Web application security - the fast guide 1.1 | Page 35

Chapter 2 - Web Application technologies
P a g e | 35
Java script is a programming language originally developed by Netscape
navigator for the purpose of providing a scripting functionality that can be
parsed and executed by the client side (the browser).
JavaScript uses a syntax similar to java, C and it is based on ECMAScript.
Running at the client side made JavaScript also a delicious target for malicious
attacks trying to compromise the client or steal his information.
Recently JavaScript is used as a server side script through Nodejs and Mark logic.
On the client side JavaScript is added to the HTML document using the

2.6 Server side functionalities
When the interacting with the web server we mainly face one of two situations:
1- The resource specified in the request is a simple static resource type.
Which means that the only functionality needed by the server is to fetch
the resource as is and send it back to the client that send that request. An
example about those resources are pure html files and images.
2- The resource specified in the request is a dynamic resource. Which means
that the resource will be subject to processing to generate the output on
the fly.
Output can be anything from full HTML page to simple JSON string.
Normally the dynamic resource accepts parameters that are passed to the
server side script to get tailored output. Parameters are passed through
the query string, file path, the body of request if it uses Post method or in
the HTTP cookie.
Server side script can also accept request headers as parameters as
example header like “Accept-language” can be used by the server side
script to specify a special output.