HTTP Basics
The "Web" is arguably the largest threat surface to an organisation. With almost "everyone"1 having some form of web presence.
This module focuses on examining websites for security issues, exploiting them, and defending against attack. While the attacking part is obviously the most interesting, a decent understanding of the underlying technologies is going to help you when it comes to the exploit phase.
We will spend a few weeks looking at the basics, understanding the technologies behind the web and how we can make use of them in our exploits.
This week
This week we will be looking at the protocols that help make the web work.
As most of the security issues with the web involve manipulating data that the site sees Having a good understanding of how data is sent to and from web pages can help us find, and exploit, potential security issues.
- Talking to the Web
- HTTP
- Requests and Responses
- Making Requests outside of a Browser.
-
Obviously, not everyone has a web presence. But its pretty much an accepted part of modern business. ↩