What is a Web Application? Posted By drew You will find the term €śWeb Application€ť used a lot at the OWASP project and we thought we would take some time to step back and document exactly what we mean by a web application. A Web Application is a software application that interacts with users or other systems using HTTP. For a user this would be a web browser like Internet Explorer or Netscape Navigator, for another software application this would be an HTTP user agent that acts as an automated browser. The application receives input via the web and typically displays output via the web. The end user views web pages and is able to interact by sending choices to and from the system. The functions performed can range form relatively simple tasks like a CGI searching local directory for a file or reference, to highly sophisticated applications that perform real-time sales and inventory management across multiple vendors including both Business to Business and Business to Consumer ecommerce, workflow, supply chain management and legacy applications as well as from other web applications and present the user an aggregated view. The technology behind web application has developed at light speed. Traditionally simple applications were built with CGI€™s typically running on the web server itself and often connecting to a simple databases (again often on the same host). Modern applications typically are written in Java (or similar languages) and run on distributed application servers, connecting to multiple data sources. Web applications can be thought of as being made up of three logical tiers / functions. The Presentation Tier is responsible for presenting the data to the end user or system. The web server serves up data and the web browser renders it into a readable form which the user can interpret. It also allows the user to interact by sending back parameters which the web server can pass along to the application. This Presentation Tier includes web servers like Apache and Internet Information Server and web browsers like Internet Explorer and Netscape Navigator. The Application Tier is the €śengine€ť of a web application. It performs the business logic; processing user input, making decisions, obtaining more data and presenting data to the Presentation Tier to send back to the user. The Application Tier may include technology like CGI€™s, Java, PHP or ColdFusion deployed in products like IBM WebSphere, JBOSS or ZEND. The Data Tier is used to store things needed by the application and acts as a repository for both temporary and permanent data. It is the bank vault of a web application. Modern systems are typically now storing data in XML format for interoperability with other system and sources. As you will see on the rest of the OWASP site, security vulnerabilities can be introduced by many problems at all tiers in a web application. Source: http://www.owasp.org