Web Application Optimisation - Essay Example

Web Application Development By + Reflection From the guest speakers talk we can reflect that awebsite is only successful if it can sell its aims and goals. When a website is built e.g. a politics website, blogger, or a market website there is a certain goal that it puts to the market so that buyers and users can read or purchase. Making a website “sell” is not a simple thing and their certain strategies that need to be in place to make it successful. The first thing that a web designer needs to consider is a means of getting people to their website, which is mostly referred to as Acquisition. The next step after acquiring people to the page is a means of converting and keeping them for long time as customers in order to get value from them. After the website has captured their real customers, it should now come up with a means of retaining them in the website by making them come back even with visitors. There should be potential in doing all these to ensure the website is successful (Read, 2001). Secure Web Development Web applications and websites in the recent world come to be the most popular tool that businesses and organizations like to connect with their customers, users, and prospects (Welling and Thomson, 2008). Attacks can occur in these web applications due certain security flaws. These attacks can harm the business by exposing sensitive information of the customers and the business, steal customer’s information and finally ruin the business reputation. Recent studies conducted showed that over 70% of all web applications are vulnerable to security flaws. Most of security flaws occur in the PHP coding (Standing, 2000). Attacks that may occur in web applications include Remote code execution, SQL injection, Format string vulnerabilities, Cross Site Scripting, and Username enumeration. These attacks occur due to somewhat poor programming approach. It is therefore important for web developers and designers to have knowledge on these attacks. These attacks results from factors discussed below. Remote Code Execution is where any desired information is retrieved from the web application. This is done when the attacker runs system code on the vulnerable server. The attacker access information and may go undiscovered by the web administrators (Weber, 2004). The attacker may also include any arbitrary files on the web application. An example of such attack is carried when an attack executes such an exploit code. SQL Injection is considered an old approach in web application security but it is still popular with the attackers. Here the attacker retrieves crucial and sensitive information from the Web application database. The degree of this attack varies from disclosing basic information to remote code execution (Polleres, 2011). Format String Vulnerabilities results when there is use of unfiltered user input. The user may use certain tokens to print data from the memory and data stalk of a web application. Cross Site Scripting is a malicious attack to the web application where the attacker uses malicious URL, which appears legitimate to execute plans as if logging in (Clark, 2003). This attack will lead to the attacker stealing victim’s cookies and use them in his session. Username enumeration is a type of attack where the attacks get to know whether the supplied username is correct or incorrect. The network and infrastructure components of the should be designed that you understand the security requirements of the network in terms of port restrictions, filtering rules, supported protocols etc. Find how the firewall and firewall policies can affect the web applications and its deployment. Since there are many firewalls in the web applications, it should also come to notification of addition firewalls that are in front of the database. At the design stage of the web application, reflect on what ports, protocols and services that should be allowed to access information from the webservers in the web application (Cross, 2007). There should be keenness on what security defences that the web application relies on to provide the network. Input validation is one of the steps that ensure that there is defence against possible web attacks. Although it is challenging an effective countermeasure can help prevent attack like SQL injection, XXS, and other input attacks (Hourieh and Chan, 2009). In web application, there is no validation that certain inputs are true, thus so all inputs should be considered malicious. The web application should consider validation of input its core element by using filters and other validation from other libraries. Authentication is another means of ensuring security in web application. This is done through the process of determining the identity of the caller. Passwords and usernames are used to authenticate the user. They are required to send their Passwords and usernames in HTML form (Welling and Thomson, 2008). In order to ensure authentication of user’s data and information, the following practices needs to be involved. Web applications should require strong passwords, protection of authentication cookies, supporting password expiration period, not storing passwords in user stores and separating public areas from restricted ones to eliminate security attack. Authorization is another means of ensuring security in web applications. It determines which information and data can be accessed by authenticated identity. Weak and improper authorization leads to leakage and disclosure of information. The authenticated user can tamper with the information. Therefore, defence in depth is the key principle in ensuring security in web application. Authorization can be improved by various practices like ensuring there are multiple gatekeepers on the server by using IP Security Protocol policies and restrict server-to-server communications (Standing, 2000). Another practice can be through restricting access to System Level Resources by user. This will help restrict which user can access, carry out operation on certain resources of the web application. The web designer should also ensure there are varying degree of scalability and granularity. Granularity relies on user impersonation. Configuration management is another step in addressing web security attack. Web application needs interfaces that allow operators, content developers, and administrators who will configure and manage user accounts, profiles, data pages and the Web page (Weber, 2004). This should be effective because most attacks are directed to the administrator thus changing its privileges. Sensitive data like addresses, credit card numbers, medical records, and others should be considered private and the web application should ensure they are not altered (Jortberg, 2007). Some business have secrets that are stored in web pages should be secured. Caution like the one not storing password in plain text, storing secrets in web page and it can be avoided should be taken. Cryptography is another means where web application use Cryptography to secure their data in persistent store or transmitted across other networks (Welling and Thomson, 2008). This method ensures authentication, privacy, tamperproof, and non-repudiation. Parameter manipulation helps in web application security. It ensures there is no modification of data sent from users to web application. It can be done through encrypting sensitive cookies, validation of all values from clients and ensure users do not by pass checks (Klopotek, Trojanowski and Wierzchon, 2006). Exception management that helps prevent denial of application-level and prevent useful information to be returned to clients from attackers. Logging solutions and centralized exception management should be designed to help monitor system administrations (Weber, 2004). The final step is setting up auditing and logging activities in the entire web application. This will help detect suspicious-looking activities and provide an early indication of attack. Auditing will help save files that will be required in legal proceedings to prove wrongdoing and attack in web application (Paltridge, 2009). Web Application Optimisation Web Application Optimisation is a vital part in web application development and maintenance. Optimization of website helps in speeding up of the site. In the internet world well performing web application, enjoy the advantage of high visitor engagement, retention and conversion (Henderson, 2008). It is therefore necessary to improve the performance of the websites through optimization. Website optimization has been seen to be effective. An example is Google Company when they released the Google Maps product. Initially the page size was 100kb but after optimization, they reduced it to 80kb. By doing so, they found out that there was 25% increase in the visitors. Amazon company had a different finding, they reported that their sales decreased by as more as 1% when the load time of their page increased by even 100ms. It is therefore important for monitoring the performance of a web application (Standing, 2000). This pressure has forced web developers to come up with certain strategies to help increase performance of Web application (Clark, 2003). These techniques are referred to Web Application Optimisation and are explained in detailed below. The first technique is through minimizing of HTTP requests. This is done through minimizing the number of rounds and trips that the browser is to make in order to join with the server. All the files including JavaScript, CSS, or images need to be downloaded to the browser first. Through minimizing of this request, the performance of the page will be improved significantly (Welling and Thomson, 2008). Introducing of files to the website should take the new format which is to increase the performance of the web application. Another approach to ensure good performance is through minifying of CSS, HTML and Java Script. Unnecessary characters can be omitted from the codes without affecting the codes performance. By removing this code, the size of the code is being reduced therefore reducing the amount of data that need to be downloaded to the browser (Weber, 2004). There are certain tools like YUI compressor. That can be used to minify these codes and increase the performance of the web application. Optimizing of images is another approach towards better performance of the web application. This is the most items that browser needs to download and they require many data. They cause slow in operation of web applications most of the time. One can use CSS to come up with graphics for items like buttons rather than using images that will slow the performance of the website. Images that cannot be transformed to graphics can be compressed them properly without losing their quality or look (Jortberg, 2007). This will result to beautiful optimized images for the web application. Use of Sprites is another technique in ensuring increased performance. For a website to open it needs to download every component like images in it. This can be minimized by combining the images into a single image to reduce queue when the browser tries to download the images (Welling and Thomson, 2008). Combining the images into a single will reduce the number of request the browser makes. Caching is another technique in ensuring web optimization. Web browsers allow caching of web pages, images, CSS, java files, and other cookies. Through caching, all this are stored and ill reduce the amount of data required to download thus improve the performance (Paltridge, 2009). This method is used on items that do not change. An expiry date is set for items that will change. Deferring parsing of JavaScript is another approach to good performance of the website. The browser needs to download all of its JavaScript files so that the website page can be shown. In order to reduce the amount of data needed to download this files they should not be loaded at the header of the HTML document rather be loaded at the bottom(Sorensen, 2008). This will speed up and the page will be shown even before the JavaScript file is fully downloaded The next technique can be through choosing a decent Web Host. The hosts of web accounts has no any direct relationship with optimization that is about to be performed (Cross, 2007). The host account is a foundation to the website accessibility, prices and security. There server should ensure he is in the safe host. Avoid dead end or bad requests is another approach. This are links in the website that result to bad request. They mostly result to in a 404/410 error (Polleres, 2011). These are inevitable in a website due changes, updates and movement of information and they should be fixed as soon as possible. They do not lead to ate of data but is considered a waste because the browser had to initiate the request at first. The next approach in ensuring good performance of website is called Content Delivery Network. Once every technique is amended are properly acted upon. The web developer should ensure that there are other copies of the website at various servers and located at different part of the world (Welling and Thomson, 2008). This will reduce the time that a user request to the time that server responds thereby increasing performance of the website. Bibliography References Clark, M. (2003). Data networks, IP, and the Internet. Chichester, West Sussex, England: J. Wiley. Cross, M. (2007). Developers guide to web application security. Rockland, MA: Syngress Pub. Henderson, H. (2008). The Internet. San Diego, Calif.: Lucent Books. Hourieh, A. and Chan, P. (2009). Django 1.0 web site development. Birmingham, U.K.: Packt Pub. Jortberg, C. (2007). The Internet. Edina, Minn.: Abdo & Daughters. Klopotek, M., Trojanowski, K. and Wierzchon, S. (2006). Intelligent Information Processing and Web Mining. Berlin Heidelberg: Springer-Verlag. Paltridge, S. (2009). Internet access for development. [Paris]: OECD. Polleres, A. (2011). Reasoning web. Heidelberg: Springer. Read, B. (2001). Advances in databases. Berlin: Springer. Sorensen, R. (2008). Inside Microsoft Windows NT Internet development. Redmond, Wash.: Microsoft Press. Standing, C. (2000). Internet commerce development. Boston: Artech House. Weber, S. (2004). The Internet. Philadelphia: Chelsea House Publishers. Welling, L. and Thomson, L. (2008). PHP and MySQL Web development. Upper Saddle River, NJ: Addison-Wesley. Read More