Hypertext for Hyper Techs
|
|
- Theresa Peters
- 8 years ago
- Views:
Transcription
1 Hypertext for Hyper Techs An Introduction to HTTP for SecPros
2 Bio Josh Little, GSEC ~14 years in IT. Support, Server/Storage Admin, Webmaster, Web App Dev, Networking, VoIP, Projects, Security. Currently a Security Engineer for a major global business intelligence firm.
3 HTTP - What the heck is it... Hypertext Transfer Protocol (HTTP) is an applicationlevel protocol for distributed, collaborative, hypermedia information systems. HTTP exists in two modern forms - HTTP/1.0 and HTTP/1.1. Defined in RFC 1945 and 2068/2616 respectively. Request/response, client/server model
4 What it ain t... HTTP!= HTML - HTTP is a protocol that delivers content and not the content itself HTTP!= tcp/80 - HTTP servers can run on any port and are often found on random high ports.
5 Where You ll Find It Web Servers (obviously - IIS, Apache, etc.) Application Servers (Tomcat, Oracle, JBOSS, etc.) Content distribution servers (e.g. Flash Media server) System, service, & device management consoles
6 HTTP Request/Response Model HTTP Request HTTP Response GET /index.html HTTP/1.1 Host: User-Agent: Mozilla/4.0 Cookie: JSESSIONID=AFKFF9384FFJG HTTP/ OK Date: Mon, 10 Jul :00:00 GMT Server: Apache/ (Unix) (Red-Hat/Linux) Last-Modified: Wed, 06 Jul :11:55 GMT Accept-Ranges: bytes Content-Length: 66 Connection: close Content-Type: text/html; charset=utf-8 <HTML><head><title>Test</title></head><body> Content</body></html>
7 Just Asking For It... HTTP Request Format <VERB> <URI> <PROTOCOL><crlf> <HEADER NAME>: <HEADER VALUE><crlf> <crlf>
8 What s your address? URI = Uniform Resource Identifier Refers to a resource, either by location or namespace URL = Uniform Resource Location scheme:// username:password@domain:port/path? query_string#fragment_id URLs are URIs. HTTP uses absolute or relative URLs for accessing content resources.
9 Standard HTTP Methods GET URI string contains all parameters passed. Retrieves specified resource GET /index.php?cat=toys&sort=byprice&ret=25 POST Delivers specified data to server resource Data contained in message body
10 More Standard Methods HEAD Returns only the expected headers for given resource
11 One Last Method... OPTIONS Returns the valid methods for a given URI, as well as any other optional server features. Fingerprint a URI
12 Specialized Methods CONNECT - Used by HTTP Proxies for TCP Tunneling TRACE/TRACK - Used for debugging/loopback PUT/DELETE - Used by WebDAV servers (file system over HTTP)
13 Protocol Versions Two major versions still supported - HTTP/1.0 & HTTP/ 1.1 Most servers respond to both protocols Limited features & efficiencies in HTTP/1.0
14 HTTP/1.0 Only requires the basic HTTP resource request for connections. Limited support for caching and compression. One connection, one request. HTTP/1.1 Requires Host Header Multiple cache control options. HTTP Pipelining - multiple requests per connection. OPTIONS method. Digest and Proxy authentication
15 Headers Headers are Name:Value pairs used to adjust client/ server behavior and relate information. HTTP RFC defines a standard set of headers, but custom headers can also be set, if both client and server understand them.
16 Request Headers Host Defines virtual host alias Host: Cookie User-Agent Referer Attaches relevant cookie values to requests Defines the client creating the request Defines the URL the client is coming from Cookie: CG=US:WI:Milwaukee User-Agent: Mozilla/5.0 Referer: Content-Length Length of message body, in decimal octets Content-Length: 365
17 Response Headers Server Set-Cookie Content-Type Via Relates the reported version of the HTTP Server Defines a new cookie for the client Defines the MIME type of the content being served Defines any proxies the response was sent through Server: Apache/ (Debian) Set-Cookie: arrowspc=1; domain=.cnet.com; path=/; expires=fri, 19-Aug :30:04 GMT Content-Type: text/html Via: HTTP/1.0 phx1-rb-revapp2.cnet.com:80 (cnwk.proxy.servlet.pathproxy Servlet $Revision: $)
18 Response Codes Each Response begins with the responding protocol version and the server s response code. Code is a numeric value and a short description. Content returned is dependent on the request, application, and server platform.
19 Common Response Codes 200 OK Request successful 302 Found Resource temporarily found elsewhere 400 Bad Request Request contains syntax errors 403 Forbidden Server refused to fulfill the request 404 Not Found 500 Internal Error The resource requested does not exist on the server An error occurred on the server that prevented the request.
20 Example HTTP Request/Responses GET / HTTP/1.1 Host: User-Agent: Mozilla/5.0 HTTP/ OK Date: Wed, 20 Jul :11:15 GMT Server: Apache Last-Modified: Tue, 10 Feb :39:52 GMT ETag: " d00c6e00" Accept-Ranges: bytes Content-Length: 560 Vary: Accept-Encoding Content-Type: text/html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" " <html xmlns=" <head> <meta http-equiv="content-type" content="text/html; charset=iso " /> <title>zombie Tango</title> <link href="/css/styles.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="container"> <div id="logo"><a href="/blog" alt="click to enter site"><img src="/img/ ztlogo_lg.jpg" alt="do the Zombie Tango..." title="do the Zombie Tango..." /></a></div> </div> </body> </html>
21 Example HTTP Request/Responses GET /w/api.php?action=opensearch&search=h&namespace=0&suggest= HTTP/1.1 Host: en.wikipedia.org Connection: keep-alive Referer: X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/ (KHTML, like Gecko) Chrome/ Safari/ Content-Type: application/x-www-form-urlencoded Accept: application/json, text/javascript, */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-us,en;q=0.8 Accept-Charset: ISO ,utf-8;q=0.7,*;q=0.3 Cookie: clicktracking-session=fe6cd33goczlwhsm6dg6ejvmvo3khihaz; mediawiki.user.bucket %3Aext.articleFeedback-tracking=8%3Atrack; hidesnmessage=1; mediawiki.user.bucket %3Aext.articleFeedback-options=8%3Ashow HTTP/ OK Date: Wed, 20 Jul :01:09 GMT Server: Apache Cache-Control: max-age=86400, s-maxage=86400, public Expires: Thu, 21 Jul :01:09 GMT Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 134 Content-Type: application/json; charset=utf-8 Age: 857 X-Cache: HIT from sq35.wikimedia.org X-Cache-Lookup: HIT from sq35.wikimedia.org:3128 X-Cache: MISS from sq73.wikimedia.org X-Cache-Lookup: MISS from sq73.wikimedia.org:80 Connection: keep-alive
22 State Management HTTP Stateless by nature Up to the application to determine how it associates traffic with discrete users E.g. Cookie values, Basic/Digest Authentication
23 HTTP & Security
24 General Security Concerns HTTP Servers are everywhere Misconfigured HTTP Servers leak information about your architecture HTTP Servers are typically the most exposed public service Two areas for attack - the HTTP server/protocol itself and the content that it serves.
25 Attacks against HTTP HTTP Response Splitting - Using unsanitized input to trick the client into seeing two different responses by adding a <crlf> string and additional content. Headers and content can be controlled. Man-in-the-middle attacks - HTTP is very susceptible to MitM attacks due to ASCII nature of protocol. DoS Attacks/Slowloris - Consuming or overloading server processes
26 In Strict Confidence... Unencrypted HTTP very easy to intercept and read Secure HTTP (HTTP/S) attempts to mitigate this Uses SSL/TLS to encrypt complete HTTP payload No part of HTTP packet, including headers, available outside the SSL session. Increased use of HTTP/S means decreased visibility into traffic by traditional security tools (IDS, DLP, content filters, etc.)
27 Cookie Monster Many HTTP-based applications use cookies for authentication/statetracking Cookie = Username/password Cross-domain restrictions prevent cookie disclosure outside originating domain. XSS flaws can disclose cookies to bad guys. Cookie security mechanisms - Secure & HTTPOnly
28 Tools of the Trade Doing it by hand - Telnet and ncat curl & wget Web browsers Local proxies - BURP, WebScarab, Zed Attack Proxy, Fiddler Firefox plugins - TamperData, Groundspeed
29 ?
HTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology
HTTP Internet Engineering Fall 2015 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology Questions Q1) How do web server and client browser talk to each other? Q1.1) What is the common
More informationInternet Technologies Internet Protocols and Services
QAFQAZ UNIVERSITY Computer Engineering Department Internet Technologies Internet Protocols and Services Dr. Abzetdin ADAMOV Chair of Computer Engineering Department aadamov@qu.edu.az http://ce.qu.edu.az/~aadamov
More informationHTTP Protocol. Bartosz Walter <Bartek.Walter@man.poznan.pl>
HTTP Protocol Bartosz Walter Agenda Basics Methods Headers Response Codes Cookies Authentication Advanced Features of HTTP 1.1 Internationalization HTTP Basics defined in
More informationBy Bardia, Patit, and Rozheh
HTTP By Bardia, Patit, and Rozheh HTTP - Introduction - Hyper Text Transfer Protocol -uses the TCP/IP technology -has had the most impact on the World Wide Web (WWW) - specs in RFC 2616 (RFC2616) HTTP
More informationreference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002)
1 cse879-03 2010-03-29 17:23 Kyung-Goo Doh Chapter 3. Web Application Technologies reference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002) 1. The HTTP Protocol. HTTP = HyperText
More information1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment?
Questions 1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment? 4. When will a TCP process resend a segment? CP476 Internet
More informationThe Hyper-Text Transfer Protocol (HTTP)
The Hyper-Text Transfer Protocol (HTTP) Antonio Carzaniga Faculty of Informatics University of Lugano October 4, 2011 2005 2007 Antonio Carzaniga 1 HTTP message formats Outline HTTP methods Status codes
More informationOutline Definition of Webserver HTTP Static is no fun Software SSL. Webserver. in a nutshell. Sebastian Hollizeck. June, the 4 th 2013
Definition of in a nutshell June, the 4 th 2013 Definition of Definition of Just another definition So what is it now? Example CGI php comparison log-file Definition of a formal definition Aisaprogramthat,usingthe
More informationURLs and HTTP. ICW Lecture 10 Tom Chothia
URLs and HTTP ICW Lecture 10 Tom Chothia This Lecture The two basic building blocks of the web: URLs: Uniform Resource Locators HTTP: HyperText Transfer Protocol Uniform Resource Locators Many Internet
More informationNetwork Technologies
Network Technologies Glenn Strong Department of Computer Science School of Computer Science and Statistics Trinity College, Dublin January 28, 2014 What Happens When Browser Contacts Server I Top view:
More informationWeb applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh
Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP
More informationInternational Journal of Engineering & Technology IJET-IJENS Vol:14 No:06 44
International Journal of Engineering & Technology IJET-IJENS Vol:14 No:06 44 Data Traffic and Security over Internet via Monitoring and Analyzing the HTTP Protocol Ezmolda Barolli, Loren Nebiaj, Gloria
More informationCyber Security Workshop Ethical Web Hacking
Cyber Security Workshop Ethical Web Hacking May 2015 Setting up WebGoat and Burp Suite Hacking Challenges in WebGoat Concepts in Web Technologies and Ethical Hacking 1 P a g e Downloading WebGoat and Burp
More informationSecurity-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet
Security-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet Prepared by: Roberto Suggi Liverani Senior Security Consultant Security-Assessment.com
More informationGET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr
GET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr HTTP/1.1 200 OK Date: Thu, 20 Oct 2005 14:42:54 GMT Server: Apache/2.0.50 (Linux/SUSE) Last-Modified: Thu, 20 Oct 2005 14:41:56 GMT ETag: "2d7b4-14b-8efd9500"
More informationThe Web: some jargon. User agent for Web is called a browser: Web page: Most Web pages consist of: Server for Web is called Web server:
The Web: some jargon Web page: consists of objects addressed by a URL Most Web pages consist of: base HTML page, and several referenced objects. URL has two components: host name and path name: User agent
More informationCONTENT of this CHAPTER
CONTENT of this CHAPTER v DNS v HTTP and WWW v EMAIL v SNMP 3.2.1 WWW and HTTP: Basic Concepts With a browser you can request for remote resource (e.g. an HTML file) Web server replies to queries (e.g.
More informationCS640: Introduction to Computer Networks. Applications FTP: The File Transfer Protocol
CS640: Introduction to Computer Networks Aditya Akella Lecture 4 - Application Protocols, Performance Applications FTP: The File Transfer Protocol user at host FTP FTP user client interface local file
More informationProtocolo HTTP. Web and HTTP. HTTP overview. HTTP overview
Web and HTTP Protocolo HTTP Web page consists of objects Object can be HTML file, JPEG image, Java applet, audio file, Web page consists of base HTML-file which includes several referenced objects Each
More informationHTTP Caching & Cache-Busting for Content Publishers
HTTP Caching & Cache-Busting for Content Publishers Michael J. Radwin http://public.yahoo.com/~radwin/ OSCON 2005 Thursday, August 4th, 2005 1 1 Agenda HTTP in 3 minutes Caching concepts Hit, Miss, Revalidation
More informationWeb. Services. Web Technologies. Today. Web. Technologies. Internet WWW. Protocols TCP/IP HTTP. Apache. Next Time. Lecture #3 2008 3 Apache.
JSP, and JSP, and JSP, and 1 2 Lecture #3 2008 3 JSP, and JSP, and Markup & presentation (HTML, XHTML, CSS etc) Data storage & access (JDBC, XML etc) Network & application protocols (, etc) Programming
More informationAll You Can Eat Realtime
HTML5 WebSocket: All You Can Eat Realtime By Peter Lubbers, Kaazing May 14, 2010 1 About Peter Lubbers Director of Documentation and Training, Kaazing Co-Founder San Francisco HTML5 User Group http://www.sfhtml5.org/
More informationProject #2. CSE 123b Communications Software. HTTP Messages. HTTP Basics. HTTP Request. HTTP Request. Spring 2002. Four parts
CSE 123b Communications Software Spring 2002 Lecture 11: HTTP Stefan Savage Project #2 On the Web page in the next 2 hours Due in two weeks Project reliable transport protocol on top of routing protocol
More informationsessionx Desarrollo de Aplicaciones en Red Web Applications History (1) Content History (2) History (3)
sessionx Desarrollo de Aplicaciones en Red José Rafael Rojano Cáceres http://www.uv.mx/rrojano Web Applications 1 2 Content History (1) History Http CGI Web Tiers ARPANet Email, Ftp, IRC, news Explosive
More informationArchitecture of So-ware Systems HTTP Protocol. Mar8n Rehák
Architecture of So-ware Systems HTTP Protocol Mar8n Rehák HTTP Protocol Hypertext Transfer Protocol Designed to transfer hypertext informa8on over the computer networks Hypertext: Structured text with
More informationInternet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)
Internet Technologies World Wide Web (WWW) Proxy Server Network Address Translator (NAT) What is WWW? System of interlinked Hypertext documents Text, Images, Videos, and other multimedia documents navigate
More informationWorld Wide Web. Before WWW
World Wide Web Joao.Neves@fe.up.pt Before WWW Major search tools: Gopher and Archie Archie Search FTP archives indexes Filename based queries Gopher Friendly interface Menu driven queries João Neves 2
More informationApplication layer Web 2.0
Information Network I Application layer Web 2.0 Youki Kadobayashi NAIST They re revolving around the web, after all Name any Internet-related buzz: Cloud computing Smartphone Social media... You ll end
More informationNo. Time Source Destination Protocol Info 1190 131.859385 128.238.245.34 128.119.245.12 HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1.
Ethereal Lab: HTTP 1. The Basic HTTP GET/response interaction 1190 131.859385 128.238.245.34 128.119.245.12 HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1.1 GET /ethereal-labs/http-ethereal-file1.html
More informationSticky Session Setup and Troubleshooting
1 Sticky Session Setup and Troubleshooting Day, Date, 2004 time p.m. ET Teleconference Access: US & Canada: 888-259-4812 Teleconference Access: North America: xxxx Toll Number: 706-679-4880 International:
More informationThe Web History (I) The Web History (II)
Goals of Today s Lecture EE 122: The World Wide Web Ion Stoica TAs: Junda Liu, DK Moon, David Zats http://inst.eecs.berkeley.edu/~ee122/ (Materials with thanks to Vern Paxson, Jennifer Rexford, and colleagues
More informationInformation Extraction Art of Testing Network Peripheral Devices
OWASP AppSec Brazil 2010, Campinas, SP The OWASP Foundation http://www.owasp.org Information Extraction Art of Testing Network Peripheral Devices Aditya K Sood, SecNiche Security (adi_ks@secniche.org)
More informationivoyeur: permission to parse
D A V I D J O S E P H S E N ivoyeur: permission to parse David Josephsen is the author of Building a Monitoring Infrastructure with Nagios (Prentice Hall PTR, 2007) and Senior Systems Engineer at DBG,
More informationLecture 11 Web Application Security (part 1)
Lecture 11 Web Application Security (part 1) Computer and Network Security 4th of January 2016 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 11, Web Application Security (part 1)
More informationAnatomy of a Pass-Back-Attack: Intercepting Authentication Credentials Stored in Multifunction Printers
Anatomy of a Pass-Back-Attack: Intercepting Authentication Credentials Stored in Multifunction Printers By Deral (PercX) Heiland and Michael (omi) Belton Over the past year, one focus of the Foofus.NET
More informationEthical Hacking as a Professional Penetration Testing Technique
Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996
More informationDemystifying cache. Kristian Lyngstøl Product Specialist Varnish Software AS
Demystifying cache Kristian Lyngstøl Product Specialist Varnish Software AS Montreal, March 2013 Agenda - The types of caches involved - The benefits of a cache - HTTP - Reverse proxy specifics Not: L1/L2
More information600-152 People Data and the Web Forms and CGI CGI. Facilitating interactive web applications
CGI Facilitating interactive web applications Outline In Informatics 1, worksheet 7 says You will learn more about CGI and forms if you enroll in Informatics 2. Now we make good on that promise. First
More informationAutomated Vulnerability Scan Results
Automated Vulnerability Scan Results Table of Contents Introduction...2 Executive Summary...3 Possible Vulnerabilities... 7 Host Information... 17 What Next?...20 1 Introduction The 'www.example.com' scan
More informationHTTP Response Splitting
The Attack HTTP Response Splitting is a protocol manipulation attack, similar to Parameter Tampering The attack is valid only for applications that use HTTP to exchange data Works just as well with HTTPS
More informationData Communication I
Data Communication I Urban Bilstrup (E327) 090901 Urban.Bilstrup@ide.hh.se www2.hh.se/staff/urban Internet - Sweden, Northern Europe SUNET NORDUnet 2 Internet - Internet Addresses Everyone should be able
More informationWeb Application Security
Web Application Security The OWASP Foundation Securing the application Input validation Authorization Session mgmt Config mgmt Authenticatio n Error handling Web server App server DB server Secure storage
More informationCloudOYE CDN USER MANUAL
CloudOYE CDN USER MANUAL Password - Based Access Logon to http://mycloud.cloudoye.com. Enter your Username & Password In case, you have forgotten your password, click Forgot your password to request a
More informationChapter 27 Hypertext Transfer Protocol
Chapter 27 Hypertext Transfer Protocol Columbus, OH 43210 Jain@CIS.Ohio-State.Edu http://www.cis.ohio-state.edu/~jain/ 27-1 Overview Hypertext language and protocol HTTP messages Browser architecture CGI
More information1945: 1989: ! Tim Berners-Lee (CERN) writes internal proposal to develop a. 1990:! Tim BL writes a graphical browser for Next machines.
Systemprogrammering 2009 Föreläsning 9 Web Services Topics! HTTP! Serving static content! Serving dynamic content 1945: 1989: Web History! Vannevar Bush, As we may think, Atlantic Monthly, July, 1945.
More informationModern Web Development From Angle Brackets to Web Sockets
Modern Web Development From Angle Brackets to Web Sockets Pete Snyder Outline (or, what am i going to be going on about ) 1.What is the Web? 2.Why the web matters 3.What s unique about
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationHeadless Drupal. Buzzword or Next Big Thing? Drupal City Berlin 16.11.2014
Headless Drupal Buzzword or Next Big Thing? Drupal City Berlin 16.11.2014 About me Boris Böhne, aka drubb Drupal since 2006 Freelancer, based near Stuttgart, Germany @drubb Frontend - 1995 Frontend - 2005
More informationWWW. World Wide Web Aka The Internet. dr. C. P. J. Koymans. Informatics Institute Universiteit van Amsterdam. November 30, 2007
WWW World Wide Web Aka The Internet dr. C. P. J. Koymans Informatics Institute Universiteit van Amsterdam November 30, 2007 dr. C. P. J. Koymans (UvA) WWW November 30, 2007 1 / 36 WWW history (1) 1968
More informationStudy of the architecture for a new webbased software system using commercial ERP system
Study of the architecture for a new webbased software system using commercial ERP system Bram Cooreman under supervision of: Ari Rantala, TAMK Jari Mikkolainen, TAMK Esa Kujansuu, TAMK Wim Catteeuw, KHBO
More informationLektion 2: Web als Graph / Web als System
Lektion 2: Web als Graph / Web als System Helmar Burkhart Informatik Universität Basel Helmar.Burkhart@... WT-2-1 Lernziele und Inhalt Web als Graph erkennen Grundelemente von sozialen Netzwerken sehen
More informationHack Yourself First. Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com
Hack Yourself First Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com We re gonna turn you into lean, mean hacking machines! Because if we don t, these kids are going to hack you Jake Davies, 19 (and
More informationApplication-layer Protocols and Internet Services
Application-layer Protocols and Internet Services Computer Networks Lecture 8 http://goo.gl/pze5o8 Terminal Emulation 2 Purpose of Telnet Service Supports remote terminal connected via network connection
More informationCDN Operation Manual
NTT Communications Cloudⁿ CDN Operation Manual Ver.1.1 Please refrain from secondary use such as distributing, reproducing, and transferring this document. 1 Version Number Edited on Revisions Ver.1.0
More informationHTTP Fingerprinting and Advanced Assessment Techniques
HTTP Fingerprinting and Advanced Assessment Techniques Saumil Shah Director, Net-Square Author: Web Hacking - Attacks and Defense BlackHat 2003, Washington DC The Web Hacker s playground Web Client Web
More informationResearch of Web Real-Time Communication Based on Web Socket
Int. J. Communications, Network and System Sciences, 2012, 5, 797-801 http://dx.doi.org/10.4236/ijcns.2012.512083 Published Online December 2012 (http://www.scirp.org/journal/ijcns) Research of Web Real-Time
More informationComputer Networks. Lecture 7: Application layer: FTP and HTTP. Marcin Bieńkowski. Institute of Computer Science University of Wrocław
Computer Networks Lecture 7: Application layer: FTP and Marcin Bieńkowski Institute of Computer Science University of Wrocław Computer networks (II UWr) Lecture 7 1 / 23 Reminder: Internet reference model
More informationTHE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6
The Proxy Server THE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6 2 1 Purpose The proxy server acts as an intermediate server that relays requests between
More informationHTTP/2: Operable and Performant. Mark Nottingham @mnot (@akamai)
HTTP/2: Operable and Performant Mark Nottingham @mnot (@akamai) This talk may be disappointing. As we know, there are known knowns; there are things we know we know. We also know there are known unknowns;
More informationTCP/IP Networking An Example
TCP/IP Networking An Example Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example intents to motivate the
More informationTable of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3
Open-Xchange Authentication & Session Handling Table of Contents 1.Introduction...3 2.System overview/implementation...4 2.1.Overview... 4 2.1.1.Access to IMAP back end services...4 2.1.2.Basic Implementation
More informationVodia PBX RESTful API (v2.0)
Vodia PBX RESTful API (v2.0) 2015 Vodia Networks Inc. All rights reserved. Page 1 of 30 Contents Login... 3 Get license info... 4 Get a complete list of domains... 5 Get the details of a specific domain...
More informationDivide and Conquer Real World Distributed Port Scanning
Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews
More informationDepartment of Computing Imperial College London. BrowserAudit. A web application that tests the security of browser implementations
Department of Computing Imperial College London BrowserAudit A web application that tests the security of browser implementations Charlie Hothersall-Thomas Supervisor: Dr. Sergio Maffeis June 2014 Submitted
More informationModule 45 (More Web Hacking)
(More Web Hacking) In this Module, you'll lear how to use netcat to perform cursory server reconnaissance. You'll lear what a web proxy is and how it functions. You'll know how to enable your browser to
More informationIntroduction to Computer Security
Introduction to Computer Security Web Application Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Modern threat landscape The majority of modern vulnerabilities are found in web
More informationWeb Security: SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: SSL/TLS Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno,
More informationApplication Layer: HTTP and the Web. Srinidhi Varadarajan
Application Layer: HTTP and the Web Srinidhi Varadarajan The Web: the http protocol http: hypertext transfer protocol Web s application layer protocol client/server model client: browser that requests,
More informationPlaying with Web Application Firewalls
Playing with Web Application Firewalls Who is Wendel? Independent penetration test analyst. Affiliated to Hackaholic team. Over 7 years in the security industry. Discovered vulnerabilities in Webmails,
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 20
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 20 Announcements Reminder: Project 3 is available on the web pages Due: April 3rd Midterm II has been graded Today: Web Security [Some
More informationHTTP Authentication. RFC 2617 obsoletes RFC 2069
HTTP Authentication RFC 2617 obsoletes RFC 2069 Agenda Positioning Basic Access Authentication Digest Access Authentication Proxy-Authentication and Proxy- Authorization Security Considerations Internet
More informationChapter 2: Interactive Web Applications
Chapter 2: Interactive Web Applications 2.1 Interactivity and Multimedia in the WWW architecture 2.2 Interactive Client-Side Scripting for Multimedia (Example HTML5/JavaScript) 2.3 Interactive Server-Side
More informationWeb Programming. Robert M. Dondero, Ph.D. Princeton University
Web Programming Robert M. Dondero, Ph.D. Princeton University 1 Objectives You will learn: The fundamentals of web programming... The hypertext markup language (HTML) Uniform resource locators (URLs) The
More informationCyber Security Scan Report
Scan Customer Information Scan Company Information Company: Example Name Company: SRC Security Research & Consulting GmbH Contact: Mr. Example Contact: Holger von Rhein : : Senior Consultant Telephone:
More informationCTIS 256 Web Technologies II. Week # 1 Serkan GENÇ
CTIS 256 Web Technologies II Week # 1 Serkan GENÇ Introduction Aim: to be able to develop web-based applications using PHP (programming language) and mysql(dbms). Internet is a huge network structure connecting
More informationThe Application Layer. CS158a Chris Pollett May 9, 2007.
The Application Layer CS158a Chris Pollett May 9, 2007. Outline DNS E-mail More on HTTP The Domain Name System (DNS) To refer to a process on the internet we need to give an IP address and a port. These
More informationHOST EUROPE CLOUD STORAGE REST API DEVELOPER REFERENCE
HOST EUROPE CLOUD STORAGE REST API DEVELOPER REFERENCE REST API REFERENCE REST OVERVIEW Host Europe REST Storage Service uses HTTP protocol as defned by RFC 2616. REST operations consist in sending HTTP
More informationEvolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:
Evolution of the WWW Communication in the WWW World Wide Web (WWW) Access to linked documents, which are distributed over several computers in the History of the WWW Origin 1989 in the nuclear research
More informationSecuring The Apache Web Server. Agenda. Background. Matthew Cook http://escarpment.net/
Securing The Apache Web Server Matthew Cook http://escarpment.net/ Agenda Background Web Servers Connections Apache History System Attacks Securing Apache Useful Tools In Summary Further Advice and Guidance
More informationHTTP Authentifizierung
HTTP Authentifizierung Valentin Lein Matr. Nr. 0526536 15.12.2010 Computer Technology /21 Inhalt HTTP Basic Authentication Alternative Authentifizierungsmöglichkeiten HTTP Hypertext Transfer Protocol Computer
More informationVulnerability Scans. Bomgar 13.1
Vulnerability Scans Bomgar 13.1 2013 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationSecurity Testing is performed to reveal security flaws in the system in order to protect data and maintain functionality.
i About the Tutorial Security Testing is performed to reveal security flaws in the system in order to protect data and maintain functionality. This tutorial explains the core concepts of Security Testing
More information600-152 People Data and the Web Forms and CGI. HTML forms. A user interface to CGI applications
HTML forms A user interface to CGI applications Outline A simple example form. GET versus POST. cgi.escape(). Input controls. A very simple form a simple form
More informationThe HTTP protocol (HyperText Transfer Protocol) Short history of HTTP. The HTTP 1.0 protocol. 07/07/2011(dec'09)
The HTTP protocol (HyperText Transfer Protocol) Antonio Lioy < lioy@polito.it it > english version created by Marco D. Aime < m.aime@polito.it > Politecnico di Torino Dip. Automatica e Informatica Short
More informationArnaud Becart ip- label 11/9/11
Arnaud Becart ip- label 11/9/11 RUM Synthe2c Tests You should measure HTML and RIA (Flash ) Page Rendering Onload + Full Page Load InteracBons in your page Third Party content How Synthe2c / Real browsers
More informationLBL Application Availability Infrastructure Unified Secure Reverse Proxy
LBL Application Availability Infrastructure Unified Secure Reverse Proxy Valerio Mezzalira TCOGROUP Company Outline Mission: Development of Software Tools Aimed at Enhancing High Availability (HA) of IT
More informationPHP code audits. OSCON 2009 San José, CA, USA July 21th 2009
PHP code audits OSCON 2009 San José, CA, USA July 21th 2009 1 Agenda Workshop presentation Black box audit Source code audit 2 Who speaks? Philippe Gamache Parler Haut, Interagir Librement : Web development,
More informationWorld Wide Web Aka The Internet. Karst Koymans. Friday, October 2, 2015
. WWW World Wide Web. Aka The Internet Karst Koymans Informatics Institute University of Amsterdam (version 15.6, 2015/10/08 11:21:17 UTC) Friday, October 2, 2015 Karst Koymans (UvA) WWW Friday, October
More informationWP4: Cloud Hosting Chapter Object Storage Generic Enabler
WP4: Cloud Hosting Chapter Object Storage Generic Enabler Webinar John Kennedy, Thijs Metsch@ Intel Outline 1 Overview of the Cloud Hosting Work Package 2 Functionality Trust and Security Operations FI-WARE
More informationCS 5480/6480: Computer Networks Spring 2012 Homework 1 Solutions Due by 9:00 AM MT on January 31 st 2012
CS 5480/6480: Computer Networks Spring 2012 Homework 1 Solutions Due by 9:00 AM MT on January 31 st 2012 Important: No cheating will be tolerated. No extension. CS 5480 total points = 32 CS 6480 total
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationWeb Services April 21st, 2009 with Hunter Pitelka
15 213 The course that gives CMU its Zip! Web Services April 21st, 2009 with Hunter Pitelka Topics HTTP Serving static content Serving dynamic content Web History 1989: 1990: Tim Berners Lee (CERN) writes
More information1 Introduction: Network Applications
1 Introduction: Network Applications Some Network Apps E-mail Web Instant messaging Remote login P2P file sharing Multi-user network games Streaming stored video clips Internet telephone Real-time video
More informationVulnerability Scans. Bomgar 14.2
Vulnerability Scans Bomgar 14.2 2014 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationSecurity Protocols/Standards
Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity
More informationSANS Institute 200 5, Author retains full rights.
Secure Session Management Preventing Security Voids in Web Applications Luke Murphey January 10, 2005 Abstract:, option 1 Internet users all over the world are using web-based systems to manage important
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationPackage httprequest. R topics documented: February 20, 2015
Version 0.0.10 Date 2014-09-29 Title Basic HTTP Request Author Eryk Witold Wolski, Andreas Westfeld Package httprequest February 20, 2015 Maintainer Andreas Westfeld HTTP
More information