SHEM MUTETHIA GIKUNDA

CIT-221-026/2022

MULTIMEDIA UNIVERSITY OF KENYA

COMPUTING AND INFORMATION

TECHNOLOGY

INFORMATION TECHNOLOGY

INTERNET APPLICATION PROGRAMMING

BIT 2207

CAT 1
 a. . The client-server model is a fundamental network architecture where a client (like a
web browser) requests services from a server (like a web server). The client sends
requests to the server, and the server processes these requests and sends back
responses.

HTTP (Hypertext Transfer Protocol): This is the primary protocol used for communication
between web clients and servers. It defines how messages are formatted and transmitted
over the internet.

SSL (Secure Sockets Layer): This is a cryptographic protocol that provides secure
communication over a computer network. It encrypts data transmitted between a client and a
server, ensuring privacy and integrity.

TLS (Transport Layer Security): This is the successor to SSL and is the standard security
protocol used for internet communication. It provides secure communication channels over a
computer network.

b. Server-side scripting executes code on the server before sending the final HTML to
the client's browser, allowing for database access, dynamic content generation, and
user input handling. Languages like PHP, Python, and Ruby are commonly used. In
contrast, client-side scripting executes code on the client's browser after the HTML
page is loaded, enabling DOM manipulation, interactive elements, and user input
validation without additional server requests. JavaScript is the primary language for
client-side scripting.
c. CSS (Cascading Style Sheets): This is used to style and layout web pages. It
separates the presentation of a web page from its content, making it easier to
maintain and update the website's appearance.
JavaScript: This is used to create dynamic and interactive web pages. It can manipulate the
DOM, handle user events, and communicate with servers to create rich user experiences
XML (Extensible Markup Language): This is used to store and transport data. It is often used
to create data formats for web applications, such as RSS feeds and configuration files.
d. SQL databases are relational databases that use SQL to manage structured data
with well-defined relationships between tables. They are suitable for traditional
applications with predictable data structures. Examples include MySQL, PostgreSQL,
and Oracle. On the other hand, NoSQL databases are non-relational databases that
can handle large amounts of unstructured or semi-structured data. They are flexible
and scalable, making them ideal for modern web applications with rapidly changing
data requirements. Examples include MongoDB, Cassandra, and Redis.
e. SQL Injection: This occurs when malicious code is injected into an SQL query to
compromise the database.
Mitigation: Input validation, parameterized queries, and using prepared statements.
Cross-Site Scripting (XSS): This occurs when malicious scripts are injected into a web
page, allowing attackers to steal user data or hijack sessions.
Mitigation: Input validation, output encoding, and using a Content Security Policy (CSP).
Cross-Site Request Forgery (CSRF): This occurs when an attacker tricks a user into
performing unauthorized actions on a web application.
Mitigation: Using CSRF tokens, verifying referrer headers, and implementing strong session
management.