Advantages And Disadvantages Of Optimisation Techniques

Advantages And Disadvantages Of Optimisation TechniquesWe have to use different techniques to optimise our weathervanesite. Our main focus will be on how to load the size of the web rascal and leger execution time. This, in turn, will definitely improve the exploiter experience as come up as reduce the load on the servers. The images and graphic interfaces occupy the maximum storage size on the webpage. Therefore we need to compress the images and the ledgers in an effective manner that wont affect functionality and forest of the website. First we need to simplify the design of the website, reducing the number of HTTP requests. JavaScript and CSS can be minified by removing comments and space characters from the code. Furthermore we can figure out java script and CSS external which can be cached by the web browser. Post Load and Pre Load components can be set, which will make the user experience better by initi eachy loading the important content and then loading the remainin g content. Ultimately we can optimise loops which will reduce the script execution time. specialised Optimisation Techniques to be utilize for the WebsiteThe different optimisation techniques areMinimise HTTP requestsAdd an expiry or a cache tick header erect scripts at the bottomRemove duplicate scriptsMake Ajax cacheablePost load componentsPre load componentsMake JavaScript and CSS externalReduce DNS LookupsMinimise HTTP requestsThe majority of the time taken when a page is loading is a result of HTTP requests. Reducing the number of components will thus reduce the number of HTTP requests required to render the page. This is the key to accelerated loading pages.Combined files are a way to reduce the number of HTTP requests by combining all scripts into a single script, and similarly combining all CSS into a single stylesheet.Discussing the decisions for each pageWe will use round techniques which will be applicable on all the pages. Style sheets will be placed at the top and scripts at the bottom of the webpage. AJAX, JavaScript and CSS made cacheable. CDN servers will be used and redirects, 404 errors, and empty image source avoided.GET will be used for AJAX requests and also make efficient use of pre and post load components. The complete JavaScript code and CSS will be minified.The Home page is the one which should be fast, attractive and interactive. The Home page will make up the rapport of your website. In order to make it attractive we need to use different images, CSS, graphical interfaces and flash content. Images and graphical interfaces are monumentalger in size so we will scale them and try to convert them into a more suitable format such as Portable Network Graphics (.png).The users login page, discussion page, upload page and modify page will be much simpler than home page but they will contain lots of videos and images with the description. Thus, we can just remove the white space characters from their code reducing the size of the webp age and optimising the images. Videos are too big in size so we will not upload it on our server. We will use YouTube or other free video upload sites and institute the link on our webpage.Product Catalogue will contain all the images of the product that can be searched and sorted by category and brands. The loops will be optimised for faster search and sorting.Business discipline, current employees and product information will contain the detailed textual description with images of what we do, what we sell and who works in our company. all told this information is static, so we will cache the information and optimise the images.Q2. Client side security issues are an extremely important component of any web-based application. inductionClient side security is one of the most important topics in internet security. All the information which has been downloaded from servers is stored on the clients machine. All the site preferences as well as your login details are stored as cookies on the local machine and we need to keep those files safe from hackers. We use different antiviruses and firewalls on the local machine, besides they are not as efficient as they should be.JavaScript and AJAX are the most vulnerable languages for most of the current web-based exploits like Trojans, viruses, etc. 1(Uta Priss, 2012, Advanced Client-Side SecurityWhat some users do not know, From http//www.upriss.org.uk/awt/lec4a.pdf)In this document we will look at the major threats, type of client side attacks and some strategies for minimising those risks.Problem Domain today internet is a basic necessity of day to day life. We are so dependent on internet these days. Everything from paying our electricity bills to international business sector meetings we do online. All our bank details are on our local machine which is vulnerable to hackers. For this reason do we need a secure governing body to work safely online. Whenever we use internet our local system stores the information from the server which contains your preferences, form data and the history of the webpages you viewed.How do hackers operate..?Hackers try to bypass the firewall and throw inappropriate access to local host resources. There are more chances to breach the security of the firewall when the hacker and the host are on the same engagement because request for resources originating within the network can be trusted more than request originating from outside the network. (Bidgoli Hossein , Wiley John Sons, (2006) Hanew Jersey, John Wiley Sons)IssuesOne of the most widely used languages for website development, JavaScript, is not secure. JavaScript is an open scripting language which means anyone can manipulate it and change its function. The JavaScript security model attempts to protect the user from websites that may be malicious and is not designed to protect the website owner. It cant protect data sent from the browser to the server and there are limits on what the page author can c ontrol via JavaScript whilst it is being executed within the browser. The success of JavaScript is also however the reason why attackers have targeted and leveraged the technology as a means to agree the systems and suggest untold grief for clients. JavaScript has been used to perform attacks that involve redirects, downloading of content, or even revealing details about a victims system.2 Now we will discuss some attack strategies such as XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery) and introduce some prevention measures to improve the security of the website.XSSCross-Site Scripting attacks are a type of pellet problem, in which malicious scripts are injected into the otherwise benign and trusted websites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to target a malicious code, largely in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anyw here a web application uses input from a user in the output it generates without validating or encoding it.An attacker can use XSS to send a malicious script to an unsuspecting user. The end users browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used within that site. These scripts can even rewrite the content of the HTML page.Prevention measuresValidate, filter, and sanitise all inputProcess output response spud data through encodingMany modern browsers will attempt to detect an XSS attack and notify the userCSRFCSRF (Cross-Site Request Forgery) is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like direct a link via email/chat), an attack er may force the users of a web application to execute actions of the attackers choosing. A successful CSRF exploit can compromise end user data and operation in the case of a normal user. If the targeted end user is the administrator account, this can compromise the entire web application.Prevention measuresImplement strong XSS mitigations mapping Tokens to verify expected user actionsHidden form value fieldsE.g., RoR ASP.Net MVC provide framework supportUse POST for any actions that alter data on server sideIs the idempotent web paradigm for HTTP GET compromised?Check HTTP ReferrerMost modern browsers complicate features to palliate the following attacksPhishing AttacksSpywareMalicious websitesAdwareDestruction or corruption of data or configurationTheft of configuration informationInstallation of malwareTheft of information and identification(Oriyano Sean-Philip and Shimonsk Robert,(2012)Client Side Attacks and Defense, USA, Elsevier, Pg 130)ConclusionIn summary, we discussed t he major client side scripting attacks, preventive measures and the most vulnerable languages. Client side scripting attacks are effective in taking the personal information of the user. However, if we play smart we can extenuate and avoid those attacks in the first place by making some changes in our firewall settings and not clicking on suspicious links. Prevention is always preferred over a cure for the problems being faced for a normal user in this unprotected web environment. As programmers, we should make appropriate use of the AJAX commands and code the website in such a way as to make it more reliable and harder to alter. Lastly, JavaScript is the most popular language and will remain so in coming years. In light of this, we should make efficient use of the primary functions and the libraries to make it less vulnerable to attacks.