SlideShare a Scribd company logo

HTTP Basics Demo

InMobi Technology
InMobi Technology

This is the presentation from Null/OWASP/g4h December Bangalore MeetUp by Akash Mahajan. technology.inmobi.com/events/null-owasp-g4h-december-meetup Abstract: This will cover the basics of Hyper Text Transfer Protocol. You will learn how to send HTTP requests like GET, POST by crafting them manually and using a command line tool like CURL. You will also see how session management using cookies happens using the same tools. To practice along please install curl (http://curl.haxx.se/download.html).

Technology
1 of 12
Download to read offline
December 13, 2014 Akash Mahajan # This module will set the base for anyone interested in learning about Hyper Text Transfer Protocol (HTTP) basics with regards to Web Security. 10+ years of industry experience. Director - The App Sec Lab OWASP Bangalore Chapter Lead Co-Founder and Community Manager at null - The Open Security Group akashmahajan@gmail.com | +91 9980527182 | @makash HTTP Basics Introduction About me Akash Mahajan
Curl So for the greater good, please speak up You have no idea what I am talking about. Great we will learn together You know more than me. Great, please correct my mistakes and cover any gaps I expect full participation from everyone Learn the fundamentals of HTTP (Language/Platform agnostic) *Have fun and learn a lot* # Information for Participants Software Requirements Chances are I am going to be wrong about 2/10 things that I talk about {data- background="#ffc928"} 2 Kinds of audience here Participate! {data- background=images/participate.jpg} Objectives Agenda
Basics of Hyper Text Transfer Protocol (HTTP) *Hands-On* with Command Line Web Client Basics of TLS/SSL (Time permitting) # Hyper Text Transfer Protocol From Wikipedia HTTP is a request/response standard of a client and a server. A client is the end-user, the server is the web site. The client making a HTTP request—using a web browser, spider, or other end-user tool—is referred to as the user agent. The responding server—which stores or creates resources such as HTML files and images—is called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels. Clients make request and servers respond It can't be the other way. Servers can not initiate any communication on their own in HTTP HTTP has no notion of state. One connection has no relationship to another. HTTP Basics of HTTP Basics of HTTP cont... HTTP is client-server HTTP is stateless
So since the HTTP protocol has no idea about state, it is the applications responsibility to maintain state. How do the above affect building web applications? Server needs to identify each client uniquely They do this by storing a unique value on the client Since HTTP is stateless, each request made needs to contain unique value. For all practical purposes this unique value is like a password We put this in the browser address line http://google.com/search?q=HTTP What actually went to the google server GET /search?q=HTTP Host: www.google.com Safe Methods GET, HEAD, OPTIONS Not Safe Methods POST, PUT, DELETE Other Methods CONNECT So how do web applications track users? Side-effects of being Stateless What does it look like? HTTP GET HTTP Methods/Verbs HTTP Response Status Codes
1xx – Informational Messages 2xx – Success 200 OK 3xx – Redirects 301, 302 4xx – Client Errors 404, 403, 400 5xx – Server Errors 500, 502, 503, 505 Request Response Request Header Request Body QueryString Response Header Response Body terminal Or Start | Run cmd Some terms to remember Hands-On HTTP with Curl Open a terminal #
$ curl http://akashm.com/box/ip.php $ curl http://akashm.com/box/ip.php -v $ curl http://akashm.com/box/ip.php -I $ curl http://akashm.com/box/ip.php -Iv $ curl http://akashm.com/box/post.php HTTP GET a Page HTTP GET a Page -- verbose HTTP HEAD a Page HTTP HEAD a Page -- verbose HTTP POST a page HTTP GET some query string
$ curl http://akashm.com/box/post.php?name=Akash&lname=Maha jan $ curl http://akashm.com/box/post.php -d "" $ curl http://akashm.com/box/post.php -d "firstname=Akash&l astname=Mahajan" $ curl -v http://akashm.com/box/sess.php $ curl -v http://akashm.com/box/sess.php -c cookie.jar $ curl -v http://akashm.com/box/sess.php -b cookie.jar # HTTP POST a page with empty data HTTP POST a page with data Using curl to mimic a web browser What a session id looks like Lets save the cookie value Lets use the cookie value Basics of TLS/SSL
Encrypted Communication – Eavesdropping and Tampering Secure Identification of a Network – Are you talking to the right server? SSL/TLS
SSL certificate contains a certificate chain which begins with server’s public key certificate and ends with Certificate Authority’s root certificate How does client verify SSL cert?
Live Demo Certificate Hierarchy QnA

Recommended

Hosting
HostingHosting
Hosting
Fajar Baskoro
 
Linux Apache Php Mysql Lamp1273
Linux Apache Php Mysql Lamp1273Linux Apache Php Mysql Lamp1273
Linux Apache Php Mysql Lamp1273
hussulinux
 
Web server and web-hosting
Web server and web-hostingWeb server and web-hosting
Web server and web-hosting
AK DigiHub
 
PHP Training: Module 1
PHP Training: Module 1PHP Training: Module 1
PHP Training: Module 1
hussulinux
 
PHP MySQL Training : Module 2
PHP MySQL Training : Module 2PHP MySQL Training : Module 2
PHP MySQL Training : Module 2
hussulinux
 
PHP MySQL Training : Module 3
PHP MySQL Training : Module 3PHP MySQL Training : Module 3
PHP MySQL Training : Module 3
hussulinux
 
Web Fundamental
Web FundamentalWeb Fundamental
Web Fundamental
SiliconExpert Technologies
 
How to Speed up your Website
How to Speed up your WebsiteHow to Speed up your Website
How to Speed up your Website
HTS Hosting
 

Recommended

Hosting
HostingHosting
Hosting
Fajar Baskoro
 
Linux Apache Php Mysql Lamp1273
Linux Apache Php Mysql Lamp1273Linux Apache Php Mysql Lamp1273
Linux Apache Php Mysql Lamp1273
hussulinux
 
Web server and web-hosting
Web server and web-hostingWeb server and web-hosting
Web server and web-hosting
AK DigiHub
 
PHP Training: Module 1
PHP Training: Module 1PHP Training: Module 1
PHP Training: Module 1
hussulinux
 
PHP MySQL Training : Module 2
PHP MySQL Training : Module 2PHP MySQL Training : Module 2
PHP MySQL Training : Module 2
hussulinux
 
PHP MySQL Training : Module 3
PHP MySQL Training : Module 3PHP MySQL Training : Module 3
PHP MySQL Training : Module 3
hussulinux
 
Web Fundamental
Web FundamentalWeb Fundamental
Web Fundamental
SiliconExpert Technologies
 
How to Speed up your Website
How to Speed up your WebsiteHow to Speed up your Website
How to Speed up your Website
HTS Hosting
 
Web Architecture
Web ArchitectureWeb Architecture
Web Architecture
sudip pudasaini
 
HTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web TechnologiesHTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web Technologies
hoctudau
 
Heavy Web Optimization: Frontend
Heavy Web Optimization: FrontendHeavy Web Optimization: Frontend
Heavy Web Optimization: Frontend
Võ Duy Tuấn
 
High performance website
High performance websiteHigh performance website
High performance website
Chamnap Chhorn
 
Get and post methods
Get and post methodsGet and post methods
Get and post methods
baabtra.com - No. 1 supplier of quality freshers
 
Introduction to Web Architecture
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web Architecture
Chamnap Chhorn
 
Web architecture - overview of techniques.
Web architecture - overview of techniques.Web architecture - overview of techniques.
Web architecture - overview of techniques.
Ruslan Shevchenko
 
Get method and post method
Get method and post methodGet method and post method
Get method and post method
baabtra.com - No. 1 supplier of quality freshers
 
Architecture Best Practices
Architecture Best PracticesArchitecture Best Practices
Architecture Best Practices
AWS Germany
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006
guestfbf1e1
 
Plaxo OSCON 2006
Plaxo OSCON 2006Plaxo OSCON 2006
Plaxo OSCON 2006
gueste8e0fb
 
WordPress vs Other Content Management System
WordPress vs Other Content Management SystemWordPress vs Other Content Management System
WordPress vs Other Content Management System
HTS Hosting
 
GET and POST in PHP
GET and POST in PHPGET and POST in PHP
GET and POST in PHP
Vineet Kumar Saini
 
Basic web architecture
Basic web architectureBasic web architecture
Basic web architecture
Ralu Mihordea
 
Introduction to Rest Protocol
Introduction to Rest ProtocolIntroduction to Rest Protocol
Introduction to Rest Protocol
Avinash Ketkar
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
guestb2ed5f
 
Intro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermansIntro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermans
Tom Hermans
 
AJAX for Scalability
AJAX for ScalabilityAJAX for Scalability
AJAX for Scalability
Tuenti
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5
Web Directions
 
PHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for phpPHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for php
aimaq9a
 
Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHP
Matthew Turland
 
KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7
phuphax
 

More Related Content

What's hot

Web Architecture
Web ArchitectureWeb Architecture
Web Architecture
sudip pudasaini
 
HTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web TechnologiesHTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web Technologies
hoctudau
 
Heavy Web Optimization: Frontend
Heavy Web Optimization: FrontendHeavy Web Optimization: Frontend
Heavy Web Optimization: Frontend
Võ Duy Tuấn
 
High performance website
High performance websiteHigh performance website
High performance website
Chamnap Chhorn
 
Get and post methods
Get and post methodsGet and post methods
Get and post methods
baabtra.com - No. 1 supplier of quality freshers
 
Introduction to Web Architecture
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web Architecture
Chamnap Chhorn
 
Web architecture - overview of techniques.
Web architecture - overview of techniques.Web architecture - overview of techniques.
Web architecture - overview of techniques.
Ruslan Shevchenko
 
Get method and post method
Get method and post methodGet method and post method
Get method and post method
baabtra.com - No. 1 supplier of quality freshers
 
Architecture Best Practices
Architecture Best PracticesArchitecture Best Practices
Architecture Best Practices
AWS Germany
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006
guestfbf1e1
 
Plaxo OSCON 2006
Plaxo OSCON 2006Plaxo OSCON 2006
Plaxo OSCON 2006
gueste8e0fb
 
WordPress vs Other Content Management System
WordPress vs Other Content Management SystemWordPress vs Other Content Management System
WordPress vs Other Content Management System
HTS Hosting
 
GET and POST in PHP
GET and POST in PHPGET and POST in PHP
GET and POST in PHP
Vineet Kumar Saini
 
Basic web architecture
Basic web architectureBasic web architecture
Basic web architecture
Ralu Mihordea
 
Introduction to Rest Protocol
Introduction to Rest ProtocolIntroduction to Rest Protocol
Introduction to Rest Protocol
Avinash Ketkar
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
guestb2ed5f
 
Intro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermansIntro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermans
Tom Hermans
 
AJAX for Scalability
AJAX for ScalabilityAJAX for Scalability
AJAX for Scalability
Tuenti
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5
Web Directions
 
PHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for phpPHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for php
aimaq9a
 

What's hot (20)

Web Architecture
Web ArchitectureWeb Architecture
Web Architecture
 
HTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web TechnologiesHTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web Technologies
 
Heavy Web Optimization: Frontend
Heavy Web Optimization: FrontendHeavy Web Optimization: Frontend
Heavy Web Optimization: Frontend
 
High performance website
High performance websiteHigh performance website
High performance website
 
Get and post methods
Get and post methodsGet and post methods
Get and post methods
 
Introduction to Web Architecture
Introduction to Web ArchitectureIntroduction to Web Architecture
Introduction to Web Architecture
 
Web architecture - overview of techniques.
Web architecture - overview of techniques.Web architecture - overview of techniques.
Web architecture - overview of techniques.
 
Get method and post method
Get method and post methodGet method and post method
Get method and post method
 
Architecture Best Practices
Architecture Best PracticesArchitecture Best Practices
Architecture Best Practices
 
Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006Joseph-Smarr-Plaxo-OSCON-2006
Joseph-Smarr-Plaxo-OSCON-2006
 
Plaxo OSCON 2006
Plaxo OSCON 2006Plaxo OSCON 2006
Plaxo OSCON 2006
 
WordPress vs Other Content Management System
WordPress vs Other Content Management SystemWordPress vs Other Content Management System
WordPress vs Other Content Management System
 
GET and POST in PHP
GET and POST in PHPGET and POST in PHP
GET and POST in PHP
 
Basic web architecture
Basic web architectureBasic web architecture
Basic web architecture
 
Introduction to Rest Protocol
Introduction to Rest ProtocolIntroduction to Rest Protocol
Introduction to Rest Protocol
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
 
Intro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermansIntro the WordPress REST API by tomhermans
Intro the WordPress REST API by tomhermans
 
AJAX for Scalability
AJAX for ScalabilityAJAX for Scalability
AJAX for Scalability
 
Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5Dave Orchard - Offline Web Apps with HTML5
Dave Orchard - Offline Web Apps with HTML5
 
PHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for phpPHP tutorials , php tutorials for beginners , tutorials for php
PHP tutorials , php tutorials for beginners , tutorials for php
 

Similar to HTTP Basics Demo

Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHP
Matthew Turland
 
KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7
phuphax
 
01. http basics v27
01. http basics v2701. http basics v27
01. http basics v27
Eoin Keary
 
Resource-Oriented Web Services
Resource-Oriented Web ServicesResource-Oriented Web Services
Resource-Oriented Web Services
Bradley Holt
 
RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座
Li Yi
 
Software performance testing_overview
Software performance testing_overviewSoftware performance testing_overview
Software performance testing_overview
Rohan Bhattarai
 
Under the Covers with the Web
Under the Covers with the WebUnder the Covers with the Web
Under the Covers with the Web
Trevor Lohrbeer
 
Restful web services
Restful web servicesRestful web services
Restful web services
MD Sayem Ahmed
 
A RESTful introduction
A RESTful introductionA RESTful introduction
A RESTful introduction
Daniel Toader
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
Chalermpon Areepong
 
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
Alessandro Nadalin
 
RESTful services
RESTful servicesRESTful services
RESTful services
gouthamrv
 
introduction_php.ppt
introduction_php.pptintroduction_php.ppt
introduction_php.ppt
ArunKumar313658
 
10_introduction_php.ppt
10_introduction_php.ppt10_introduction_php.ppt
10_introduction_php.ppt
MercyL2
 
Making the Most of HTTP In Your Apps
Making the Most of HTTP In Your AppsMaking the Most of HTTP In Your Apps
Making the Most of HTTP In Your Apps
Ben Ramsey
 
Cqrs api v2
Cqrs api v2Cqrs api v2
Cqrs api v2
Brandon Mueller
 
10_introduction_php.ppt
10_introduction_php.ppt10_introduction_php.ppt
10_introduction_php.ppt
GiyaShefin
 
Chapter 1.Web Techniques_Notes.pptx
Chapter 1.Web Techniques_Notes.pptxChapter 1.Web Techniques_Notes.pptx
Chapter 1.Web Techniques_Notes.pptx
ShitalGhotekar
 
PHP
PHPPHP
PHP
kaushil shah
 
Implementing Comet using PHP
Implementing Comet using PHPImplementing Comet using PHP
Implementing Comet using PHP
King Foo
 

Similar to HTTP Basics Demo (20)

Web Scraping with PHP
Web Scraping with PHPWeb Scraping with PHP
Web Scraping with PHP
 
KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7KMUTNB - Internet Programming 2/7
KMUTNB - Internet Programming 2/7
 
01. http basics v27
01. http basics v2701. http basics v27
01. http basics v27
 
Resource-Oriented Web Services
Resource-Oriented Web ServicesResource-Oriented Web Services
Resource-Oriented Web Services
 
RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座
 
Software performance testing_overview
Software performance testing_overviewSoftware performance testing_overview
Software performance testing_overview
 
Under the Covers with the Web
Under the Covers with the WebUnder the Covers with the Web
Under the Covers with the Web
 
Restful web services
Restful web servicesRestful web services
Restful web services
 
A RESTful introduction
A RESTful introductionA RESTful introduction
A RESTful introduction
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
 
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011REST in ( a mobile ) peace @ WHYMCA 05-21-2011
REST in ( a mobile ) peace @ WHYMCA 05-21-2011
 
RESTful services
RESTful servicesRESTful services
RESTful services
 
introduction_php.ppt
introduction_php.pptintroduction_php.ppt
introduction_php.ppt
 
10_introduction_php.ppt
10_introduction_php.ppt10_introduction_php.ppt
10_introduction_php.ppt
 
Making the Most of HTTP In Your Apps
Making the Most of HTTP In Your AppsMaking the Most of HTTP In Your Apps
Making the Most of HTTP In Your Apps
 
Cqrs api v2
Cqrs api v2Cqrs api v2
Cqrs api v2
 
10_introduction_php.ppt
10_introduction_php.ppt10_introduction_php.ppt
10_introduction_php.ppt
 
Chapter 1.Web Techniques_Notes.pptx
Chapter 1.Web Techniques_Notes.pptxChapter 1.Web Techniques_Notes.pptx
Chapter 1.Web Techniques_Notes.pptx
 
PHP
PHPPHP
PHP
 
Implementing Comet using PHP
Implementing Comet using PHPImplementing Comet using PHP
Implementing Comet using PHP
 

More from InMobi Technology

Optimizer Hints
Optimizer HintsOptimizer Hints
Optimizer Hints
InMobi Technology
 
Case Studies on PostgreSQL
Case Studies on PostgreSQLCase Studies on PostgreSQL
Case Studies on PostgreSQL
InMobi Technology
 
PostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major FeaturesPostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major Features
InMobi Technology
 
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQLToro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
InMobi Technology
 
Building Spark as Service in Cloud
Building Spark as Service in CloudBuilding Spark as Service in Cloud
Building Spark as Service in Cloud
InMobi Technology
 
Building Machine Learning Pipelines
Building Machine Learning PipelinesBuilding Machine Learning Pipelines
Building Machine Learning Pipelines
InMobi Technology
 
Ensemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic TradingEnsemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic Trading
InMobi Technology
 
Backbone & Graphs
Backbone & GraphsBackbone & Graphs
Backbone & Graphs
InMobi Technology
 
24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL
InMobi Technology
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
InMobi Technology
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
InMobi Technology
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big Data
InMobi Technology
 
What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014
InMobi Technology
 
Attacking Web Proxies
Attacking Web ProxiesAttacking Web Proxies
Attacking Web Proxies
InMobi Technology
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet Bangalore
InMobi Technology
 
Matriux blue
Matriux blueMatriux blue
Matriux blue
InMobi Technology
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology
 
Running Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale PlatformRunning Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale Platform
InMobi Technology
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
InMobi Technology
 
Big Data BI Simplified
Big Data BI SimplifiedBig Data BI Simplified
Big Data BI Simplified
InMobi Technology
 

More from InMobi Technology (20)

Optimizer Hints
Optimizer HintsOptimizer Hints
Optimizer Hints
 
Case Studies on PostgreSQL
Case Studies on PostgreSQLCase Studies on PostgreSQL
Case Studies on PostgreSQL
 
PostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major FeaturesPostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major Features
 
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQLToro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
 
Building Spark as Service in Cloud
Building Spark as Service in CloudBuilding Spark as Service in Cloud
Building Spark as Service in Cloud
 
Building Machine Learning Pipelines
Building Machine Learning PipelinesBuilding Machine Learning Pipelines
Building Machine Learning Pipelines
 
Ensemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic TradingEnsemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic Trading
 
Backbone & Graphs
Backbone & GraphsBackbone & Graphs
Backbone & Graphs
 
24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big Data
 
What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014
 
Attacking Web Proxies
Attacking Web ProxiesAttacking Web Proxies
Attacking Web Proxies
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet Bangalore
 
Matriux blue
Matriux blueMatriux blue
Matriux blue
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
Running Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale PlatformRunning Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale Platform
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
 
Big Data BI Simplified
Big Data BI SimplifiedBig Data BI Simplified
Big Data BI Simplified
 

Recently uploaded

The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 

Recently uploaded (20)

The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 

HTTP Basics Demo

  • 1. December 13, 2014 Akash Mahajan # This module will set the base for anyone interested in learning about Hyper Text Transfer Protocol (HTTP) basics with regards to Web Security. 10+ years of industry experience. Director - The App Sec Lab OWASP Bangalore Chapter Lead Co-Founder and Community Manager at null - The Open Security Group akashmahajan@gmail.com | +91 9980527182 | @makash HTTP Basics Introduction About me Akash Mahajan
  • 2. Curl So for the greater good, please speak up You have no idea what I am talking about. Great we will learn together You know more than me. Great, please correct my mistakes and cover any gaps I expect full participation from everyone Learn the fundamentals of HTTP (Language/Platform agnostic) *Have fun and learn a lot* # Information for Participants Software Requirements Chances are I am going to be wrong about 2/10 things that I talk about {data- background="#ffc928"} 2 Kinds of audience here Participate! {data- background=images/participate.jpg} Objectives Agenda
  • 3. Basics of Hyper Text Transfer Protocol (HTTP) *Hands-On* with Command Line Web Client Basics of TLS/SSL (Time permitting) # Hyper Text Transfer Protocol From Wikipedia HTTP is a request/response standard of a client and a server. A client is the end-user, the server is the web site. The client making a HTTP request—using a web browser, spider, or other end-user tool—is referred to as the user agent. The responding server—which stores or creates resources such as HTML files and images—is called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels. Clients make request and servers respond It can't be the other way. Servers can not initiate any communication on their own in HTTP HTTP has no notion of state. One connection has no relationship to another. HTTP Basics of HTTP Basics of HTTP cont... HTTP is client-server HTTP is stateless
  • 4. So since the HTTP protocol has no idea about state, it is the applications responsibility to maintain state. How do the above affect building web applications? Server needs to identify each client uniquely They do this by storing a unique value on the client Since HTTP is stateless, each request made needs to contain unique value. For all practical purposes this unique value is like a password We put this in the browser address line http://google.com/search?q=HTTP What actually went to the google server GET /search?q=HTTP Host: www.google.com Safe Methods GET, HEAD, OPTIONS Not Safe Methods POST, PUT, DELETE Other Methods CONNECT So how do web applications track users? Side-effects of being Stateless What does it look like? HTTP GET HTTP Methods/Verbs HTTP Response Status Codes
  • 5. 1xx – Informational Messages 2xx – Success 200 OK 3xx – Redirects 301, 302 4xx – Client Errors 404, 403, 400 5xx – Server Errors 500, 502, 503, 505 Request Response Request Header Request Body QueryString Response Header Response Body terminal Or Start | Run cmd Some terms to remember Hands-On HTTP with Curl Open a terminal #
  • 6. $ curl http://akashm.com/box/ip.php $ curl http://akashm.com/box/ip.php -v $ curl http://akashm.com/box/ip.php -I $ curl http://akashm.com/box/ip.php -Iv $ curl http://akashm.com/box/post.php HTTP GET a Page HTTP GET a Page -- verbose HTTP HEAD a Page HTTP HEAD a Page -- verbose HTTP POST a page HTTP GET some query string
  • 7. $ curl http://akashm.com/box/post.php?name=Akash&lname=Maha jan $ curl http://akashm.com/box/post.php -d "" $ curl http://akashm.com/box/post.php -d "firstname=Akash&l astname=Mahajan" $ curl -v http://akashm.com/box/sess.php $ curl -v http://akashm.com/box/sess.php -c cookie.jar $ curl -v http://akashm.com/box/sess.php -b cookie.jar # HTTP POST a page with empty data HTTP POST a page with data Using curl to mimic a web browser What a session id looks like Lets save the cookie value Lets use the cookie value Basics of TLS/SSL
  • 8. Encrypted Communication – Eavesdropping and Tampering Secure Identification of a Network – Are you talking to the right server? SSL/TLS
  • 9.
  • 10.
  • 11. SSL certificate contains a certificate chain which begins with server’s public key certificate and ends with Certificate Authority’s root certificate How does client verify SSL cert?