Java

Browser exploit

2008-10-18T04:40:44-06:00

A browser exploit is a short piece of code that exploits a software bug in a web browser such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a virus or install spyware. Malicious code may exploit HTML, JavaScript, Images, ActiveX, Java and other internet technologies. HTML alone is harmless (can only crash browser in some cases on vulnerable web browsers), however, in conjunction with malicious ActiveX or Java code, it can potentially freeze or crash a browser, or even crash the computer running that browser.

The term "browser exploit" can also refer to the actual bug in the browser code.

Browser exploits families

Cross Zone Scripting exploits vulnerabilities related to the "zone" concept in some browsers; i.e. a page in "Internet zone" is able to initate execution with "Local Computer", "Local Intranet" or "Trusted Sites" zone privileges.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Video: Google Chrome exploit et DOS 0 day

Web design

2008-07-24T02:16:05-06:00

Web design is a process of conceptualization, planning, modeling, and execution of electronic media delivery via Internet in the form of Markup language suitable for interpretation by Web browser and display as Graphical user interface (GUI).

The intent of web design is to create a web site -- a collection of electronic files that reside on a web server/servers and present content and interactive features/interfaces to the end user in form of Web pages once requested. Such elements as text, bit-mapped images (GIFs, JPEGs, PNGs), forms can be placed on the page using HTML/XHTML/XML tags. Displaying more complex media (vector graphics, animations, videos, sounds) requires plug-ins such as Flash, QuickTime, Java run-time environment, etc. Plug-ins are also embedded into web page by using HTML/XHTML tags.

Improvements in browsers' compliance with W3C standards prompted a widespread acceptance and usage of XHTML/XML in conjunction with Cascading Style Sheets (CSS) to position and manipulate web page elements and objects. Latest standards and proposals aim at leading to browsers' ability to deliver a wide variety of media and accessibility options to the client possibly without employing plug-ins.

Typically web pages are classified as static or dynamic.

Static pages don’t change content and layout with every request unless a human (web master/programmer) manually updates the page.

Dynamic pages adapt their content and/or appearance depending on end-user’s input/interaction or changes in the computing environment (user, time, database modifications, etc.) Content can be changed on the client side (end-user's computer) by using client-side scripting languages (JavaScript, JScript, Actionscript, etc.) to alter DOM elements (DHTML). Dynamic content is often compiled on the server utilizing server-side scripting languages (Perl, PHP, ASP, JSP, ColdFusion, etc.). Both approaches are usually used in complex applications.

With growing specialization in the information technology field there is a strong tendency to draw a clear line between web design and web development.

History

Tim Berners-Lee, the inventor of the World Wide Web, published a website in August 1991.[1] Berners-Lee was the first to combine Internet communication (which had been carrying email and the Usenet for decades) with hypertext (which had also been around for decades, but limited to browsing information stored on a single computer, such as interactive CD-ROM design).

Websites are written in a markup language called HTML, and early versions of HTML were very basic, only giving websites basic structure (headings and paragraphs), and the ability to link using hypertext. This was new and different to existing forms of communication - users could easily navigate to other pages by following hyperlinks from page to page.

As the Web and web design progressed, the markup language used to make it became more complex and flexible, giving the ability to add objects like images and tables to a page. Features like tables, which were originally intended to be used to display tabular information, were soon subverted for use as invisible layout devices. With the advent of Cascading Style Sheets (CSS), table-based layout is increasingly regarded as outdated. Database integration technologies such as server-side scripting and design standards like CSS further changed and enhanced the way the Web is made.

The introduction of Macromedia Flash (now Adobe Flash) into an already interactivity-ready scene has further changed the face of the Web, giving new power to designers and media creators, and offering new interactivity features to users, often at the expense of usability for persons with disabilities, search engine visibility and browser functions available to HTML.

Links

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Web development

2008-06-08T06:04:52-06:00

Web development is a broad term for any activities related to developing a web site for the World Wide Web or an intranet. This can include e-commerce business development, web design, web content development, client-side/server-side coding, and web server configuration. However, among web professionals, "web development" usually refers only to the non-design aspects of building web sites, e.g. writing markup and coding. Web development can range from developing the simplest static single page of plain text to the most complex web-based internet applications, electronic businesses, or social network services.

For larger businesses and organizations, web development teams can consist of hundreds of people. Smaller organizations may only require a single permanent or contracting webmaster, or secondary assignment to related job positions such as a graphic designer and/or Information systems technician. Web development may be a collaborative effort between departments rather than the domain of a designated department.

Web development as an industry

Since the mid-1990s, web development has been one of the fastest growing industries in the world. In 1995 there were fewer than 10,000 web development companies in the United States alone and in 2005 there are over 30,000 such companies.[1] The web development industry is expected to grow over 20% by 2010. The growth of this industry is being pushed by large businesses wishing to sell products and services to their customers and to automate business workflow, as well as the growth of many small web design and development companies.

In addition, cost of Web site development and hosting has dropped dramatically during this time. Instead of costing tens of thousands of dollars, as was the case for early websites, one can now develop a simple web site for less than a thousand dollars, depending on the complexity and amount of content. Smaller Web site development companies are now able to make web design accessible to both smaller companies and individuals further fueling the growth of the web development industry. As far as web development tools and platforms are concerned, there are many systems available to the public free of charge to aid in development. A popular example is the LAMP (Linux, Apache, MySQL, PHP), which is usually distributed free of charge. This fact alone has manifested into many people around the globe setting up new Web sites daily and thus contributing to increase in web development popularity. Another contributing factor has been the rise of easy to use WYSIWYG web development software, most prominently Microsoft FrontPage or Adobe Dreamweaver. Using such software, virtually anyone can develop a Web page in a matter of minutes. Knowledge of HyperText Markup Language (HTML), or other programming languages is not required, but recommended for professional results.

The next generation of web development tools uses the strong growth in LAMP and Microsoft .NET technologies to provide the Web as a way to run applications online. Web developers now help to deliver applications as Web services which were traditionally only available as applications on a desk based computer.

Instead of running executable code on a local computer, users are interacting with online applications to create new content. This has created new methods in communication and allowed for many opportunities to decentralize information and media distribution. Users are now able to interact with applications from many locations, instead of being tied to a specific workstation for their application environment.

Examples of dramatic transformation in communication and commerce led by web development include e-commerce. Online auction sites such as eBay have changed the way consumers consume and purchase goods and services. Online resellers such as Amazon.com and Buy.com (among many, many others) have transformed the shopping and bargain hunting experience for many consumers. Another good example of transformative communication led by web development is the blog. Web applications such as WordPress and b2evolution have created easily implemented blog environments for individual Web sites. Open source content systems such as Typo3, Xoops, Joomla, and Drupal have extended web development into new modes of interaction and communication.

Typical Areas

Web Development can be split into many areas and a typical and basic web development hierarchy might consist of;

Client Side Coding
- CSS
- XHTML (in accordance to modern web design standards, XHTML's use is replacing the older HTML)
- Javascript
Server Side Coding
- PHP and MySQL
- ASP and MSSQL
- ASP.NET and MSSQL
- CGI and/or Perl
- Java, e.g. J2EE or WebObjects
- Ruby, e.g. Ruby on Rails
- ColdFusion

In practice, many web developers will also have interdiscipinary skills / roles, including:
- Graphic design / web design
- Information architecture and copywriting/copyediting with web usability, accessibility and search engine optimisation in mind
- Project management, QA and other aspects common to IT development in general

The above list is a simple website development hierarchy and can be extended to include all client side and server side aspects. It is still important to remember that web development is generally split up into client side coding covering aspects such as the layout and design, then server side coding, which covers the website's functionality and back end systems.

Looking at these items from an "umbrella approach", client side coding such as XHTML is executed and stored on a local client (in a web browser) whereas server side code is not available to a client and is executed on a web server which generates the appropriate XHTML which is then sent to the client. As the nature of client side coding allows you to alter the HTML on a local client and refresh the pages with updated content (locally), web designers must bear in mind the importance and relavence to security with their server side scripts. If a server side script accepts content from a locally modified client side script, the web development of that page shows poor sanitization with relation to security.

Security

Web development takes into account a lot of things, such as data entry error checking through forms, as well as sanitization of the data that is entered in those fields. Malicious practices such as SQL injection can be executed through users with ill intent yet only primitive knowledge of web development as a whole. Not only this, but scripts can be exploited to grant unauthorized access to the hacker to gain information such as email addresses, passwords and protected content.

Some of this is dependent on the server environment (most commonly Apache or Microsoft IIS) on which the scripting language, such as PHP, Ruby or ASP is running, and therefore is not necessarily down to the web developer themselves to maintain. However, stringent testing of web applications before public release is encouraged to prevent such exploits from occurring.