Abstract
The Internet and the World Wide Web have specific security needs and challenges, many of which relate to how applications are built on top of the original stateless HTTP protocol. We will examine these issues and the many solutions that address them.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A URI is technically a broader term than URL, and in some circumstances, the differences might be important. However, in most circumstances, they are used interchangeably.
- 2.
There is also a brief overview of HTTP in Appendix C if you want to review how it interacts with other network protocols such as TCP and IP.
- 3.
There are a couple of minor components that tie the two pieces together. For example, the URL in the HTTP request method must match the Common Name in the certificate sent back by the web server. But all of the HTTP request methods (e.g., GET and POST requests) and responses (e.g., 200 and 404 responses) work exactly the same.
- 4.
In many cases, an eavesdropper could figure out the domain from the destination IP address that is unencrypted. However, sometimes more than one host name is associated with an IP address, and this extension leaks which of the host names the client is connecting to.
- 5.
Web developers that work with both the frontend and backend are called full-stack developers.
References
Duo auth API.
Owasp security knowledge framework.
Owasp top ten.
Software assurance maturity model.
Ssl/tls strong encryption: How-to.
Wstg—stable.
CVE-2022-45808. 11 2022.
Berners-Lee, T. 1996. WWW: Past, present, and future. Computer 29(10): 69–77.
Curry, S. 2019. Cracking my windshield and earning $10,000 on the tesla bug bounty program.
Dotzon, C. 2019. Practical Cloud Security: A Guide for Secure Design and Deployment. Sebastopol: O’Reilly Media.
FingerpringJS, Inc. Frequently asked questions.
Hauk, C. 2023. What is browser fingerprinting? How it works and how to stop it. Pixel Privacy.
Hoglund, G., and G. McGraw. 2004. Exploiting Software. Addison-Wesley Professional.
Howard, M., D. LeBlanc, and J. Viega. 2009. 24 Deadly Sins of Software Security. McGraw-Hill.
Peterson, L.L., and B.S. Davie. 2021. Computer Networks, 6th ed. Morgan Kaufmann.
Rice, L. 2020. Container Security: Fundamental Technology Concepts That Protect Containerized Applications. Sebastopol: O’Reilly Media.
Ristic I., et al. 2006. Web application firewall evaluation criteria. Technical report, Web Application Security Consortium.
Seitz, J., and T. Arnold. 2021. Black Hat Python: Python Programming for Hackers and Pentesters, 2nd ed. No Starch Press.
Stuttard, D., and M. Pinto. 2011. The Web Application Hacker’s Handbook: Finding and Exploiting Security, 2nd ed. Wiley.
Toulas, B. 2023. 75k wordpress sites impacted by critical online course plugin flaws. Bleeping Computer. www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/.
Tracy, M., W. Jansen, K. Scarfone, and T. Winograd. 2007. Guidelines on securing public web servers. Special Publication (NIST SP) 800-44r2, National Institute of Standards and Technology, Gaithersburg.
Vehent, J. 2018. Securing DevOps: Security in the Cloud. Shelter Island/New York: Manning Publications Co.
Wilson, Y., and A. Hingnikar. 2022. Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2, 2nd ed. Apress.
Wiseman, B. 2017. Page not found: A brief history of the 404 error.
Yaworski, P. 2019. Real-World Bug Hunting: A Field Guide to Web Hacking. No Starch Press.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature
About this chapter
Cite this chapter
Nielson, S.J. (2023). World Wide Web Security. In: Discovering Cybersecurity. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-9560-1_9
Download citation
DOI: https://doi.org/10.1007/978-1-4842-9560-1_9
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-9559-5
Online ISBN: 978-1-4842-9560-1
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books