Uniform Resource Locators (URL)

Similar documents
CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

recall: a Web page is a text document that contains additional formatting information in the HyperText Markup Language (HTML)

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com

CSC 121 Computers and Scientific Thinking

WHY CSRF WORKS. Implicit authentication by Web browsers

How A Website Works. - Shobha

A Balanced Introduction to Computer Science, 3/E

and the World Wide Web

1.264 Lecture 12. HTML Introduction to FrontPage

Scan Report Executive Summary

ICS 351: Today's plan. IPv6 routing protocols (summary) HTML HTTP web scripting languages certificates (review) cookies

Scan Report Executive Summary

Scan Report Executive Summary

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

(1) I (2) S (3) P allow subscribers to connect to the (4) often provide basic services such as (5) (6)

As we design and build out our HTML pages, there are some basics that we may follow for each page, site, and application.

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

The Structure of the Web. Jim and Matthew

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

No, the bogus packet will fail the integrity check (which uses a shared MAC key).!

M3-R3: INTERNET AND WEB DESIGN

COMPUTER NETWORKS AND COMMUNICATION PROTOCOLS. Web Access: HTTP Mehmet KORKMAZ

and the World Wide Web

Web as a Distributed System

Scan Report Executive Summary

WWW, REST, and Web Services

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

UR what? ! URI: Uniform Resource Identifier. " Uniquely identifies a data entity " Obeys a specific syntax " schemename:specificstuff

A HTML document has two sections 1) HEAD section and 2) BODY section A HTML file is saved with.html or.htm extension

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

Computer Networking. Chapter #1. Dr. Abdulrhaman Alameer

Global Servers. The new masters

CSc 450/550 Computer Networks Network Architectures & Client-Server Model

Transport Layer Security

Traditional Web Based Systems

3. WWW and HTTP. Fig.3.1 Architecture of WWW

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Midterm 1 Review Sheet CSS 305 Sp 06

Securing Internet Communication: TLS

Web Engineering (Lecture 01)

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

Welcome to the OWASP TOP 10

Management Information Systems

But where'd that extra "s" come from, and what does it mean?

What You Will Learn Today

Index. alt, 38, 57 class, 86, 88, 101, 107 href, 24, 51, 57 id, 86 88, 98 overview, 37. src, 37, 57. backend, WordPress, 146, 148

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Chapter 4: Networking and the Internet. Figure 4.1 Network topologies. Network Classifications. Protocols. (continued)

Chapter 4: Networking and the Internet

Application Layer & Sockets

Objectives. Connecting with Computer Science 2

1/27/2013. Outline. Basic Links. Links and Navigations INTRODUCTION TO WEB DEVELOPMENT AND HTML

(Refer Slide Time: 01:41) (Refer Slide Time: 01:42)

Web Technology. COMP476 Networked Computer Systems. Hypertext and Hypermedia. Document Representation. Client-Server Paradigm.

Application Layer & Sockets

World Wide Web. Hypertext

AGENDA. HTML CODING YOUR HOMEPAGE [ Part IV ] :: NAVIGATION <nav> :: CSS CODING FOR HOMEPAGE [ <nav> & child elements ] CLASS :: 13.

HP Instant Support Enterprise Edition (ISEE) Security overview

Unit 3 - Week 2 lectures: Building your webapp

Chapter 4: Networking and the Internet

HTML + CSS. ScottyLabs WDW. Overview HTML Tags CSS Properties Resources

Tabular Presentation of the Application Software Extended Package for Web Browsers

HTML CS 4640 Programming Languages for Web Applications

The Web. Session 4 INST 301 Introduction to Information Science

2. Introduction to Internet Applications

Introduction to Computer Science. William Hsu Department of Computer Science and Engineering National Taiwan Ocean University

HTTP & Websites. Web Browsers. Web Servers vs. Web sites. World Wide Web. Internet Explorer. Surfing the World Wide Web. Part 4. The World Wide Web

P2_L12 Web Security Page 1

Module 1: Understanding and Installing Internet Information Services

Browser behavior can be quite complex, using more HTTP features than the basic exchange, this trace will show us how much gets transferred.

1. The basic building block of an HTML document is called a(n) a. tag. b. element. c. attribute. d. container. Answer: b Page 5

A Brief Introduction to HTML

Notes beforehand... For more details: See the (online) presentation program.

Network Security. Thierry Sans

Transport Level Security

A Security Evaluation of DNSSEC with NSEC Review

11. HTML5 and Future Web Application

Session 2. Background. Lecture Objectives

WEB TECHNOLOGIES CHAPTER 1

Chapter 4 The Internet

CST272 Getting Started Page 1

The Cisco HCM-F Administrative Interface

Web Programming Paper Solution (Chapter wise)

Securing Internet Communication

LECT 8 WEB SECURITY BROWSER SECURITY. Repetition Lect 7. WEB Security

Creating Web Pages. Getting Started

Data Communication & Computer Networks MCQ S

SC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers

Introduction to using HTML to design webpages

Web Publishing Basics I

UFCEKG Lecture 2. Mashups N. H. N. D. de Silva (Slides adapted from Prakash Chatterjee, UWE)

Motivation For Networking. Information access Interaction among cooperative application programs Resource sharing

Markup Language. Made up of elements Elements create a document tree

AGENDA :: MULTIMEDIA TOOLS :: CLASS NOTES

Mac OS X Server Web Technologies Administration. For Version 10.3 or Later

How to Configure Authentication and Access Control (AAA)

ICS 351: Today's plan. web scripting languages HTTPS: SSL and TLS certificates cookies DNS reminder

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Transcription:

The World Wide Web

Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web browser need to determine the ipaddress of the web server that is hosting the webpage (www.amazon.com) Web browser contacted the DNS to reslovename space to IP addresses

Uniform Resource Locators (URL) The URL used by the web browser to identify a webpage http://www.example.com/directory/file.html The protocol used in the above example is the Hypertext transfer protocol The domain name is www.example.com The web browser is requesting the content of file.htmlwhich is stored in the directory folder of a web server file.htmlis a file that describe text and images using the html (Hypertext markup language)format

Connecting to Web Server URLis used by the HTTP to access web information on a remote machine (web server) Resolving name space to IP address: The web browser check it DNS cache to resolve name space to IP address If no address is found the web browser send a DNS request Client-server TCP connection: The client make a TCP request on port 80 for HTTP HTTP requests: HTTP requests are encapsulated in the TCP packets HTTP request usually begin with commands such as POST or GET

Hypertext Mark up Language (HTML) Each HTTP response include a header Information in the HTTP response header includes: Information about the web server Software type and version number (Apache, Google GWS) The size of the payload The main body of the webpage in HTML source code

HTTP Request

HTML Coding HTML use a structural description of a document using special tags: Text formatting <i> text </i> for italics and <b> text </b> for bold Itemized lists is presented as: <ul> <li> first-item </li> <li> second-item </li> </ul> Hyperlinks is presented as: <a href= web-page-url >Description of the other page</a> Embedding images: <img src= URL-of the-image > Scripting code is represented as: <script> computer code </script>

HTML forms HTML forms allow user of the web to submit inputs to variables provided by the web server Server-side code is used by the web server to process user inputs Two methods to submit user inputted data: GET POST GET variables are recommended for querying a database POST variables are recommended when inserting or sending an email. The browser will promote the user if he wish to submit the information

HTML GET method

HTML code with a form

Vulnerabilities in HTTP HTTP request and response packets are send in clear text The lack of encryption allow an attacker to eavesdrop on the communication and capture the payload Therefore sensitive data should transmitted using HTTPS

HTTPS HTTPS uses the secure socket layer (SSL) or transport layer security to secure data in transit Establishing a secure connection: 1. The browser provide the web server with a list of security primitives that are supported on the client machine. Hash function Crypto algorithms 2. The web server chooses the strongest cipher and hash that are supported by the client machine. 3. The web server send a certificate HTTPS Client HTTPS web server Supported hash and cipher Choose the strongest hash and cipher Send a certificate

HTTPS 1. Client verify the certificate 2. Client and web server generate a shared key 3. Symmetric encryption is used to transfer data over the secure channel HTTPS Client HTTPS web server Client send a random number E(R, P s) Server and client set a shared key Shared key and MAC is used to encrypt and verify the integrity of the data

Web Server Certificate Certificates are used to enable a client to verify the identity of web site Certificates are digitally signed by a certificates authority (CA) A website obtain a certificate by submitting a certificate signing request The certificate include the following information: Name of the CA Serial number of the certificate Experiation date Domain name of the web site Identifier of the public key scheme Public key Identifier of the crypto and hash algorithm Digital signature over the certificate data

Extended Validation Certificate Extended validation certificate can only be signed by high-profile CAs Extended validation certificate are designated in the CA field

Certificate Hierarchy Low-level certificates are signed by intermediary CA Top-level certificate is known as root certificate Root certificates for top-level domain are called anchor point Anchor points are usually stored in the OS.

Invalid certificate

Dynamic Content Web content could be: Static Dynamic Scripting languages allowed a computer code executed by a module of the browser Client-side scripting executed by the browser Server-side scripting executed by the server hiding the code from the user and only providing the user with the output

Document Object Model (DOM) The content of the web page can presented as in an organized way HTML code is presented in an object-oriented way Tags and page elements are represented as parent-child relationship

Java script Interactive and dynamic web browsing capacities are introduced through a scripting languages called java script

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback