In this week’s Whiteboard Wednesday, Dan Kuykendall, Senior Director of Application Security Products at Rapid7, walks us through the technical evolution of web applications and their infrastructures so we can learn to better secure them.
Want to dive deeper into how Rapid7 application security solutions are built for modern technologies? Learn more about how we can secure web applications in your environment and how our products and services can fit into your application security program.
Hi. Welcome to this week's Whiteboard Wednesday. My name is Dan Kuykendall, Senior Director of Application Security Products here at Rapid7. Today I'm going to be talking about the evolution of web apps.
The web has been changing dynamically and drastically for a number of years, but I want you to be able to visualize how some of these changes are really taking place, so that you can understand what your applications look like behind the scenes and what you need to do to be able to test 'em properly.
The web, when we first started, was pretty straightforward. The browser would make a request to a server, so in this case it would say, "Get content, id=B," so these ... this is a parameter name and a value here. It would make that request and the server would respond with a bunch of HTML. The web browser would then render that page, and we'd have something to view. There may be links on that page, so let's say I want to click on content B here. I want to click on the link to B, well what would happen is, the browser would make a whole new request and it would throw away this first part, so now all of a sudden we're looking at an entirely new page. The whole thing was replaced.
I click on link C, I'm now looking at the page for content C. The whole thing is getting replaced out every time with this pattern. That worked very well for a long time, but we wanted richer, more dynamic applications and this is also fairly inefficient, right? You're redoing the entire thing every time, so we started moving toward what we call Ajax and that's where the browser was basically given a bunch of JavaScript that would then enable the browser to do more things, and one of the things it would do was allow us to take this page and give us an overall framework, right?
The content itself is just an element that can get replaced out at any time. The browser would use modals, so if I clicked on link B, here, now all of a sudden instead of doing the whole page replacement, it would send a request to an API, get content, item B. Then it would get back some JavaScript. This would be rendered and we would be able to replace out content A with content B. Notice we're not replacing the entire thing, we're just replacing that one section and so, if I click on link C, right? This would get replaced out and we have content C. The page would be very dynamic. It allowed us to create very rich interfaces that are much more... the user experience is much quicker, cleaner, responsive. Web apps really have evolved and we see this going further and further, it's going to continue to evolve.
Next time we're going to probably talk about single page applications and really how far this evolution has taking place, but that's it for this week's Whiteboard Wednesday. Thank you very much.
