For many years, businesses, governments and educational institutions have invested in information systems to integrate technology into people's lives. Technology standards, such as the HTTP protocol and HTML language have emerged as a solution for common problems. These technology standards form the basis of web applications. Currently, systems are being converted to become web enabled systems, replacing old terminal and client server architecture. These web systems are no longer a simple repository of data but are capable of handling millions of transactions per second.
Web applications are becoming integrated into people's lives as a recent survey by Bank of America indicates that more than five million customers are using their electronic banking services. Also, according to Jupiter Research Forecast, the number of households banking online will increase from 29.6 million to 56 million by 2008 with those paying bills online increasing from 50% in 2003 to 85% in 2008.
The concern regarding web applications includes the level of security. It is estimated that credit card fraud will reach 3.2 billion dollars in 2007 causing the credit card industry to issue several programs for data security compliance.
With the demand for complex web applications, the technology to design, develop and test the web applications has evolved. Modern applications are built on components, an object that can be reused for different applications for a group to form new components, develop internally or provided by third parties. This object orienting programming forms a basis of architecture. Object orienting programming language, such as Java, Visual Basic and C++ are widely known, reducing costs while reusing shared components. Web applications now use multilayer architectures due to the need for integration among different commercial partners and technologies. Component based applications present the easiest way to interface among different protocol and standards. Large technology providers are delivering web development products and frameworks based upon component-oriented architecture. The need for component-oriented methods for web application security analysis is emerging quickly to allow users to quickly adhere to regulations and provide security for their web applications.