Professional Documents
Culture Documents
URL:
URL is an acronym for Uniform Resource Locator and is a reference (an address) to a
resource on the Internet protocol identifier: For the URL http://example.com , the
protocol identifier is http . Resource name:
Http Request
HTTP Request is a packet of Information that one computer sends to another computer
to communicate something. To its core, HTTP Request is a packet of binary data sent by
the Client to server. An HTTP Request contains following parts
1. Request Line
2. Headers, 0 or more Headers in the request
3. An optional Body of the Request
Http Response
HTTP Response is the packet of information sent by Server to the Client in response to
an earlier Request made by Client. HTTP Response contains the information requested
by the Client. For example, the request to Weather Web Service made in the HTTP
Request tutorial will contain the weather details of the location.
Just like HTTP Request, HTTP Response also has the same structure:
Status Line
Headers, 0 or more Headers in the request
An optional Body of the Request
Bowser rendering engine, software that renders HTML pages (Web pages). It turns
the HTML layout tags in the page into the appropriate commands for the operating
system, which causes the formation of the text characters and images for screen and
printer.
<html>
<title> This is my Title </title>
<head>
<script>
</script>
</head>
<body>
<h1> This is my home page </h1>
<p> This is my paragraph </p>
</body>
</html>
1. onLoad: This event happens when a web page load into the web browser
2. unload: This event happens when a web page unload from the web browser
When a web page is loaded, the browser creates a Document Object Model of the page.
Reference Object
Script Example:
avascript example is easy to code. JavaScript provides 3 places to put the JavaScript
code: within body tag, within head tag and external JavaScript file.
1. <script type="text/javascript">
2. document.write("JavaScript is a simple language for javatpoint learners");
3. </script>
Image tag:
If an image is not there at its place during the loading time of a webpage , then an error
handler should handle this situation displaying message like “The image is not there”.
Otherwise an attacker can load his own code in place of absent image.
Java script:
<html>
<head>
<title>My First JavaScript code!!!</title>
<script type="text/javascript">
alert("Hello World!");
</script>
</head>
<body>
</body>
</html>
Each individual computer runs on multiple ports. For instance, when a person opens his
or her email, the computer's server will open a port through which new mail will be
downloaded through a connection to the email server. Certain ports on an individual's
personal computer are open continually, making them a target for any potential hacker
who is searching for individuals to victimize. This can lead to one's sensitive and
personal information falling into the hands of those who intend on using it for criminal
activity. Unfortunately, criminals and computer hackers are always looking for new
victims to exploit, and port scanning is one of the ways through which this can be
accomplished.
When a criminal targets a house for a burglary, typically the first thing he or she checks is
if there is an open window or door through which access to the home can be gained. A
Port scan is similar, only the windows and doors are the ports of the individual's personal
computer. While a hacker may not decide to "break in" at that moment, he or she will
have determined if easy access is available. Many people feel this activity should be
illegal, which it is not, however, due to the fact that the potential attacker is merely
checking to see if a possible connection could be made, in most areas, it is not considered
a crime. However, if repetitive port scans are made, a denial of service can be created.
Hackers typically utilize port scanning because it is an easy way in which they can
quickly discover services they can break into. In some cases, hackers can even open the
ports themselves in order to access the targeted computer. Hackers also use port scanners
to conduct tests for open ports on Personal Computers that are connected to the web
Applet: An applet (little application) is a small software program that supports a larger
application program. In the past, the term applet was often associated with the Java
programming language. This program is downloaded from server to client computer then
run at client machine.
XML RPC:
Hidden iframe:
An inline frame is used to embed another document within the current HTML document.
Example
<iframe src="https://www.w3schools.com"></iframe>
Safe Type password: You can safe your password by using following practices
In order to be a trusted Certificate Authority, you have to follow guidelines set for by
the CA/B forum that govern issuance and authentication practices.
Then, CA has to start actually issuing certificates. We won‟t drill all the way down into
roots and intermediates, etc. We‟ll just touch on the process of actually authenticating
and issuing a digital CA certificate. After the certificate is ordered, depending on the
level of validation required, the CA goes to work verifying the identity of the applicant.
If it‟s simply a Domain Validation certificate, the CA just checks ownership over the
domain, and then, once this is satisfied, issues the certificate. For Organization Validation
and Extended Validation, also known as business validation, the Certificate Authority
will use business registration. This can take between 3-5 days and is typically a fairly
extensive process. Once it is complete, the certificate can then be issued and will contain
critical details about the business itself.
All of this is essential, especially for a PKI (Public Key Infrastructure), as it allows the
true owner of the keys being managed to be verified and makes the entire endeavor safer
and more reliable.
SSL:
SSL stands for Secure Sockets Layer and, in short, it's the standard technology for
keeping an internet connection secure and safeguarding any sensitive data that is being
sent between two systems, preventing criminals from reading and modifying any
information transferred, including potential personal details. The two systems can be a
server and a client (for example, a shopping website and browser) or server to server (for
example, an application with personal identifiable information or with payroll
information).
It does this by making sure that any data transferred between users and sites, or between
two systems remain impossible to read. It uses encryption algorithms to scramble data in
transit, preventing hackers from reading it as it is sent over the connection. This
information could be anything sensitive or personal which can include credit card
numbers and other financial information, names and addresses.
TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still
refer to our security certificates as SSL because it is a more commonly used term, but
when you are buying SSL from Symantec you are actually buying the most up to date
TLS certificates with the option of ECC, RSA or DSA encryption.
Https:
Site Switching:
During the browsing time of html pages we can switch from http page to https page and
vise versa. In this switching the could be possibility of switching over some unsecured
page or script that can harm the user. Following are the example of browser and the
warning given by the browser.
Link to malicious scripting code during the switching from one site to another can cause
of session hijacking by the attacker.
An Extended Validation SSL Certificate (also known as EV SSL for short) is the highest
form of SSL Certificate on the market. While all levels of SSL – Extended Validation
(EV), Organization Validated (OV), and Domain Validated (DV) – provide encryption
and data integrity, they vary in terms of how much identity verification is involved and
how the certificates display in browsers.
An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or
simply cookie) is a small piece of data sent from a website and stored on the user's
computer by the user's web browser while the user is browsing. Cookies were designed to
be a reliable mechanism for websites to remember stateful information (such as items
added in the shopping cart in an online store) or to record the user's browsing activity
(including clicking particular buttons, logging in, or recording which pages were visited
in the past). They can also be used to remember arbitrary pieces of information that the
user previously entered into form fields such as names, addresses, passwords, and credit-
card numbers.
Cookies authentication: A server and client can be recognized with the help of cookies
sending through authenticate server.
Secure cookies with https: In this case read and write function can be done through
https protocol.
Frames: It is a subpart of the whole html page which can contained a separate
independent html page for display
<frameset cols="25%,*,25%">
<frame src="frame_a.htm">
<frame src="frame_b.htm">
<frame src="frame_c.htm">
</frameset>
Clickjacking allows an attacker to trick your users into clicking parts of your interface
without their consent. A simple way to describe describe this is, an attacker will embed
your application in their site as an iframe. On top of the iframe they can show a
completely different interface. You‟re thinking you‟re clicking buttons on your own
interface, while in fact you are hitting the „Delete my account‟ button in for example
GMail.
Because this technique completely operates with frames, it can be circumvented by using
a „Frame busting‟ technique. As a bonus, this will also disallow for example Digg to steal
and monetize your content.
Frame busting can be achieved with a simple javascript technique:
<script type=”text/javascript”>
</script>