Delivering a set of related text-only documents to individuals through the interaction of a server application (web server) and a client application (web browser) was Tim Berners-Lee’s original concept for a Website. As time has progressed, this simple model of linked documents has grown exponentially more useful through the creation of application logic on both sides of the equation.
On the server side, the introduction of application services through the use of interpreted languages, such as Java, .Net, and Cold Fusion, connects the end user to extensive stores of data. It also allows the power of the servers to perform tasks on behalf of a user who could be, potentially, anywhere in the world.
One of the most significant results of this evolution has been the creation of web development platforms, such as WordPress and DNN, formally known as DotNetNuke. These platforms allow for simple content creation and management within an application framework. In other words, a site administrator can update web pages, create products within an eCommerce system, or run a social system like a blog or forum without any specialized knowledge of writing web pages or interacting with a database system. The platform does all of the heavy lifting, including rendering pages and managing the database, without the site administrator having to worry about it. These platforms, either available as open source or through a commercial purchase, act as a true application for the administrator to interact with in the same way that a user might launch Microsoft Word and write a document.
Like all software, a web platform is created and distributed by a team of individual programmers who take responsibility for updating and maintaining it. This activity falls into several classes of development:
- Feature improvements. One of the biggest activities to be found within an actively maintained application is the creation and delivery of new or updated features and functionality within the application. Not only does this improve the product for existing users, it also allows the product to keep up with a competitive marketplace.
- Security updates. In addition to adding new features, the team working on developing an application’s framework needs to respond to security flaws or vulnerabilities found in their software. Along with new features, the team will address these flaws to prevent attackers from compromising the web application.
- Bug fixes. When a problem is discovered in the underlying functionality of the application, often called a “bug”, the team supporting the framework will resolve the issue that was created. Problems of this type might include errors in how data is processed, performance improvements, or changes to address how a system interacts with the end user.
Each of these activities will be included in an application update. If the update includes minor changes in functionality or includes changes that are not visible to the end user, such as security fixes, it is often called a “patch”. If it includes significant changes, it is called a “release”.
When considering a product’s life cycle, utilizing a development framework, instead of building a Website from scratch, allows the process to become significantly simpler. Since the content and structure of the Website is independent of the underlying framework, the administrator of the site can engage in updating their Website at a significantly reduced cost, often times for free if the framework allows it, without significant risk to the operation of the system. Patching a web framework for known security vulnerabilities or functional problems, therefore, changes from being a capital investment to a simpler operational expense.
Best practice suggests that you must monitor your web application framework for vulnerabilities and applying patches as soon as they become available. Many frameworks will actually notify administrators when they log into the system, and provide a simple to use tool that can be used to make updates right from within the system. As the system moves to the enterprise scale, however, it may make more sense to monitor and schedule the update activity via the team responsible for maintaining the site. This reduces the risk of implementing the patch or update because it is done so within a test environment. Then, when applying the update onto the production environment, you will have a rollback plan in place. This level of coordination can guarantee the highest amount of availability within the production environment, keeping the Website up and working properly so that visitors can access the available functionality.