0% found this document useful (0 votes)

149 views5 pages

Web Security and HTTP Protocols

This document discusses various topics related to HTTP including session management, cookies, access control, headers, authentication methods, encoding schemes, and common vulnerabilities like SQL injection, cross-site scripting, and session hijacking. It also mentions PUT and GET methods, REST, and tools/technologies like servlets, ColdFusion, Ruby on Rails, and content management systems.

Uploaded by

Dron patel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

149 views5 pages

Web Security and HTTP Protocols

Uploaded by

Dron patel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

Http.

Session management.

Http cookies.

Handling user access.

How token are generated.

Access control.

SOAP service

SMTP injection

Canonicalization

Saitization

Error handling

User agent

host header

cookie header

pragma header

Content-Type header

Content-Length header

Allow header

Put and get method

Trace in http

Head functions

Arbitrary script

Rerefer header

User-agent header

Representational state transfer (REST)

General Headers
connection

content-encoding

content-length
content-type

transfer-encoding

REQUEST HEADERS
Accept

accept-encoding

authorization

host

if-modified-since

if-none-match

origin

referer

user-agent

RESPONSE HEADERS
access-control-allow-origin

cache-control

etag

expires

location

pragma

server

set-cookie

www-authenticate

x-frame-option

If-None-Match header

---------------------------------

Connect method
HTTP AUTHENTICATION
 Basic
 NTLM
 Digest
Document Type Definition (DTD)
Web Services Description Language (WSDL)
redir parameter
Web 2.0
Different types of encoding systems
Naming scheme
Review of client and server-side code.
Java applet
ActiveX
Flash
Content management system (CMS)
Discover about hidden parameter in URL
Learn about parameters (request parameter, etc)
HTTP header
Out-of-band channel

servlet — Java servlets

n pls — Oracle Application Server PL/SQL
gateway
n cfdocs or cfide — Cold Fusion
n Silverstream — The Silverstream web server
n WebObjects or {function}.woa — Apple
WebObjects
n rails — Ruby on Rails
JSESSIONID — The Java Platform
n ASPSESSIONID — Microsoft IIS server
n ASP.NET_SessionId — Microsoft ASP.NET
n CFID/CFTOKEN — Cold Fusion
n PHPSESSID — PHP
Obfuscation scheme
Database interaction — SQL injection
File uploading and downloading — Path traversal
vulnerabilities, stored
Client-side validation — Checks may not be replicated on the
server
cross-site scripting
Display of user-supplied data — Cross-site scripting
Dynamic redirects — Redirection and header injection
attacks
Social networking features — username enumeration,
stored cross-site
scripting
Login — Username enumeration, weak passwords, ability to
use brute
force
Multistage login — Logic flaws
Session state — Predictable tokens, insecure handling of
tokens
Access controls — Horizontal and vertical privilege escalation
User impersonation functions — Privilege escalation
Use of cleartext communications — Session hijacking,
capture of credentials
and other sensitive data
Off-site links — Leakage of query string parameters in the
Referer
header
Interfaces to external systems — Shortcuts in the handling
of sessions
and/or access controls
Error messages — Information leakage
E-mail interaction — E-mail and/or command injection
Native code components or interaction — Buffer overflows
Use of third-party application components — Known
vulnerabilities
Identifiable web server software — Common configuration
weaknesses, known software bugs
Base 64 encoding-decoding

Websec 101: Session Management
No ratings yet
Websec 101: Session Management
23 pages
Web App Security for IT Students
100% (1)
Web App Security for IT Students
6 pages
S4 Web Sec
No ratings yet
S4 Web Sec
89 pages
Web Session Management and Security
No ratings yet
Web Session Management and Security
39 pages
Isc 08 Web Security
No ratings yet
Isc 08 Web Security
37 pages
Rapid7 Insightappsec Appspider Attack Types Datasheet2
No ratings yet
Rapid7 Insightappsec Appspider Attack Types Datasheet2
1 page
Hacking Web Server
No ratings yet
Hacking Web Server
20 pages
Hacking Activity Hack A WebServer
No ratings yet
Hacking Activity Hack A WebServer
13 pages
Information Gathering Test Name
No ratings yet
Information Gathering Test Name
15 pages
E-commerce Security Essentials
No ratings yet
E-commerce Security Essentials
27 pages
Web Security Vulnerabilities Overview
No ratings yet
Web Security Vulnerabilities Overview
36 pages
Web Penetration Testing in C# & .NET
No ratings yet
Web Penetration Testing in C# & .NET
45 pages
Ethical Hacking for IT Professionals
No ratings yet
Ethical Hacking for IT Professionals
25 pages
Understanding Web Sessions and Cookies
No ratings yet
Understanding Web Sessions and Cookies
41 pages
Wa0024.
No ratings yet
Wa0024.
4 pages
Cookie Poisoning by Line
100% (1)
Cookie Poisoning by Line
10 pages
Black Hat Europe 2001 Presentation
No ratings yet
Black Hat Europe 2001 Presentation
52 pages
Web Application Exploitation Guide
No ratings yet
Web Application Exploitation Guide
116 pages
4 - XSS - CSRF
No ratings yet
4 - XSS - CSRF
21 pages
THM Hacking Encyclopedia
100% (1)
THM Hacking Encyclopedia
91 pages
Web Exploitation
No ratings yet
Web Exploitation
18 pages
Web Hacking for Ethical Hackers
No ratings yet
Web Hacking for Ethical Hackers
25 pages
Session Management
No ratings yet
Session Management
23 pages
12siddharth Anbalahan
No ratings yet
12siddharth Anbalahan
46 pages
Evilginx Phishlet Developer Masterclass (2025) - Simpler Hacking 25
No ratings yet
Evilginx Phishlet Developer Masterclass (2025) - Simpler Hacking 25
2 pages
Pentest Checklists
100% (1)
Pentest Checklists
20 pages
10 SessionMgmt
No ratings yet
10 SessionMgmt
37 pages
Bug Bounty Checklist
100% (1)
Bug Bounty Checklist
7 pages
12 Ceh Hacking Web Applications
0% (1)
12 Ceh Hacking Web Applications
111 pages
Security Testing Mat
No ratings yet
Security Testing Mat
9 pages
With Emphasis On Web Applications Security Related Issues
0% (1)
With Emphasis On Web Applications Security Related Issues
28 pages
Web Application Security
No ratings yet
Web Application Security
65 pages
Web App Security for IT Students
No ratings yet
Web App Security for IT Students
61 pages
Vuln Scan
No ratings yet
Vuln Scan
12 pages
Web Security Basics & Vulnerabilities
No ratings yet
Web Security Basics & Vulnerabilities
16 pages
5 Mins Presentation-Session Vulnerabilities
No ratings yet
5 Mins Presentation-Session Vulnerabilities
7 pages
Web Application Security Setup Guide
No ratings yet
Web Application Security Setup Guide
19 pages
Pmis Assg4 10is12f
No ratings yet
Pmis Assg4 10is12f
5 pages
Cheatsheet OWASPCheckList
No ratings yet
Cheatsheet OWASPCheckList
4 pages
Web Application Test Cases
No ratings yet
Web Application Test Cases
10 pages
WAPT Checklist
No ratings yet
WAPT Checklist
5 pages
Pentest Book: Pentesting Web Checklist Recon Phase
No ratings yet
Pentest Book: Pentesting Web Checklist Recon Phase
9 pages
Topic 5 - Web Application Security
No ratings yet
Topic 5 - Web Application Security
50 pages
Web App Security: Vulnerabilities & Solutions
No ratings yet
Web App Security: Vulnerabilities & Solutions
40 pages
Web App Cheat Sheet 2
No ratings yet
Web App Cheat Sheet 2
1 page
Chap 2 Web Application Security
No ratings yet
Chap 2 Web Application Security
26 pages
Session Management More
No ratings yet
Session Management More
16 pages
Secure Web
No ratings yet
Secure Web
41 pages
Unit 3
No ratings yet
Unit 3
67 pages
Web App Security: Top Vulnerabilities
No ratings yet
Web App Security: Top Vulnerabilities
90 pages
Top Ten Web Attacks: Saumil Shah Net-Square
No ratings yet
Top Ten Web Attacks: Saumil Shah Net-Square
46 pages
Web App Testing
No ratings yet
Web App Testing
11 pages
Web Penetration Testing Overview
No ratings yet
Web Penetration Testing Overview
60 pages
CEH Module 14
No ratings yet
CEH Module 14
195 pages
OWASP WSTG Checklist
No ratings yet
OWASP WSTG Checklist
74 pages
TASK 2 Subscribed Databases - Information Literacy
No ratings yet
TASK 2 Subscribed Databases - Information Literacy
3 pages
Constructing Hermitian Matrices
No ratings yet
Constructing Hermitian Matrices
14 pages
2021 Y9 Da Vinci AT2
No ratings yet
2021 Y9 Da Vinci AT2
8 pages
Encryption Wizzard Manual
No ratings yet
Encryption Wizzard Manual
20 pages
Vocabulary 1.2
No ratings yet
Vocabulary 1.2
26 pages
Research Report Writing Lesson Plan
100% (1)
Research Report Writing Lesson Plan
6 pages
TP Manual 2019R1
No ratings yet
TP Manual 2019R1
881 pages
Test 3 (Geography-English) - Solution
No ratings yet
Test 3 (Geography-English) - Solution
28 pages
Walking As Retreat Article
No ratings yet
Walking As Retreat Article
3 pages
The Wilderness Society Style Guide 2014-2018
No ratings yet
The Wilderness Society Style Guide 2014-2018
52 pages
Vodafone Dispersed Radio Guidelines For Direct Supply and Powershift
No ratings yet
Vodafone Dispersed Radio Guidelines For Direct Supply and Powershift
13 pages
Graphic Novel Exam Review Assessment
No ratings yet
Graphic Novel Exam Review Assessment
5 pages
SASS Aviation English Course
No ratings yet
SASS Aviation English Course
3 pages
Sandeep - CH Resume
No ratings yet
Sandeep - CH Resume
4 pages
TCL-TK Quick Guide
100% (1)
TCL-TK Quick Guide
139 pages
If Clause - 1St Conditional: Will Pass Will Go Will Be
No ratings yet
If Clause - 1St Conditional: Will Pass Will Go Will Be
7 pages
10731648
No ratings yet
10731648
274 pages
C1 Cleft Sentences
No ratings yet
C1 Cleft Sentences
6 pages
Tayahin Module Assessment Week 6
No ratings yet
Tayahin Module Assessment Week 6
4 pages
Exploring The Premed Discourse Community
No ratings yet
Exploring The Premed Discourse Community
4 pages
NSTP 1 - National Service Training Program 1
No ratings yet
NSTP 1 - National Service Training Program 1
5 pages
File Transfer Protocol
No ratings yet
File Transfer Protocol
11 pages
Software Engeenring KL
No ratings yet
Software Engeenring KL
19 pages
2023 Year 1 Diagnostic Test
No ratings yet
2023 Year 1 Diagnostic Test
8 pages
Extra - Grammar - A1 - Level - 3 Connect 3
No ratings yet
Extra - Grammar - A1 - Level - 3 Connect 3
5 pages
Oracle Unix/Linux Performance Tuning
No ratings yet
Oracle Unix/Linux Performance Tuning
35 pages
Math Lesson PowerPoint
No ratings yet
Math Lesson PowerPoint
17 pages
c1 Grammar and Writing July Intensive 2020 Week 3
No ratings yet
c1 Grammar and Writing July Intensive 2020 Week 3
11 pages
Gujarati Books in VSPC Library
0% (1)
Gujarati Books in VSPC Library
480 pages
Paper 6.1 LAB Manual
No ratings yet
Paper 6.1 LAB Manual
15 pages