The technologies described so far enable the server and client components of a web application to exchange and process data in numerous ways. To implement most kinds of useful functionality, however, applications need to track the state of each user’s interaction with the application across multiple requests. For example, a shopping application may allow users … Read more
The HTTP protocol uses plain TCP as its transport mechanism, which is unencrypted and so can be intercepted by an attacker who is suitably positioned on the network. HTTPS is essentially the same application-layer protocol as HTTP, but this is tunneled over the secure transport mechanism, Secure Sockets Layer (SSL). This protects the privacy and integrity … Read more
Cookies are a key part of the HTTP protocol which most web applications rely upon, and which can frequently be used as a vehicle for exploiting vulnerabilities. The cookie mechanism enables the server to send items of data to the client, which the client stores and resubmits back to the server. Unlike the other types … Read more
Web applications employ a myriad of different technologies to implement their functionality. This article contains a short primer on the key technologies that you are likely to encounter when attacking web applications. We shall examine the HTTP protocol, the technologies commonly employed on the server and client sides, and the encoding schemes used to represent … Read more