When accessing a web application, the client is guided on how to send data to it. The application can accept various HTTP verbs.
!Verb |
Used for |
GET |
Commonly used to retrieve values through query parameters. |
POST |
Used to send data to a script through the request body sent to the web server, typically involving the creation, upload, or transmission of large amounts of data. |
PUT |
Frequently used to upload or write data to the web server. |
DELETE |
Specifies a resource that should be deleted. |
PATCH |
Can be used to update a resource with a new value. |
These are utilized as needed by the web application. RESTful (REST) web services are particularly effective at employing the complete range of HTTP verbs to specify actions on the backend.
The application running on the web server can respond with various codes depending on what transpired on the server side. Here are common response codes that the web server may issue to the client, which security professionals should be familiar with:
Code |
Explanation |
200 |
The application returned a successful response. |
301 |
The server instructs the client to permanently redirect to a new location for future access. |
302 |
The server temporarily redirects the client, and there is no need for the client to remember this response. |
400 |
The client submitted an invalid request. |
403 |
Access to this resource is denied; authorization is required. |
404 |
The client attempted to access a resource that does not exist. |
500 |
The server encountered an error while attempting to fulfill the request. |
RESTful services use HTTP verbs and response codes to interact with web applications, often utilizing segments of the URL as parameters to define actions. For instance, the REST URL http://example.com/users/search/code7school triggers functionality based on its structure instead of relying on query parameters, which can be interpreted as:
Parameter |
Comment |
users |
Accessing the users section of the functionality. |
search |
Utilizing the search feature. |
code7school |
The user being searched for. |