Web Security (CAT-309) - Unit 1 Lecture 3

UNIVERSITY INSTITUTE OF
COMPUTING
Bachelor of Computer Application
Subject Name: Web Security
Code:CAT-309
HTTP DISCOVER . LEARN . EMPOWER

HTTP
• HTTP is a protocol which allows the

fetching of resources, such as HTML
documents.
• It is the foundation of any data exchange
on the Web and it is a client-server
protocol, which means requests are
initiated by the recipient, usually the
Web browser.
• A complete document is reconstructed
from the different sub-documents
fetched, for instance text, layout
Fig 1 HTTP
description, images, videos, scripts, and
Reference: https://developer.mozilla.org [1]
more.
2
HTTP Continues
• Clients and servers communicate by
exchanging individual messages (as opposed
to a stream of data).
• The messages sent by the client, usually a Web
browser, are called requests and the messages
sent by the server as an answer are
called responses.
• Each individual request is sent to a server,
which handles it and provides an answer,
called the response. Between the client and the
server there are numerous entities, collectively
called proxies, which perform different
operations and act as gateways or caches.
Fig 2 HTTP Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview#HTTP_flow [2]
3
Aspects of HTTP
• HTTP is simple
• HTTP is extensible
• HTTP is stateless, but not session less
• HTTP and connections
4
HTTP Headers
• HTTP header fields provide required information about the request or response, or
about the object sent in the message body.
There are four types of HTTP message headers:
• General-header: These header fields have general applicability for both request
and response messages.
• Client Request-header: These header fields have applicability only for request
messages.
• Server Response-header: These header fields have applicability only for response
messages.
• Entity-header: These header fields define meta information about the entity-body
or, if no body is present, about the resource identified by the request.
5
HTTP Requests
• HTTP (Hypertext Transfer Protocol),
is the underlying format that is used to
structure request and responses for
effective communication between a
client and a server. The message that is
sent by a client to a server is what is
known as an HTTP request.
• It store the information that send from
sender to receiver.
Fig 3 HTTP Request

Reference: https://rapidapi.com/blog/api-
glossary/http-request-methods [3]
6
HTTP Request Methods
The request method indicates the GET : The GET method is used to
method to be performed on the retrieve information from the given
resource identified by the server using a given URI.
given Request-URI. POST : A POST request is used to
send data to the server
The Request-URI is a Uniform PUT : Replaces all the current
Resource Identifier and identifies the representations of the target resource
resource upon which to apply the with the uploaded content.
request. DELETE : Removes all the current
representations of the target resource
given by URI.
7
HTTP Response
• After receiving request server send
response according to the request.
• It contain following information:
 HTTP Version : A server
supporting HTTP version 1.1 will
return the version information
 Status code : The Status-Code
element is a 3-digit integer where
first digit of the Status-Code defines
the class of response and the last
Fig 4 HTTP Response
two digits do not have any Reference:https://www.google.com/search?
categorization role. q=http+response [4]
8
HTTP GET vs POST
GET POST
Parameters in this method are saved in the Parameters are not archived in the browser history
browser’s history or other web server logs
Can be bookmarked Cannot be bookmarked
Features a restriction on data length. This is
because the GET method adds data to the URL for
it to be sent, and we know the maximum URL There are no restriction on data length
length is 2048 characters
There is no impact when you hit the reload/back Should you hit the reload/back button, sent data
button. will be resubmitted
Has restriction on data type as the only allowed There is no restriction on data type, and binary
data type is ASCII characters data is also allowed
Information is not displayed in the URL thus not
Information is visible to everyone in the URL
visible to everyone
9
Reference: https://rapidapi.com/blog/api-glossary/http-request-methods [5]
Sample Request and Response
Request Response
GET /index.html HTTP/1.1 HTTP/1.1 200 OK
Host: www.example.com Date: Thu, 24 Jul 2008 17:36:27 GMT
User-Agent: Mozilla/5.0 Server: Apache-Coyote/1.1
Accept: Content-Type: text/html;charset=UTF-8
text/xml,application/xml,application/xht Content-Length: 1846
ml+xml,text/html*/*
Accept-Language: en-us
<html>
Accept-Charset: ISO-8859-1,utf-8
...
Connection: keep-alive
</html>
<blank line>
10
Status Codes
Fig 5 HTTP Codes

Reference: https://www.google.com/search?q=http+response [6] 11
References
Reference websites:
1. https://developer.mozilla.org
2. https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview#HTTP_flow
3. https://rapidapi.com/blog/api-glossary/http-request-methods
4. https://www.google.com/search?q=http+response
5. https://rapidapi.com/blog/api-glossary/http-request-methods
6. https://www.google.com/search?q=http+response
For queries
Email: [email protected]
12
THANK YOU
For queries
Email: [email protected]

Web Security (CAT-309) - Unit 1 Lecture 3

Uploaded by

Copyright:

Available Formats

Web Security (CAT-309) - Unit 1 Lecture 3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Web Security (CAT-309) - Unit 1 Lecture 3

Uploaded by

Copyright:

Available Formats

UNIVERSITY INSTITUTE OF

HTTP DISCOVER . LEARN . EMPOWER

• HTTP is a protocol which allows the

Fig 3 HTTP Request

Fig 5 HTTP Codes

You might also like