Web application frameworks. This subsection provides an overview of the available web app development frameworks. Modern web application development is based on widely-used frameworks that have been developed through state-of-the-art design software design patterns. Common practices have been applied when developing these frameworks, while in parallel refining them and creating a solid base for the development of a new web application. This allows developers to re-use already existing mature technologies/frameworks. This not only avoids re-inventing the wheel (saves time), but also to establishes a solid base for a reliable and robust backend platform. Internally, most the systems are handling basic functionalities that are common in the majority of web applications, such as user management, exposure of services, scalability in terms of number of users and requests. Each of these frameworks have certain predefined capabilities and, in most cases, support similar functionalities either inherently or by adding external software components. A key criterion for the analysed frameworks was the fact of them being released as open-source, in order for BehavAuth to be able to leverage the advantages of the open-source software such as the community support, maturity, and security. The web application development frameworks are being analysed based on the:
Web application frameworks. Frame- work Programmin g Language Security Open- source license Scalabl e Machine- learning compatibilit y NoSQL suppor t Django [14] Python Built-in (XSS, CSRF, SQL injection, clickjacking protection, SSL/HTTPS, Host header validation, session security BSD High High Yes Play [15] Java, Scala Add-ons Apache 2.0 High High Yes Spring [16] Java Spring security embedded Apache 2.0 High High Yes Ruby on Rails [17] Ruby Built-in (SQL Injection, CSRF, XSS), needs add- ons MIT Low/ Mediu m Low Yes Symfony [18] PHP Core, HTTP, CSRF, ACL MIT High Low Yes Laravel [19] PHP Authenticatio n / encryption MIT Mediu m Low Yes Node [20] Javascript Add-ons MIT High Medium Yes XXX.XX T [21] .NET Built-in security, authentication , authorization .NET Foundatio n High Medium Yes Django [14] is one of the most popular web application frameworks following the model-view- template architecture design pattern. It is used by many major companies, including NASA, and its first version was released in 2005. It is safe to say that Xxxxxx is a quite mature framework. Play Framework [15], which is used by LinkedIn, was first released in 2009, and follows a quite different architecture of native Java application and more similar to Ruby on Rails framework. Spring [16] was firstly released in 2002, constituting one of the mostly used and widely adopted Java-based frameworks. Ruby on Rails [17], which was firstly released in 2005 allowing it to establish a certain maturity period, is widely used for prototype development and has a concise architecture. Symfony [18] was also released in 2005 and was highly inspired by Spring, focusing on creating robust enterprise application with low performance overheads. Laravel [19] is a more recent framework, released in 2011, that follows the model- view-controller architecture pattern and is amongst the most popular PHP frameworks, together with Symfony. Node [20] was presented in 2009, and since then, it has been widely adopted for prototype development. However, concerns arise in the compatibility issues among the different versions of the packages installed as add-ons to the framework. XXX.XXX [21] and is a framework supported by Microsoft for developing enterprise applications for building dynamic websites, web applications and web services.
