ITIT 3200- Web Security Notes - Web Security ● Web Vocabulary Protocol Server name File name Name server IP address Port 80

ITIT 3200- Web Security Notes - Web Security ● Web...

This preview shows page 1 - 3 out of 9 pages.

Web Security Web Vocabulary: - - Protocol - Server name - File name - Name server - IP address - Port 80 - HTTP protocol - GET request - Cookies - HTML text - Server/client (web servers, FTP servers, email servers) - Domain names Web Basics: - client side – interaction with application is handled by browser. - - server side: - web server receives client requests - scripts at the web server extract input from client data construct requests to a back-end server, e.g. a database server - web server receives the result from the back-end server and returns HTML result pages to the client - web server and backend server different logical components but may reside on same physical machine HTTP: - HTTP is the application layer protocol used between client and server. - lies in the application layer of the Internet protocol stack - client sends HTTP requests to the server - request states a method to be performed on a resource held at the server - Assumes a reliable transport layer protocol beneath - HTTP request methods: GET and POST Transport Protocol and Data Formats: - GET method - resource given by the Request-URI and Host fields in the request header - POST method - specifies resource in the Request-URI
Image of page 1
- puts action to be performed on it into body of HTTP request - designed for posting messages, annotating resources, and sending large volumes that would not fit into the RequestURI - web pages in a server response written in HTML - elements that can appear in a web page: - frame (subwindow) - iframe (in-lined subwindow) – - img (embedded image) - applet (Java applet) - form (interactive element specifying an action to be performed on a resources when triggered by a particular event; onlick is such an event) - Cascading Style Sheets (CSS) - give further information on how to display webpage Web Browser: - client browser performs several functions: - displaying web pages - the Document Object Model (DOM) is an internal representation of a webpage used by browsers - JavaScript requires this representation (dynamic rendering) - managing sessions - performing access control when scripts within a web page are executed - when browser receives an HTML page it parses the HTML into the document.body of the DOM - objects like document.URL, document.location, and document.referrer get their values according to the browser’s view of the current page Authenticated Sessions: - When application resources are subject to access control, user at the client has be authenticated as the originator of requests - achieved by establishing an authenticated session, such as using SSL/TLS (not covered in this class) - Cookies are one way to store authentication information Gollmann Exercises: - 18.1 Document the current security settings of your web browser. Where is the security relevant information stored on your system?
Image of page 2
Image of page 3

You've reached the end of your free preview.

Want to read all 9 pages?

  • Summer '19

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes