Web Application Hacking

Web Application Hacking


What is Web Application?

A web application is an application that is accessed by users over a network such as the Internet or an intranet

Web Application Architecture

Although web application can be classified as programs running on a web browser, web applications generally have a Tree-tier construction as shown in Figure 1

1) Presentation Tier: receives the user‘s input data and shows the result of the processed data to the user. It can be thought of as the Graphic User Interface (GUI). Flash, HTML, Javascript, etc. are all part of the presentation tier which directly interact with the user.

2) CGI Tier: also known as the Server Script Process, is located in between the presentation tier and database tier. The data inputted by the user is processed and stored into the database.
The database sends back the stored data to the CGI tier which is finally sent to the presentation tier for viewing. Therefore, the data processing within the web application is done at the CGI Tier. It can be programmed in various server script languages such as JSP, PHP, ASP, etc.

3) Database Tier: stores and manages all of the processed user‘s input data. All sensitive data of web applications are stored and managed within the database. The database tier is responsible for the access of authenticated users and the rejection of malicious users from the database.

Web Application Setup

Reasons for Attacking Web Apps

Web Application Threads