Home
 Products
 Open Source
 Web Tech
   Innards: Tom's Blog
   Linux Software Map
   WWW FAQs
   Bookstore
   Programming 101 By Way of Java
   WWW newsgroup charters
   Zip code database
 Online Store
 Fun
 Philadelphia
 Advertising
 Search
 Privacy
 About Us
 Consulting
 Contact
Format for Printing
HomeWeb Tech Innards: Tom's Blog
Innnards: How do I test web applications without a web server?

As the author of the WWW FAQ, I regularly answer questions about the workings of the Web. If a question is frequently asked, I simply add an article to the FAQ. But sometimes a question is more detailed, more in-depth— not really a FAQ, but still of interest to others. You'll find those questions, with my answers, here in Innards along with commentary on other web-technology-related topics.

2008-08-05

Q. How do I install sample web applications locally for security testing purposes? I don't want my applications to be accessed from the outside. It's enough for me to access it locally from my computer and test it with application security testing tools such as Appscan, Cenzic, etc. I do not want to install Apache or IIS or any Web Server software. Please describe the steps in detail. I am a beginner with respect to web Application hosting and deployment.

A. We need to talk definitions here for a minute.

What is a web application? An application built on the web. And what are web applications built on top of? Web servers. Meaning Apache, IIS, et cetera.

Virtually all web applications are built in programming languages that extend web servers to do more— languages like PHP, ASP.NET, C#, Ruby, PHP and so forth. They assume a web server is there to go the "last mile" and talk to the user's web browser. So you can't run these applications without a web server to run them on.

But does this mean you have to do something scary and complicated just to test them? Not at all. There are simple, easy-to-install web server packages out there which have been created expressly to simplify the task of testing web sites and web applications locally on your own computer.

To set up a PHP- and MySQL-enabled testing server with a minimum of fuss, Windows users should check out WampServer, which installs the pieces you need without the overhead and system administration of a production server accessible to the public.

MacOS X users can accomplish equivalent results with MAMP, which provides a user interface to manage Apache, MySQL, PHP and so on.

Of course, you can do all of these things fairly easily with an Ubuntu Linux system as well.

"What about security?" If your test server is behind the firewall of a connection-sharing router, then most likely only computers on your own home or office network can reach it in any case. If you have, for instance, a cable modem and an additional wireless or wired router behind it, and all of your PCs are connected to that router, then your web server is not reachable by the outside world unless you go well out of your way to permit it. You should not run a test web server on a computer which is directly connected to the Internet (for instance, directly connected to a cable modem with no intervening router to provide security and no firewall features on the router). Of course, you can lock down the test server by configuring a firewall on the server itself so that MySQL and HTTP connections are accepted only from localhost (that is, a web browser that is running on the server itself).

Follow us on Twitter | Contact Us

Copyright 1994-2012 Boutell.Com, Inc. All Rights Reserved.