Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

CS Web Applications

Web applications are essential to nearly all aspects of our activities, from browsing the internet to remotely controlling devices like lawnmowers. In this introductory class, we will explore the fundamentals of web application security.

The HTTP protocol

HTTP is the protocol that enables our browsers and applications to receive content such as HTML (Hypertext Markup Language), CSS (Cascading Style Sheets), images, and videos.

URLs, Query Parameters and Scheme

To access a web application, we use a URL (Uniform Resource Locator), such as: https://www.google.com/search?q=code7school+cyber+security&ie=UTF-8.

In this URL, “google.com” is the domain, “/search” is the script being accessed, and the query parameters follow the “?” symbol. The “/” indicates the script is in the root directory of the server, while “?” marks the start of input parameters, with “&” separating different parameters. In this URL, the input parameters are:

  • q with a value of code7school cyber security
  • ie with a value of UTF-8

The web server’s application determines how to interpret the inputs from the URL.

Sometimes, URLs may end with “/” or “/?”, indicating a script is configured to respond at that address, typically an index file that handles all requests unless a specific script is indicated. The scheme specifies the protocol to be used, which in this example is “https,” the first part of the URL; if the scheme is missing, the application can choose the appropriate protocol. Schemes can include various protocols, such as:

  • HTTP
  • HTTPS
  • FTP
  • SSH
  • SMB