Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems.

Security threats

With the emergence of Web 2.0, increased information sharing through social networking and increasing business adoption of the Web as a means of doing business and delivering service, websites are often attacked directly. Hackers either seek to compromise the corporate network or the end-users accessing the website by subjecting them to drive-by downloading.

As a result, industry is paying increased attention to the security of the web applications themselves in addition to the security of the underlying computer network and operating systems.

The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attacks which typically result from flawed coding, and failure to sanitize input to and output from the web application. These are ranked in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors.

Phishing is another common threat to the Web application and global losses from this type of attack in 2012 were estimated at $1.5 billion.

According to the security vendor Cenzic, the top vulnerabilities in March 2012 include

37%	Cross-site scripting
16%	SQL injection
5%	Path disclosure
5%	Denial-of-service attack
4%	Arbitrary code execution
4%	Memory corruption
4%	Cross-site request forgery
3%	Data breach (information disclosure)
3%	Arbitrary file inclusion
2%	Local file inclusion
1%	Remote file inclusion
1%	Buffer overflow
15%	Other, including code injection (PHP/JavaScript), etc.

Wireless Application Protocol

Wireless Application Protocol (WAP) is a technical standard for accessing information over a mobile wireless network. A WAP browser is a web browser for mobile devices such as mobile phones that uses the protocol.

The WAP standard described a protocol suite allowing the interoperability of WAP equipment, and software with different network technologies, such as GSM and IS-95 (also known as CDMA).

Wireless Application Environment (WAE)	WAP protocol suite
Wireless Session Protocol (WSP)
Wireless Transaction Protocol (WTP)
Wireless Transport Layer Security (WTLS)
Wireless Datagram Protocol (WDP)
*** Any Wireless Data Network ***

The bottom-most protocol in the suite, the Wireless Datagram Protocol (WDP), functions as an adaptation layer that makes every data network look a bit like UDP to the upper layers by providing unreliable transport of data with two 16-bit port numbers (origin and destination). All the upper layers view WDP as one and the same protocol, which has several "technical realizations" on top of other "data bearers" such as SMS, USSD, etc. On native IP bearers such as GPRS, UMTSpacket-radio service, or PPP on top of a circuit-switched data connection, WDP is in fact exactly UDP.

WTLS, an optional layer, provides a public-key cryptography-based security mechanism similar to TLS.

WTP provides transaction support (reliable request/response) adapted to the wireless world. WTP supports more effectively than TCP the problem of packet loss, which occurs commonly in 2G wireless technologies in most radio conditions, but is misinterpreted by TCP as network congestion.

Finally, one can think of WSP initially as a compressed version of HTTP.

This protocol suite allows a terminal to transmit requests that have an HTTP or HTTPS equivalent to a WAP gateway; the gateway translates requests into plain HTTP.he WAP Forum dates to 1989. It aimed primarily to bring together the various wireless technologies in a standardised protocol.^[1] The first company to launch a WAP site was Dutch mobile phone operator Telfort BV in October 1999. The site was developed as a side project by Christopher Bee and Euan McLeod and launched with the debut of the Nokia 7110.

In 2002 the WAP Forum, founded by Ericsson, Motorola, Nokia and Unwired Planet (later known as Openwave), was consolidated (along with many other forums of the industry) into Open Mobile Alliance (OMA]).

WAP Push

WAP Push Process

WAP Push was incorporated into the specification to allow the WAP content to be pushed to the mobile handset with minimum user intervention. A WAP Push is basically a specially encoded message which includes a link to a WAP address.

WAP Push was specified on top of Wireless Datagram Protocol (WDP); as such, it can be delivered over any WDP-supported bearer, such as GPRS or SMS. Most GSM networks have a wide range of modified processors, but GPRS activation from the network is not generally supported, so WAP Push messages have to be delivered on top of the SMS bearer.

On receiving a WAP Push, a WAP 1.2 (or later) -enabled handset will automatically give the user the option to access the WAP content. This is also known as WAP Push SI (Service Indication). A variant, known as WAP Push SL (Service Loading), directly opens the browser to display the WAP content, without user interaction. Since this behaviour raises security concerns, some handsets handle WAP Push SL messages in the same way as SI, by providing user interaction.

The network entity that processes WAP Pushes and delivers them over an IP or SMS Bearer is known as a Push Proxy Gateway (PPG).

WAP 2.0[edit]

A re-engineered 2.0 version was released in 2002. It uses a cut-down version of XHTML with end-to-end HTTP, dropping the gateway and custom protocol suite used to communicate with it. A WAP gateway can be used in conjunction with WAP 2.0; however, in this scenario, it is used as a standard proxy server. The WAP gateway's role would then shift from one of translation to adding additional information to each request. This would be configured by the operator and could include telephone numbers, location, billing information, and handset information.

Mobile devices process XHTML Mobile Profile (XHTML MP), the markup language defined in WAP 2.0. It is a subset ofXHTML and a superset of XHTML Basic. A version of cascading style sheets (CSS) called WAP CSS is supported by XHTML MP.

The Seven (7) unique features of E Commerce

• Ubiquity
  Internet/Web technology is the market place is extended beyond traditional available everywhere: at work, at home, and boundaries and is removed from a temporal and elsewhere via mobile devices, anytime. geographical location - Market spaced  is created; shopping can take place anywhere. Customer convenience is enhanced, and shopping cost are reduced.

Example : 

Clothes and Shoes are easily to buy in the internet

• Global research The Technology reaches Commerce is enabled across cultural and across national boundaries, around the earth. national boundaries scamlesly and without modification. - Market spaced  includes potentially billions of consumer and millions of business worldwide.

Example: 
I Invoke my rights

• Universal standards

There is one set of there is one set of technical media standards technology standards, namely Internet Across the globe.

Example:
 The price of the product into the Internet are standards in to the market place.

• Richness

Video, Audio, and text messages Video, audio, and text marketing messages are possible integrated into a single marketing message and consuming experience.

Example :
 Animation, Billboard and Sign 

• Interactivity

The technology Information works Consumers are engaged in a dialog that through interaction with the user dynamically adjusts the experience to the individual and makes the consumer a co-participants in the process of delivering goods to the market.

Example: 
Contact a person like phone numbers and email

• Information density

The technology Information processing, storage, and reduces information costs and raises quality. communication costs drop dramatically, while currency, accuracy, and timeliness improve greatly. Information becomes plentiful, cheap, and accurate.

Example:
 Information in the website like forums 

• Personalization Customization  

The Personalization of marketing  messages and technology  allows personalized messages to customization  of products and services are be delivered to individual as well as groups based on individual characteristics 

Example: 
Customer can customize something in the product like design,color and name 

Importance of E-commerce in Business

E-Commerce

We need E-commerce in Business; because it easy way through Advertise your product you can less time during transaction E-commerce steps in and replaced the traditional commerce method where a single transaction can cost both parties a lot of valuable time This fact obviously proves that E commerce is beneficial to both business and consumer wise as payment and documentations can be completed with greater efficiency E-commerce is one of the cheapest means of doing business as it is e commerce development that has made it possible to reduce the cost of promotion of products and services.

There is no time barrier in selling the products. One can log on to the internet even at midnight and can sell the products at a single click of mouse.You can buy and sell almost everything at your doorstep with the magic of e-commerce in this 21st century which will be known for information revolution. E-commerce has changed your lifestyles entirely because you don’t have to spend time and money in travelling to the market. You can do your e-payments with the help of e-commerce.

You can pick up the pace of your online business with the help of e-commerce application development and web development solutions. The e commerce solutions offer many advantages as follows.

Brief History of Internet

https://en.wikipedia.org/wiki/Internet

History Of Internet

      

The Internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link billions of devices worldwide. It is a network of networks that consists of millions of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries an extensive range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web(WWW), electronic mail, telephony, and peer-to-peer networks for file sharing.

The origins of the Internet date back to research commissioned by the United States government in the 1960s to build robust, fault-tolerant communication via computer networks. The primary precursor network, the ARPANET, initially served as a backbone for interconnection of regional academic and military networks in the 1980s. The funding of a new U.S. backbone by the National Science Foundation in the 1980s, as well as private funding for other commercial backbones, led to worldwide participation in the development of new networking technologies, and the merger of many networks. The linking of commercial networks and enterprises by the early 1990s marks the beginning of the transition to the modern Internet, and generated a sustained exponential growth as generations of institutional, personal, and mobile computers were connected to the network.

Although the Internet has been widely used by academia since the 1980s, the commercialization incorporated its services and technologies into virtually every aspect of modern life. Internet use grew rapidly in the West from the mid-1990s and from the late 1990s in the developing world. In the 20 years since 1995, Internet use has grown 100-times, measured for the period of one year, to over one third of the world population.

Most traditional communications media, including telephony and television, are being reshaped or redefined by the Internet, giving birth to new services such as Internet telephony and Internet television. Newspaper, book, and other print publishing are adapting to website technology, or are reshaped into blogging and web feeds. The entertainment industry was initially the fastest growing segment on the Internet. The Internet has enabled and accelerated new forms of personal interactions through instant messaging, Internet forums, and social networking. Online shopping has grown exponentially both for major retailers and small artisans and traders. Business-to-business and financial services on the Internet affect supply chains across entire industries.

The Internet has no centralized governance in either technological implementation or policies for access and usage; each constituent network sets its own policies. Only the overreaching definitions of the two principal name spaces in the Internet, the Internet Protocol address space and the Domain Name System (DNS), are directed by a maintainer organization, the Internet Corporation for Assigned Names and Numbers (ICANN). The technical underpinning and standardization of the core protocols is an activity of the Internet Engineering Task Force (IETF), a non-profit organization of loosely affiliated international participants that anyone may associate with by contributing technical expertise


Acknowledgement by : Wikipedia