Web applications are essential to nearly all aspects of our activities, from browsing the internet to remotely controlling devices like lawnmowers. In this introductory class, we will explore the fundamentals of web application security.
HTTP is the protocol that enables our browsers and applications to receive content such as HTML (Hypertext Markup Language), CSS (Cascading Style Sheets), images, and videos.
To access a web application, we use a URL (Uniform Resource Locator), such as: https://www.google.com/search?q=code7school+cyber+security&ie=UTF-8.
In this URL, “google.com” is the domain, “/search” is the script being accessed, and the query parameters follow the “?” symbol. The “/” indicates the script is in the root directory of the server, while “?” marks the start of input parameters, with “&” separating different parameters. In this URL, the input parameters are:
The web server’s application determines how to interpret the inputs from the URL.
Sometimes, URLs may end with “/” or “/?”, indicating a script is configured to respond at that address, typically an index file that handles all requests unless a specific script is indicated. The scheme specifies the protocol to be used, which in this example is “https,” the first part of the URL; if the scheme is missing, the application can choose the appropriate protocol. Schemes can include various protocols, such as: