To be able to understand how different attacks on web applications are taking
place we will go through a fast review over different web applications
technologies.
Our fast review will cover the two main categories:
Http protocol issues:
The review will include information about Http request, response, headers and methods in addition to cookies and status codes and authentication
Web Application technologies:
This part will cover general information about:
Client side functionalities and technologies:
We mean by client side functionalities all technologies and functions that appear on the client side represented by the web browser.
- HTML, CSS
- JavaScript, VBScript
- Document object model and Ajax
- browser extension technologies like Java applet, ActiveX and silver
- light
Server side functionalities and technologies:
This parts covers all technologies executed on the server or located at the
back end
- Server side scripting PHP, VBscript, Perl and recently also
- javascript
- Web application platforms:ASP.NET
- Web servers : IIS, Apache,nodejs
- Databases : MySQL, SQL server, Orcale
- Webservices and filessystems
HTTP issues
Http is hypertext transfer protocol it is the main protocol used on web, it was
originally developed to retrieve text pages from web server developed after that
to allow retrieving other types of media and web pages’ contents.
HTTP adopts Request Response approach which means that it is a connect-less
protocol. The protocol depends on the TCP protocol on the transport layer as it is
a state full protocol.
The HTTP protocol messages (request and response) as most of protocols
messages are composed of two parts, Message Headers part containing one or
more headers with optional values and Message Body part that optionally
contains the payload of the message.
HTTP Request:
The following example shows an Http request message:
As you see the request begins with HTTP method that decides whether the
request is meant to request a resource from the server (GET) or to send user
input to server to be processed (POST)
As the example is using the GET method the message body is not necessary.
Next is the uniform resource locator (URL) this part represent the address for
the resource that needs to be fetched any extra parameters are passed after (?)
sign and this part is called Query String.
The last part in in first line is the version of used HTTP protocol. In our example
we are using the most used version 1.1.
Next we will have a set of headers in the format of (header name : header
value) , headers will be separated by blank line.
Http protocol support many headers the following are the most commonly used:
- Referrer: the resource from which the Request-URI was obtained
- User-agent: contains information about the user agent originating the request
- Host: this is the hostname necessary specially when virtual hosts exist on the web server (more than one site on the same webserver).
- Cookie: An HTTP cookie previously sent by the server with Set-Cookie
- Accept: specify certain media types which are acceptable for the response
- Accept-language: restricts the set of natural languages that are preferred as a response to the request
- Accept-encoding: restricts the content-coding that are acceptable in the response
HTTP Response:
First line in HTTP Response contains the used version and the status
code. In our example the version is 1.1 and the status code is (200) which
refers to the fact that the requested resource was retrieved successfully,
lot of other choices are available the most common are (404) for not
found and (403) for forbidden.
The main notation depends on the most left number:
(1) Is to provide information.
(2) When the request is successful
(3) This is the redirection code which means that the request will be redirected.
(4) When an error occurs.
The status code is followed by description of status code in our example
case it is (OK).
- Date header specifies the date of response.
- Server header specifies the name of web server software that answer therequest in our example it is Apache server
- X-Powered-By: it is nonstandard header specifies the technology used tocreate the response.
- Pragma: specifies wither to put the response in the cache or not
- Expires: specifies when the cached content should expire, as you see inthat header the value is in the past which refers to the fact that theresponse content will not be cached.
- Content-type and content-length: refer to the html contents contained in the response body and the length of body part of the message in bytes.
- Set-Cookie: set the name and value of the cookie that will be sent to the browser and resent afterwards with each request to this server.
- Connection: it tells HTTP to keep alive, for additional messages, or close the TCP connection.
0 comments: