Web application security - the fast guide 1.1 | Page 27

Chapter 2 - Web Application technologies
P a g e | 27
2.1 Web Application technologies
To be able to understand how different attacks on web applications are taking
place we will go through a fast review over different web applications
technologies.
Our fast review will cover the two main categories:
Http protocol issues:
The review will include information about Http request, response, headers and
methods in addition to cookies and status codes and authentication
Web Application technologies:
This part will cover general information about:
 Client side functionalities and technologies:
We mean by client side functionalities all technologies and functions that
appear on the client side represented by the web browser.

o HTML, CSS
o JavaScript, VBScript
o Document object model and Ajax
o browser extension technologies like Java applet, ActiveX and silver
light
Server side functionalities and technologies:
This parts covers all technologies executed on the server or located at the
back end.
o Server side scripting PHP, VBscript, Perl and recently also
javascript
o Web application platforms: ASP.NET
o Web servers : IIS, Apache,nodejs
o Databases : MySQL, SQL server, Orcale
o Webservices and filessystems
2.2 HTTP issues
GET /index.php?lang=ar HTTP/1.1 Host: skcomputerco.com Connection: keep-alive Pragma: no-
cache Cache-Control: no-cache Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Upgrade-Insecure-
Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/45.0.2454.85 Safari/537.36 Referer: http://skcomputerco.com/ Accept-
Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8 Cookie:
PHPSESSID=c41ee7c06b099b2644ff707b72b792bd