B030710154

Web Application

Web application is an application that can be accessed using a web browser over a network. It is developed using browser-supported language such as HTML, JavaScript, PHP, ASP and etc. We also can use software such as dreamweaver to create a web application. The script produced is then rendered by common web browser. User can access web application anywhere and at any time, but user need to connect to a network connection and there is a web browser installed on the machine. This ease of usage makes web application popular among

internet user. Moreover the ability to update and maintain web applications without distributing and installing software on potentially thousands of client computers contribute to the popularity of the webapp. Nowadays webapp is used for accessing mail, online banking, online shopping, online reservation, wikis and many other functions.

The Open Web Application Security Project (OWASP) is an open community that focuses on improving the security of application software. Anyone can join this community and contribute an idea for developing secure software. OWASP provide free material such as article on secure programming, security testing guide and much more but all of the material is under free software license.

WebGoat

WebGoat is simulation toolkit used to demonstrate how we can exploit the vulnerabilities of a poorly design web application. WebGoat provide hints and code to fexploit the vulnerabilities. WebGoat will keep track on the progress of the user on every lesson they completed, user can see their level of competence in trying to solve every problem given in the lesson.The primary goal of the WebGoat project is simple, to create a de-facto interactive teaching environment for web application security.

WebScarab

WebScarab is another tool to expose the working of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that application has been designed or implemented. WebScarab can use in any platform because it developed use JAVA programming language. WebScarab can intercept HTTP and HTTPS communication.