Appendix G Flashcards
How does HTTP work
HTTP (Hypertext Transfer Protocol) uses a message based model in which a client sends a request message and the server returns a response message.
The protocol is essentially connectionless although HTTP uses the stageful TCP protocol as its transport mechanism, each exchange of request and response is an autonomous transaction and may use a different TCP connection.
The first line of every HTTP request consists of three items, separated by spaces.
A verb indicating the HTTP method
The requested URL
The HTTP version being used. The only HTTP versions in common use are 1.0 and 1.1 with most browsers using 1.1 by default.
What does the GET method do
The GET method is designed to retrieve resources. It can be used to send parameters to the requested resource in the URL query string, enabling users to bookmark a URL for a dynamic resource which they can reuse. URLs are displayed on screen and are logged in various places such as browser history and web server access logs. They are also transmitted in the Referer header to other sites when external links are followed. Because of this, the query string should not be used to transmit any sensitive information.
What does the POST method do
The POST method is designed to perform actions. With this method, request parameters can be sent both in the URL query string and in the body of the message. Although the URL can still be bookmarked, any parameters sent in the message body will be excluded from the bookmark. These parameters will also be excluded from various locations in which ohs of URLS are maintained and from the Referer header. Because POST is designed for performing actions, if a user clicks the browser’s back button to return to a page that was accessed using this method, the browser does not automatically reissue the request and brings the form resubmission notification. Because of this POST requests should always be used when an action is being performed.
What does the HEAD method do
Functions in the same way as a GET request except that the server should not return a message body in its response. The server should return the same headers that it would have returned to the corresponding GET request. This method can be used to check whether a resource is present before making a GET request for it.
What does the TRACE method do
Designed for diagnostic purposes. The server should return in the response body the exact contents of the request message it received. This can be used to detect the effect of any proxy servers between the client and server which may manipulate the request.
What does the OPTIONS method do
Asks the server to report the HTTP methods which are available for a particular resource. The server typically returns a response containing an Allow header that lists the available methods.
What does the PUT method do
Attempts to upload the specified resource to the server using the content contained in the body of the request. If this method is enabled it could be leveraged to attack the application such as by uploading an arbitrary script and executing it on the server
What does the DELETE WebDAV Method do
Deletes the specified resource.
What does the COPY WebDAV Method do
Copies the specified resource to the location given in the Destination header.
What does the MOVE WebDAV Method do
Moves the specified resource to the location given in the Destination header.
What does the SEARCH WebDAV Method do
Searches a directory path for resources.
What does the PROPFIND WebDAV Method do
Retrieves information about the specified resource such as author, size and content type.
What does the CONNECT WebDAV Method do
A CONNECT request urges your proxy to establish an HTTP tunnel to the remote end-point. Usually is it used for SSL connections, though it can be used with HTTP as well (used for the purposes of proxy-chaining and tunnelling)
What do the 1XX status codes mean
Informational Codes
What do the 2XX status codes mean
Success Codes
