Академический Документы
Профессиональный Документы
Культура Документы
Im
Utkarsh Wadhwa , and I manage and run Mighty Shouts. Im a passionate guy, and
love computing and internet.
Im currenty pursuing B.tech IT from Galgotia's College of Engineering and
Technology, Greater Noida. I finished my schooling from Bareilly .
Computer and technology have been my passion since I was a child and after few blogs
and communities on technology .I started Mighty Shouts.
I am a computer junkie and loves spending time on the computer learning new
techniques.I am a passionate blogger.I am a strong supporter of Anonymous &
Wikileaks.I have designed complex networks .I am a Red hat certified Linux system
administrator (RHCSA),Red hat certified engineer(RHCE),Cisco certified network
associate(CCNA ),Red hat certified engineer(RHCE),Cisco certified network
associate(CCNA),CEH.
REFERENCES
Information and resources from Internet were
extensively used for the creation of this presentation.
HTTP BASICS
Client Server Model.
Client - Request resources from the Server.
Log
curl
VERSIONS
HTTP 1.0
HTTP 1.1
VERSIONS - DIFFERENCE
HTTP 1.0
Require one connection per resource
Disconnect immediately.
HTTP 1.1
Reuse connection for multiple URI
8
10
be
11
HTTP/1.0 METHODS
GET,
POST and
HEAD methods
12
CONNECT.
13
14
INJECTION ATTACKS
Frontend
Backend
16
FRONT-END
Rendering Attacks
HTML Injection
Code Execution
JS Injection
XSS
17
BACKEND
Command Injection
SQL Injection
18
HTML INJECTION
User input not sanitized.
HTML Tags / Code Injected.
Page rendered based on the injected code.
19
SQL INJECTION
It is the code injection technique used to
attack the data driven applications in which
malicious SQL statements are inserted into
the entry field for execution .
This will dump the database contents to
the attacker.
20
XSS
Cross Site Scripting
is a type of
computer security vulnerability typically
found in Web applications.
XSS allow the attacker to inject client side
script to the webpages.
21
OWASP
Broken
Authentication
Management
and
22
Session
OWASP
Insecure Cryptographic Storage
Failing to Restrict URL Access
Insufficient Transport Layer Protection
23
SUMMARY
24
REFERENCES
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes http://www8.org/w8papers/5c-protocols/key/key.html
http://stackoverflow.com/questions/246859/http-1-0-vs-1-1
http://devhub.fm/http-requestresponse-basics/
http://wiki.hashphp.org/HttpPrimer http://www.w3.org/TR/WD-http-pep960820.html http://www.infoq.com/news/2011/04/http-1.2-released
http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods
http://www.fishnetsecurity.com/6labs/blog/jboss-jmx-console-authentication-bypass
http://jeremiahgrossman.blogspot.in/2008/06/what-you-need-to-know-about-http-verb.html
https://www.owasp.org/index.php/Testing_for_HTTP_Verb_Tampering_%28OWASP-DV003%29 http://photos1.blogger.com/blogger2/1912/1679/1600/vulnerability_stack.png
25