This document provides an overview of fundamental networking and web architecture concepts, including: - The OSI 7-layer model and common network topologies like bus, star, and mesh. - Key protocols like IP, TCP, UDP, and DNS that enable communication and addressing on the internet. - The basic architecture of the internet and how hardware and protocols interconnect networks. - How static web pages are organized on websites and accessed via HTTP requests and responses with HTML content. - REST-based architecture which allows web applications by treating resources as manipulable representations accessed through hypermedia links and queries rather than static pages.

1. Fundamental Concepts
OWASP Hyderabad
Oct 10th, 2009
Marc-André Laverdière

2. Agenda
● Network Basics
● IP, TCP, UDP, DNS
● Internet Architecture
● Static Web architecture
● HTTP features
● REST-based architecture
(P.S. All images courtesy of Wikipedia)

3. Network Basics
● OSI 7 Layer Model

4. Network Topologies
● Point to point: using
a switch or
dedicated wiring
● Bus: common wire,
like in cable internet
● Star: central hub
● Ring: token ring
● Mesh: redudancies
● Tree: hierarchical

5. Network Terms
● Client: computer that requests a service
● Server: computer that fulfills the request
● Gateway: point of contact to another network
● Proxy: intermediary for making requests to servers.
Often caches resources
● Router: forwards information
● Hub: connects many network segments
● Switch: more efficient hub
● Link: connection between two points

6. IP
● IP: Internet Protocol
● Used to send
packets between
point A and point B
● No delivery
guarantee
● Two current
versions: IPv4 and
IPv6

7. IPv4 vs IPv6
● IPv6 adds many features to IPv4:
– Greater address space
– Supports autoconfiguration
– Multicast
– Mandatory IPSec (encryption, authentication,
tunelling)
– Removed rare fields, redundant checksum
– Larger max packet size (4GB)
– Support for mobile devices

8. NAT
● Network Address Translation, used with IP
masquerading
● Used to make one IP address as front-end
for many. E.g. Wireless hub+router
● Gateway rewrites the packets so that they
look like they all originate from the gateway
● Breaks some applications, like SIP and some
peer-to-peer clients

9. TCP
● Transmission Control Protocol
● Allows reliable transmissions
● Error detection
● Flow/congestion control
● Add concept of port
● Connection-based

10. UDP
● User Datagram Protocol
● Ports
● Fast
● No integrity checking/resending

11. DNS
● Domain
Name
System
● UDP main
● Some TCP
● 13 root
clusters

12. Internet Architecture
● Interconnected computer networks
● TCP/IP
● DNS
● Lots of hardware
● Supports many things
– WWW
– Email
– Usenet
– IRC

14. Static Web Architecture
● Www: portion of the Internet for retrieval of
hyperdocuments
● Multiple clients, multiple servers
● All resources are static
● Documents can include or refer to other
resources
● Resources are organized under websites
● DNS, HTTP, HTML

15. HTTP
● HyperText Transfer ● Verbs:
Protocol – HEAD: get metadata
● Text-based – GET: get a resource
POST: submit data to a
● Binary content must be –
resource
encoded (often
– PUT: upload a resource
Base64)
– DELETE
● One connection per – TRACE: echo back the
request (HTTP 1.0) or request
one connection for – OPTIONS: list supported
many (HTTP 1.1) methods
● Stateless – CONNECT: create a tunnel

16. HTTP Request
● User-Agent Opera/9.64 (X11; Linux i686; U; en)
Presto/2.1.1
● Host www.wired.com
● Accept text/html, application/xml;q=0.9,
application/xhtml+xml, image/png, image/jpeg,
image/gif, image/x-xbitmap, */*;q=0.1
● Accept-Language en-IN,en;q=0.9
● Accept-Charset iso-8859-1, utf-8, utf-16, *;q=0.1
● Accept-Encoding deflate, gzip, x-gzip, identity,
*;q=0
● Cookie [cut]
● Cookie2 $Version=1
● Proxy-Connection Keep-Alive

17. HTTP Response Header
● HTTP/1.1 200 OK
● Date: Mon, 23 May 2005 22:38:34 GMT
● Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
● Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
● Etag: "3f80f-1b6-3e1cb03b"
● Accept-Ranges: bytes
● Content-Length: 438
● Connection: close
● Content-Type: text/html; charset=UTF-8

18. Cookies
● Cookies are values determined by the server
that are stored by the client
● The client automatically sends the cookie
value on every request to the server

19. REST-Based Architecture
● Problem: what I described is static. We need
to execute code to have Web Applications
● Principles:
– Everything goes through the resources.
Resources are different than the
representation given to the clients
– Resources can be manipulated through the
representation
– Each message is self-descriptive
– Hypermedia contains the application state

20. Essentially
● Applications react to queries from the clients
only. Nothing happens without a query.
● Resource access is free to trigger any
processing