DOCSLIB.ORG

Symfony Vs Express: a Server-Side Framework Comparison

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Symfony Vs Express: a Server-Side Framework Comparison 1 Symfony vs Express: A Server-Side Framework Comparison Magnus Greiff Andr´e Johansson Faculty of Computing Blekinge Institute of Technology SE–371 79 Karlskrona, Sweden urn:nbn:se:bth-17945 2 This thesis is submitted to the Faculty of Computing at Blekinge Institute of Tech- nology in partial fulfillment of the requirements for the bachelor degree in Software Engineering. The thesis is equivalent to 10 weeks of full time studies. Contact Information: Author(s): Magnus Greiff mangegreiff@gmail.com Andr`e Johansson [email protected] University Advisor: Kenneth Lewenhagen Department of Computer Science and Engineering Faculty of Computing Blekinge Institute of Technology SE–371 79 Karlskrona, Sweden Internet : www.bth.se Phone : +46 455 38 50 00 Fax : +46 455 38 50 57 3 Abstract Context Considering the rising popularity of Node.js and the fact that a very large percentage of websites today are based on PHP, there is a need to understand the similarities and differences between these languages. Comparing their most popular server-side frameworks is valuable to developers in seeing the advantages of using one over the other - for both user and developer. Objectives In this study we investigate how Express.js and Symfony compare against each other in terms of installation, functionality and performance. This will provide understanding of when to use JavaScript frameworks and when to use PHP frameworks for server-side projects. Method A literature study was done to answer what similarities and differences exist between the frameworks. To explore how they compare in performance when mul- tiple users are actively sending requests to the server, an experiment was performed. Another experiment was carried out to measure performance in CPU-intensive ap- plications. Results The result shows that both frameworks are quick to install and it is a fast process to setup a basic application. Both frameworks are highly cuztomizable and configurable because they are supported by a big open source community and the only difference is that Express is supportive of single-page applications which Sym- fony can not do on its own. Express was better than Symfony to handle multiple concurrent users when it comes to CPU usage and time it takes for the requests. For 100 and 1000 requests, Express CPU usage varied more than Symfony, but at 10000 and 100000 it varied less. In all tests with concurrent users, Express was faster. Tests performed in the second experiment showed that Symfony is only able to use 1 core when making the requests while Express is able to use multiple cores. Even though Symfony was limited by 1 core it was faster, most likely because it used more memory. Conclusions This study shows that there are more similarities than differences between Express and Symfony. They both strive for high customization and high flexibility with a goal to make tedious tasks easier for the developer. Both rely on open source modules and components to add additional functionality. Out of the box, Express comes with less functionality as it strives to be minimalistic. However, to install Symfony is slightly quicker than Express and requires no code. There are currently more daily downloads of Express than Symfony, and therefore it’s considered more popular. It’s supportive of JavaScript-only for front- and back-end and is able to handle more concurrent users than Symfony, and is therefore better for high-traffic websites. But Symfony is able to handle CPU-intensive applications better than Express, and is able to load in large data sets faster, making it a good choice for applications with a lot of data and high CPU usage. Keywords: Symfony, Express.js, PHP, JavaScript 4 Glossary PHP - ”[...] is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.”[1] JavaScript - According to Mozilla, ”JavaScript is a scripting or programming lan- guage that allows you to implement complex things on web pages”[2] Asynchronous - Executing different parts of the code at the same time[3]. Synchronous - Executing code line by line, only executing the next line of code when the current has finished[3]. Scalability - ”Easiness to upgrade when your number of incoming request in- creases”[4]. Content Management System (CMS) - ”[...] is a software application or set of related programs that are used to create and manage digital content.”[5] Single-Page Application (SPA) - An application where application code is only loaded on the initial request to the server[6]. Object Relational Mapping (ORM) - A way of writing SQL queries using object- oriented programming[7]. Model-View-Controller (MVC) - ”MVC is a framework for thinking about pro- gramming, and for organizing your program’s files.”[8] Middleware - ”[...]functions executed in the middle after the incoming request then produces an output[...]”[9] Contents 1 Introduction 7 1.1Background................................ 7 1.2Scope................................... 8 1.3Purpose.................................. 9 2 Research questions 10 2.1Literaturestudy.............................. 10 2.1.1 Motivation............................. 10 2.1.2 Expectation............................ 11 2.2Experiments................................ 11 2.2.1 Experiment1Motivation..................... 11 2.2.2 Experiment1Expectation.................... 12 2.2.3 Experiment2Motivation..................... 13 2.2.4 Experiment2Expectation.................... 13 3 Research Method 14 3.1Literaturestudy.............................. 14 3.1.1 Searchstrategy.......................... 14 3.1.2 Backward snowballing in iterations ............... 15 3.1.3 Limitations and criteria ..................... 15 3.2Experiments................................ 15 3.2.1 Preparation............................ 15 3.2.2 Experiment1........................... 18 3.2.3 Experiment2........................... 19 3.2.4 Validity threats .......................... 20 4 Literature review 21 4.0.1 Literature............................. 21 4.0.2 Literaturecomparison...................... 23 5 Result, Analysis & Discussion 24 5.1Result................................... 24 5.2Analysis.................................. 32 5.2.1 Literature............................. 32 5.2.2 Experiments............................ 38 5.3Discussion................................. 40 6 Conclusion 42 5 Contents 6 7 Future works 43 References 44 8 APPENDICES 48 8.1 Appendix A, Links ............................ 48 8.1.1 Express Application ....................... 48 8.1.2 Symfony Application ....................... 48 8.1.3 Bombardier............................ 48 8.1.4 SQLfileforresettingdatabase.................. 48 8.1.5 ScriptforgeneratingSQLinsertfile............... 48 8.1.6 Expressroute........................... 48 8.1.7 SymfonyController........................ 48 8.2 Appendix B, Commands ......................... 49 8.2.1 Bombardiercommand...................... 49 8.2.2 Symfonywatchcommand.................... 49 8.2.3 Symfonygrepcommand..................... 49 8.2.4 Nodetopcommand........................ 49 8.2.5 Nodegrepcommand....................... 49 Chapter 1 Introduction 1.1 Background It used to be that PHP and JavaScript worked together in order to create dynamic web pages[10]. JavaScript would handle the client-side tasks in the browser while PHP handled all the server-side tasks[10]. With the increasing popularity of JavaS- cript it has become more common to use it for server-side communication as well, through Node.js, which allows JavaScript code to be executed on server-side, remov- ing the need for any PHP at all[10]. However, both platforms continue to expand and improve, and while there are many who believe “JavaScript everywhere” is better, there are just as many who believe in the stability of PHP[10]. For a long time, PHP was the only option for back-end development, and 2018 stat- istics show that it is still the most commonly known and used language for server-side scripting[11]. In 2018, more than 80% of websites are built with PHP[11]. This is likely because the PHP syntax is simple, it can be easily integrated with HTML and has a large community that offers a lot of support[12]. That makes it the go-to language for beginner programmers[12]. Similarly, JavaScript was for a long time only used for the front-end - handling the browser-side of things[13]. In 2009, Node.js was created[11] to allow developers to use a single programming language for both client- and server-side[13]. However, despite the rising interest in JavaScript as shown in Figure 1.1, only 0,4% of websites were built with Node.js in 2018[11]. The main advantage of Node.js is that it’s asynchronous, making it naturally faster than a synchronous application[3]. PHP, however, is synchronous by nature and therefore Node.js should have the advantage in speed and load times[3]. This makes Node.js ideal for scalable server-side, real-time and single-page applications, while PHP remains popular in CPU-heavy applications and Content Management Sys- tems (CMS) like Wordpress[15]. Often, frameworks are used in both languages as it makes applications easier to setup, faster to develop and more scalable[16]. For Node.js, the most popular frameworks are Express.js, Koa.js and Sails.js[16]. In PHP, it is Laravel, Symfony and CakePHP that are the most popular[16]. 7 CHAPTER 1. INTRODUCTION 8 Figure 1.1: PHP (Blue) vs JavaScript (Red) web searches past 5 years [14] 1.2 Scope The frameworks that we are going to focus on are Symfony (PHP)
Load more

Recommended publications
  • Patrick Sweeney Resume
    Patrick Sweeney Integration Specialist/Full Stack Web Developer 20 North State Street, 814-331-6059 [email protected] Warren, PA, 16365 OBJECTIVE My objective is to find a new position as a full stack web developer. I have over a decade of experience with many different web development technologies, and would love to bring my talent to a new team. EDUCATION — EXPERIENCE Empire State College ‘13 October 2012 - Present Associate of Science Full Stack Web Developer / Integration Specialist • Digitell, Inc. My team and I built the Opus online LMS. I am the integration PROFILE S — specialist, so I built out the endpoints that we use to consume data https://github.com/blueshift9 from our clients and to send data back to them. In addition to taking the lead on integrations, I’ve built many different modules of SKILLS — functionality. This included modules for forums, shopping carts, PHP (Frameworks: Laravel, event pages, user evaluation and testing, and reporting. My team Symfony, FuelPHP) has built numerous mobile applications for clients, based on Flutter. MySQL/MariaDB I have built “all-in-one” USB drives with audio and video. Trained Javascript and jQuery internal users on how to use tools, used feedback to design the HTML5 and CSS best tools. I deployed new code, and followed the Agile Linux Administration methodology. I also paired with co-workers in a remote Git and Github Version Control environment. Vue.js / React Mobile App Development Dart (Flutter Framework) January 2012 – October 2012 Login Integration (Salesforce, Web Developer • CJ’s Home Décor and Fireplaces Absorb, NetForum) I maintained the approximately 10 websites that CJ’s ran, designed CSS Frameworks / Preprocessors and deployed new sites, and maintained the servers and IT (Bootstrap, Foundation, Tailwind, infrastructure.
    [Show full text]
  • Security Issues and Framework of Electronic Medical Record: a Review
    Bulletin of Electrical Engineering and Informatics Vol. 9, No. 2, April 2020, pp. 565~572 ISSN: 2302-9285, DOI: 10.11591/eei.v9i2.2064 565 Security issues and framework of electronic medical record: A review Jibril Adamu, Raseeda Hamzah, Marshima Mohd Rosli Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA, Malaysia Article Info ABSTRACT Article history: The electronic medical record has been more widely accepted due to its unarguable benefits when compared to a paper-based system. As electronic Received Oct 30, 2019 medical record becomes more popular, this raises many security threats Revised Dec 28, 2019 against the systems. Common security vulnerabilities, such as weak Accepted Feb 11, 2020 authentication, cross-site scripting, SQL injection, and cross-site request forgery had been identified in the electronic medical record systems. To achieve the goals of using EMR, attaining security and privacy Keywords: is extremely important. This study aims to propose a web framework with inbuilt security features that will prevent the common security vulnerabilities CodeIgniter security in the electronic medical record. The security features of the three most CSRF popular and powerful PHP frameworks Laravel, CodeIgniter, and Symfony EMR security issues were reviewed and compared. Based on the results, Laravel is equipped with Laravel security the security features that electronic medical record currently required. SQL injection This paper provides descriptions of the proposed conceptual framework that Symfony security can be adapted to implement secure EMR systems. Top vulnerabilities This is an open access article under the CC BY-SA license. XSS Corresponding Author: Jibril Adamu, Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA, 40450 Shah Alam, Selangor, Malaysia.
    [Show full text]
  • 1 Introducing Symfony, Cakephp, and Zend Framework
    1 Introducing Symfony, CakePHP, and Zend Framework An invasion of armies can be resisted, but not an idea whose time has come. — Victor Hugo WHAT’S IN THIS CHAPTER? ‰ General discussion on frameworks. ‰ Introducing popular PHP frameworks. ‰ Design patterns. Everyone knows that all web applications have some things in common. They have users who can register, log in, and interact. Interaction is carried out mostly through validated and secured forms, and results are stored in various databases. The databases are then searched, data is processed, and data is presented back to the user, often according to his locale. If only you could extract these patterns as some kind of abstractions and transport them into further applications, the developmentCOPYRIGHTED process would be much MATERIAL faster. This task obviously can be done. Moreover, it can be done in many different ways and in almost any programming language. That’s why there are so many brilliant solutions that make web development faster and easier. In this book, we present three of them: Symfony, CakePHP, and Zend Framework. They do not only push the development process to the extremes in terms of rapidity but also provide massive amounts of advanced features that have become a must in the world of Web 2.0 applications. cc01.indd01.indd 1 11/24/2011/24/2011 55:45:10:45:10 PPMM 2 x CHAPTER 1 INTRODUCING SYMFONY, CAKEPHP, AND ZEND FRAMEWORK WHAT ARE WEB APPLICATION FRAMEWORKS AND HOW ARE THEY USED? A web application framework is a bunch of source code organized into a certain architecture that can be used for rapid development of web applications.
    [Show full text]
  • Symfony2 Docs Documentation Release 2
    Symfony2 Docs Documentation Release 2 Sensio Labs January 10, 2016 Contents 1 Quick Tour 1 1.1 Quick Tour................................................1 2 Book 23 2.1 Book................................................... 23 3 Cookbook 263 3.1 Cookbook................................................ 263 4 Components 455 4.1 The Components............................................. 455 5 Reference Documents 491 5.1 Reference Documents.......................................... 491 6 Bundles 617 6.1 Symfony SE Bundles........................................... 617 7 Contributing 619 7.1 Contributing............................................... 619 i ii CHAPTER 1 Quick Tour Get started fast with the Symfony2 Quick Tour: 1.1 Quick Tour 1.1.1 The Big Picture Start using Symfony2 in 10 minutes! This chapter will walk you through some of the most important concepts behind Symfony2 and explain how you can get started quickly by showing you a simple project in action. If you’ve used a web framework before, you should feel right at home with Symfony2. If not, welcome to a whole new way of developing web applications! Tip: Want to learn why and when you need to use a framework? Read the “Symfony in 5 minutes” document. Downloading Symfony2 First, check that you have installed and configured a Web server (such as Apache) with PHP 5.3.2 or higher. Ready? Start by downloading the “Symfony2 Standard Edition”, a Symfony distribution that is preconfigured for the most common use cases and also contains some code that demonstrates how to use Symfony2 (get the archive with the vendors included to get started even faster). After unpacking the archive under your web server root directory, you should have a Symfony/ directory that looks like this: www/ <- your web root directory Symfony/ <- the unpacked archive app/ cache/ config/ logs/ Resources/ bin/ src/ Acme/ DemoBundle/ Controller/ Resources/ ..
    [Show full text]
  • Web Development Frameworks Ruby on Rails VS Google Web Toolkit
    Bachelor thesis Web Development Frameworks Ruby on Rails VS Google Web Toolkit Author: Carlos Gallardo Adrián Extremera Supervisor: Welf Löwe Semester: Spring 2011 Course code: 2DV00E SE-391 82 Kalmar / SE-351 95 Växjö Tel +46 (0)772-28 80 00 [email protected] Lnu.se/dfm Abstract Web programming is getting more and more important every day and as a consequence, many new tools are created in order to help developers design and construct applications quicker, easier and better structured. Apart from different IDEs and Technologies, nowadays Web Frameworks are gaining popularity amongst users since they offer a large range of methods, classes, etc. that allow programmers to create and maintain solid Web systems. This research focuses on two different Web Frameworks: Ruby on Rails and Google Web Toolkit and within this document we will examine some of the most important differences between them during a Web development. Keywords web frameworks, Ruby, Rails, Model-View-Controller, web programming, Java, Google Web Toolkit, web development, code lines i List of Figures Figure 2.1. mraible - History of Web Frameworks....................................................4 Figure 2.2. Java BluePrints - MVC Pattern..............................................................6 Figure 2.3. Libros Web - MVC Architecture.............................................................7 Figure 2.4. Ruby on Rails - Logo.............................................................................8 Figure 2.5. Windaroo Consulting Inc - Ruby on Rails Structure.............................10
    [Show full text]
  • Laravel in Action BSU 2015-09-15 Nathan Norton [email protected] About Me
    Laravel in Action BSU 2015-09-15 Nathan Norton [email protected] About Me ● Full Stack Web Developer, 5+ years ○ “If your company calls you a full stack developer, they don’t know how deep the stack is, and neither do you” - Coder’s Proverb ● Expertise/Buzz words: ○ PHP, Composer, ORM, Doctrine, Symfony, Silex, Laravel, OOP, Design Patterns, SOLID, MVC, TDD, PHPUnit, BDD, DDD, Build Automation, Jenkins, Git, Mercurial, Apache HTTPD, nginx, MySQL, NoSQL, MongoDB, CouchDB, memcached, Redis, RabbitMQ, beanstalkd, HTML5, CSS3, Bootstrap, Responsive design, IE Death, Javascript, NodeJS, Coffeescript, ES6, jQuery, AngularJS, Backbone.js, React, Asterisk, Lua, Perl, Python, Java, C/C++ ● Enjoys: ○ Beer About Pixel & Line ● Creative Agency ● Web development, mobile, development, and design ● Clients/projects include Snocru, Yale, Rutgers, UCSF, Wizard Den ● Every employee can write code ● PHP/Laravel, node, AngularJS, iOS/Android ● “It sucks ten times less to work at Pixel & Line than anywhere else I’ve worked” - Zack, iOS developer Laravel ● Born in 2011 by Taylor Otwell ● MVC framework in PHP ● 83,000+ sites ● Convention over configuration ● Attempts to make working with PHP a joy ● Inspired by Ruby on Rails, ASP.NET, Symfony, and Sinatra ● Latest version 5.1, finally LTS Laravel Features ● Eloquent ORM ● Artisan command runner ● Blade Templating engine ● Flexible routing ● Easy environment-based configuration ● Sensible migrations ● Testable ● Caching system ● IoC container for easy dependency injection ● Uses Symfony components ● Web documentation
    [Show full text]
  • Comparing Performance of Plain PHP and Four of Its Popular Frameworks
    Thesis Project Comparing Performance of Plain PHP and Four of Its Popular Frameworks Author: Jone Samra Supervisor: Johan Hagelbäck Examiner: Sabri Pllana Semester: VT 2015 Subject: Computer Science Abstract The objective of this study is to evaluate performance of four popular PHP frameworks Laravel, Symfony, CodeIgniter and Phalcon together with the plain PHP. The decision of making this study was based on the fact that there is a lack of comparison tests between the most popular PHP frameworks. Visiting the official websites of these frameworks, the first thing to notice is the slogans that have been made by the core teams. The majority of these slogans contain quality attributes like speed and high performance. As a developer looking for performance in your next project, choosing the right PHP framework by these slogans is not that easy. Therefor, the performance of these frameworks is put to the test. And to do that, three experiments are conducted in which five functionally equivalent PHP applications are developed and used as targets. One version of these applications represents the plain PHP and the other four represent the four mentioned frameworks. The experiments are conducted in two sessions. The first session deals with the execution time and the stack trace measurements while the second one is covering the measurement of the memory usage consumption. The result outcome of these experiments has been analyzed and interpreted in order to expose the performance of the targeted frameworks. The experiment results prove that the targeted frameworks perform differently compared with each other and the PHP stack. Plain PHP and Phalcon are performing well while the other three frameworks have both mediocre and low performance.
    [Show full text]
  • Frameworks PHP
    Livre blanc ___________________________ Frameworks PHP Nicolas Richeton – Consultant Version 1.0 Pour plus d’information : www.smile.fr Tél : 01 41 40 11 00 Mailto : [email protected] Page 2 les frameworks PHP PREAMBULE Smile Fondée en 1991, Smile est une société d’ingénieurs experts dans la mise en œuvre de solutions Internet et intranet. Smile compte 150 collaborateurs. Le métier de Smile couvre trois grands domaines : ! La conception et la réalisation de sites Internet haut de gamme. Smile a construit quelques uns des plus grands sites du paysage web français, avec des références telles que Cadremploi ou Explorimmo. ! Les applicatifs Intranet, qui utilisent les technologies du web pour répondre à des besoins métier. Ces applications s’appuient sur des bases de données de grande dimension, et incluent plusieurs centaines de pages de transactions. Elles requièrent une approche très industrielle du développement. ! La mise en œuvre et l’intégration de solutions prêtes à l’emploi, dans les domaines de la gestion de contenus, des portails, du commerce électronique, du CRM et du décisionnel. www.smile.fr © Copyright Smile - Motoristes Internet – 2007 – Toute reproduction interdite sans autorisation Page 3 les frameworks PHP Quelques références de Smile Intranets - Extranets - Société Générale - Caisse d'Épargne - Bureau Veritas - Commissariat à l'Energie Atomique - Visual - Vega Finance - Camif - Lynxial - RATP - AMEC-SPIE - Sonacotra - Faceo - CNRS - AmecSpie - Château de Versailles - Banque PSA Finance - Groupe Moniteur - CIDJ - CIRAD - Bureau
    [Show full text]
  • WEB DEVELOPER » Portfolio » Github SUMMARY I’M a Full-Stack Developer and a Programming Instructor
    LUIS MONTEALEGRE - WEB DEVELOPER » Portfolio » Github SUMMARY I’m a full-stack developer and a programming instructor. I want to be surrounded by people who push me to do the best work of my career as well as people I can nurture and support. I have over 13 years of experience in tech both in Mexico and the United States and I’m looking forward to be part of a team that values work-life balance, TDD, pair programming and code reviews. PROGRAMMING LANGUAGES AND TOOLS PHP 11 years • Laravel, Zend Framework 1, Symfony 1 & 2, Slim 2, Silex, Doctrine 1 & 2, PHPUnit, Behat, phpspec, Codeception • MySQL, PostgreSQL • jQuery, Jasmine, RequireJS, Bower, npm, Webpack, ES6, PhantomJS • Bootstrap, Sass • Vagrant, Docker • Git, SVN C# 4 years • ASP.NET Web Forms, Visual Basic • jQuery, JQuery UI • SQL Server, Oracle PL/SQL • TFS Java 2 years • Spring Boot, JUnit, Hibernate, DBUnit, Servlets, JSP/JSTL, Swing • Maven • MySQL, PostgreSQL CERTIFICATIONS EDUCATION Latinux Certified Linux Operator B. S. and Master in Computer Science. Oracle Certified Java Programmer Emeritus Autonomous University of Puebla. MCTS Microsoft SQL Server & Web [1998-2003, 2003-2005] Applications OPEN SOURCE CONTRIBUTIONS AND COMMUNITY WORK My contributions to open source projects include: Drupal Console, Codeception, Eris and Couscous. I also maintain some libraries: Modules System for Slim 2, Doctrine DBAL Fixtures Generator and a Yelp Fusion API Java Client. I'm the founder an former organizer of the PHP Puebla User Group. I helped organizing dozens of workshops and technical talks. I'm currently particpating with the San Antonio Coding Challenge meetup.
    [Show full text]
  • Absolvování Individuální Odborné Praxe Individual Professional Practice in the Company
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by DSpace at VSB Technical University of Ostrava VŠB – Technická univerzita Ostrava Fakulta elektrotechniky a informatiky Katedra informatiky Absolvování individuální odborné praxe Individual Professional Practice in the Company 2011 Ondrejˇ Gavenda Prohlašuji, že jsem tuto bakaláˇrskou práci vypracoval samostatnˇe. Uvedl jsem všechny literární prameny a publikace, ze kterých jsem ˇcerpal. VOstravˇe22.dubna2011 ............................. Tímto bych chtˇel velmi podˇekovat svému vedoucímu, Ing. Marku Bˇehálkovi, Ph.D., za jeho trpˇelivost a podmˇetné rady, kterými mi pomohl pˇri zpracování této bakaláˇrské práce. Dále dˇekuji Ing. Jakubu Mackovi za konzultace a také Ing. Tomáši Poskerovi za poskyt- nutí informací o spoleˇcnosti. Také dˇekuji všem pracovník ˚um spoleˇcnosti Poski.com s.r.o., za jejich ochotu a pˇríjemnou spolupráci. Abstrakt V této bakaláˇrské práci bylo mým cílem popsat pr ˚ubˇeh bakaláˇrské praxe, kterou jsem vykonával ve spoleˇcnosti Poski.com s.r.o. na pozici junior programátora. Bakaláˇrská práce obsahuje pˇrehled a popis ménˇeznámých technologií, které jsem pˇri plnˇení úkol˚upoužil. Dále zde popisuji mnou ˇrešené úkoly spolu s jejich specifikací. Úkoly, které považuji za významˇejší, jsem podrobnˇeji popsal v samostatnýh kapitolách, a ty, které byly ménˇenároˇcné, jsem struˇcnˇeshrnul v další kapitole. V závˇeru práce popisuji znalosti a dovednosti, které jsem získal v pr˚ubˇehu svého dosavadního studia, a také znalosti a dovednosti, které mi v pr˚ubˇehu praxe scházely a musel jsem je tak samostatnˇedostudovat. V neposlední ˇradˇezde zmiˇnuji výsledky, kterých jsem v pr˚ubˇehu bakaláˇrské praxe dosáhl. Klícovᡠslova: PHP, bakaláˇrská praxe, programování, Javascript, jQuery, webová apli- kace, Nette, Symfony, PoskiPHP, CMS, framework, MVC, Doctrine, ORM, MySQL, data- báze, CRM Abstract This Bachelor thesis was to describe the process, which shows my bachelor practice ex- perience that I have gained at Poski.com ltd as a junior programmer.
    [Show full text]
  • An Analysis of CSRF Defenses in Web Frameworks
    Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks Xhelal Likaj Soheil Khodayari Giancarlo Pellegrino Saarland University CISPA Helmholtz Center for CISPA Helmholtz Center for Saarbruecken, Germany Information Security Information Security [email protected] Saarbruecken, Germany Saarbruecken, Germany [email protected] [email protected] Abstract Keywords Cross-Site Request Forgery (CSRF) is among the oldest web vul- CSRF, Defenses, Web Frameworks nerabilities that, despite its popularity and severity, it is still an ACM Reference Format: understudied security problem. In this paper, we undertake one Xhelal Likaj, Soheil Khodayari, and Giancarlo Pellegrino. 2021. Where We of the first security evaluations of CSRF defense as implemented Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks. In by popular web frameworks, with the overarching goal to identify Proceedings of ACM Conference (Conference’17). ACM, New York, NY, USA, additional explanations to the occurrences of such an old vulner- 16 pages. https://doi.org/10.1145/nnnnnnn.nnnnnnn ability. Starting from a review of existing literature, we identify 16 CSRF defenses and 18 potential threats agains them. Then, we 1 Introduction evaluate the source code of the 44 most popular web frameworks Cross-Site Request Forgery (CSRF) is among the oldest web vul- across five languages (i.e., JavaScript, Python, Java, PHP, andC#) nerabilities, consistently ranked as one of the top ten threats to covering about 5.5 million LoCs, intending to determine the imple- web applications [88]. Successful CSRF exploitations could cause re- mented defenses and their exposure to the identified threats. We mote code execution [111], user accounts take-over [85, 87, 90, 122], also quantify the quality of web frameworks’ documentation, look- or compromise of database integrity—to name only a few in- ing for incomplete, misleading, or insufficient information required stances.
    [Show full text]
  • Quantifying the Security Benefits of Debloating Web Applications
    Less is More: Quantifying the Security Benefits of Debloating Web Applications Babak Amin Azad Pierre Laperdrix Nick Nikiforakis Stony Brook University Stony Brook University Stony Brook University [email protected] [email protected] [email protected] Abstract This increase in capabilities requires more and more complex server-side and client-side code to be able to deliver the features As software becomes increasingly complex, its attack surface that users have come to expect. However, as the code and expands enabling the exploitation of a wide range of vulnerabil- code complexity of an application expands, so does its attack ities. Web applications are no exception since modern HTML5 surface. Web applications are vulnerable to a wide range standards and the ever-increasing capabilities of JavaScript are of client-side and server-side attacks including Cross-Site utilized to build rich web applications, often subsuming the Scripting [4, 47, 72], Cross-Site Request Forgery [3, 33, 46], need for traditional desktop applications. One possible way of Remote Code Execution [18], SQL injection [19,41], and timing handling this increased complexity is through the process of attacks [35,40]. All of these attacks have been abused numerous software debloating, i.e., the removal not only of dead code but times to compromise web servers, steal user data, move laterally also of code corresponding to features that a specific set of users behind a company’s firewall, and infect users with malware and do not require. Even though debloating has been successfully cryptojacking scripts [43,49,74]. applied on operating systems, libraries, and compiled programs, its applicability on web applications has not yet been investigated.
    [Show full text]