This article needs additional citations for verification. (February 2018)
A web application (or web app) is application software that runs on a web server, unlike computer-based software programs that are run locally on the operating system (OS) of the device. Web applications are accessed by the user through a web browser with an active network connection. These applications are programmed using a client–server modeled structure—the user ("client") is provided services through an off-site server that is hosted by a third-party. Examples of commonly-used web applications include: web-mail, online retail sales, online banking, and online auctions.
Definition and similar terms
This section needs additional citations for verification. (February 2018)
The general distinction between a dynamic web page of any kind and a "web app" is unclear. Web sites most likely to be referred to as "web applications" are those which have similar functionality to a desktop software application, or to a mobile app. HTML5 introduced explicit language support for making applications that are loaded as web pages, but can store data locally and continue to function while offline.
Single-page applications are more application-like because they reject the more typical web paradigm of moving between distinct pages with different URLs. This is due to individual components being able to be replaced or updated without having to refresh the whole web page. Single-page frameworks might be used for speed development of such a web app for a mobile platform as it is able to save bandwidth, as well as the extinction of loading external files.
Mobile web application
There are several ways of targeting mobile devices when making web applications:
- Responsive web design can be used to make a web application - whether a conventional website or a single-page application viewable on small screens that work well with touchscreens.
- Progressive web applications (PWAs) are web applications that load like regular web pages or websites but can offer the user functionality such as working offline and device hardware access traditionally available only to native mobile applications.
- Hybrid apps embed a web site inside a native app, possibly using a hybrid framework. This allows development using web technologies (and possibly directly copying code from an existing mobile web site) while also retaining certain advantages of native apps (e.g. direct access to device hardware, offline operation, app store visibility). Hybrid app frameworks include Apache Cordova, Electron, Flutter, Haxe, React Native and Xamarin.
In earlier computing models like client-server, the processing load for the application was shared between code on the server and code installed on each client locally. In other words, an application had its own pre-compiled client program which served as its user interface and had to be separately installed on each user's personal computer. An upgrade to the server-side code of the application would typically also require an upgrade to the client-side code installed on each user workstation, adding to the support cost and decreasing productivity. In addition, both the client and server components of the application were usually tightly bound to a particular computer architecture and operating system and porting them to others was often prohibitively expensive for all but the largest applications (Nowadays, native apps for mobile devices are also hobbled by some or all of the foregoing issues).
In the early days of the Web, each individual web page was delivered to the client as a static document, but the sequence of pages could still provide an interactive experience, as user input was returned through web form elements embedded in the page markup. However, every significant change to the web page required a round trip back to the server to refresh the entire page.
In 1996, Macromedia introduced Flash, a vector animation player that could be added to browsers as a plug-in to embed animations on the web pages. It allowed the use of a scripting language to program interactions on the client-side with no need to communicate with the server.
In 2005, the term Ajax was coined, and applications like Gmail started to make their client sides more and more interactive. A web page script is able to contact the server for storing/retrieving data without downloading an entire web page.
In 2007, Steve Jobs announced that web apps, developed in HTML5 using AJAX architecture, would be the standard format for iPhone apps. No software development kit (SDK) was required, and the apps would be fully integrated into the device through the Safari browser engine. This model was later switched for the App Store, as a means of preventing jailbreakers and of appeasing frustrated developers.
In 2016, during the annual Google IO conference, Eric Bidelman (Senior Staff Developers Programs Engineer) introduced Progressive Web Apps (PWAs) as a new standard in web development. Jeff Burtoft, Principal Program Manager at Microsoft, said "Google led the way with Progressive Web Apps, and after a long process, we decided that we needed to fully support it." As such, Microsoft and Google both supported the PWA standard.
Ajax, a web development technique using a combination of various technologies, is an example of technology that creates a more interactive experience.
Applications are usually broken into logical chunks called "tiers", where every tier is assigned a role. Traditional applications consist only of 1 tier, which resides on the client machine, but web applications lend themselves to an n-tiered approach by nature. Though many variations are possible, the most common structure is the three-tiered application. In its most common form, the three tiers are called presentation, application and storage, in this order. A web browser is the first tier (presentation), an engine using some dynamic Web content technology (such as ASP, CGI, ColdFusion, Dart, JSP/Java, Node.js, PHP, Python or Ruby on Rails) is the middle tier (application logic), and a database is the third tier (storage). The web browser sends requests to the middle tier, which services them by making queries and updates against the database and generates a user interface.
For more complex applications, a 3-tier solution may fall short, and it may be beneficial to use an n-tiered approach, where the greatest benefit is breaking the business logic, which resides on the application tier, into a more fine-grained model. Another benefit may be adding an integration tier that separates the data tier from the rest of tiers by providing an easy-to-use interface to access the data. For example, the client data would be accessed by calling a "list_clients()" function instead of making an SQL query directly against the client table on the database. This allows the underlying database to be replaced without making any change to the other tiers.
There are some who view a web application as a two-tier architecture. This can be a "smart" client that performs all the work and queries a "dumb" server, or a "dumb" client that relies on a "smart" server. The client would handle the presentation tier, the server would have the database (storage tier), and the business logic (application tier) would be on one of them or on both. While this increases the scalability of the applications and separates the display and the database, it still doesn't allow for true specialization of layers, so most applications will outgrow this model.
This section needs additional citations for verification. (February 2018)
An emerging strategy for application software companies is to provide web access to software previously distributed as local applications. Depending on the type of application, it may require the development of an entirely different browser-based interface, or merely adapting an existing application to use different presentation technology. These programs allow the user to pay a monthly or yearly fee for use of a software application without having to install it on a local hard drive. A company which follows this strategy is known as an application service provider (ASP), and ASPs are currently receiving much attention in the software industry.
Security breaches on these kinds of applications are a major concern because it can involve both enterprise information and private customer data. Protecting these assets is an important part of any web application and there are some key operational areas that must be included in the development process. This includes processes for authentication, authorization, asset handling, input, and logging and auditing. Building security into the applications from the beginning can be more effective and less disruptive in the long run.
Cloud computing model web applications are software as a service (SaaS). There are business applications provided as SaaS for enterprises for a fixed or usage-dependent fee. Other web applications are offered free of charge, often generating income from advertisements shown in web application interface.
Writing web applications is often simplified by the use of web application framework. These frameworks facilitate rapid application development by allowing a development team to focus on the parts of their application which are unique to their goals without having to resolve common development issues such as user management. Many of the frameworks in use are open-source software.
The use of web application frameworks can often reduce the number of errors in a program, both by making the code simpler, and by allowing one team to concentrate on the framework while another focuses on a specified use case. In applications which are exposed to constant hacking attempts on the Internet, security-related problems can be caused by errors in the program. Frameworks can also promote the use of best practices such as GET after POST.
In addition, there is potential for the development of applications on Internet operating systems, although currently there are not many viable platforms that fit this model.
Examples of browser applications are simple office software (word processors, online spreadsheets, and presentation tools), but can also include more advanced applications such as project management, computer-aided design, video editing, and point-of-sale.
- Davidson, James Duncan; Coward, Danny (1999-12-17). Java Servlet Specification ("Specification") Version: 2.2 Final Release. Sun Microsystems. pp. 43–46. Retrieved 2008-07-27.
- Jay Hoffmann (2019-03-04). "What Does AJAX Even Stand For?". Retrieved 2021-10-18.
- Petersen, Jeremy (4 September 2008). "Benefits of using the n-tiered approach for web applications".
- "Top Tips for Secure App Development". Dell.com. Archived from the original on 2012-05-22. Retrieved 2012-06-22.
- Multiple (wiki). "Web application framework". Docforge. Retrieved 2010-03-06.
- Multiple (wiki). "Framework". Docforge. Retrieved 2010-03-06.[dead link]
- HTML5 Draft recommendation, changes to HTML and related APIs to ease authoring of web-based applications.
- The Other Road Ahead — An article arguing that the future lies on the server, not rich interfaces on the client
- Web Applications at Curlie
- Web Applications Working Group at the World Wide Web Consortium (W3C)
- PWAs on Web.dev by Google Developers.