Skip to main content
SpringerLink
Log in

World Wide Web Security

  • Chapter
  • First Online:
Discovering Cybersecurity

  • 369 Accesses

Abstract

The Internet and the World Wide Web have specific security needs and challenges, many of which relate to how applications are built on top of the original stateless HTTP protocol. We will examine these issues and the many solutions that address them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A URI is technically a broader term than URL, and in some circumstances, the differences might be important. However, in most circumstances, they are used interchangeably.

  2. 2.

    There is also a brief overview of HTTP in Appendix C if you want to review how it interacts with other network protocols such as TCP and IP.

  3. 3.

    There are a couple of minor components that tie the two pieces together. For example, the URL in the HTTP request method must match the Common Name in the certificate sent back by the web server. But all of the HTTP request methods (e.g., GET and POST requests) and responses (e.g., 200 and 404 responses) work exactly the same.

  4. 4.

    In many cases, an eavesdropper could figure out the domain from the destination IP address that is unencrypted. However, sometimes more than one host name is associated with an IP address, and this extension leaks which of the host names the client is connecting to.

  5. 5.

    Web developers that work with both the frontend and backend are called full-stack developers.

References

  1. Duo auth API.

    Google Scholar 

  2. Owasp security knowledge framework.

    Google Scholar 

  3. Owasp top ten.

    Google Scholar 

  4. Software assurance maturity model.

    Google Scholar 

  5. Ssl/tls strong encryption: How-to.

    Google Scholar 

  6. Wstg—stable.

    Google Scholar 

  7. CVE-2022-45808. 11 2022.

    Google Scholar 

  8. Berners-Lee, T. 1996. WWW: Past, present, and future. Computer 29(10): 69–77.

    Article  Google Scholar 

  9. Curry, S. 2019. Cracking my windshield and earning $10,000 on the tesla bug bounty program.

    Google Scholar 

  10. Dotzon, C. 2019. Practical Cloud Security: A Guide for Secure Design and Deployment. Sebastopol: O’Reilly Media.

    Google Scholar 

  11. FingerpringJS, Inc. Frequently asked questions.

    Google Scholar 

  12. Hauk, C. 2023. What is browser fingerprinting? How it works and how to stop it. Pixel Privacy.

    Google Scholar 

  13. Hoglund, G., and G. McGraw. 2004. Exploiting Software. Addison-Wesley Professional.

    Google Scholar 

  14. Howard, M., D. LeBlanc, and J. Viega. 2009. 24 Deadly Sins of Software Security. McGraw-Hill.

    Google Scholar 

  15. Peterson, L.L., and B.S. Davie. 2021. Computer Networks, 6th ed. Morgan Kaufmann.

    MATH  Google Scholar 

  16. Rice, L. 2020. Container Security: Fundamental Technology Concepts That Protect Containerized Applications. Sebastopol: O’Reilly Media.

    Google Scholar 

  17. Ristic I., et al. 2006. Web application firewall evaluation criteria. Technical report, Web Application Security Consortium.

    Google Scholar 

  18. Seitz, J., and T. Arnold. 2021. Black Hat Python: Python Programming for Hackers and Pentesters, 2nd ed. No Starch Press.

    Google Scholar 

  19. Stuttard, D., and M. Pinto. 2011. The Web Application Hacker’s Handbook: Finding and Exploiting Security, 2nd ed. Wiley.

    Google Scholar 

  20. Toulas, B. 2023. 75k wordpress sites impacted by critical online course plugin flaws. Bleeping Computer. www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/.

  21. Tracy, M., W. Jansen, K. Scarfone, and T. Winograd. 2007. Guidelines on securing public web servers. Special Publication (NIST SP) 800-44r2, National Institute of Standards and Technology, Gaithersburg.

    Google Scholar 

  22. Vehent, J. 2018. Securing DevOps: Security in the Cloud. Shelter Island/New York: Manning Publications Co.

    Google Scholar 

  23. Wilson, Y., and A. Hingnikar. 2022. Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2, 2nd ed. Apress.

    Google Scholar 

  24. Wiseman, B. 2017. Page not found: A brief history of the 404 error.

    Google Scholar 

  25. Yaworski, P. 2019. Real-World Bug Hunting: A Field Guide to Web Hacking. No Starch Press.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Austin, TX, USA

    Seth James Nielson

Authors
  1. Seth James Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Nielson, S.J. (2023). World Wide Web Security. In: Discovering Cybersecurity. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-9560-1_9

Download citation

Publish with us

Policies and ethics

Search

Navigation