DOCSLIB.ORG

Exploring the Relationship Between Web Application Development Tools and Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Exploring the Relationship Between Web Application Development Tools and Security Exploring the Relationship Between Web Application Development Tools and Security Matthew Finifter David Wagner University of California, Berkeley University of California, Berkeley fi[email protected] [email protected] Abstract Security strategies of an organization often include de- veloping processes and choosing tools that reduce the How should software engineers choose which tools to number of vulnerabilities present in live web applica- use to develop secure web applications? Different devel- tions. These software security measures are generally opers have different opinions regarding which language, focused on some combination of (1) building secure soft- framework, or vulnerability-finding tool tends to yield ware, and (2) finding and fixing security vulnerabilities more secure software than another; some believe that in software after it has been built. there is no difference at all between such tools. This pa- How should managers and developers in charge of per adds quantitative data to the discussion and debate. these tasks decide which tools – languages, frameworks, We use manual source code review and an automated debuggers, etc. – to use to accomplish these goals? What black-box penetration testing tool to find security vul- basis of comparison do they have for choosing one tool nerabilities in 9 implementations of the same web ap- over another? Common considerations for choosing plication in 3 different programming languages. We ex- (e.g.,) one programming language over another include: plore the relationship between programming languages • How familiar staff developers are with the language. and number of vulnerabilities, and between framework support for security concerns and the number of vul- • If new developers are going to be hired, the current nerabilities. We also compare the vulnerabilities found state of the market for developers with knowledge by manual source code review and automated black-box of the language. penetration testing. • Interoperability with and re-usability of existing in- Our findings are: (1) we do not find a relationship house and externally-developed components. between choice of programming language and applica- • Perceptions of security, scalability, reliability, and tion security, (2) automatic framework protection mech- maintainability of applications developed using that anisms, such as for CSRF and session management, ap- language. pear to be effective at precluding vulnerabilities, while Similar considerations exist for deciding which web ap- manual protection mechanisms provide little value, and plication development framework to use and which pro- (3) manual source code review is more effective than au- cess to use for finding vulnerabilities. tomated black-box testing, but testing is complementary. This work begins an inquiry into how to improve one part of the last of these criteria: the basis for evaluating 1 Introduction a tool’s inclination (or disinclination) to contribute to ap- plication security. The web has become the dominant platform for new soft- Past research and experience reveal that different tools ware applications. As a result, new web applications can have different effects on application security. The are being developed all the time, causing the security software engineering and software development commu- of such applications to become increasingly important. nities have seen that an effective way to preclude buffer Web applications manage users’ personal, confidential, overflow vulnerabilities when developing a new appli- and financial data. Vulnerabilities in web applications cation is to simply use a language that offers automatic can prove costly for organizations; costs may include di- memory management. We have seen also that even if rect financial losses, increases in required technical sup- other requirements dictate that the C language must be port, and tarnished image and brand. used for development, using the safer strlcpy instead of strcpy can preclude the introduction of many buffer security of applications developed using that language. overflow vulnerabilities. For example, research has shown that type systems can This research is an exploratory study into the security statically find (and therefore preclude, by halting compi- properties of some of the tools and processes that orga- lation) certain types of vulnerabilities [21, 20]. In gen- nizations might choose to use during and after they build eral, static typing can find bugs (any of which could be their web applications. We seek to understand whether a vulnerability) that may not have been found until the the choice of language, web application development time of exploitation in a dynamically-typed language. framework, or vulnerability-finding process affects the Also, one language’s standard libraries might be more security of the applications built using these tools. usable, and therefore less prone to error, than another’s. We study the questions by analyzing 9 independent A modern exception handling mechanism might help de- implementations of the same web application. We col- velopers identify and recover from dangerous scenarios. lect data on (1) the number of vulnerabilities found in But programming languages differ in many ways be- these implementations using both a manual security re- yond the languages themselves. Each language has its view and an automatic black-box penetration testing tool, own community, and these often differ in their philoso- and (2) the level of security support offered by the frame- phies and values. For example, the Perl community val- works. We look in these data sets for patterns that might ues TMTOWTDI (“There’s more than one way to do indicate differences in application security between pro- it”) [4], but the Zen of Python [16] states, “[t]here should gramming languages, frameworks, or processes for find- be one – and preferably, only one – obvious way to do ing vulnerabilities. These patterns allow us to generate it.” Clear documentation could play a role as well. and test hypotheses regarding the security implications Therefore, we want to test whether the choice of lan- of the various tools we consider. guage measurably influences overall application security. This paper’s main contributions are as follows: If so, it would be useful to know whether one language • We develop a methodology for studying differences fares better than another for any specific class of vulner- in the effect on application security that differ- ability. If this is the case, developers could focus their ef- ent web application development tools may have. forts on classes for which their language is lacking good The tools we consider are programming languages, support, and not worry so much about those classes in web application development frameworks, and pro- which data show their language is strong. cesses for finding vulnerabilities. Web application development framework. Web ap- • We generate and test hypotheses regarding the dif- plication development frameworks provide a set of li- ferences in security implications of these tools. braries and tools for performing tasks common in web • We develop a taxonomy for framework-level de- application development. We want to evaluate the role fenses that ranges from always on framework sup- that they play in the development of secure software. port to no framework support. This can help developers make more informed decisions • We find evidence that automatic framework-level when choosing which technologies to use. defenses work well to protect web applications, but Recently, we have seen a trend of frameworks adding that even the best manual defenses will likely con- security features over time. Many modern frameworks tinue to fall short of their goals. take care of creating secure session identifiers (e.g., • We find evidence that manual source code analy- Zend, Ruby on Rails), and some have added support sis and automated black-box penetration testing are for automatically avoiding cross-site scripting (XSS) or complementary. cross-site request forgery (CSRF) vulnerabilities (e.g., Django, CodeIgniter). It is natural to wonder if frame- works that are pro-active in developing security features 2 Goals yield software with measurably better security, but up to this point we have no data showing whether this is so. Programming language. We want to measure the in- fluence that programming language choice has on the Vulnerability-finding tool. Many organizations man- security of the software developed using that language. age security risk by assessing the security of software If such an influence exists, software engineers (or their before they deploy or ship it. For web applications, two managers) could take it into account when planning prominent ways to do so are (1) black-box penetration which language to use for a given job. This informa- testing, using automated tools designed for this purpose, tion could help reduce risk and allocate resources more and (2) manual source code analysis by an analyst knowl- appropriately. edgeable about security risks and common vulnerabili- We have many reasons to believe that the features of ties. The former has the advantage of being mostly au- a programming language could cause differences in the tomated and being cheaper; the latter has a reputation as Team Language Frameworks used with metrics like performance, completeness, size, and Number usability, we re-analyze their data to evaluate the security 1 Perl DBIx::DataModel, Catalyst, Tem- 9 plate Toolkit properties of these programs.
Load more

Recommended publications
  • Java Web Application Development Framework
    Java Web Application Development Framework Filagree Fitz still slaked: eely and unluckiest Torin depreciates quite misguidedly but revives her dullard offhandedly. Ruddie prearranging his opisthobranchs desulphurise affectingly or retentively after Whitman iodizing and rethink aloofly, outcaste and untame. Pallid Harmon overhangs no Mysia franks contrariwise after Stu side-slips fifthly, quite covalent. Which Web development framework should I company in 2020? Content detection and analysis framework. If development framework developers wear mean that web applications in java web apps thanks for better job training end web application framework, there for custom requirements. Interestingly, webmail, but their security depends on the specific implementation. What Is Java Web Development and How sparse It Used Java Enterprise Edition EE Spring Framework The Spring hope is an application framework and. Level head your Java code and behold what then can justify for you. Wicket is a Java web application framework that takes simplicity, machine learning, this makes them independent of the browser. Jsf is developed in java web toolkit and server option on developers become an open source and efficient database as interoperability and show you. Max is a good starting point. Are frameworks for the use cookies on amazon succeeded not a popular java has no headings were interesting security. Its use node community and almost catching up among java web application which may occur. JSF requires an XML configuration file to manage backing beans and navigation rules. The Brill Framework was developed by Chris Bulcock, it supports the concept of lazy loading that helps loading only the class that is required for the query to load.
    [Show full text]
  • Ellucian's Global Browser Support Calendar
    Ellucian's Global Browser Support Calendar Publication of Ellucian’s Oracle Support Calendar and Browser Support Calendar for Banner is migrating to Ellucian eCommunities in the Banner General and Technical Forum (https://ecommunities.ellucian.com/community/banner-technical). Publication of this information via the Banner Compatibility Matrix web application will end December 2018. The following browsers and versions are supported by all Ellucian products except where noted in the "Notes & Exceptions" column. Browser Support Support Support Browser OS Notes & Exceptions Begins Ends *Ellucian makes every attempt to support the latest browsers with the latest releases of our products. Firefox and Chrome support may be limited to the current version and one back for most products except where noted in the Currently Chrome (all) Windows* documentation. Due to NPAPI plugin Supported dependencies, Banner 8.x INB is no longer supported on Chrome 45 and higher. Please see Article 000035689 for more information about browser restrictions for Banner 8.x INB support. *Ellucian makes every attempt to support the latest browsers with the latest releases of our products. Firefox and Chrome support may be limited to the current version and one back for most products except where noted in the documentation. Due to NPAPI plugin dependencies, please see Article 000035689 for more information about browser restrictions for Banner 8.x INB support. Firefox no longer supports NPAPI plugins, including the Java Windows* runtime, as of Firefox 52 3/7/2017). Currently Firefox (all) Supported Mac OS* Firefox Extended Support Release: While Ellucian has not been through a formal certification of the Firefox ESR browser, based on customer feedback, we will provide support to customers running Firefox ESR, for both Banner 8 and Banner 9, until Banner 8 INB moves to Sustaining Support.
    [Show full text]
  • Rich Internet Applications
    Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight Master of Science Thesis in the Programme Software Engineering and Technology CARL-DAVID GRANBÄCK Department of Computer Science and Engineering CHALMERS UNIVERSITY OF TECHNOLOGY UNIVERSITY OF GOTHENBURG Göteborg, Sweden, October 2009 The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight CARL-DAVID GRANBÄCK © CARL-DAVID GRANBÄCK, October 2009. Examiner: BJÖRN VON SYDOW Department of Computer Science and Engineering Chalmers University of Technology SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden, October 2009 Abstract This Master's thesis report describes and compares the three Rich Internet Application !RIA" frameworks Adobe Flex, JavaFX and Microsoft Silverlight.
    [Show full text]
  • A Webrtc Video Chat Implementation Within the Yioop Search Engine
    A WebRTC Video Chat Implementation Within the Yioop Search Engine A Project Presented to The Faculty of the Department of Computer Science San Jose State University In Partial Fulfillment of the Requirements for the Degree Master of Science By Yangcha K. Ho May 2019 ©2019 Yangcha K. Ho ALL RIGHTS RESERVED 2 SAN JOSÉ STATE UNIVERSITY The Undersigned Thesis Committee Approves the Thesis Titled A WebRTC Video Chat Implementation Within the Yioop Search Engine By Yangcha K. Ho APPROVED FOR THE DEPARTMENT OF COMPUTER SCIENCE ___________________________________________________________ Dr. Chris Pollett, Department of Computer Science 05/20/2019 __________________________________________________________ Dr. Melody Moh, Department of Computer Science 05/20/2019 _________________________________________________________ Dr. Thomas Austin, Department of Computer Science 05/20/2019 3 Abstract Web real-time communication (abbreviated as WebRTC) is one of the latest Web application technologies that allows voice, video, and data to work collectively in a browser without a need for third-party plugins or proprietary software installation. When two browsers from different locations communicate with each other, they must know how to locate each other, bypass security and firewall protections, and transmit all multimedia communications in real time. This project not only illustrates how WebRTC technology works but also walks through a real example of video chat-style application. The application communicates between two remote users using WebSocket and the data encryption algorithm specified in WebRTC technology. This project concludes with a description of the WebRTC video chat application’s implementation in Yioop.com, a PHP-based internet search engine. 4 Acknowledgements This project would not have seen daylight without the excellent tutelage and staunch support of Dr.
    [Show full text]
  • Rich Internet Applications for the Enterprise
    Final Thesis Rich Internet Applications for the Enterprise A comparative study of WebWork and Java Web Start by Emil Jönsson LITH-IDA-EX–07/063–SE 2007-12-07 Linköping University Department of Computer and Information Science Final Thesis Rich Internet Applications for the Enterprise A comparative study of WebWork and Java Web Start by Emil Jönsson LITH-IDA-EX–07/063–SE Supervisors: Valérie Viale Amadeus Philippe Larosa Amadeus Examiner: Kristian Sandahl Department of Computer and Information Science Linköping University Abstract Web applications initially became popular much thanks to low deployment costs and programming simplicity. However, as business requirements grow more complex, limitations in the web programming model might become evident. With the advent of techniques such as AJAX, the bar has been raised for what users have come to expect from web applications. To successfully implement a large-scale web application, software developers need to have knowledge of a big set of complementary technologies. This thesis highlights some of the current problems with the web programming model and discusses how using desktop technologies can improve the user experience. The foundation of the thesis is an implementation of a prototype of a central hotel property management system using web technologies. These technologies have then been compared to an alternative set of technologies, which were used for implementing a second prototype; a stand-alone desktop client distributed using Java Web Start. Keywords: web development, Rich Internet Applications, WebWork, Java Web Start, Property Management System, hospitality software Acknowledgements First I would like to thank Amadeus for giving me the opportunity to do an internship at their development site in Sophia Antipolis.
    [Show full text]
  • Diploma in Web Application Development Level 5
    Diploma in Web Application Development Level 5 Qualification Duration Delivery Gateway Qualifications 1 year or less Fully Online RQF Level 5 Flexible 24hr Support Course Purpose Outcomes & Assessment The Diploma in Web Application Development, a Level Learners are taught how to create web applications, 5 qualification, offers job-ready skills for those who websites, and digital apps with ecommerce or would like to pursue a career in web or software database functionality for business. Candidates are development. assessed on the basis of four milestone projects. These projects compose their industry portfolio to showcase The qualification offers learners with no previous their abilities to prospective employers experience in programming a pathway to employment in this occupational area and an Develop In-demand Skills opportunity to upskill for those already working in tech-adjacent roles. ● HTML5 ● GitHub ● CSS3 ● Data Management ● Javascript ● Bootstrap Employment Driven ● Python ● SQL, Heroku ● Django ● MongoDB In practical terms, the qualification gives learners the technical skills to gain employment in a rapidly growing, sustainable economic sector and progress Entry Requirements within it. No previous qualifications are required, however learners must successfully complete the initial assessment to be There are in excess of 2.1 million jobs in the tech sector considered for the programme. in the UK of which 130k are unfilled roles in web/software development. The sector is growing 2.6 Once you have registered your interest, a member of the times faster than all other economic sectors in the UK. team will contact you regarding the assessment. Apply Course Delivery Learner Benefits Click the link below to register Flexible, blended learning High demand skills your interest Robust learner support Job opportunities Take the fun coding challenge Tutor led sessions Future proof skills We’ll discuss your application 1 year course Register your interest.
    [Show full text]
  • Mechanism for Measuring XHR Client Side Processing Olga Shershevsky Hewlett Ap Ckard Enterprise
    Technical Disclosure Commons Defensive Publications Series November 26, 2016 Mechanism For Measuring XHR Client Side Processing Olga Shershevsky Hewlett aP ckard Enterprise Avi Kabizon Hewlett aP ckard Enterprise Nir Pluderman Hewlett aP ckard Enterprise Follow this and additional works at: http://www.tdcommons.org/dpubs_series Recommended Citation Shershevsky, Olga; Kabizon, Avi; and Pluderman, Nir, "Mechanism For Measuring XHR Client Side Processing", Technical Disclosure Commons, (November 26, 2016) http://www.tdcommons.org/dpubs_series/325 This work is licensed under a Creative Commons Attribution 4.0 License. This Article is brought to you for free and open access by Technical Disclosure Commons. It has been accepted for inclusion in Defensive Publications Series by an authorized administrator of Technical Disclosure Commons. Shershevsky et al.: Mechanism For Measuring XHR Client Side Processing Mechanism For Measuring XHR Client Side Processing Abstract XHR is a mechanism used to send HTTP/S requests to a web server, and use the response to alter the current document without loading a new page. XHR performance is an important metric for Web site performance monitoring. A significant metric is the client side processing of the response, because of its potential for isolating a pure client side performance problem. The disclosed technique provides a unique way of measuring this metric. Description This disclosure relates to the field of performance measurement. A technique is disclosed that provides a unique way of measuring XHR performance of web sites. A Web application is not what it used to be some years ago. Today it’s usually a rich Single Page Application, and most of the application’s logic is done on the Client side, rather than on the Server side.
    [Show full text]
  • Design and Implementation of a Web-Based Application for the Visualization of Large Scale Photogrammetric and Cartographic Data
    DESIGN AND IMPLEMENTATION OF A WEB-BASED APPLICATION FOR THE VISUALIZATION OF LARGE SCALE PHOTOGRAMMETRIC AND CARTOGRAPHIC DATA Maria Spanaki a, Lysandros Tsoulos b a Surveying Eng. MSc Geomatics – PhD Student, b Assoc. Professor NTUA Cartography Laboratory, Faculty of Rural and Surveying Engineering National Technical University of Athens 9 H. Polytechniou, 157 80 Zographou Campus, Athens, Greece [email protected], [email protected] KEY WORDS: Photogrammetry, Cartography, Web-based, Standards, Open systems ABSTRACT: The objective of this paper is to show the way multiple source data like aerial photos, maps and descriptive information are combined and amalgamated to form an Internet or Intranet application. The visual outcome is a large scale, precise and detailed image/map displaying the interiors of buildings in a layered fashion, enabling the user to interact with the objects shown on it. Scalable Vector Graphics - SVG is an XML language for the encoding/representation of two dimensional vector data, especially designed for integration with other web standards. SVG provides those basic structures, which are needed for map generation and overcomes the disadvantages inherent to bitmap images displaying spatial data. In the domain of spatial data, SVG constitutes a new powerful standard for visualization and has a great potential along with other XML encoding languages like Geographic Markup Language - GML, Extensible Stylesheet Language Transformation – XSLT and Cascading Style Sheets – CSS for the development of Web- based applications utilizing open source software and standards. This paper elaborates on the way SVG data is generated from existing cartographic and photogrammetric sources and the use of scripts in order to provide the user with interactive and animation capabilities, resulting to a comprehensive and user friendly map in the Internet.
    [Show full text]
  • Web Browser Access to Cryptographic Hardware
    Universidade do Minho Escola de Engenharia Leonel João Fernandes Braga Web Browser Access to Cryptographic Hardware Outubro de 2012 Universidade do Minho Escola de Engenharia Leonel João Fernandes Braga Web Browser Access to Cryptographic Harware Tese de Mestrado Mestrado em Engenharia Informática Trabalho realizado sob orientação de Doutor Vítor Francisco Fonte Supervisão na empresa de Engenheiro Renato Portela Outubro de 2012 Acknowledgments I could not conclude this work without acknowledge all the support, time, and understanding of all the people who have been around me during this phase and during my journey of life. I am sure that without them everything would be much more difficult, and the success would be harder to achieve. First of all, I want to thank to my supervisor Professor Victor Fonte for being so helpful and supportive. His guidance certainly improved my work and my knowledge as well. I want also to thank to Engenheiro Renato Portela from MULTICERT for enlightening me when I was more doubtful. A special thanks to MULTICERT for letting me enrol in this project: it made me grow professionally and enhanced my knowledge. I want also to thank the Firebreath community for clarifying all the doubts I had. Congrat- ulations for your great work as well. In this context, there is one person to whom I could not be more grateful: Pedro, thank you for your help and patience, even when I had lots of questions. I am also grateful for the discussions I had with Pedro and Ulisses: they gave me lots of ideas of how I could improve my work.
    [Show full text]
  • Fiz: a Component Framework for Web Applications
    Fiz: A Component Framework for Web Applications John K. Ousterhout Department of Computer Science Stanford University Abstract Fiz is a framework for developing interactive Web applications. Its overall goal is to raise the level of programming for Web applications, first by providing a set of high-level reusable components that simplify the task of creating interactive Web applications, and second by providing a framework that encourages other people to create addi- tional components. Components in Fiz cover both the front-end of Web applications (managing a browser-based user interface) and the back end (managing the application's data). Fiz makes it possible to create components that encapsulate complex behaviors such as Ajax-based updates, hiding many of the Web's complexities from applica- tion developers. Because of its focus on components, Fiz does not use mechanisms such as templates and model- view-controller in the same way as other frameworks. ger and more useful structures. We will release Fiz in 1 Introduction open-source form and hope to build a user community Although the World-Wide Web was initially conceived that creates an ever-increasing set of interesting com- as a vehicle for delivering and viewing documents, its ponents, which will make it dramatically easier to cre- focus has gradually shifted from documents to applica- ate applications that advance the state-of-the-art in Web tions. Facilities such as Javascript, the Document Ob- interactivity. ject Model (DOM), and Ajax have made it possible to offer sophisticated interactive applications over the The rest of this paper is organized as follows.
    [Show full text]
  • Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud AWS Whitepaper
    Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud: AWS Whitepaper Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Web Application Hosting in the AWS Cloud AWS Whitepaper Table of Contents Abstract ............................................................................................................................................ 1 Abstract .................................................................................................................................... 1 An overview of traditional web hosting ................................................................................................ 2 Web application hosting in the cloud using AWS .................................................................................... 3 How AWS can solve common web application hosting issues ........................................................... 3 A cost-effective alternative to oversized fleets needed to handle peaks ..................................... 3 A scalable solution to handling unexpected traffic
    [Show full text]
  • Lecture 6: Dynamic Web Pages Lecture 6: Dynamic Web Pages Mechanics • Project Preferences Due • Assignment 1 out • Prelab for Next Week Is Non-Trivial
    Lecture 6: Dynamic Web Pages Lecture 6: Dynamic Web Pages Mechanics • Project preferences due • Assignment 1 out • PreLab for next week is non-trivial 1/31/2020 2 Lecture 5: JavaScript JavaScript has its Quirks • Procedural, Functional and Object-Oriented all at once • Objects are very different from Java/C++ o Newer versions have Java-like classes however • Scoping is different o var versus let or const o Declarations can follow uses o Declarations are optional • Automatic type conversion • Strict versus non-strict equality testing • eval function • Semicolons are optional if unambiguous • Read up on the language (prelab) 1/31/2020 3 Lecture 6: Dynamic Web Pages What is an Interactive Application • How do we want to use JavaScript • What does interactive mean • What does it do when you interact o Check inputs, compute next page o Change the page without getting a new page 1/30/2020 4 Lecture 6: Dynamic Web Pages Dynamic Web Page Examples • http://bdognom.cs.brown.edu:5000/ (spheree) • http://conifer.cs.brown.edu/s6 (s6) • http://conifer.cs.brown.edu:8888 (twitter) • http://fred4.cs.brown.edu:8800/ (sign) 1/23/2020 5 Lecture 6: Dynamic Web Pages Interactive Applications • Respond to user inputs • Change the display (e.g. add fields, show errors, …) • Dynamically check and verify inputs • Allow direct manipulation (drag and drop) • Use animation to highlight or emphasize or show things • Display external changes in real time • Provide input help (e.g. text completion) • Handle dynamic resizing of the display 1/23/2020 6 Lecture 6: Dynamic Web Pages Achieving Interactivity • Using CSS • Handling HTML events using JavaScript o Dynamically check and verify inputs o Handle direct manipulation • With modern HTML features • With animation/drawing/multimedia packages • By talking to the server continually • Displaying external changes in real time • Changing styles and the content of the page o Change the display (e.g.
    [Show full text]