14.1 HTTP with Session and Cookies Flashcards
Securing the web requires in-depth knowledge of what topics? (4)
- Client-server architecture
- HyperText Transfer Protocol (HTTP)
- HTTP requests
- HTTP responses
The client-server model is an exchange of information, a cycle of _______ and _______ between ______ and ________.
The client-server model is an exchange of information, a cycle of requests and responses between clients and servers.
Clients and servers use the _______ to communicate on the web.
Clients and servers use the HTTP protocol to communicate on the web.
HTTP is what layer of OSI model?
Layer 7 Application
HTTP is used to transfer web pages, static assets such as images and HTML/markup files, and raw data, such as MP4 video or MP3 audio.
There are various types of requests, known as ________, which indicate the specific actions between the client and server.
There are various types of requests, known as HTTP methods, which indicate the specific actions between the client and server.
What are the three main various HTTP methods?
- A user requests data from a server:
Ex. I’d like to see my friend’s photos on Facebook.
- A user gives data to a server:
Ex. Here are my credentials for my LinkedIn account.
- A user updates data already existing on a server:
Ex. Two new accounts have been added to the employee directory database.
What are all the various HTTP methods? (6)
- GET - Requests data from a server.
- POST - Sends data to a source, often changing or updating a server.
- PUT - Replaces current data with the new value.
- DELETE - Deletes a specified resource.
- CONNECT - Establishes a tunnel to the server.
- OPTIONS - Lists the communication options for target resource.
What is an example of a GET request?
When you open a browser and go to amazon.com, the HTTP client (your browser) asks to GET the data that the URL (amazon.com) points to. That data is the webpage.
What is an example of a POST request?
Once your browser goes to amazon.com, you need to log into your Amazon account. The client sends a POST request that contains your credentials for logging in.
What’s the whitespace mean in a request?
Whitespace is a blank line indicating the end of the request.
______ is a command-line client that allows us to send data to and from servers. This allows security professionals to:(4)
curl
- Test web server security configurations.
- Ensure web servers don’t leak sensitive data through their HTTP responses.
- Verify that servers only respond to certain types of requests.
- Look for vulnerabilities on a web server.
HTTP resources are inherently ________, meaning that when your browser requests a web page, the webpage can’t distinguish you from others.
stateless
True or Flase: Websites need a way to deliver content that is specific to each user. To do so, they establish sessions with cookies.
True Cookies are small pieces of text data that, when sent by an HTTP server’s response header, are saved by the user’s HTTP client.
HTTP requests are sent from an ______ to an ______
HTTP requests are sent from an HTTP client to an HTTP server
_______ are sent back from the ________ as a response to the client
HTTP responses are sent back from the HTTP servers as a response to the client
HTTP requests include: (3)
- Request line
- Request header
- Optional request body
HTTP responses include: (3)
- Status line
- Response header
- Usually a response body
Explain query parameters:
Query parameters allow you to be specific about the parts of a resource you want to send or receive data from.
Explain the PUT method:
PUT requests also send data to an HTTP server, but are often used to overwrite resources, such as updating a part of a webpage.
Explain the DELETE method
The DELETE method deletes the specified resource from the server
Explain the CONNECT method:
The CONNECT method establishes a tunnel to the server.
Explain the OPTIONS method:
OPTIONS requests ask an HTTP server to respond with all HTTP methods that the HTTP server is programmed to respond to.
Explain what an HTTP request looks like:
A **request line** contains the request method, the name of the requested resource, and the version of HTTP in use.
- The request line can also contain **query parameters**, which the client can use to send data to the server.
**Headers** contain additional details about the requested resource. They are used to implement many actions with security implications, such as authentication and remembering user resources.
- There are many different types of headers, and you aren’t expected to remember them all.
- We’ll see the most common headers as we continue to explore requests and responses. Links to reference documentation will be provided, which you can use for their own research later.
**Whitespace** is a blank line indicating the end of the request.

Once the server receives the request, explain what it returns:
A **status line** contains the response status code and translation, such as OK
or Conflict
.
**Headers** contain additional information about the response, similar to response headers.
-Whitespace (a blank line) separates the header from the response body that follows.
A **response body** contains the resource requested by the client, all of the web code and styling that your browser uses to format the page.




