SlideShare une entreprise Scribd logo

HTTP Basics Demo

InMobi Technology
InMobi Technology

This is the presentation from Null/OWASP/g4h December Bangalore MeetUp by Akash Mahajan. technology.inmobi.com/events/null-owasp-g4h-december-meetup Abstract: This will cover the basics of Hyper Text Transfer Protocol. You will learn how to send HTTP requests like GET, POST by crafting them manually and using a command line tool like CURL. You will also see how session management using cookies happens using the same tools. To practice along please install curl (http://curl.haxx.se/download.html).

Technologie
1  sur  12
Télécharger pour lire hors ligne
December 13, 2014 Akash Mahajan # This module will set the base for anyone interested in learning about Hyper Text Transfer Protocol (HTTP) basics with regards to Web Security. 10+ years of industry experience. Director - The App Sec Lab OWASP Bangalore Chapter Lead Co-Founder and Community Manager at null - The Open Security Group akashmahajan@gmail.com | +91 9980527182 | @makash HTTP Basics Introduction About me Akash Mahajan
Curl So for the greater good, please speak up You have no idea what I am talking about. Great we will learn together You know more than me. Great, please correct my mistakes and cover any gaps I expect full participation from everyone Learn the fundamentals of HTTP (Language/Platform agnostic) *Have fun and learn a lot* # Information for Participants Software Requirements Chances are I am going to be wrong about 2/10 things that I talk about {data- background="#ffc928"} 2 Kinds of audience here Participate! {data- background=images/participate.jpg} Objectives Agenda
Basics of Hyper Text Transfer Protocol (HTTP) *Hands-On* with Command Line Web Client Basics of TLS/SSL (Time permitting) # Hyper Text Transfer Protocol From Wikipedia HTTP is a request/response standard of a client and a server. A client is the end-user, the server is the web site. The client making a HTTP request—using a web browser, spider, or other end-user tool—is referred to as the user agent. The responding server—which stores or creates resources such as HTML files and images—is called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels. Clients make request and servers respond It can't be the other way. Servers can not initiate any communication on their own in HTTP HTTP has no notion of state. One connection has no relationship to another. HTTP Basics of HTTP Basics of HTTP cont... HTTP is client-server HTTP is stateless
So since the HTTP protocol has no idea about state, it is the applications responsibility to maintain state. How do the above affect building web applications? Server needs to identify each client uniquely They do this by storing a unique value on the client Since HTTP is stateless, each request made needs to contain unique value. For all practical purposes this unique value is like a password We put this in the browser address line http://google.com/search?q=HTTP What actually went to the google server GET /search?q=HTTP Host: www.google.com Safe Methods GET, HEAD, OPTIONS Not Safe Methods POST, PUT, DELETE Other Methods CONNECT So how do web applications track users? Side-effects of being Stateless What does it look like? HTTP GET HTTP Methods/Verbs HTTP Response Status Codes
1xx – Informational Messages 2xx – Success 200 OK 3xx – Redirects 301, 302 4xx – Client Errors 404, 403, 400 5xx – Server Errors 500, 502, 503, 505 Request Response Request Header Request Body QueryString Response Header Response Body terminal Or Start | Run cmd Some terms to remember Hands-On HTTP with Curl Open a terminal #
$ curl http://akashm.com/box/ip.php $ curl http://akashm.com/box/ip.php -v $ curl http://akashm.com/box/ip.php -I $ curl http://akashm.com/box/ip.php -Iv $ curl http://akashm.com/box/post.php HTTP GET a Page HTTP GET a Page -- verbose HTTP HEAD a Page HTTP HEAD a Page -- verbose HTTP POST a page HTTP GET some query string
$ curl http://akashm.com/box/post.php?name=Akash&lname=Maha jan $ curl http://akashm.com/box/post.php -d "" $ curl http://akashm.com/box/post.php -d "firstname=Akash&l astname=Mahajan" $ curl -v http://akashm.com/box/sess.php $ curl -v http://akashm.com/box/sess.php -c cookie.jar $ curl -v http://akashm.com/box/sess.php -b cookie.jar # HTTP POST a page with empty data HTTP POST a page with data Using curl to mimic a web browser What a session id looks like Lets save the cookie value Lets use the cookie value Basics of TLS/SSL
Encrypted Communication – Eavesdropping and Tampering Secure Identification of a Network – Are you talking to the right server? SSL/TLS
SSL certificate contains a certificate chain which begins with server’s public key certificate and ends with Certificate Authority’s root certificate How does client verify SSL cert?
Live Demo Certificate Hierarchy QnA

Recommandé

Hosting
HostingHosting
HostingFajar Baskoro
 
Linux Apache Php Mysql Lamp1273
Linux Apache Php Mysql Lamp1273Linux Apache Php Mysql Lamp1273
Linux Apache Php Mysql Lamp1273hussulinux
 
Web server and web-hosting
Web server and web-hostingWeb server and web-hosting
Web server and web-hostingAK DigiHub
 
PHP Training: Module 1
PHP Training: Module 1PHP Training: Module 1
PHP Training: Module 1hussulinux
 
PHP MySQL Training : Module 2
PHP MySQL Training : Module 2PHP MySQL Training : Module 2
PHP MySQL Training : Module 2hussulinux
 
PHP MySQL Training : Module 3
PHP MySQL Training : Module 3PHP MySQL Training : Module 3
PHP MySQL Training : Module 3hussulinux
 
Web Fundamental
Web FundamentalWeb Fundamental
Web FundamentalSiliconExpert Technologies
 
How to Speed up your Website
How to Speed up your WebsiteHow to Speed up your Website
How to Speed up your WebsiteHTS Hosting
 

Recommandé

Hosting
HostingHosting
HostingFajar Baskoro
 
Linux Apache Php Mysql Lamp1273
Linux Apache Php Mysql Lamp1273Linux Apache Php Mysql Lamp1273
Linux Apache Php Mysql Lamp1273hussulinux
 
Web server and web-hosting
Web server and web-hostingWeb server and web-hosting
Web server and web-hostingAK DigiHub
 
PHP Training: Module 1
PHP Training: Module 1PHP Training: Module 1
PHP Training: Module 1hussulinux
 
PHP MySQL Training : Module 2
PHP MySQL Training : Module 2PHP MySQL Training : Module 2
PHP MySQL Training : Module 2hussulinux
 
PHP MySQL Training : Module 3
PHP MySQL Training : Module 3PHP MySQL Training : Module 3
PHP MySQL Training : Module 3hussulinux
 
Web Fundamental
Web FundamentalWeb Fundamental
Web FundamentalSiliconExpert Technologies
 
How to Speed up your Website
How to Speed up your WebsiteHow to Speed up your Website
How to Speed up your WebsiteHTS Hosting
 
Web Architecture
Web ArchitectureWeb Architecture
Web Architecturesudip pudasaini
 
HTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web TechnologiesHTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web Technologieshoctudau
 
Heavy Web Optimization: Frontend
Heavy Web Optimization: FrontendHeavy Web Optimization: Frontend
Heavy Web Optimization: FrontendVõ Duy Tuấn
 
High performance website
High performance websiteHigh performance website
High performance websiteChamnap Chhorn
 
Get and post methods
Get and post methodsGet and post methods
Get and post methodsbaabtra.com - No. 1 supplier of quality freshers
 
Introduction to Web Architecture
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web ArchitectureChamnap Chhorn
 
Web architecture - overview of techniques.
Web architecture - overview of techniques.Web architecture - overview of techniques.
Web architecture - overview of techniques.Ruslan Shevchenko
 
Get method and post method
Get method and post methodGet method and post method
Get method and post methodbaabtra.com - No. 1 supplier of quality freshers
 
Architecture Best Practices
Architecture Best PracticesArchitecture Best Practices
Architecture Best PracticesAWS Germany
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006guestfbf1e1
 
Plaxo OSCON 2006
Plaxo OSCON 2006Plaxo OSCON 2006
Plaxo OSCON 2006gueste8e0fb
 
WordPress vs Other Content Management System
WordPress vs Other Content Management SystemWordPress vs Other Content Management System
WordPress vs Other Content Management SystemHTS Hosting
 
GET and POST in PHP
GET and POST in PHPGET and POST in PHP
GET and POST in PHPVineet Kumar Saini
 
Basic web architecture
Basic web architectureBasic web architecture
Basic web architectureRalu Mihordea
 
Introduction to Rest Protocol
Introduction to Rest ProtocolIntroduction to Rest Protocol
Introduction to Rest ProtocolAvinash Ketkar
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure RESTguestb2ed5f
 
Intro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermansIntro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermansTom Hermans
 
AJAX for Scalability
AJAX for ScalabilityAJAX for Scalability
AJAX for ScalabilityTuenti
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Web Directions
 
PHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for phpPHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for phpaimaq9a
 
Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHPMatthew Turland
 
KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7phuphax
 

Contenu connexe

Tendances

HTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web TechnologiesHTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web Technologieshoctudau
 
Heavy Web Optimization: Frontend
Heavy Web Optimization: FrontendHeavy Web Optimization: Frontend
Heavy Web Optimization: FrontendVõ Duy Tuấn
 
High performance website
High performance websiteHigh performance website
High performance websiteChamnap Chhorn
 
Introduction to Web Architecture
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web ArchitectureChamnap Chhorn
 
Web architecture - overview of techniques.
Web architecture - overview of techniques.Web architecture - overview of techniques.
Web architecture - overview of techniques.Ruslan Shevchenko
 
Architecture Best Practices
Architecture Best PracticesArchitecture Best Practices
Architecture Best PracticesAWS Germany
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006guestfbf1e1
 
Plaxo OSCON 2006
Plaxo OSCON 2006Plaxo OSCON 2006
Plaxo OSCON 2006gueste8e0fb
 
WordPress vs Other Content Management System
WordPress vs Other Content Management SystemWordPress vs Other Content Management System
WordPress vs Other Content Management SystemHTS Hosting
 
Basic web architecture
Basic web architectureBasic web architecture
Basic web architectureRalu Mihordea
 
Introduction to Rest Protocol
Introduction to Rest ProtocolIntroduction to Rest Protocol
Introduction to Rest ProtocolAvinash Ketkar
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure RESTguestb2ed5f
 
Intro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermansIntro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermansTom Hermans
 
AJAX for Scalability
AJAX for ScalabilityAJAX for Scalability
AJAX for ScalabilityTuenti
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Web Directions
 
PHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for phpPHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for phpaimaq9a
 

Tendances (20)

Web Architecture
Web ArchitectureWeb Architecture
Web Architecture
 
HTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web TechnologiesHTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web Technologies
 
Heavy Web Optimization: Frontend
Heavy Web Optimization: FrontendHeavy Web Optimization: Frontend
Heavy Web Optimization: Frontend
 
High performance website
High performance websiteHigh performance website
High performance website
 
Get and post methods
Get and post methodsGet and post methods
Get and post methods
 
Introduction to Web Architecture
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web Architecture
 
Web architecture - overview of techniques.
Web architecture - overview of techniques.Web architecture - overview of techniques.
Web architecture - overview of techniques.
 
Get method and post method
Get method and post methodGet method and post method
Get method and post method
 
Architecture Best Practices
Architecture Best PracticesArchitecture Best Practices
Architecture Best Practices
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006
 
Plaxo OSCON 2006
Plaxo OSCON 2006Plaxo OSCON 2006
Plaxo OSCON 2006
 
WordPress vs Other Content Management System
WordPress vs Other Content Management SystemWordPress vs Other Content Management System
WordPress vs Other Content Management System
 
GET and POST in PHP
GET and POST in PHPGET and POST in PHP
GET and POST in PHP
 
Basic web architecture
Basic web architectureBasic web architecture
Basic web architecture
 
Introduction to Rest Protocol
Introduction to Rest ProtocolIntroduction to Rest Protocol
Introduction to Rest Protocol
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
 
Intro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermansIntro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermans
 
AJAX for Scalability
AJAX for ScalabilityAJAX for Scalability
AJAX for Scalability
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5
 
PHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for phpPHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for php
 

Similaire à HTTP Basics Demo

KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7phuphax
 
01. http basics v27
01. http basics v2701. http basics v27
01. http basics v27Eoin Keary
 
Resource-Oriented Web Services
Resource-Oriented Web ServicesResource-Oriented Web Services
Resource-Oriented Web ServicesBradley Holt
 
RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座Li Yi
 
Software performance testing_overview
Software performance testing_overviewSoftware performance testing_overview
Software performance testing_overviewRohan Bhattarai
 
Under the Covers with the Web
Under the Covers with the WebUnder the Covers with the Web
Under the Covers with the WebTrevor Lohrbeer
 
A RESTful introduction
A RESTful introductionA RESTful introduction
A RESTful introductionDaniel Toader
 
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011Alessandro Nadalin
 
RESTful services
RESTful servicesRESTful services
RESTful servicesgouthamrv
 
10_introduction_php.ppt
10_introduction_php.ppt10_introduction_php.ppt
10_introduction_php.pptMercyL2
 
Making the Most of HTTP In Your Apps
Making the Most of HTTP In Your AppsMaking the Most of HTTP In Your Apps
Making the Most of HTTP In Your AppsBen Ramsey
 
10_introduction_php.ppt
10_introduction_php.ppt10_introduction_php.ppt
10_introduction_php.pptGiyaShefin
 
Chapter 1.Web Techniques_Notes.pptx
Chapter 1.Web Techniques_Notes.pptxChapter 1.Web Techniques_Notes.pptx
Chapter 1.Web Techniques_Notes.pptxShitalGhotekar
 
Implementing Comet using PHP
Implementing Comet using PHPImplementing Comet using PHP
Implementing Comet using PHPKing Foo
 

Similaire à HTTP Basics Demo (20)

Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHP
 
KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7
 
01. http basics v27
01. http basics v2701. http basics v27
01. http basics v27
 
Resource-Oriented Web Services
Resource-Oriented Web ServicesResource-Oriented Web Services
Resource-Oriented Web Services
 
RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座
 
Software performance testing_overview
Software performance testing_overviewSoftware performance testing_overview
Software performance testing_overview
 
Under the Covers with the Web
Under the Covers with the WebUnder the Covers with the Web
Under the Covers with the Web
 
Restful web services
Restful web servicesRestful web services
Restful web services
 
A RESTful introduction
A RESTful introductionA RESTful introduction
A RESTful introduction
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
 
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
 
RESTful services
RESTful servicesRESTful services
RESTful services
 
introduction_php.ppt
introduction_php.pptintroduction_php.ppt
introduction_php.ppt
 
10_introduction_php.ppt
10_introduction_php.ppt10_introduction_php.ppt
10_introduction_php.ppt
 
Making the Most of HTTP In Your Apps
Making the Most of HTTP In Your AppsMaking the Most of HTTP In Your Apps
Making the Most of HTTP In Your Apps
 
Cqrs api v2
Cqrs api v2Cqrs api v2
Cqrs api v2
 
10_introduction_php.ppt
10_introduction_php.ppt10_introduction_php.ppt
10_introduction_php.ppt
 
Chapter 1.Web Techniques_Notes.pptx
Chapter 1.Web Techniques_Notes.pptxChapter 1.Web Techniques_Notes.pptx
Chapter 1.Web Techniques_Notes.pptx
 
PHP
PHPPHP
PHP
 
Implementing Comet using PHP
Implementing Comet using PHPImplementing Comet using PHP
Implementing Comet using PHP
 

Plus de InMobi Technology

PostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major FeaturesPostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major FeaturesInMobi Technology
 
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQLToro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQLInMobi Technology
 
Building Spark as Service in Cloud
Building Spark as Service in CloudBuilding Spark as Service in Cloud
Building Spark as Service in CloudInMobi Technology
 
Building Machine Learning Pipelines
Building Machine Learning PipelinesBuilding Machine Learning Pipelines
Building Machine Learning PipelinesInMobi Technology
 
Ensemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic TradingEnsemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic TradingInMobi Technology
 
24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQLInMobi Technology
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat ModelingInMobi Technology
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataInMobi Technology
 
What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014InMobi Technology
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
Running Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale PlatformRunning Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale PlatformInMobi Technology
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search EngineInMobi Technology
 

Plus de InMobi Technology (20)

Optimizer Hints
Optimizer HintsOptimizer Hints
Optimizer Hints
 
Case Studies on PostgreSQL
Case Studies on PostgreSQLCase Studies on PostgreSQL
Case Studies on PostgreSQL
 
PostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major FeaturesPostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major Features
 
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQLToro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
 
Building Spark as Service in Cloud
Building Spark as Service in CloudBuilding Spark as Service in Cloud
Building Spark as Service in Cloud
 
Building Machine Learning Pipelines
Building Machine Learning PipelinesBuilding Machine Learning Pipelines
Building Machine Learning Pipelines
 
Ensemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic TradingEnsemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic Trading
 
Backbone & Graphs
Backbone & GraphsBackbone & Graphs
Backbone & Graphs
 
24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big Data
 
What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014
 
Attacking Web Proxies
Attacking Web ProxiesAttacking Web Proxies
Attacking Web Proxies
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet Bangalore
 
Matriux blue
Matriux blueMatriux blue
Matriux blue
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
Running Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale PlatformRunning Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale Platform
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
 
Big Data BI Simplified
Big Data BI SimplifiedBig Data BI Simplified
Big Data BI Simplified
 

Dernier

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

HTTP Basics Demo

  • 1. December 13, 2014 Akash Mahajan # This module will set the base for anyone interested in learning about Hyper Text Transfer Protocol (HTTP) basics with regards to Web Security. 10+ years of industry experience. Director - The App Sec Lab OWASP Bangalore Chapter Lead Co-Founder and Community Manager at null - The Open Security Group akashmahajan@gmail.com | +91 9980527182 | @makash HTTP Basics Introduction About me Akash Mahajan
  • 2. Curl So for the greater good, please speak up You have no idea what I am talking about. Great we will learn together You know more than me. Great, please correct my mistakes and cover any gaps I expect full participation from everyone Learn the fundamentals of HTTP (Language/Platform agnostic) *Have fun and learn a lot* # Information for Participants Software Requirements Chances are I am going to be wrong about 2/10 things that I talk about {data- background="#ffc928"} 2 Kinds of audience here Participate! {data- background=images/participate.jpg} Objectives Agenda
  • 3. Basics of Hyper Text Transfer Protocol (HTTP) *Hands-On* with Command Line Web Client Basics of TLS/SSL (Time permitting) # Hyper Text Transfer Protocol From Wikipedia HTTP is a request/response standard of a client and a server. A client is the end-user, the server is the web site. The client making a HTTP request—using a web browser, spider, or other end-user tool—is referred to as the user agent. The responding server—which stores or creates resources such as HTML files and images—is called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels. Clients make request and servers respond It can't be the other way. Servers can not initiate any communication on their own in HTTP HTTP has no notion of state. One connection has no relationship to another. HTTP Basics of HTTP Basics of HTTP cont... HTTP is client-server HTTP is stateless
  • 4. So since the HTTP protocol has no idea about state, it is the applications responsibility to maintain state. How do the above affect building web applications? Server needs to identify each client uniquely They do this by storing a unique value on the client Since HTTP is stateless, each request made needs to contain unique value. For all practical purposes this unique value is like a password We put this in the browser address line http://google.com/search?q=HTTP What actually went to the google server GET /search?q=HTTP Host: www.google.com Safe Methods GET, HEAD, OPTIONS Not Safe Methods POST, PUT, DELETE Other Methods CONNECT So how do web applications track users? Side-effects of being Stateless What does it look like? HTTP GET HTTP Methods/Verbs HTTP Response Status Codes
  • 5. 1xx – Informational Messages 2xx – Success 200 OK 3xx – Redirects 301, 302 4xx – Client Errors 404, 403, 400 5xx – Server Errors 500, 502, 503, 505 Request Response Request Header Request Body QueryString Response Header Response Body terminal Or Start | Run cmd Some terms to remember Hands-On HTTP with Curl Open a terminal #
  • 6. $ curl http://akashm.com/box/ip.php $ curl http://akashm.com/box/ip.php -v $ curl http://akashm.com/box/ip.php -I $ curl http://akashm.com/box/ip.php -Iv $ curl http://akashm.com/box/post.php HTTP GET a Page HTTP GET a Page -- verbose HTTP HEAD a Page HTTP HEAD a Page -- verbose HTTP POST a page HTTP GET some query string
  • 7. $ curl http://akashm.com/box/post.php?name=Akash&lname=Maha jan $ curl http://akashm.com/box/post.php -d "" $ curl http://akashm.com/box/post.php -d "firstname=Akash&l astname=Mahajan" $ curl -v http://akashm.com/box/sess.php $ curl -v http://akashm.com/box/sess.php -c cookie.jar $ curl -v http://akashm.com/box/sess.php -b cookie.jar # HTTP POST a page with empty data HTTP POST a page with data Using curl to mimic a web browser What a session id looks like Lets save the cookie value Lets use the cookie value Basics of TLS/SSL
  • 8. Encrypted Communication – Eavesdropping and Tampering Secure Identification of a Network – Are you talking to the right server? SSL/TLS
  • 9.
  • 10.
  • 11. SSL certificate contains a certificate chain which begins with server’s public key certificate and ends with Certificate Authority’s root certificate How does client verify SSL cert?