the world wide webcs.armstrong.edu/rasheed/itec2010/slides18.pdf · web • web site consists of...
TRANSCRIPT
![Page 1: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/1.jpg)
The World Wide Web
![Page 2: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/2.jpg)
Web• Web site consists of simply of pages of text and images
• A web pages are render by a web browser
Retrieving a webpage online:
– Client open a web browser on the local machine
– The web browser need to determine the ip address of the web server that is hosting the webpage (www.amazon.com)
– Web browser contacted the DNS to reslove name space to IP addresses
![Page 3: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/3.jpg)
Uniform Resource Locators (URL)
• The URL used by the web browser to identify a webpage
– http://www.example.com/directory/file.html
• The protocol used in the above example is the Hypertext
transfer protocol
• The domain name is www.example.com
• The web browser is requesting the content of file.html which
is stored in the directory folder of a web server
• file.html is a file that describe text and images using the html
(Hypertext markup language)format
![Page 4: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/4.jpg)
Connecting to Web Server• URL is used by the HTTP to access web information on a remote machine
(web server)
Resolving name space to IP address:– The web browser check it DNS cache to resolve name space to IP address
– If no address is found the web browser send a DNS request
Client-server TCP connection:– The client make a TCP request on port 80 for HTTP
HTTP requests:– HTTP requests are encapsulated in the TCP packets
– HTTP request usually begin with commands such as POST or GET
![Page 5: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/5.jpg)
Hypertext Mark up Language (HTML)
• Each HTTP response include a header
Information in the HTTP response header includes:
– Information about the web server
– Software type and version number (Apache, Google GWS)
– The size of the payload
– The main body of the webpage in HTML source code
![Page 6: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/6.jpg)
HTTP Request
![Page 7: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/7.jpg)
HTML Coding
HTML use a structural description of a document using special tags:
• Text formatting <i> text </i> for italics and <b> text </b> for bold
• Itemized lists is presented as:<ul> <li> first-item </li>
<li> second-item </li>
</ul>
• Hyperlinks is presented as:<a href=“web-page-URL”>Description of the other page</a>
• Embedding images:<img src=“URL-of –the-image”>
• Scripting code is represented as:<script> computer code </script>
![Page 8: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/8.jpg)
HTML forms
• HTML forms allow user of the web to submit inputs to variables provided by the web server
• Server-side code is used by the web server to process user inputs
• Two methods to submit user inputted data:
– GET
– POST
– GET variables are recommended for querying a database
– POST variables are recommended when inserting or sending an email.
– The browser will promote the user if he wish to submit the information
![Page 9: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/9.jpg)
HTML GET method
![Page 10: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/10.jpg)
HTML code with a form
![Page 11: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/11.jpg)
![Page 12: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/12.jpg)
Vulnerabilities in HTTP
• HTTP request and response packets are send in clear text
• The lack of encryption allow an attacker to eavesdrop on the communication and capture the payload
• Therefore sensitive data should transmitted using HTTPS
![Page 13: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/13.jpg)
HTTPS
• HTTPS uses the secure socket layer (SSL) or transport layer security to secure data in transit
Establishing a secure connection:
1. The browser provide the web server with a list of security primitives that are supported on the client machine.
� Hash function
� Crypto algorithms
2. The web server chooses the strongest cipher and hash that are supported by the client machine.
3. The web server send a certificate
Supported hash and cipher
Choose the strongest hash and cipher
Send a certificate
HTTPS Client HTTPS web server
![Page 14: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/14.jpg)
HTTPS
1. Client verify the certificate
2. Client and web server generate a shared key
3. Symmetric encryption is used to transfer data
over the secure channel
Client send a random number E(R, Ps)
Shared key and MAC is used to encrypt
and verify the integrity of the data
HTTPS Client HTTPS web server
Server and client set a shared key
![Page 15: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/15.jpg)
![Page 16: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/16.jpg)
Web Server Certificate
• Certificates are used to enable a client to verify the identity of web site
• Certificates are digitally signed by a certificates authority (CA)
• A website obtain a certificate by submitting a certificate signing request
• The certificate include the following information:– Name of the CA
– Serial number of the certificate
– Experiation date
– Domain name of the web site
– Identifier of the public key scheme
– Public key
– Identifier of the crypto and hash algorithm
– Digital signature over the certificate data
![Page 17: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/17.jpg)
![Page 18: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/18.jpg)
Extended Validation Certificate
• Extended validation certificate can only be signed by high-profile CAs
• Extended validation certificate are designated in the CA field
![Page 19: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/19.jpg)
Certificate Hierarchy • Low-level certificates are signed by intermediary CA
• Top-level certificate is known as root certificate
• Root certificates for top-level domain are called anchor point
• Anchor points are usually stored in the OS.
![Page 20: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/20.jpg)
![Page 21: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/21.jpg)
Invalid certificate
![Page 22: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/22.jpg)
Dynamic Content• Web content could be:
– Static
– Dynamic
– Scripting languages allowed a computer code executed by a module of the browser
– Client-side scripting executed by the browser
– Server-side scripting executed by the server hiding the code from the user and only providing the user with the output
![Page 23: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/23.jpg)
Document Object Model (DOM)
• The content of the web page can presented as in an organized way
• HTML code is presented in an object-oriented way
• Tags and page elements are represented as parent-child relationship
![Page 24: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/24.jpg)
Java script
• Interactive and dynamic web browsing
capacities are introduced through a scripting
languages called java script
![Page 25: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/25.jpg)
![Page 26: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/26.jpg)
![Page 27: The World Wide Webcs.armstrong.edu/rasheed/ITEC2010/Slides18.pdf · Web • Web site consists of simply of pages of text and images • A web pages are render by a web browser Retrieving](https://reader030.vdocuments.mx/reader030/viewer/2022032713/5c83fd5f09d3f2a3488c79c0/html5/thumbnails/27.jpg)