websites are accessible through browsers (Google Chrome, Mozilla Firefox, etc.), and they are easily navigable for a user to look through and find relevant and informative content like text, images, video, and audio. One major feature of websites is that they remain static, meaning that the content on the page does not update automatically depending on what a user does.^[2] They are essentially one-way information feeds; any user can receive information from a website, but they do not allow a user to communicate back or interact with it.

On the other hand, web applications are two-way information feeds, and are dependent on user interaction for their functions. Web applications are websites that also contain functionality and interactive elements, allowing engagement with the application in a way unique to the user, and in response the web application will display more “customized” information. Due to the wide range of uses for web applications, their development is more complicated, requiring a team of software developers specialized in a range of technologies and programming languages.^[3]

Web applications also rely on software scripts to display the customizable page; they can be thought of as computer software and programs that are accessed through a web browser. The software is interacted with through a web browser, in which the software connects to a database to pull information specific to the user, and also provides interactive buttons and other elements.^[4]

One example of the difference between websites and web applications is the University of Michigan's Website and the University of Michigan’s student enrollment web application, Wolverine Access. The website displays content that remains the same for anyone accessing the page; text, images, and videos are consistent for everyone, and the content on the page is not customized for a specific person. The web application Wolverine Access, on the other hand, provides specific content for individuals. A user is required to log in to the web application with unique credentials, which allows for the application to connect to a database to pull all of the relevant information for that single user. If someone were to log in, they will see their personal course enrollment, payments, and schedules.

The process of logging in to a web application tells the software to display only the content connected to that user in the database, meaning that while anyone can use Wolverine Access to enroll in a course, a user will only be able to see the course enrollment information specific to them, and can modify this information that will continue to be linked solely to them.^[6]

Web Application Deployment

There are many kinds of web applications; while there are hundreds of possibilities for the specific functionality of a web application, they all share a relatively similar development process.

Overview of the Development Process

Regardless of the functionality or use of a web application, the development process contains the same steps. After planning what a web application will do, the development process begins. The first step is to figure out what data will need to be stored when a user engages with the site. Next comes deciding what interactions the user will be capable of having with the application, and planning out what these interactions will look like and what they will do. Finally, once these have been clarified, the software needs to be implemented such that the application can achieve all of its goals. These goals include the functionality of the application, what it will look like in the web browser, and then deployment of the application on the internet so it can be used and interacted with. ^[7]

One example is that of an online shop, where users can log in to put items in their shopping cart and place orders.

Data to be Stored

The answer to this as a whole is completely dependent on the functionality of the web application.^[8] In the example of an online store, at the barebones there are a few essential items. First, a user will need to be able to log in. This means that the application will need to store a username and password, as well as individual account information such as shipping addresses and payment information. Additionally, the application will need to be able to have an inventory of all available items in the store, along with the price and quantity of the items, and possibly a picture for each item, too. The application will also need to keep track of items in a user's cart before they check out, so the user can leave the page and return with their cart still containing items added previously. This means that the application will need to be able to link shopping carts to individual users.^[9]

Deciding User Interactions

In the specific example of an online store, a user will need to be able to search through the inventory of items for sale, click on the item to learn more about it, and finally add it to the cart. Additionally, the application will need to display the various buttons associated with items and add them to a cart. These buttons can have their own styling for cosmetic reasons to make the webpage more visually appealing. All of these interactions will have their own software associated with them.^[10]

Implementing the Software

Once all of these pieces have been decided on, the team of developers will need to create the software that will actually build the page in the desired manner. To do this, there are a wide range of applicable technologies.

Technologies of Web Applications

Programming Languages

There are many programming languages that can be used in web application development. A few are JavaScript, PHP, Python, Ruby, C#, and Java. In many cases, multiple programming languages are used to develop a web application to take advantage of the different strengths of different programming languages. One possible combination is JavaScript on the frontend and Python on the backend. The backend Python code in this scenario might gather relevant data from a database or fetch it from an API and then format it into a data interchange format such as JSON or XML. For instance, an online shop might have its backend Python code track shop inventory or verify a shopper's username and password when they login.^[11]

On the frontend, JavaScript is the most common choice of programming language. JavaScript code enables the creation of dynamic user interactions such as scrolling or automatic refreshing.^[12]JavaScript is used to control the dynamism of the content of the application and enable more complicated layouts and interactions than would be possible from solely using backend code.^[13]

For example, an online shop might use frontend JavaScript code to update a user's shopping cart in real time. When a shopper clicks on the button to add an item to their cart, a JavaScript function may send a request to the backend to update the store's databases accordingly. This allows for the web page to be updated without a potentially tedious page refresh and gives the application a feeling of immediacy, as interactions will be registered and associated content will be updated without delay.

Databases

Databases are the backbone of many web applications, as they allow for the application to persist data even after the application is closed.^[14] Standard Query Language (SQL) is the most common method of interaction with databases.^[15] SQL enables programmers to perform many actions on databases, such as adding new data, updating existing data, reading existing data, or removing old data. Many programming languages such as Python provide libraries that ease the process of working with SQL and databases.^[16]

There are additionally many databases that do not rely on SQL. These so-called "NoSQL" databases include MongoDB and Firebase, both of which rely on the data interchange format JSON to store data, rather than the tabular format typically used by SQL databases.^[17]

Markup Languages

Markup languages are used to outline and style the content for the web application.^[18] The two main markup languages used in web development are HTML and CSS. ^[19]

HTML

Hypertext Markup Language, commonly referred to as HTML, is a markup language that is used to outline and create the structure of a web page’s content.^[20][21] HTML is composed of many “tags” that represent different elements on a web page. A few of these tags are the “a” tag representing hyperlinks, the “p” tag representing a paragraph of text, and the “img” tag representing an image.^[20][21] Most, but not all, of these tags can be nested inside other HTML tags to indicate that that particular tag is a child of its outer parent tag. For example, an “a” tag may be nested inside a “p” tag to indicate that a few words inside a paragraph should link to an external website. Certain tags, such as the “img” image tag or the “br” line break tag, cannot have other tags nested within them.^[20] HTML tags can contain attributes that describe additional information about them. Some attributes are mandatory while others are optional. For example, the “img” tag must always have a “src” attribute to indicate the source of the image it will display. However, the “width” and “height” attributes that describe the intended dimensions of the image on the web page are optional, and the browser will still render the image without them.^[20]

CSS

Cascading Style Sheets, commonly referred to as CSS, is a markup language used to add styling and layout to a web page.^[23][24] CSS allows developers to describe styling properties of HTML tags. For example, CSS can be used to change the color of the text on a web page or used to make an image stick to the right side of the screen.^[23][24] CSS rules are composed of two parts - the selector and the declaration block. The selector is used to select the specific HTML tags on the page that will be styled by each CSS rule. The declaration block contains the various CSS properties that are being changed by the developer in order to style the web page.^[23][24]

CSS can be included on a webpage in three ways.^[23][24] Firstly, HTML tags can be directly styled by including semicolon-separated CSS properties in their “style” attribute. Secondly, CSS can be written inside an HTML file by adding “style” tags and writing valid CSS inside of them. Finally, the most recommended way to include CSS is by writing CSS in separate “.css” files and including them in HTML files by adding “link” tags with their “href” attribute set to the path to a “.css” file. This method allows CSS to be easily reused across multiple HTML files.^[23][24]

CMS/Frameworks

Although web applications can be coded from scratch, many tools exist to make the process of developing web applications easier and more consistent from project to project. Two such categories of tools are Content Management Systems and Frameworks.

Content management systems (CMS) are software applications that enable users to create, edit, collaborate on, publish, and store digital content. ^[26] A CMS provides a graphical user interface so that users without significant programming expertise can more easily create web content. While the user still needs to write some HTML, CSS, and Javascript code, a CMS can provide tools that handle more complicated procedures like database queries and application infrastructure creation.^[27] Benefits of using a CMS include ease of use, management of content, and accessibility, as well as availability for those who are not experienced web developers but still want to create web applications.^[28] The downside of using a CMS is that a user is limited in creative freedom when designing their web applications. A CMS may only allow certain pre-determined templates and structures to users to maintain consistency and alleviate security risks. Some popular content management systems include WordPress, Joomla, and Drupal. In addition, certain other specialized software like Shopify or MediaWiki are often also categorized as CMS's.^[29]

Web application frameworks are software that are designed to support the development of web applications. Frameworks offer simpler and standardized methods of developing common web application features such as user authentication or database integration without the possible missteps and faults that can arise from coding certain features from scratch. ^[30] Frameworks typically provide a set of libraries and tools that help with creating unique features, enabling the creation of a highly customizable environment and reusable components. Unlike a CMS, a framework still requires the user to have a fair amount of programming expertise as they must code all facets of their web applications on their own. ^[31]

Frameworks are offered for both user-facing (frontend) development and database/infrastructural (backend) development. Many frameworks also provide methods to ease the process of communication between the frontend and backend of a web application. Some popular frontend web frameworks include Angular, React, and Vue (all JavaScript). Some popular backend frameworks include Express (JavaScript), Django (Python), Rails (Ruby), and Spring (Java). ^[32]

Deployment

Once a web application has been developed, it needs to be deployed on the internet for users to access. Because a web application is software that is accessed through a web browser, the software itself needs to be stored in a place that is accessible to the entire internet.^[34] Amazon Web Services (AWS) is one of the most common web-hosting platforms, and can be used to store web application code so that it is easily accessed through a web browser. Many large companies like Netflix and Adobe rely on AWS to host their web applications.^[35] There are many technologies like Docker and Kubernetes that can help in the process of deploying a web application. All deployment technologies have strengths and weaknesses, and the best combination of technologies and hosting providers is dependent on the specific circumstances surrounding each individual web application.

Cybersecurity Concerns

As web applications typically utilize client-server architecture and store information specific to each user, they are at risk of potentially sensitive information being leaked and require the implementation of cybersecurity measures. There are many types of cybersecurity attacks and a few are outlined below in addition to some case studies.

Case Studies

Large web services company Yahoo admitted to a cybersecurity attack occurring in 2014 in which user account information of 500 million users was stolen and offered on the dark web; information stolen may have included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.^[37]

Credit reporting company Equifax also admitted to suffering a cybersecurity attack in 2017, where personal data such as names, birth dates, social insurance numbers, and driver's license numbers of 143 million customers was leaked.^[38]

In 2020, popular web application Twitter suffered security breaches of high-profile accounts hosted on the site, in which hackers took over accounts of public figures like Barack Obama, Elon Musk, and Bill Gates to promote a Bitcoin scam. CEO of cybersecurity firm SocialProofSecurity stated it was likely one of the largest attacks Twitter had seen.^[39]

SQL Injection

Due to the client-server interactions that web applications have, they can remain vulnerable to different kinds of attacks. The most common attack is known as SQL Injection. ^[41] Often times web applications have forms or fields in the page where users input information like usernames, passwords, captions or comments. When a user enters and submits this information, the software behind the web application will translate the inputted information into an SQL command, which then interacts with the web application's databases to store or use that information.

SQL injection works by taking advantage of this text-to-command translation process, and attempts to input data in the format of an SQL command. If done correctly, the software may accidentally interpret the inputted password as an SQL command itself, which will then perform malicious actions on the database, like leaking or deleting data.^[42] Sometimes, these SQL injections happen incidentally, as was the case when a woman named Rachel True typed her name into the iCloud website. The software responsible for parsing the name interpreted the last name "True" as a boolean variable instead of a name, which caused iCloud to crash on her computer.^[43]

Cross-Site Scripting

Web applications often use JavaScript code that is embedded in web pages to support instant user interaction (dynamic client-side pages). ^[44] The browser reads this embedded JavaScript code from the web page and executes it in the context of the user’s web browser. There are some security mechanisms that limit code to access only resources associated with its origin site, but a user can be lured into downloading malicious JavaScript code from an intermediate site which can then access all resources belonging to that site. These cross-site scripting (XSS) attacks are generally easy to execute but difficult to detect and prevent and can leak sensitive information and data on users. A 2006 tool, Noxes, attempts to automatically generate rules to mitigate possible XSS attempts.

However, these attacks are still possible and can lead to malicious intent. With XSS, the attacker can steal an Internet user’s cookies and use a website under a victim’s account with all of their saved information. ^[45] Over 250 million people on the Internet use webmail applications, and most retail, banking, and auction sites use cookies for authentication purposes, demonstrating the scale to which XSS attacks could be exploited.

Denial of Service (DoS)

The goal of Denial of Service (DoS) attacks is to overflow user and kernel domain buffers - many signals are sent to a receiver and reception at the receiver or transmission at the sender is interfered due “jamming” signals. ^[46] The adversary or saboteur can continually transmit electromagnetic energy on the medium to degrade the wireless network and web application performance significantly and block any communication between two wireless capable nodes. There are Intrusion Prevention Systems that try to prevent this jamming by either avoiding or fighting against the malicious entities, but many DoS attacks can still occur.

Man-In-The-Middle

Man-In-The-Middle (MITM) attacks are one of the biggest concerns for security professionals - they target data that flows between two communication points and the confidentiality and integrity of that data. ^[48] There are a number of specific ways in which MITM attacks can be exploited, but the general format is the attacker has access to the communication channel between two communicating endpoints and can manipulate their messages. Each endpoint is unaware that there is an attacker in the middle and it appears as if they are communicating normally. These attacks allow for manipulation of data flow in terms of modifying, changing, or replacing the target victim’s communication traffic and leaking potentially sensitive information and data.

Sensitive Data Exposure

Sensitive data exposure is when an application, company, or other entity inadvertently exposes personal data.^[49] This differs from a security breach, where a breach is when an attacker access and steals information without authorization.^[50] Given a large portion of web applications store data regarding its users, sensitive data exposure occurs when said data in the database do not undergo strong encryption or if there are software flaws. How much a company is subject to sensitive data exposure depends on the methodology a company handles information regarding their users, which may include information about banking account numbers, healthcare data, home addresses, etc. ^[51] The most basic practice of securing data is using SSL and HTTPS security on web pages. ^[52]

A prime example of potential sensitive data exposure is the concern surrounding the practice of storing passwords in plain text without encryption. In 2019, hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by Facebook employees. Although it was reported that no employee abused this data, it was a notable event of sensitive data exposure. ^[53]

Broken Access Control

Broken access control refers to users that act outside of intended permissions that is typically enforced in access control policies, leading to unauthorized information disclosure, modification of data, and performing business function outside the limits of the user. ^[54]For example, a user acts as an admin without being logged in as the admin or the user manipulates with other user's data logged in as the user. Access control policies usually become broken when developers misconfigure access at the functional level, resulting in gaps that let attackers assume admin roles.^[55]

In 2017, erroneous logic in Shopify's web app was found where an attacker could be granted collaborator access to any shop without authentication, to which Shopify closed the bug with a 20k bounty. ^[56] Another example is when Uber failed to limit business ride endpoints, allowing an attacker to brute force business accounts and take rides on behalf of the business. ^[57]

References

1. ↑ “Web Applications- Brucke Innovations.” Brucke Innovations, bruckeinnovations.com/Services/Web-Applications. Accessed 26 Mar. 2021.
2. ↑ Designs, Essential. “Website vs Web App: What's the Difference?” Medium, Medium, 26 July 2019, medium.com/@essentialdesign/website-vs-web-app-whats-the-difference-e499b18b60b4.
3. ↑ Nations, Daniel. “What Exactly Is a Web Application?” Lifewire, 25 June 2020, www.lifewire.com/what-is-a-web-application-3486637.
4. ↑ Collins, Victoria. “The Decline Of The Native App And The Rise Of The Web App.” Forbes, Forbes Magazine, 17 June 2019, www.forbes.com/sites/victoriacollins/2019/04/05/why-you-dont-need-to-make-an-app-a-guide-for-startups-who-want-to-make-an-app/?sh=1707c9f16e63.
5. ↑ Iverson, J. (2020, May 8). Preview the new Wolverine Access. Michigan ITS. https://michigan.it.umich.edu/news/2020/05/08/preview-the-new-wolverine-access/
6. ↑ altexsoft.com. “Web Application Architecture: How the Web Works” altexsoft.com, 25 July 2019, https://www.altexsoft.com/blog/engineering/web-application-architecture-how-the-web-works/.
7. ↑ Chen, Matthew. “Understanding the Web Application Deployment Process.” Medium, Medium, 20 Nov. 2019, medium.com/@tian3401/understanding-the-web-application-deployment-process-8b7017e99c10.
8. ↑ Gaboesquivel.com. “Choosing the Data Store for Your Web App.” Gaboesquivel.com, gaboesquivel.com/blog/2013/choosing-the-data-store-for-your-web-app/.
9. ↑ Ouellet, Charles. “How to Build an e-Commerce Shop with Python, Django, & Wagtail.” Medium, FreeCodeCamp.org, 7 Feb. 2019, medium.com/free-code-camp/how-to-build-an-e-commerce-shop-with-python-django-wagtail-3dd2043f89e7.
10. ↑ About The AuthorThe Smashing team loves high-quality content and cares about the little details. Through our online articles, et al. “User Interface Design in Modern Web Applications.” Smashing Magazine, 28 Sept. 2011, www.smashingmagazine.com/user-interface-design-in-modern-web-applications/.
11. ↑ Bruess, Martin. “Python Web Applications: Deploy Your Script as a Flask App.” Real Python, Real Python, 26 Feb. 2021, realpython.com/python-web-applications/.
12. ↑ AirbnbEng. “Isomorphic JavaScript: The Future of Web Apps - Airbnb Engineering & Data Science.” Medium, 20 June 2018, medium.com/airbnb-engineering/isomorphic-javascript-the-future-of-web-apps-10882b7a2ebc.
13. ↑ Hack Reactor. “What Is JavaScript Used For?” Hack Reactor, 18 Oct. 2018, www.hackreactor.com/blog/what-is-javascript-used-for.
14. ↑ “Choosing a Database for Your Web Application.” Future Hosting, 11 Sept. 2019, www.futurehosting.com/blog/choosing-a-database-for-your-web-application/.
15. ↑ Heller, Martin. “What Is SQL? The Lingua Franca of Data Analysis.” InfoWorld, InfoWorld, 1 Nov. 2019, www.infoworld.com/article/3219795/what-is-sql-the-lingua-franca-of-data-analysis.html.
16. ↑ Malik, Usman. “Introduction to Python SQL Libraries.” Real Python, 8 Jan. 2021, realpython.com/python-sql-libraries.
17. ↑ Choudhury, Ambika. “10 Most Used Databases by Developers in 2020.” analysticsindiamag.com, 25 August 2020, https://analyticsindiamag.com/10-most-used-databases-by-developers-in-2020/
18. ↑ Kyrnin, Jennifer. “What Are Markup Languages?” Lifewire, 6 Mar. 2020, www.lifewire.com/what-are-markup-languages-3468655.
19. ↑ “What Is HTML? The Basics of Hypertext Markup Language Explained.” Hostinger Tutorials, 25 Nov. 2019, www.hostinger.com/tutorials/what-is-html.
20. ↑ ^{20.0 20.1 20.2 20.3 20.4} Still, J. (2021, February 2). What is HTML? What you should know about the most popular markup language on the internet. Business Insider. https://www.businessinsider.com/what-is-html
21. ↑ ^{21.0 21.1} Balakrishnan, V. (2020, April 30). HTML: The origin and evolution as a major markup language. JAXenter. https://jaxenter.com/html-origin-171035.html
22. ↑ Agarwal, M. (2008, December 8). Creating styles in Expression Web. DotNetCurry. https://www.dotnetcurry.com/ShowArticle.aspx?ID=79
23. ↑ ^{23.0 23.1 23.2 23.3 23.4} Jeffcoat, D. (2020, April 9). What is CSS? An Intro to Cascading Style Sheets. Career Karma. https://careerkarma.com/blog/what-is-css/
24. ↑ ^{24.0 24.1 24.2 24.3 24.4} Shoemaker, C. (2020, June 18). Introduction to Cascading Style Sheets. CODE Magazine. https://www.codemag.com/Article/0509031/Introduction-to-Cascading-Style-Sheets
25. ↑ Briones, J. (2014, July 28). How to Login to the Joomla Admin Panel. Web Hosting Hub. https://www.webhostinghub.com/help/learn/website/joomla/joomla-login
26. ↑ Amsler, S., & Churchville, F. (2021, February 2). content management system (CMS). SearchContentManagement. https://searchcontentmanagement.techtarget.com/definition/content-management-system-CMS
27. ↑ Amsler, S., & Churchville, F. (2021, February 2). content management system (CMS). SearchContentManagement. https://searchcontentmanagement.techtarget.com/definition/content-management-system-CMS
28. ↑ Pros and Cons of a Content Management System (CMS). (n.d.). Fireside Agency. https://www.firesideagency.ca/website-design-development/pros-and-cons-of-a-content-management-system-cms/
29. ↑ P. (2020, October 9). What Is a Content Management System (CMS)? Plus 7 CMS You Need to Know. . . ThemeIsle Blog. https://themeisle.com/blog/what-is-a-content-management-system-cms/
30. ↑ I. (2019, August 6). What are web frameworks and why you need them? - Intelegain. Medium. https://intelegain-technologies.medium.com/what-are-web-frameworks-and-why-you-need-them-c4e8806bd0fb
31. ↑ I. (2019, August 6). What are web frameworks and why you need them? - Intelegain. Medium. https://intelegain-technologies.medium.com/what-are-web-frameworks-and-why-you-need-them-c4e8806bd0fb
32. ↑ Goel, A., S., A., M., Gold, M., Ashikuzzaman, M., G., .NET CORE, P., A., P., S., A., & Joel, C. (n.d.). 10 Best Web Development Frameworks to Use in 2021 [Updated]. Hackr.Io. https://hackr.io/blog/web-development-frameworks
33. ↑ Vijayakumar, N. (2020, April 24). AWS Launches SaaS Integration Service Amazon AppFlow. NFA Post. https://thenfapost.com/2020/04/24/aws-launches-saas-integration-service-amazon-appflow/
34. ↑ Johnston, Joe. “A Beginners Guide to Web Application Development (2021).” Budibase, Budibase, 25 Feb. 2021, www.budibase.com/blog/web-application-development/.
35. ↑ “What Is AWS.” Amazon Web Services, Amazon, 1917, aws.amazon.com/what-is-aws/.
36. ↑ Bernard, Z. (2017, November 22). How Uber reportedly tried to keep the lid on the data breach that affected 57 million people. Business Insider. https://www.businessinsider.com/how-uber-covered-up-data-breach-hack-affected-57-million-people-report-2017-11
37. ↑ Brewester, Thomas. “Yahoo Admits 500 Million Hit in 2014 Breach.” forbes.com, 22 September 2016, https://www.forbes.com/sites/thomasbrewster/2016/09/22/yahoo-500-million-hacked-by-nation-state/?sh=4ea6394a6dcb/
38. ↑ Ballal, Srikanth K. “Web Application Security Best Practices: A Developer's Guide.” seurityintelligence.com, 5 October 2020, https://securityintelligence.com/posts/web-application-security-best-practices-developers-guide/
39. ↑ Leswing, Kif. “Hackers targeted Twitter employees to hijack accounts of Elon Musk, Joe Biden and others in digital currency scam.” cnbc.com, 5 July 2020, https://www.cnbc.com/2020/07/15/hackers-appear-to-target-twitter-accounts-of-elon-musk-bill-gates-others-in-digital-currency-scam.html/
40. ↑ Klein, E. (2019, June 19). How to Defend Your Business Against SQL Injections. Logz.io. https://logz.io/blog/defend-against-sql-injections/
41. ↑ “SQL Injection | OWASP.” Open Web Application Security Project, owasp.org/www-community/attacks/SQL_Injection. Accessed 26 Mar. 2021.
42. ↑ Security, Penta. “How Do SQL Injection Attacks Work and How to Prevent Them?” Penta Security Systems Inc., 14 Dec. 2020, www.pentasecurity.com/blog/how-sql-injection-attacks-work.
43. ↑ True,Rachel(RachelTrue)."Anyone else getting this error from Apple iCloud ? In past or now? I’m 6 months deep freeze & looking for any help. I rem dead coding languages like kobalt.. & this seems like an Apple coding issue — not hardware" 26 February 2021. Tweet
44. ↑ Kirda, Engin, et al. "Noxes: a client-side solution for mitigating cross-site scripting attacks." Proceedings of the 2006 ACM symposium on Applied computing. 2006.
45. ↑ Endler, David. The evolution of cross site scripting attacks. Technical report, iDEFENSE Labs, 2002.
46. ↑ Pelechrinis, Konstantinos, Marios Iliofotou, and Srikanth V. Krishnamurthy. "Denial of service attacks in wireless networks: The case of jammers." IEEE Communications surveys & tutorials 13.2 (2010): 245-257.
47. ↑ Conti, Mauro, Nicola Dragoni, and Viktor Lesyk. "A survey of man in the middle attacks." IEEE Communications Surveys & Tutorials 18.3 (2016): 2027-2051.
48. ↑ Conti, Mauro, Nicola Dragoni, and Viktor Lesyk. "A survey of man in the middle attacks." IEEE Communications Surveys & Tutorials 18.3 (2016): 2027-2051
49. ↑ D. (2021, March 4). OWASP TOP 10: Sensitive Data Exposure. Detectify Blog. https://blog.detectify.com/2016/07/01/owasp-top-10-sensitive-data-exposure-6/
50. ↑ Sensitive data exposure: What is it and how it's different from a. . . (n.d.). US Norton. https://us.norton.com/internetsecurity-privacy-sensitive-data-exposure-how-its-different-from-data-breach.html
51. ↑ Sensitive data exposure: What is it and how it's different from a. . . (n.d.). US Norton. https://us.norton.com/internetsecurity-privacy-sensitive-data-exposure-how-its-different-from-data-breach.html
52. ↑ D. (2021, March 4). OWASP TOP 10: Sensitive Data Exposure. Detectify Blog. https://blog.detectify.com/2016/07/01/owasp-top-10-sensitive-data-exposure-6/
53. ↑ Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years. (2019, March 23). Krebson Security. https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/
54. ↑ What is and how to prevent Broken Access Control | OWASP Top 10 (A5). (n.d.). HDiv Security. https://hdivsecurity.com/owasp-broken-access-control
55. ↑ Security, C. (n.d.). Broken Access Control. C Security. https://www.contrastsecurity.com/knowledge-hub/glossary/broken-access-control
56. ↑ Shopify disclosed on HackerOne: Shopify admin authentication bypass. . . (n.d.). HackerOne. https://hackerone.com/reports/270981
57. ↑ Uber disclosed on HackerOne: No rate limiting on. . . (n.d.). HackerOne. https://hackerone.com/reports/281344