Screenshot from 2007 of Horde, a groupware and open-source web application

A web application (or web app) is application software that is accessed using a web browser.

Compared to downloaded applications, web applications are quicker to deploy and update because they can be accessed via a URL link. Additionally, they are compatible with a wider range of hardware and operating systems than other applications, and are often cheaper to develop. However, web applications often need an internet connection to work and have more limited functionality compared to native applications.

JavaScript was invented in 1995, enabling interactive web pages. Over time web application architecture has become more complex, with most featuring both a client and at least one server-side code base. Many technologies are used to build web applications, including JavaScript, Representational State Transfer (REST)—an interface for separating the client and server side of the application—and database software such as SQL to manage data regarding different users.

Web applications are vulnerable to various types of cyberattacks; defenses against malicious actors are incorporated into many. Web applications can be analyzed using functionality built into many popular web browsers, and third-party analytics are also available.

History

[edit]

In 1995, Netscape introduced a client-side scripting language called JavaScript, allowing programmers to add some dynamic elements to the user interface that ran on the client side. Instead of sending data to the server in order to generate an entire web page, the embedded scripts of the downloaded page can perform tasks such as input validation and showing or hiding parts of the page.[1] Before 2010, many web applications were developed to make the server generate a page in HTML, JavaScript, and CSS that was sent to the client. To update, the client would send another request that was returned via HTTP.[2]

The invention of Ajax (asynchronous JavaScript and XML) in 1999 enabled network requests to be sent using JavaScript without reloading the page.[2] This has resulted in many web applications being structured as multiple separate applications (for the client and one or multiple servers) that communicate via network protocol. The client-side software is more similar to a standard desktop application than to older web applications: it only needs to be loaded once, instead of on each update, and can make requests to multiple servers for data.[3]

Technologies

[edit]

As of 2020, it is common for web applications to use the following technologies:[4]

Types

[edit]

The simplest type of web application is static and delivered to the client without any modifications. Dynamic web applications generate code interactively for a specific client via client and server side software. Single-page applications are dynamically altered instead of rewritten for increased performance. Progressive web applications are an innovation that function like a mobile app, but are delivered via a web browser.[17] Advantages of progressive web apps over traditional mobile apps are that they are portable across many different operating systems, require less persistent storage on the device, and are still accessible without an internet connection.[18]

Structure

[edit]

Most web applications are split into client and server domains, and often there are multiple server-side domains.[19]

Traditional PC applications are typically single-tiered, residing solely on the client machine. In contrast, web applications inherently facilitate a multi-tiered architecture.[20] Though many variations are possible, the most common structure is the three-tiered application.[20] In its most common form, the three tiers are called presentation, application and storage. A web browser is the first tier (presentation), an engine using some dynamic Web content technology (such as ASP, CGI, ColdFusion, Dart, JSP/Java, Node.js, PHP, Python or Ruby on Rails) is the middle tier (application logic), and a database is the third tier (storage).[20] The web browser sends requests to the middle tier, which services them by making queries and updates against the database and generates a user interface.

For more complex applications, a 3-tier solution may fall short, and it may be beneficial to use an n-tiered approach, where the greatest benefit is breaking the business logic, which resides on the application tier, into a more fine-grained model.[20] Another benefit may be adding an integration tier that separates the data tier from the rest of tiers by providing an easy-to-use interface to access the data.[20] For example, the client data would be accessed by calling a "list_clients()" function instead of making an SQL query directly against the client table on the database. This allows the underlying database to be replaced without making any change to the other tiers.[20]

There are some who view a web application as a two-tier architecture. This can be a "smart" client that performs all the work and queries a "dumb" server, or a "dumb" client that relies on a "smart" server.[20] The client would handle the presentation tier, the server would have the database (storage tier), and the business logic (application tier) would be on one of them or on both.[20] While this increases the scalability of the applications and separates the display and the database, it still does not allow for true specialization of layers, so most applications will outgrow this model.[20]

Security

[edit]

As of 2022, the number of security breaches via web applications continues to increase. Most of these breaches aim to secure data relating to economic interests. Cyberattacks are carried out through a variety of methods and attack any available target, ranging from hardware to software.[21] One popular type of attacks directed at web applications is code injection via malicious text input; developers often implement input checking to deter such attacks.[21][22] Most databases are prone to code injection attacks but these are most common for SQL as it is the most popular format.[15] Another type of attack exploits bugs in the session management that many applications run over HTTP, which does not allow saving user data between requests.[21] Because most applications rely on dependencies, which are usually not scrutinized as much as custom-written code, the dependencies or the linkage between them and the in-house code can be the source of vulnerabilities.[23] On the other hand, reinventing code can lead to its own security pitfalls if the new code is not as secure as the alternative.[24]

To build a secure application, developers make security a priority during and after the development of the application's functionality.[25] An application is only as secure as its weakest link and needs a secure architecture at all levels of its functionality.[26] Only limited security improvements can be made if the underlying features were not developed with security in mind.[25] Developers will often test the software for vulnerabilities, conducting security audits, vulnerability assessments, and penetration tests (deliberate attempted cyberattack). Testing is followed by rewriting the software to close the identified vulnerabilities.[27] Most security features will have trade-offs, for example increasing the cost of development or reducing the application's usability.[28]

Development

[edit]

Compared to other types of applications that are downloaded rather than viewed in a browser, web applications are quicker to deploy and update because they can be accessed via a URL link. Additionally, they are compatible with a wider range of hardware and operating systems than other applications, and are often cheaper to develop. However, web applications often need an internet connection to work and have more limited functionality compared to native applications.[29]

Web development is often separated into front-end or client-side (the part of the application immediately viewable by the end user) and back-end (the part that is not immediately accessible, such as supporting databases).[30] For client-side development, some of the most important technologies to understand are HTML, CSS, and JavaScript.[31]

Like other software, web applications are often developed using a software-oriented text editor or integrated development environment (IDE) and version control software, such as git.[32] Web application frameworks are software libraries designed to speed up development of web applications.[33] The model–view–controller software design pattern, originally invented for use with graphical user interfaces (GUIs) on computers, has been repurposed for web applications. The benefit of this model is that it separates the part of the software controlling the overall application from that which is displaying content to the user or taking commands.[34]

The optimization of performance for cloud computing-based web applications is an ongoing area of research as of 2020.[35] Existing techniques for reducing response time include improving caching and prefetching with more accurate predictions of what content the user will want next.[36] Reducing power consumption on the client side is a particular focus for web applications viewed from mobile devices.[37] Testing web applications can be more difficult than other applications due to the wide range of hardware and operating systems on which they are expected to function. Nevertheless, there are a variety of tools available for testing web applications and finding faults.[38]

Analysis

[edit]

Web applications can be analyzed using functionality built into many popular web browsers.[39] Third party tools with even more analytical power are also available. Analysis tools are useful in hacking and security testing,[40] but also in performance improvement.[41]

See also

[edit]

References

[edit]
  1. ^ Liam Tung (15 June 2020). "JavaScript creator Eich: My take on 20 years of the world's top programming language". ZDNet.
  2. ^ a b Hoffman 2020, p. 27.
  3. ^ Hoffman 2020, pp. 27–28.
  4. ^ Hoffman 2020, p. 28.
  5. ^ Hoffman 2020, pp. 29–30.
  6. ^ Ranga, Virender; Soni, Anshu (23 August 2019). "API Features Individualizing of Web Services: REST and SOAP". International Journal of Innovative Technology and Exploring Engineering. 8 (9S): 664–671. doi:10.35940/ijitee.I1107.0789S19.
  7. ^ Hoffman 2020, p. 32.
  8. ^ Hoffman 2020, pp. 28, 30–31.
  9. ^ Hoffman 2020, p. 33.
  10. ^ Hoffman 2020, pp. 45–46.
  11. ^ Hoffman 2020, p. 45.
  12. ^ Hoffman 2020, p. 46.
  13. ^ a b c d Hoffman 2020, p. 47.
  14. ^ Hoffman 2020, p. 49.
  15. ^ a b c Hoffman 2020, p. 50.
  16. ^ Hoffman 2020, p. 51.
  17. ^ "Web Application Development: Everything You Need to Know". www.turing.com. Retrieved 17 March 2024.
  18. ^ Khan, Asharul Islam; Al-Badi, Ali; Al-Kindi, Mahmood (2019). "Progressive Web Application Assessment Using AHP". Procedia Computer Science. 155: 289–294. doi:10.1016/j.procs.2019.08.041. ISSN 1877-0509.
  19. ^ Hoffman 2020, p. 53.
  20. ^ a b c d e f g h i Petersen, Jeremy (4 September 2008). "Benefits of using the n-tiered approach for web applications".
  21. ^ a b c Sadqi, Yassine; Maleh, Yassine (2022). "A systematic review and taxonomy of web applications threats". Information Security Journal: A Global Perspective. 31 (1): 1–27. doi:10.1080/19393555.2020.1853855.
  22. ^ Hoffman 2020, p. 120.
  23. ^ Hoffman 2020, p. 87.
  24. ^ Hoffman 2020, pp. 105–106.
  25. ^ a b Hoffman 2020, p. 100.
  26. ^ Hoffman 2020, p. 104.
  27. ^ Lepofsky 2014, p. 13.
  28. ^ Hoffman 2020, pp. xxv–xxvi.
  29. ^ "A beginners guide to web application development (2024)". budibase.com. 24 January 2024. Retrieved 17 March 2024.
  30. ^ "Web Development". GeeksforGeeks. 5 December 2023. Retrieved 17 March 2024.
  31. ^ Purewal 2014, p. 25.
  32. ^ Purewal 2014, pp. 1–2, 6.
  33. ^ "Top 10 Frameworks for Web Applications". GeeksforGeeks. 25 February 2016. Retrieved 16 March 2024.
  34. ^ "MVC Framework Introduction". GeeksforGeeks. 21 March 2022. Retrieved 17 March 2024.
  35. ^ Shivakumar 2020, p. 45.
  36. ^ Shivakumar 2020, pp. 39, 41–43.
  37. ^ Dornauer, Benedikt; Felderer, Michael (2023). Energy-Saving Strategies for Mobile Web Apps and their Measurement: Results from a Decade of Research. 2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft). IEEE. pp. 75–86. doi:10.1109/MOBILSoft59058.2023.00017.
  38. ^ Doğan, Serdar; Betin-Can, Aysu; Garousi, Vahid (May 2014). "Web application testing: A systematic literature review". Journal of Systems and Software. 91: 174–201. doi:10.1016/j.jss.2014.01.010.
  39. ^ Hoffman 2020, pp. 55–56.
  40. ^ Hoffman 2020, p. 54.
  41. ^ Shivakumar 2020, p. 46.

Sources

[edit]
More