The software that powers web applications is distributed, is implemented in multiple languages & styles, incorporates home security system quotes components, is built with cutting edge technologies as stated (section above component based software) & must interface with users, other web sites & databases. Although. The word “heterogeneous” is often used for web software, it applies in so many ways that the synonymous term “diverse” is more general & familiar, & probably more appropriate [7]. The software components are often distributed geographically both during the development & deployment (diverse distribution), & communicates in numerous distinct & sometimes novel ways (diverse communication) [8].
Web-based software systems are created by combining a variety of components from various sources, such as custom-built special-purpose applications, customised commercial-off-the-shelf software components, and third-party software [7]. Much of the new complexity found with web-based applications also results from how the different Software components are integrated. Not only is the source unavailable might be hosted on computers at remote, even competing organization. To ensure high quality for the web systems composed of very loosely coupled components, which seriously required evaluate these Components connections [9].
Web software components are coupling more loosely than any previous software application [7]. AS it is stated above that e-commerce sites offer more than front-end servers, they usually run complex Middleware programmes such as CGI scripts, Java servlets, application servers & component-based-software such as EJB Java beans, Java 2 Enterprise Edition (J2EE), CORBA, COM & DCOM components-based solution. One reason for the emergence of this component-based software on e-commerce sites is the complexity of the software necessary to implement business application logic. This Complexity, in turn, introduces the more Software Flaws that can be exploited for malicious, gain [3].
The web’s function & structure have changed drastically, particularly in the past couple of years, yet most software engineering researchers, educators, & practitioners have not yet grasped how fully this changes affects engineering principles & process [7], example of a changes in last couple of years idea use of web 2.0 feature Ajax (The Ajax engine is the client-side code that handles calls between the client & server. Typically this would be a library of JavaScript function included on the page [10], more prone it is to have flaws in that any attacker with basic skills can use proxy software(or call script functions directly)to bypass the intended logic/business logic due to complexities involved & since more application logic is being delegated to web browsers, this idea of Ajax is leading to open flaw which allows intruders to easily read the source code & look for weakness area in the system middle tier application logic. Sharing business logic client-side reveals source information of the complete system, which is too dangerous combining representation logic, rendering logic & business logic & resides business logic client & Application sever-side. For example, Ajax-enable application with multiple levels of user account it was found that the site employed one JavaScript include file for the entire client-side logic.