This document provides an overview of key concepts related to the internet and web development, including: - The difference between client-server communication models like thin clients (browsers) versus thick clients (desktop apps). - How communication works between clients and servers over network layers, protocols like HTTP, and network equipment. - Key components of web browsers like the user interface, rendering engine, and storage mechanisms. - The role of plug-ins in enabling customization and extending functionality of applications. - Definitions of networks like intranets and extranets, and how the global Internet system is structured with domains and DNS.

2.  To refresh and upgrade fundamentals of internet and
the world wide web.
 Help in improving development and test practices by
touching the core topics of the internet in a greater
detail
 Help in quickly identifying and solving a web related
issues.
 Help us to use our own mind before Googling an issue.
 Help us relate and understand web related
projects/requirement.

3. Client Server

4. 
 H/W & OS Platform
 Thin client i.e. Browser
 Thick client i.e.
Web/Desktop/Service
application.

 H/W & OS Platform
 IIS
 ASP.NET
 Aspx
 MVC
 Asmx
 SERVICE
 WCF



 Network Layers
 Network Protocols
 TCP
 IP
 HTTP/HTTPS
 PORT
 Internet
 Intranet
 Extranet
 Communication equipments
 THE WORLD WIDE WEB





5. Client Computer/Device
A client is a piece of computer
hardware or software that accesses a service made
available by a server or a computer system.

8. A fat client, also known as a rich client or thick client,
is a client that performs the bulk of any data
processing operations itself, and does not
necessarily rely on the server.
Example: Desktop applications like ms word, excel,
Custom application etc.

9. Thin clients use the resources of the host computer and
generally only presents processed data provided by
an application server.
Example: Web Browser, Management Studio

10. A hybrid client is a mixture of the above two client
models. Similar to a fat client, it processes locally, but
relies on the server for storing persistent data.
Example: Game Applications

12. Resources
•Files
•Data
•Service

14. How does client – server communicate?

15. Communication is the meaningful exchange of information between
two or more living creatures.
Communication requires a sender, a message, and a recipient,
although the receiver doesn't have to be present or aware of the
sender's intent to communicate at the time of communication;
thus communication can occur across vast distances in time and
space.
The communication process is complete once the receiver
understands the sender's message
Communicating with others involves three primary steps:
 Thought: First, information exists in the mind of the sender. This
can be a concept, idea, information, or feelings.
 Encoding: Next, a message is sent to a receiver in words or other
symbols.
 Decoding: Lastly, the receiver translates the words or symbols into
a concept or information that a person can understand.

20.  Sender; the initiator and encoder of a message
 Receiver; the one that receives the message (the listener) and the
decoder of a message
 Decode; translates the senders spoken idea/message into something the
receiver understands by using their knowledge of language from
personal experience.
 Encode; puts the idea into spoken language while putting their own
meaning into the word/message.
 Channel; the medium through which the message travels such as
through oral communication (radio, television, phone, in person) or
written communication (letters, email, text messages)
 Message; the verbal and nonverbal components of language that is sent
to the receiver by the sender which conveys an idea.
Every information exchange between living organisms — i.e. transmission
of signals that involve a living sender and receiver can be considered a
form of communication
Nonhuman communication also include cell signaling, cellular
communication, and chemical transmissions between primitive organisms
like bacteria and within the plant and fungal kingdoms.

21. Matter – element - cell – human body – human to human
Bit – instruction – program – computer device – computer device to computer
device
Take any working models/Process in real life like in ticket booking counter or any
other counter
Communication in program types
 Unstructured/non procedural program
 Program to program in cobol, fortran
 Structured/procedural program
 function to function in C
 Object oriented program
 Object to object in C++, C#, Java
 Component oriented program – Component to component i.e. exe/dll to dll/exe,
Assembly to assembly , application to web service in
COM/DCOM/Remoting/Java bean/.net framework/SOAP/XML- RPC web service.
 Service oriented program –Client/Service to service in WCF using WS-* and
SOAP
 Resource oriented program – Client/Service to service WCF using REST

23. Client Server

24. Term used with out of process communication
 Request i.e. Formal demand for something
 Who - Client, Computer, Browser or fat client
 What – Resources, data or service
 How - HTTP, TCP, SMTP, FTP etc/Networking model.
 Response i.e. Formal reply of a request
 Who – Server, web server, platform, framework
 What – Process request, provide results, output data,
resources
 How – Networking model/HTTP,TCP,IP

25. Client Web Browser application
Web Server application

30. When an application supports plug-ins, it enables
customization. The common examples are the plug-ins
used in web browsers to add new features such as
search-engines, virus scanners, or the ability to utilize a
new file type such as a new video format. Well-known
browser plug-ins include the Adobe Flash Player, the
QuickTime Player, and the Java plug-in

31. Applications support plug-ins for many reasons.
Some of the main reasons include:
 to enable third-party developers to create abilities which
extend an application
 to support easily adding new features
 to reduce the size of an application
 to separate source code from an application because of
incompatible software licenses.

32.  Web browsers use plug-ins (often implementing the
NPAPI specification) to play video and presentation
formats (Flash, QuickTime, Microsoft Silverlight, 3DMLW)
 Graphics software use plug-ins to support file formats
and process images (Adobe Photoshop, GIMP)
 Media players use plug-ins to support file formats and
apply filters (foobar2000, GStreamer,
 Microsoft Office uses plug-ins (better known as add-ins)
to extend the abilities of its application by adding
custom commands and specialized features
 Software development environments use plug-ins to
support programming languages (Eclipse, jEdit,
MonoDevelop)

35.  The user interface: this includes the address bar, back/forward button,
bookmarking menu, etc. Every part of the browser display except the
window where you see the requested page.
 The browser engine: marshals actions between the UI and the rendering
engine.
 The rendering engine : responsible for displaying requested content. For
example if the requested content is HTML, the rendering engine parses
HTML and CSS, and displays the parsed content on the screen.
 Networking: for network calls such as HTTP requests, using different
implementations for different platform behind a platform-independent
interface.
 UI backend: used for drawing basic widgets like combo boxes and
windows. This backend exposes a generic interface that is not platform
specific. Underneath it uses operating system user interface methods.
 JavaScript interpreter. Used to parse and execute JavaScript code.
 Data storage. This is a persistence layer. The browser may need to save
all sorts of data locally, such as cookies. Browsers also support storage
mechanisms such as localStorage, IndexedDB, WebSQL and FileSystem.

36. Two devices are said to be networked when a device is
able to exchange information with another device.

38. The Internet is a global system of interconnected computer
networks that use the standard Internet protocol
suite (TCP/IP) to serve several billion users worldwide. It is
a network of networks that consists of millions of private,
public, academic, business, and government networks, of
local to global scope, that are linked by a broad array of
electronic, wireless and optical networking technologies.

40. INTERNET

44. An intranet can be understood as a private analog of the Internet, or as a
private extension of the Internet confined to an organization.

45. While intranets are generally restricted to employees of the
organization, extranets may also be accessed by customers,
suppliers, or other approved parties. Extranets extend a
private network onto the Internet with special provisions for
authentication, authorization and accounting (AAA protocol).

46.  Hub
 Switch
 Bridges
 Routers
 Network interface card
 Modem
 ISDN
 CABLE
 DSL
 DIAL-UP (PSTN)
 WIRELESS
 Firewall
 Proxy

47. The World Wide Web is a global set
of documents, images and other resources, logically
interrelated by hyperlinks and referenced with Uniform
Resource Identifiers (URIs).

50. The World Wide Web Consortium (W3C) is the main
international standards organization for the World Wide
Web (abbreviated WWW or W3). The World Wide Web
Consortium (W3C) is an international community
where Member organizations, a full-time staff, and the
public work together to develop Web standards. Led by
Web inventor Tim Berners-Lee and CEO Jeffrey Jaffe,
W3C's mission is to lead the Web to its full potential.
http://www.worldwidewebsize.com/
http://www.w3.org/
http://royal.pingdom.com/2013/01/16/internet-2012-in-numbers/

51. The Domain Name System (DNS) is
a hierarchical distributed naming system for computers,
services, or any resource connected to the Internet or
a private network. Most prominently, it translates easily
memorized domain names to the numerical IP
addresses needed for the purpose of locating computer
services and devices worldwide

52. host-a.example.microsoft.com
. = root domain
.com= Top level domain
Microsoft.com=Second level domain name
Example.microsoft.com= sub domain assigned by microsoft
host-a.example.microsoft.com=the first label (“host-a”) is the DNS host name for a specific
computer on the network.

55.  As of February 2013, there are 13 root name servers
specified, with names in the form letter.root-servers.net,
where letter ranges from A to M. This does not mean there
are 13 physical servers; each operator uses redundant
computer equipment to provide reliable service even if
failure of hardware or software occur. Additionally, nine of
the servers operate in multiple geographical locations using
a routing technique called any cast, providing increased
performance and even more fault tolerance.
 Ten servers were originally in the United States; some are
now operated via anycast. Three servers were originally
located in Stockholm (I), Amsterdam (K), and Tokyo (M).

58. The Transmission Control Protocol (TCP) is one of the core protocols of the Internet
protocol suite (IP), and is so common that the entire suite is often called TCP/IP.
It is connection-oriented. TCP provides reliable, ordered, error-checked delivery
of a stream of octets between programs running on computers connected to
a local area network, intranet or the public Internet. It resides at the transport
layer.
TCP uses port numbers to identify sending and receiving application end-
points on a host
Before TCP/IP, there was no way for computers to communicate easily and
securely on public networks
It uses binary data format, faster but restricted to platform dependence(?).

59.  All applications that don’t use web or http.
 SQL Server DB – Management Studio
 .NET Remoting
 Web browser (for email and transfer files)
 Remote Desktop/Telnet (for remote login)

60. A port is a number used to uniquely identify a transaction over a
network by specifying both the host, and the service. They are
necessary to differentiate between many different IP services,
such as web service (HTTP), mail service (SMTP), and file transfer
(FTP).
 network administrators may need to set up port forwarding to allow
the port numbers of specific applications to pass through a firewall.
On home networks, broadband routers support port forwarding on
their configuration screens.
 The protocols that primarily use ports are the Transport
Layer protocols, such as the Transmission Control Protocol (TCP)
and the User Datagram Protocol(UDP) of the Internet Protocol Suite

61.  21 & 22: File Transfer Protocol (FTP/SFTP)
 23: Telnet remote login service
 25: Simple Mail Transfer Protocol (SMTP)
 53: Domain Name System (DNS) service
 80: Hypertext Transfer Protocol (HTTP) used in
the World Wide Web
 110: Post Office Protocol (POP3)
 443: HTTP Secure (HTTPS)
 465: SMTP Secure (SMTPS)

62. The Hypertext Transfer Protocol (HTTP) is an application
protocol for distributed, collaborative ,
hypermedia information systems. HTTP is the
foundation of data communication for the World Wide
Web.
Hypertext is structured text that uses logical links
(hyperlinks) between nodes containing text. HTTP is the
protocol to exchange or transfer hypertext.

63. GET /Billers.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.easybillindia.net.in/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2;
Trident/6.0)
Accept-Encoding: gzip, deflate
Host: www.easybillindia.net.in
DNT: 1
Connection: Keep-Alive
Cookie:
__utma=155821871.1038001938.1371714577.1380013859.1380831408.14;
__utmz=155821871.1371714577.1.1.utmcsr=(direct)|utmccn=(direct)|utmcm
d=(none); __utmb=155821871.1.10.1380831408; __utmc=155821871;
ASP.NET_SessionId=

64. POST /LoginDetails.aspx HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.easybillindia.net.in/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: www.easybillindia.net.in
Content-Length: 658
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __utma=155821871.1038001938.1371714577.1380831408.1380833603.15;
__utmz=155821871.1371714577.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmb=155821871.2.10.1380833603; __utmc=155821871
__VIEWSTATE=%2FwEPDwUKMTE1NTY5NTU3Mw8WAh4EbWFpbgXAAUhPeEp6dDd2R0pWYmc5
dTZVSHArMDhyZU42RSt3TURJQVc0SlFZcFE5ZzB0Z2gyRnpMelREMmNmdzlLTFh0Z0YyTHRJa3
p0MFFMUlRaTlNMZ3pNc0RQWDJWRzhTbGZsd3Z

65. HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 02 Oct 2013 20:53:32 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=5webce55zflujxa3fl22ms55;
expires=Fri, 03-Feb-2012 20:53:32 GMT; path=/; HttpOnly
Date: Thu, 03 Oct 2013 20:53:32 GMT
Content-Length: 29998
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<div id="mainDiv">
<h2 style="margin-left: 5px">
Countrywide Services</h2>
<ul>
<li><span style="font-size: 14px; font-family: Verdana;">Ticketing</span></li></ul>
<h2 style="margin-left: 5px">
City Services</h2>
</body>
</html>

69. IIS – Hosting environment
ASP.NET – Web application and Service
development platform
WCF – Service development platform

70.  IIS 7.0 is the most powerful Microsoft Web server
platform ever released.
 Provides a secure, easy-to-manage platform for
developing and reliably hosting Web applications and
services.
 redesigned and offers major advantages over previous
versions of IIS.
 With its new modular and extensible architecture, IIS 7.0
makes developing, deploying, and configuring and
managing web applications and infrastructure easier
and more efficient than ever before.

71.  Modularity – All of the web server features are managed as
standalone components. Unified request processing pipeline.
 Extensibility – Write custom httpModule and httpHandlers.
 Configuration – Various configuration files i.e.
Machine.config, applicationHost.config, root web.config, site
web.config, application web.config, directory web config.
 Administration tools
 IIS manager
 Command line tool i.e. Appcmd.exe
 WMI
 Integrated diagnostics – run time diagnostic info, logging

72.  HTTP.sys
 World wide web service publishing service(W3SVC)
 Window process activation service (WPAS)
 Configuration store
 Worker process i.e. W3wp.exe

73.  Receive HTTP requests and send HTTP responses
 Preprocessing and security filtering of the incoming HTTP
requests
 Queuing of HTTP requests for the application pools
 Caching of the outgoing HTTP responses

74.  W3SVC
 configuring HTTP.sys, updating HTTP.sys when configuration
changes
 notifying WAS when a request enters the request queue.
 WAS
 reads configuration information from the configuration store
 manages application pools
 Activate worker processes

79. ASP.NET is a server-side Web application
framework designed for Web development to
produce dynamic Web pages. It was developed
by Microsoft to allow programmers to build
dynamic web sites, web applications and web services

82.  Compiling on First Request
 By default, ASP.NET Web pages and code files are compiled dynamically
when users first request a resource, such as an ASP.NET page (.aspx file),
from a Web site. After pages and code files have been compiled the first
time, the compiled resources are cached, so that subsequent requests to
the same page are extremely efficient.
 Recompiling on Change
 Any changes to a dynamically compiled file will automatically invalidate
the file's cached compiled assembly and trigger recompilation of all
affected resources.
 Compilation Dependencies
 When the first request is made to an application, ASP.NET compiles files
in a specific order. The first items to be compiled are referred to as the
top-level items. After the first request, the top-level items are recompiled
only if a dependency changes.
 Top-level items include the App_GlobalResources folder, the
App_WebResources folder, profile properties, the App_Code folder, and
the Global.asax file.
 Compilation Output
 %SystemRoot%Microsoft.NETFrameworkversionNumberTemporary
ASP.NET Files

83.  A Web Service is programmable application logic accessible
via standard Web protocols. One of these Web protocols is
the Simple Object Access Protocol (SOAP).
 invoking or exposing methods and properties of objects
over the internet regardless of platform and language.
Interoperability.
 Web services are a means for interacting with objects
over the Internet.
 Web services are designed for interoperability across
heterogeneous environments.
 Web services give us a loosely coupled messaging
architecture that scales across the Internet.

84.  SOAP Based
 ASP.net xml web service
 WCF (SOA)
 HTTP Based
 RestFul (ROA)
 WCF Rest
 XML RPC
 URL
 Http Get/Post

85. SOAP, originally defined as Simple Object Access
Protocol, is a protocol specification for exchanging
structured information in the implementation of Web
Services in computer networks. It relies on XML
Information Set for its message format, and usually
relies on other Application Layer protocols, most
notably Hypertext Transfer Protocol (HTTP) or Simple
Mail Transfer Protocol (SMTP), for message negotiation
and transmission.

86. POST /InStock HTTP/1.1
Host: www.example.org
Content-Type: application/soap+xml;
charset=utf-8
Content-Length: 299
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header> </soap:Header>
<soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock">
<m:StockName>IBM</m:StockName> </m:GetStockPrice>
</soap:Body>
</soap:Envelope>

88. Service-oriented architecture (SOA) is a software design and
software architecture design pattern or principle based on discrete
pieces of software providing application functionality as services to
other applications. This is known as Service-orientation. It is
independent of any vendor, product or technology
Architectures can operate independently of specific
technologies. Designers can implement SOA using a wide range of
technologies, including:
 SOAP, RPC
 REST
 DCOM
 CORBA
 Web services
 DDS
 Java RMI
 WCF (Microsoft's implementation of web services now forms a
part of WCF)
 Apache Thrift

89. Resource-oriented architecture (ROA) is a style
of software architecture and programming paradigm for
designing and developing software in the form
of resources with "RESTful" interfaces. Using HTTP
verbes GET, POST, PUT, DELETE etc, not using any
protocol layer like SOAP.
WCF RestFul using webhttpbinding

90.  REST is an architecture style for designing networked
applications. The idea is that, rather than using complex
mechanisms such as CORBA, RPC or SOAP to connect
between machines, simple HTTP is used to make calls
between machines.
 In many ways, the World Wide Web itself, based on
HTTP, can be viewed as a REST-based architecture.
 RESTful applications use HTTP requests to post data
(create and/or update), read data (e.g., make queries),
and delete data. Thus, REST uses HTTP for all four
CRUD (Create/Read/Update/Delete) operations.

91.  SOAP
<?xml version="1.0"?> <soap:Envelope
xmlns:soap="http://www.w3.org/2001/12/soap-envelope"
soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding"> <soap:body
pb="http://www.acme.com/phonebook"> <pb:GetUserDetails>
<pb:UserID>12345</pb:UserID> </pb:GetUserDetails> </soap:Body>
</soap:Envelope>
 REST
http://www.acme.com/phonebook/UserDetails/12345

92. XML-RPC is a remote procedure call (RPC) protocol which
uses XML to encode its calls and HTTP as a transport
mechanism
An example of a typical XML-RPC request would be:
<?xml version="1.0"?> <methodCall>
<methodName>examples.getStateName</methodName> <params>
<param> <value><i4>40</i4></value> </param> </params>
</methodCall>
An example of a typical XML-RPC response would be:
<?xml version="1.0"?> <methodResponse> <params> <param>
<value><string>South Dakota</string></value> </param> </params>
</methodResponse>

96. The DNS lookup proceeds as follows:
 Browser cache – The browser caches DNS records for some time. Interestingly,
the OS does not tell the browser the time-to-live for each DNS record, and so
the browser caches them for a fixed duration (varies between browsers, 2 – 30
minutes).
 OS cache – If the browser cache does not contain the desired record, the
browser makes a system call (gethostbyname in Windows). The OS has its own
cache.
 Router cache – The request continues on to your router, which typically has its
own DNS cache.
 ISP DNS cache – The next place checked is the cache ISP’s DNS server. With a
cache, naturally.
 Recursive search – Your ISP’s DNS server begins a recursive search, from the root
nameserver, through the .com top-level nameserver, to Facebook’s nameserver.
Normally, the DNS server will have names of the .com nameservers in cache, and
so a hit to the root nameserver will not be necessary.
C:WindowsDownloaded Program Files
C:UserseblAppDataLocalMicrosoftWindowsTemporary Internet Files
C:WindowsSystem32Driversetc

97. DNS lookup tools
http://www.dnswatch.info/
http://www.dnsstuff.com
http://whois.net
http://www.dnsqueries.com

99. GET /Billers.htm HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.easybillindia.net.in/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: www.easybillindia.net.in
DNT: 1
Connection: Keep-Alive
Cookie: __utma=155821871.1038001938.1371714577.1380013859.1380831408.14;
__utmz=155821871.1371714577.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none
); __utmb=155821871.1.10.1380831408; __utmc=155821871; ASP.NET_SessionId=

100. POST /LoginDetails.aspx HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.easybillindia.net.in/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: www.easybillindia.net.in
Content-Length: 658
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __utma=155821871.1038001938.1371714577.1380831408.1380833603.15;
__utmz=155821871.1371714577.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmb=155821871.2.10.1380833603; __utmc=155821871
__VIEWSTATE=%2FwEPDwUKMTE1NTY5NTU3Mw8WAh4EbWFpbgXAAUhPeEp6dDd2R0pWYm
c5dTZVSHArMDhyZU42RSt3TURJQVc0SlFZcFE5ZzB0Z2gyRnpMelREMmNmdzlLTFh0Z0YyT
HRJa3p0MFFMUlRaTlNMZ3pNc0RQWDJWRzhTbGZsd3ZCUXR6ZVJmeGNuQ3VkZjRXQmtZ
Zmwx

101. Browser opens a TCP connection to the IP address of
www.google.com using network api and send a HTTP
GET/POST request to the server
via network adapterModelwire or wireless
devicesproxyrouterFIREWALLISPdestination
ISPFIREWALLROUTERSERVERNETWORK
ADAPTERnet work driverIIS

105.  An HTTP request from a client browser arrives to the server. HTTP.sys intercepts the request.
 HTTP.sys checks if it has the configuration information for an application the request is sent
to.
 If HTTP.sys has the configuration information, it forwards the request to an appropriate worker
process
 If HTTP.sys doesn’t have the configuration information, it contacts W3SVC, which passes the request
for information to WAS.
 WAS obtains configuration information from the IIS global configuration file,
applicationHost.config.
 WAS checks the worker process in the application pool to which the request is made. If
there is no worker process, WAS starts a worker process for that application pool.
 WAS passes configuration, including as application pool and application configuration
settings, to W3SVC.
 W3SVC uses configuration received from WAS to configure and update HTTP.sys.
 HTTP.sys forwards the request to the worker process.
 The worker process begins a request processing pipeline to execute the request. A request
processing pipeline is an ordered list consisting of components that perform specific tasks
to process a request. At the end of this processing, a response is generated and returned to
HTTP.sys.
 HTTP.sys sends a response to the client using tcp.sys.

107.  A request is made for an application resource.
 The unified pipeline receives the first request for the
application.
 After the application domain has been created and the
HostingEnvironment object has been instantiated,
application objects such as HttpContext, HttpRequest, and
HttpResponse are created and initialized.
 The HttpContext class contains objects that are specific to
the current application request, such as the HttpRequest and
HttpResponse objects.
The HttpRequest object contains information about the current request, which includes
cookies and browser information. The HttpResponse object contains the response that is
sent to the client, which includes all the rendered output and cookies.

108.  An HttpApplication object is assigned to the request.
After all application objects have been initialized, the application is started by
creating an instance of the HttpApplication class. If the application has a
Global.asax file, ASP.NET instead creates an instance of the Global.asax class that
is derived from the HttpApplication class. It then uses the derived class to
represent the application.
 The request is processed by the HttpApplication pipeline. By aspx handler for
example.
The following tasks are performed by the HttpApplication class while the request
is being processed. The events are useful for page developers who want to run
code when key request pipeline events are raised
 Validate the request, which examines the information sent by the browser and determines whether
it contains potentially malicious markup. For more information, see ValidateRequest and Script
Exploits Overview.
 Perform URL mapping, if any URLs have been configured in the UrlMappingsSection section of the
Web.config file.
 Pre processing events
 Call the ProcessRequest method (or the asynchronous version
IHttpAsyncHandler.BeginProcessRequest) of the appropriate IHttpHandler class for the request. For
example, if the request is for a page, the current page instance handles the request.
 Post processing event handling

109. Life Cycle Events: PreInitInitInitCompletePreLoadLoadControl events
LoadCompletePreRenderPreRenderCompleteSaveStateComplete
RenderUnload

113. HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 02 Oct 2013 20:53:32 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: ASP.NET_SessionId=5webce55zflujxa3fl22ms55;
expires=Fri, 03-Feb-2012 20:53:32 GMT; path=/; HttpOnly
Date: Thu, 03 Oct 2013 20:53:32 GMT
Content-Length: 29998
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<div id="mainDiv">
<h2 style="margin-left: 5px">
Countrywide Services</h2>
<ul>
<li><span style="font-size: 14px; font-family: Verdana;">Ticketing</span></li></ul>
<h2 style="margin-left: 5px">
City Services</h2>
</body>
</html>

117.  IIS
 Fiddler
 HttpProfessional
 Firebug
 Developer tool by Google chrome
 Network command Ipconfig, tracert, ping
 DNS lookup
 http://www.dnswatch.info/
 http://www.dnsstuff.com
 http://whois.net
 http://www.dnsqueries.com

124. OWASP is the emerging standards body for Web
application
securityhttps://www.owasp.org/index.php/Attacks
 https://www.owasp.org/index.php/Vulnerabilities
 http://en.wikipedia.org/wiki/Web_application_security

125. The majority of web application attacks occur through cross-site scripting (XSS)
and SQL injection attacks[5] which typically result from flawed coding, and
failure to sanitize input to and output from the web application. These are
ranked in the 2009 CWE/SANS Top 25 Most Dangerous Programming
Errors.[6]According the security vendor Cenzic, the top vulnerabilities in March
2012 include:[7]
 Cross Site Scripting, 37%
 SQL Injection, 16%
 PHP Injection,
 Javascript Injection,
 Path Disclosure, 5%
 Denial of Service, 5%
 Code Execution, 4%
 Memory Corruption, 4%
 Cross Site Request Forgery, 4%
 Information Disclosure, 3%
 Arbitrary File, 3%
 Local File Include, 2%
 Remote File Include, 1%
 Overflow 1%
 Other, 15%

126. Miscellaneous

127. Http Status Code

130. Easybill Network Diagram

132. General Issues/Solutions

133. Questionnaire Session
Ask more and more questions