# Chapter a couple of: The Evolution regarding Application SecuritySoftware security as we know it right now didn't always exist as an official practice. In the particular early decades involving computing, security worries centered more about physical access plus mainframe timesharing settings than on signal vulnerabilities. To appreciate modern day application security, it's helpful to track its evolution through the earliest software problems to the superior threats of nowadays. This historical voyage shows how every era's challenges formed the defenses and best practices we have now consider standard.## The Early Times – Before MalwareIn the 1960s and 70s, computers were big, isolated systems. Protection largely meant managing who could enter in the computer room or make use of the airport. Software itself had been assumed to become trusted if authored by respected vendors or academics. The idea of malicious code has been more or less science hype – until a few visionary studies proved otherwise.Inside 1971, a researcher named Bob Betty created what is often considered the particular first computer worm, called Creeper. Creeper was not destructive; it was a self-replicating program that traveled between network computers (on ARPANET) and displayed a new cheeky message: "I AM THE CREEPER: CATCH ME IN CASE YOU CAN. " This experiment, along with the "Reaper" program developed to delete Creeper, demonstrated that code could move about its own throughout systems​CCOE. DSCI. IN​CCOE. DSCI. IN. It was a glimpse involving things to arrive – showing that will networks introduced new security risks past just physical thievery or espionage.## The Rise involving Worms and MalwareThe late 1980s brought the first real security wake-up calls. 23 years ago, the Morris Worm seemed to be unleashed on the early Internet, becoming the particular first widely known denial-of-service attack in global networks. Made by students, this exploited known weaknesses in Unix applications (like a stream overflow within the hand service and weaknesses in sendmail) to spread from machine to machine​CCOE. DSCI. IN. The particular Morris Worm spiraled out of control due to a bug inside its propagation logic, incapacitating thousands of personal computers and prompting wide-spread awareness of computer software security flaws.This highlighted that accessibility was as significantly securities goal while confidentiality – techniques could be rendered unusable by the simple piece of self-replicating code​CCOE. DSCI. ON. In the aftermath, the concept involving antivirus software in addition to network security practices began to consider root. The Morris Worm incident straight led to the formation of the first Computer Emergency Response Team (CERT) in order to coordinate responses to be able to such incidents.By means of the 1990s, viruses (malicious programs that will infect other files) and worms (self-contained self-replicating programs) proliferated, usually spreading by way of infected floppy disks or documents, and later email attachments. They were often written with regard to mischief or prestige. One example was basically the "ILOVEYOU" earthworm in 2000, which often spread via electronic mail and caused millions in damages around the world by overwriting files. These attacks were not specific to web applications (the web was merely emerging), but they underscored a common truth: software can not be thought benign, and security needed to turn out to be baked into enhancement.## The internet Innovation and New WeaknessesThe mid-1990s have seen the explosion of the World Broad Web, which basically changed application security. Suddenly, applications have been not just plans installed on your computer – they were services accessible to be able to millions via internet browsers. This opened typically the door into a whole new class involving attacks at typically the application layer.Found in 1995, Netscape presented JavaScript in internet browsers, enabling dynamic, active web pages​CCOE. DSCI. IN. This particular innovation made typically the web stronger, nevertheless also introduced safety measures holes. By typically the late 90s, hackers discovered they may inject malicious canevas into website pages seen by others – an attack after termed Cross-Site Scripting (XSS)​CCOE. DSCI. IN. Early online communities, forums, and guestbooks were frequently hit by XSS attacks where one user's input (like the comment) would contain a