Web Security Pt.1 Flashcards
What are the majority of web attacks on?
Web applications
Where are the most vulnerabilities discovered?
Web applications
What does HTTP stand for?
hypertext transfer protocol
What is HTTP?
a text-based and stateless network protocol, encapsulated in TCP connections
What does HTML stand for?
Hypertext mark-up language
What does HTML do?
describes document contents, independent of network or storage details
what is the ASCII for %?
%25
what is the ASCII for @?
%40
what is the ASCII for :?
%3A
What is the structure of a HTTP request?
- Request line
- Header
- Empty line
- Message body
give an example of a request line
GET/index.html HTTP/1.1
what are the components of a request line?
method, resource, version
When would you use GET?
to fetch a resource
When would you use HEAD?
to get the headers of a resource
When would you use POST?
gets the data in the body of a resource
What is the structure of a HTTP reply
- Status line
- Header
- empty line -> CRLF
- Body of the message
What are the status line and header terminated by?
CRLF
What are the components of the status line?
protocol version, status code, text code
What are the 2 main mechanisms to send the credential to the server?
Basic and Digest
What does the basic mechanism do?
the password is base64 encoded and sent to the server
What does the digest mechanism do?
the credentials are hashed and sent to the server with a nonce
What does SOP stand for?
Same Origin Policy
How is session info transmitted?
- Payload HTTP
- URL/URI
- Header HTTP
What must authenticators be?
unforgeable and tamper-proof
