Friday, September 11, 2015

Scripting Languages

 Scripting Languages

Many scripting languages have been used to develop applications that allow businesses to
bring  their  products  or   services   to  the web.     Though  this   is  great   for   the proliferation of
businesses,   it   also   creates   a   new  avenue   of   attack   for   hackers.     The  majority   of  web
application vulnerabilities come not from bugs in the chosen language but  in the methods
and procedures used to develop the web application as well  as how the web server  was
configured.    For  example,   if  a  form  requests a zip code and  the user  enters  “abcde”,  the
application may fail if the developer did not properly validate incoming form data.   Several
languages can be used for creating web applications, including CGI’s, PHP and ASP.

Common Gateway Interface (CGI): Whatis.com defines a CGI as “A standard way for a web
server to pass a web user’s request to an application program and to receive data back to
forward to the user.”     CGI   is part  of the web’s Hypertext  Transfer  Protocol  (HTTP).    Several
languages can be used to  facilitate the application program that   receives and processes
user data.  The most popular CGI applications are: C, C++, Java and PERL.

PHP – Hypertext  Preprocessor   (PHP):  PHP  is  an open-source  server-side  scripting  language
where the script is embedded within a web page along with its HTML.  Before a page is sent
to a user, the web server calls PHP to interpret and perform any operations called for in the
PHP script.    Whereas HTML displays static content,  PHP allows the developer to build pages
that present  the user with dynamic, customized content  based on user  input.    HTML pages
that contain PHP scripting are usually given a file name with the suffix of “.php”.

Active Server  Pages   (ASP):  Web pages   that  have an  .asp Active  server  pages   (ASP),  are
database drive dynamically created Web page with a .ASP extension.    They utilize ActiveX
scripting -- usually VB Script or Jscript code. When a browser requests an ASP, the Web server
generates a page with HTML code and immediately sends it back to the browser – in this way
they  allow web  users   to  view  real   time data,  but   they  are more  vulnerable  to  security
problems.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)