Web Basics

The Cursed Web

creating web apps seems simple

Lack of security awareness - High vulnerability

more and more companies moving towards the web

development of complex code, exposing functionality to the internet while connected to internal servers (ie., databases).

Uniform Resource Locator URL

httpsundefinedProtocol://example.comundefinedHostName:433undefinedPort/peopleundefinedPath?name=mauroundefinedQueryString#aboutundefinedFragment\textcolor{grey}{ \underbrace{\textcolor{white}{\texttt{https}}}_{\textsf{Protocol}} \textcolor{white}{\texttt{://}} \underbrace{\textcolor{white}{\texttt{example.com}}}_{\textsf{Host Name}} ~\textcolor{white}{ \texttt{:}} ~ \underbrace{\textcolor{white}{\textcolor{white}{\textsf{433}}}}_{\textsf{Port}} ~ \textcolor{white}{ \texttt{/}} ~ \underbrace{\textcolor{white}{\texttt{people}}}_{\textsf{Path}} ~ \textcolor{white}{ \texttt{?}} ~ \underbrace{\textcolor{white}{\texttt{name = mauro}}}_{\textsf{Query String}} ~\textcolor{white}{ \texttt{\#}} ~ \underbrace{\textcolor{white}{\texttt{about}}}_{\textsf{Fragment}} }Protocolhttps://Host Nameexample.com:Port433/Pathpeople?Query Stringname = mauro#Fragmentabout

Web application

Made out of client, network, server

HTTP Protocol

stateless, uses cookies to implement stateful applications

Default port: 80

HTTPS is secured with TLS

Confidentiality content cannot be inspected by unauthorized users

Integrity content cannot be modified

Authentication client can verify that it is communicating with the expected server

Server-Side Languages

Any programming language can be used.

Most commonly: Python, NodeJS (JavaScript), Java, C#, PHP (Hypertext Preprocessor).

Used to implement:

Session management of users

database interaction

response page generation

$\dots$