# Chapter a couple of: The Evolution of Application SecurityApplication security as all of us know it today didn't always exist as an elegant practice. In the early decades involving computing, security concerns centered more in physical access in addition to mainframe timesharing adjustments than on code vulnerabilities. To understand modern application security, it's helpful to track its evolution through the earliest software problems to the sophisticated threats of nowadays. This historical voyage shows how each and every era's challenges molded the defenses plus best practices we now consider standard.## The Early Times – Before MalwareIn the 1960s and seventies, computers were big, isolated systems. Safety largely meant controlling who could enter in the computer area or utilize the airport terminal. Software itself had been assumed being dependable if written by respected vendors or scholars. The idea of malicious code seemed to be pretty much science fiction – until the few visionary experiments proved otherwise.Within 1971, a specialist named Bob Jones created what is usually often considered the first computer earthworm, called Creeper. Creeper was not damaging; it was the self-replicating program that traveled between networked computers (on ARPANET) and displayed a new cheeky message: "I AM THE CREEPER: CATCH ME IN CASE YOU CAN. " This experiment, along with the "Reaper" program devised to delete Creeper, demonstrated that signal could move about its own around systems​CCOE. DSCI. IN​CCOE. DSCI. IN. It had been a glimpse of things to appear – showing of which networks introduced fresh security risks further than just physical thievery or espionage.## The Rise associated with Worms and MalwareThe late eighties brought the very first real security wake-up calls. 23 years ago, the particular Morris Worm seemed to be unleashed around the earlier Internet, becoming the particular first widely acknowledged denial-of-service attack in global networks. Developed by students, it exploited known vulnerabilities in Unix courses (like a stream overflow within the ring finger service and weak points in sendmail) to spread from machines to machine​CCOE. DSCI. WITHIN. Typically the Morris Worm spiraled out of command as a result of bug in its propagation reason, incapacitating a huge number of personal computers and prompting common awareness of software program security flaws.This highlighted that supply was as significantly a security goal because confidentiality – methods could be rendered unusable by a simple item of self-replicating code​CCOE. DSCI. ON. In the aftermath, the concept associated with antivirus software in addition to network security methods began to take root. The Morris Worm incident directly led to typically the formation from the first Computer Emergency Response Team (CERT) to be able to coordinate responses to such incidents.By way of the 1990s, malware (malicious programs that infect other files) and worms (self-contained self-replicating programs) proliferated, usually spreading by means of infected floppy drives or documents, and later email attachments. Just read was often written with regard to mischief or prestige. One example was initially the "ILOVEYOU" earthworm in 2000, which in turn spread via e-mail and caused millions in damages around the world by overwriting files. These attacks have been not specific to be able to web applications (the web was merely emerging), but these people underscored a standard truth: software can not be assumed benign, and protection needed to end up being baked into enhancement.## The net Innovation and New VulnerabilitiesThe mid-1990s saw the explosion of the World Wide Web, which basically changed application security. Suddenly, applications have been not just programs installed on your computer – they were services accessible to millions via internet browsers. This opened the door to some complete new class of attacks at typically the application layer.Inside of 1995, Netscape introduced JavaScript in browsers, enabling dynamic, fun web pages​CCOE. DSCI. IN. This particular innovation made the web more efficient, yet also introduced safety measures holes. By typically the late 90s, hackers discovered they could inject malicious scripts into website pages viewed by others – an attack later termed Cross-Site Server scripting (XSS)​CCOE. DSCI. IN. Early online communities, forums, and guestbooks were frequently hit by XSS attacks where one user's input (like a new comment) would contain a