Web engineering

Q. : What are the element of web application design.

Ans 3. (a) Element of web application desgin
Web applications are online tools integrated with websites and used through web browsers. When there is a need for the user to access and use a interactive module of your website, it means you would need a web application for that requirement. Web applications often have user accounts which prompt visitors to logon to the web application to access them.
Email is the one of the widely used web applications. Other web applications include live chat applications, payment gateways, file managers, video galleries, photo albums, online game modules, online calendars, blogging modules, user profiles etc.

• Defining the objective for the web application
• Identifying the most suitable web application tools and technology
• Designing and developing the web application
• Customizing the web application for the specific requirement
• Deploying web application to live server
• Integrating the web application to your website
• Online testing and debugging
Ans 3. (b) Microsoft developed Windows Server 2003 and Windows Server 2008 under its Security Development Lifecycle (SDL), which uses education, quality gates, threat modeling, attack surface reduction, static analysis, fuzz and penetration testing, and a final security review to ensure that products are as secure as possible. In addition, the Microsoft Security Response Center engages with external security researchers and is even involved in the security community through its participation in, for example, the Black Hat conference. These efforts have resulted in a substantial reduction in vulnerabilities across the Microsoft product suite, with particularly steep reductions in OS, Web server, and database vulnerabilities. The modular nature of IIS 7.0 further reduces the risk of exploitable flaws, as most modules are not installed by default to keep the attack surface small.
In addition to having fewer vulnerabilities, IIS includes a number of new security features. For example, IIS 7.0 isolates each Web site into its own “sandbox” to help prevent single-site exploits and failures from compromising other sites or the entire server. The IIS process, which executes requests from the web, run as a restricted user account by default, and does not require administrative privileges. To further protect the Web server, IIS 7.0 includes request filtering. Request filtering is a rules-based security module that inspects every incoming request for malicious request patterns, such as SQL injection attacks. This prevents some malicious requests from ever reaching the core Web server.
Finally, IIS is deeply integrated with Windows Server 2008, which can be installed using the Server Core installation option. In this mode, the server has no graphical user interface, and the removal of many components reduces the surface area and patching requirements of the operating system. According to Michael Leefers, systems administrator at the Information Services and Technology Division at the University of California, Berkeley, “with Server Core, we saw a way to reduce a server’s vulnerability to attack, but also its need for patches and our administrative overhead associated with patch monitoring and installation.”
IIS is a both a secure product, and has important security features. Because Microsoft developed IIS6 and IIS7 under the SDL, the Web server continues to enjoy low vulnerability counts. IIS provides the same functionality as Apache authentication, access control, and SSL modules. Plus, IIS makes these features easy to use and configure.