ASSIGN 1

### Q1: Explain models of Web Application Components.

Web applications are typically structured using several models that define the interaction between
various components. Common models include:

1. **MVC (Model-View-Controller)**:

- **Model**: Represents the application data and business logic. It responds to requests for
information and often volunteers updates to the View when the data changes.

- **View**: The user interface of the application. It presents the model's data to the user and
sends user commands to the Controller.

- **Controller**: Acts as an interface between Model and View. It processes user inputs and makes
calls to model objects to retrieve data.

2. **MVVM (Model-View-ViewModel)**:

- A variation of MVC, commonly used in frameworks like [Link] and AngularJS.

- **Model**: Same as in MVC.

- **View**: The presentation layer (UI).

- **ViewModel**: An abstraction of the view that exposes data and command objects to the view.
It allows for separation of the UI logic from the UI itself.

3. **N-Tier Architecture**:

- Involves multiple tiers (or layers), typically including the presentation layer, business logic layer,
and data access layer.

- Separates concerns:

- **Presentation Layer**: User interface elements.

- **Business Logic Layer (BLL)**: Contains business rules and data processing.

- **Data Access Layer (DAL)**: Interacts with the database, handling data operations.

4. **Microservices Architecture**:
 - Decomposes applications into small, independent services, each running its own process and
communicating via APIs.

- Each service is focused on specific business functionalities and can be developed, deployed, and
scaled independently.

5. **Serverless Architecture**:

- Involves building applications without managing servers. Instead, cloud provider services handle
scaling and server management.

- Functions as a Service (FaaS) is a common use case for this model, where developers write
individual functions that respond to events.

### Q2: Describe SET Protocols with its working.

**SET (Secure Electronic Transaction)** is a protocol designed to secure credit card transactions
over the Internet. Developed by Visa and MasterCard, SET provides a secure mechanism for the
transfer of payment information between parties.

#### Working of SET Protocol:

1. **Initialization**:

- A cardholder, merchant, and payment gateway (bank) are involved. Each participant has a digital
certificate issued by a Certificate Authority (CA).

2. **Transaction Request**:

- The cardholder selects goods/services and initiates a purchase with the merchant.

3. **Payment Information**:

- The cardholder sends transaction details to the merchant, along with payment information (credit
card number) encrypted with the merchant's public key for security.

- This includes a secure hash of the transaction details.

4. **Merchant Request**:

- The merchant decrypts this information and creates a payment request that is sent to the
payment gateway.
 - The payment request contains the encrypted credit card data and the transaction details.

5. **Authorization**:

- The payment gateway decrypts the payment information to process the transaction, checking
against the issuing bank for authorization.

6. **Response to Merchant and Cardholder**:

- The payment gateway sends an approval or denial back to the merchant, which, in turn, notifies
the cardholder.

7. **Confirmation**:

- If approved, both the merchant and the cardholder receive confirmation. The transaction is
recorded.

SET uses several encryption techniques to protect sensitive information and enhance security in
financial transactions.

### Q3: Explain XML in detail.

**XML (eXtensible Markup Language)** is a markup language designed to store and transport data,
emphasizing simplicity and usability over the Internet. It is both human-readable and machine-
readable.

#### Key Characteristics of XML:

1. **Self-descriptive**:

- Allows users to define their tags and the structure of data, making documents easier to
understand.

2. **Hierarchical Structure**:

- Organizes data in a tree-like structure with a root element at the top and nested elements
beneath it.

3. **Text-based Format**:
 - It is a plain text file, which makes it platform-independent.

4. **Well-formed and Valid**:

- Well-formed XML documents adhere to syntax rules (e.g., proper nesting of tags). Valid XML
documents also adhere to a defined schema that dictates the structure and constraints of the data.

5. **Interoperability**:

- XML is platform-agnostic, making it a preferred choice for data interchange between

#### Applications of XML:

- **Data Storage**: Files can be easily stored and retrieved.

- **Data Transport**: Used in web services (SOAP), messaging protocols, and more.

- **Configuration Files**: Often used to configure settings in applications.

- **Document Representation**: Formats like XHTML build on XML.

#### Example of XML Structure:

```xml

<?xml version="1.0" encoding="UTF-8"?>

<company>

<employee>

<name>John Doe</name>

<position>Developer</position>

<salary>60000</salary>

</employee>

<employee>

<name>Jane Smith</name>

<position>Manager</position>

<salary>80000</salary>

</employee>

</company>
```

### Q4: Describe Methodologies for Session Management Testing.

Session management is critical in web applications, as it controls user sessions and authentication.
Testing session management involves ensuring that sessions are handled correctly and securely.
Here are methodologies for testing:

1. **Session Creation and Management**:

- Test how sessions are created (e.g., on login) and their lifecycle (e.g., timeouts, inactivity).

2. **Session Fixation Testing**:

- Ensure that attacks where an attacker sets a known session ID cannot hijack user accounts.

3. **Session ID Security**:

- Verify that session IDs are unique, unpredictable, and adequately encrypted if transmitted over
the network.

4. **Timeout Testing**:

- Test session timeout behaviors, ensuring sessions expire after a defined period of inactivity.

5. **Concurrent Sessions**:

- Verify that the application correctly manages multiple concurrent sessions for a user.

6. **Session Invalidations**:

- Verify that sessions are invalidated after logout or actions that require re-authentication.

7. **Cross-Site Request Forgery (CSRF)**:

- Ensure that the application has mechanisms to prevent CSRF attacks.

8. **Cross-Site Scripting (XSS)**:

### Q5: Describe architecture and characteristics of Web services.

**Web Services** are standardized ways of allowing different applications to communicate over the
Internet. They use XML-based protocols for information exchange.

#### Architecture of Web Services:

1. **Service Provider**:

- Offers web services through a service interface that describes its functionality.

- The provider hosts the web service and publishes its WSDL (Web Services Description Language).

2. **Service Consumer**:

- The application that consumes the web service by sending requests and processing responses.

3. **Service Registry**:

- A searchable directory where service providers publish their service descriptions, allowing
consumers to discover available services.

4. **Messaging Protocols**:

- Web services use standard protocols such as SOAP (Simple Object Access Protocol) or REST
(Representational State Transfer) for communication.

#### Characteristics of Web Services:

1. **Interoperability**:

- Can work across different platforms and programming languages.

2. **Standardized Protocols**:

- Uses established protocols (HTTP, XML, SOAP, WSDL), ensuring compatibility.

- Clients and servers are independent, allowing for changes without affecting the overall system.

4. **Statelessness**:

- Each request from a client contains all the information needed to process it, enhancing scalability.

5. **Discoverability**:

- Services can be discovered dynamically via UDDI (Universal Description, Discovery, and
Integration).

In summary, web services facilitate seamless communication between diverse systems, enabling
them to work together in a service-oriented architecture (SOA).