module 6 Flashcards
HTTP
stateless protocol that does not rely on a persistent connection for communication logic. an application-level protocol in the TCP/IP protocol suite, and it uses TCP as the underlying transport layer protocol for transmitting messages. uses a request/response model
HTTP GET
Retrieves information from the server. No modifying
HTTP POST
Sends data to the server, modifies, new resources.
HTTP PUT
Uploads a representation of the specified URI, update resources, modifying.
HTTP DELETE
Deletes the specified resource.
URL STRUCTURE: SCHEME
designates the underlying protocol to be used
URL STRUCTURE: HOST
the IP address (numeric or DNS-based) for the web server being accessed
URL STRUCTURE: PORT
designates the port number to which the target web server listens
URL STRUCTURE: PATH
“root” directory of the server to the desired resource
URL STRUCTURE: PATH-SEGMENT-PARAMS
optional name/value pairs (that is, path segment parameters)
URL STRUCTURE: QUERY-STRING
optional portion of the URL contains name/value pairs that represent dynamic parameters associated with the request
WEB SESSIONS
is a sequence of HTTP request and response transactions between a web client and a server. can create sessions to keep track of anonymous users after the very first user request. can provide session capabilities both before and after authentication.
SESSION IDS/TOKENS
In order to keep the authenticated state and track user progress. name/value pair.may indicate what framework and programming languages are used by the web application.must be long enough to prevent brute-force attacks. temporarily equivalent to the strongest authentication method used by the application, such as username and password, one-time password, client-based digital certificate, and so on. COOKIES.
SESSION FIXATION ATTACKS
in which the attacker is able to intercept and manipulate the web traffic to inject (or fix) the session ID on the victim’s web browser.
COOKIE MAXAGE OR EXPIRES ATTRIBUTE
it is considered a persistent cookie and is stored on a disk by the web browser until the expiration time.