IT 202:

Web Technology (WT)

Pramit Mazumdar
2/1/2022 1
Topics
 Thin and Thick clients

 Security aspects

 Attacks to web services

 Security protocols

 Computational aspects

 Types of websites

2
Web Applications
 Front tier:
 considers design and presentation aspects to
users.

 Middle tier:
 contains business intelligence and carries out
the requisite processing.

 Back end database tier:

 it is responsible for storing and managing data.

3
General: Three-Tier Architecture
Web Applications (cont’d)
 Benefits

 Browser-based

 No complex deployment process at client end

 Application is expected to work as long as

 the client has a web browser

 can connect to application portal

 Require little to no disk space on client machine

5
Limitations of Web Applications
 Requires compatible web browsers
 Applications may contain browser-specific bugs

 Requires web server to be up and running – so

creates a dependency

 Requires Internet connection to be up and running

 Open to privacy issues since user actions can be

tracked by web application provider

6
Web Security Aspects
 Security is very much essential for web
applications

 Security breach can happen in many ways

 Confidential information such as login information

 Sensitive financial information such as bank account or
credit card details
 Theft of identity
 Malwares

 Lack of trust in security among users can lead to

drastic reduction in e-commerce sales
7
Web Security Aspects (cont’d)
 Technical breach of security

 Virus attacks

 Spoofing attacks

 Phishing attacks

 Man-in-the-middle attacks

 Manual hacking

8
Web Security Aspects (cont’d)
 Virus attacks: Third-party self-replicating executable
codes placed on a computer

 Spoofing attacks: One person pretends as another by

presenting false data

 Phishing attacks: Attempt to acquire information such as

username, password, and credit card details by pretending
as the trustworthy entity

 Often carried out by email spoofing

9
Web Security Aspects (cont’d)
 Man-in-the-middle attacks:

 Eavesdropping on networks to listen for incoming and outgoing

packets

 Use the acquired information for pretending as a false client to the

server

 Manual hacking: Hackers hacking into websites through

manual efforts.

10
Web Security
Aspects (cont’d)

• Phishing attacks via email

• Source: http://help.yo.co.zw/index.php?action=artikel&cat=11&id=1&artlang=en

11
Addressing security concerns
 Cryptography
 Encryption: Transforms plain-text data into a human-
unreadable format

 Decryption: Transforms encrypted data into plain text

 RSA protocol (Rivest Shamir Adleman)

 Asymmetric key based cryptography:

 Different key used for encryption and decryption

 Symmetric key based cryptography:

 Same key used to encrypt and decrypt

12
Computational Aspects of the Internet
 First generation: Web 1

 Second generation: Web 2.0

 Dynamic page generation
 Need to pull data from backend database

 Pages capture user context on the fly

 Session-based computations

 Web services
 Application programs running as services
 Example: Bill payment portals

13
Introduction to Website Creation
 Acquire domain name
 TLD (top level domains): com, org, net, me, mobi, info, biz, tv,
edu, gov, in, us, uk, de, jp, cn, it
 ICANN – the international body running the Internet registry –
levies a fixed annual fee per domain

 Acquire hosting space

 Need to create front, middle and back end (3tier architecture)

 Front end uses presentation technology (HTML)

 Middle tier requires programming (JSP/Java, PHP, ASP/C#)

 Backend requires database (MySQL, Oracle, DB2, MS-SQL)

14
Individual Websites
 Individual websites for personal usage

 Individual blogs

 Personal photos and videos

 Link to social media/ network (Facebook, Twitter)

 Used for individual identity management

 Successful people use it for personal brand management

(rogerfederer.com)

15
Corporate Websites
 Owned and maintained by corporates

 Large, medium, and small businesses

 Large corporates host web portals in-house

 Massive corporations have data centers across world rather than
hosting on single computer (Google, Facebook, Microsoft)

 Medium businesses go for single, dual or quad core dedicated

servers

 Small businesses can possibly use shared web hosting

services

 Cloud based web hosting solutions are predominant now !!

16
Corporate Websites (cont’d)
 Corporate websites may be

 Informational
 Information distributed online about sales conducted from
physical stores offline

 Commercial
 More prevalent nowadays
 Direct sales from online portals
 Delivery can be online (for digital products or subscriptions) or
offline (for physical goods)

 Forums and Blog

17
Client – Server architecture

19
Client – Server architecture
 Thin client

 Thick client

20
Thin client
 Runs on a server based computing environment.

 Connects to a remote server-based environment.

 Applications and data are stored in server.

 Server performs most of the tasks; computation,

etc.

 More secure to work in a thin client.

21
Thick client
 System can be connected to the server without
network.

 Do not depend upon server’s applications.

 Consists of own hardware and software

applications.

 More flexible to upgrade and maintain.

 Less secure than thin clients.

22
Thin vs Thick client
Factors Thin client Thick client
Installation Browser based Local installation
Devices Handheld devices Customizable
Processing Complete processing on Computer resources are
server side used more than servers
Deploy Easy to deploy More expensive
Data validation Data verification required Done by client
from server side
Communication Continuous Communication in
communication with particular intervals
server
Interfacing Cannot be interfaced Can be interfaced with
with other devices other devices
Security More secure Less secure

23
 Thank You

2/1/2022 25