SlideShare a Scribd company logo

Http Basics

Download as PPTX, PDF
Mushfekur Rahman, profile picture
Mushfekur Rahman

This document provides an overview of key HTTP concepts including developer tools, security, sessions, cookies, caching, APIs, and resources for learning more. It discusses Google Chrome developer tools and their panels for debugging websites. It also covers how HTTP and HTTPS work, including how HTTPS uses encryption and SSL certificates. Additionally, it explains how cookies are used to make HTTP stateful through client-side storage of values and how they can be used for authentication, personalization, and tracking.

Software
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
HTTP Basics (Cont.) Things You (Dev, QA) Must Know
Developer Tools ● Google Chrome Dev Tool ● Dev Tool Panels ○ Elements ○ Console ○ Sources ○ Network ○ Performance ○ Memory ○ Application ○ Security ○ Audits
Security (HTTP & HTTPS)
Security (HTTP & HTTPS) ● HTTP ○ People didn’t think everything through
Security (HTTP & HTTPS) ● HTTPS ○ Secure HTTP (TLS 1.2) ○ Uses SSL Certificates to ensure server and/or client identity ○ Uses encryption to make sure data is not interceptable
Session (Making HTTP Stateful) ● HTTP is Stateless ● Web applications are *mostly* stateful ● How to identify subsequent requests from the same client
Cookies ● Simple Key-Value client side storage ● Usage ○ Authentication/Session Tracking ○ Personalization (Locale, Theme) ○ Web Activity Tracking (Adds) ○ Server Tracking (for clustered environments) ● Create HTTP Cookie ○ Set-Cookie: <cookie-name>=<cookie-value> ■ In server response header to tell client to store the cookie ○ Cookie: <cookie-name>=<cookie-value> ■ In client request header to let server know the info
Cookies (cont.) ● Types of Cookie ○ Session vs Permanent cookies ■ Use Max-Age or Expires directive ○ Secure cookies ■ Only over HTTPS ○ HttpOnly cookies ■ Not accessible with JavaScript ■ To mitigate XSS ● Scope ○ Domain and Path ○ SameSite cookies (None, Strict, Lax)
HTTP Caching ● Fetching data from server over network is expensive ● Some resources don’t change *at least for some time* ● Re-usability ● Cache Invalidation ○ Most difficult problem in Computer Science
APIs ● Interface to communicate with the server ● RESTfulness ○ REpresentational State Transfer ○ NOT A STANDARD, it’s an Architectural Style
Emulating API Calls ● Wake Up! ● Postman ● HTTP client to make API calls ● Demo
If You Want To Outsmart Devs ● Lighthouse
Resources (for those of you who are nerds) ● Google Developer (Web) ○ https://developers.google.com/web/fundamentals ● Google Chrome Developer Tool Crash Course ○ https://youtu.be/x4q86IjJFag ● Chrome Developers YouTube Channel ○ https://www.youtube.com/user/ChromeDevelopers/
Did You Get Everything So Far?

More Related Content

PDF
Building interactivity with websockets
Wim Godden
 
PDF
Container Security via Monitoring and Orchestration - Container Security Summit
David Timothy Strauss
 
PDF
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
Severalnines
 
PPTX
MongoDB IoT City Tour STUTTGART: Managing the Database Complexity, by Arthur ...
MongoDB
 
PDF
TEI ODD support in oXygen
Octavian Nadolu
 
PDF
Introducing Blockchains
Matthias Lohr
 
PPTX
Ethereum Web3.js - Some tips for the developer
炫成 林
 
PDF
Node in Real Time - The Beginning
Axilis
 
Building interactivity with websockets
Wim Godden
 
Container Security via Monitoring and Orchestration - Container Security Summit
David Timothy Strauss
 
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
Severalnines
 
MongoDB IoT City Tour STUTTGART: Managing the Database Complexity, by Arthur ...
MongoDB
 
TEI ODD support in oXygen
Octavian Nadolu
 
Introducing Blockchains
Matthias Lohr
 
Ethereum Web3.js - Some tips for the developer
炫成 林
 
Node in Real Time - The Beginning
Axilis
 

What's hot (16)

PDF
Building Java and Android apps on the blockchain
Conor Svensson
 
PDF
Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...
Severalnines
 
PDF
Web3j 2.0 Update
Conor Svensson
 
PDF
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
MongoDB
 
PPTX
33 meta
SatyakiDas12
 
PDF
Meteor and Bitcoin (Lightning Talk)
Ryan Casey
 
PDF
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
David Timothy Strauss
 
PDF
All you need to know about Kotlin's documentation engine Dokka
Florian Benz
 
PDF
Libbitcoin slides
swansontec
 
PDF
Bitcoin and blockchain engineering
Gregory Bataille
 
PPTX
Blockchain Session 1
DSCPICT
 
PPTX
PHP Training Session 6
Vishal Kothari
 
PDF
A Primer on JSON Web Tokens
Chris Herbert
 
PDF
BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...
JosephTesta9
 
PDF
進階使用Nodejs 淺談no sql(mongodb)
Simon Su
 
PDF
NoSql Injection
NSConclave
 
Building Java and Android apps on the blockchain
Conor Svensson
 
Webinar slides: Become a MongoDB DBA - What to Monitor (if you’re really a My...
Severalnines
 
Web3j 2.0 Update
Conor Svensson
 
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
MongoDB
 
33 meta
SatyakiDas12
 
Meteor and Bitcoin (Lightning Talk)
Ryan Casey
 
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
David Timothy Strauss
 
All you need to know about Kotlin's documentation engine Dokka
Florian Benz
 
Libbitcoin slides
swansontec
 
Bitcoin and blockchain engineering
Gregory Bataille
 
Blockchain Session 1
DSCPICT
 
PHP Training Session 6
Vishal Kothari
 
A Primer on JSON Web Tokens
Chris Herbert
 
BSides Rochester 2018: Chaim Sanders: How the Cookie Crumbles: Modern HTTP St...
JosephTesta9
 
進階使用Nodejs 淺談no sql(mongodb)
Simon Su
 
NoSql Injection
NSConclave
 
Ad

Similar to Http Basics (20)

PDF
Let's Encrypt
Amjad Mashaal
 
PDF
Egress-Assess and Owning Data Exfiltration
CTruncer
 
PDF
Mux loves Clickhouse. By Adam Brown, Mux founder
Altinity Ltd
 
PDF
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
CTruncer
 
PPTX
Pen Testing Development
CTruncer
 
PDF
Getting started with HTTPS | LumoSpark webinar
LumoSpark
 
PDF
Introduction to Web Application Security - Blackhoodie US 2018
Niranjanaa Ragupathy
 
PPTX
OpenStack Keystone
Deepti Ramakrishna
 
PPTX
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
PDF
Google app engine - Soft Uni 19.06.2014
Dimitar Danailov
 
PPT
Cookies & Session
university of education,Lahore
 
PDF
Digital certificates
DouglasPickett
 
PDF
Developer's Guide to JavaScript and Web Cryptography
Kevin Hakanson
 
PDF
App Security and Securing App
Andreas Schranzhofer
 
PDF
Web performance mercadolibre - ECI 2013
Santiago Aimetta
 
PPTX
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
 
PDF
Power your apps with Gmail, Google Drive, Calendar, Sheets, Slides & more
wesley chun
 
PDF
Seminario eMadrid 2015 09 10 sobre Serious Games (UCM) Manuel Freire - RAGE:...
eMadrid network
 
PDF
Getting Started with FIDO2
FIDO Alliance
 
PDF
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Let's Encrypt
Amjad Mashaal
 
Egress-Assess and Owning Data Exfiltration
CTruncer
 
Mux loves Clickhouse. By Adam Brown, Mux founder
Altinity Ltd
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
CTruncer
 
Pen Testing Development
CTruncer
 
Getting started with HTTPS | LumoSpark webinar
LumoSpark
 
Introduction to Web Application Security - Blackhoodie US 2018
Niranjanaa Ragupathy
 
OpenStack Keystone
Deepti Ramakrishna
 
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
Google app engine - Soft Uni 19.06.2014
Dimitar Danailov
 
Cookies & Session
university of education,Lahore
 
Digital certificates
DouglasPickett
 
Developer's Guide to JavaScript and Web Cryptography
Kevin Hakanson
 
App Security and Securing App
Andreas Schranzhofer
 
Web performance mercadolibre - ECI 2013
Santiago Aimetta
 
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
 
Power your apps with Gmail, Google Drive, Calendar, Sheets, Slides & more
wesley chun
 
Seminario eMadrid 2015 09 10 sobre Serious Games (UCM) Manuel Freire - RAGE:...
eMadrid network
 
Getting Started with FIDO2
FIDO Alliance
 
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Ad

More from Mushfekur Rahman (7)

PPTX
An Automatic Method for Red-eye Detection and Correction in Digital Images
Mushfekur Rahman
 
PPTX
Diagnosing HotSpot JVM Memory Leaks with JFR and JMC
Mushfekur Rahman
 
PPTX
Webservices: The RESTful Approach
Mushfekur Rahman
 
PPTX
Building a Unified Logging Layer with Fluentd, Elasticsearch and Kibana
Mushfekur Rahman
 
PPTX
Hands on Gradle
Mushfekur Rahman
 
PPTX
Distributed Transaction Management in Spring & JEE
Mushfekur Rahman
 
PPTX
Implementation of Election Algorithm of Distributed Systems in Client-Server ...
Mushfekur Rahman
 
An Automatic Method for Red-eye Detection and Correction in Digital Images
Mushfekur Rahman
 
Diagnosing HotSpot JVM Memory Leaks with JFR and JMC
Mushfekur Rahman
 
Webservices: The RESTful Approach
Mushfekur Rahman
 
Building a Unified Logging Layer with Fluentd, Elasticsearch and Kibana
Mushfekur Rahman
 
Hands on Gradle
Mushfekur Rahman
 
Distributed Transaction Management in Spring & JEE
Mushfekur Rahman
 
Implementation of Election Algorithm of Distributed Systems in Client-Server ...
Mushfekur Rahman
 

Recently uploaded (20)

PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PPTX
Materi-Enum-and-Record-Data-Type (1).pptx
RanuFajar1
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
DOCX
The Five Best AI Cover Tools in 2025.docx
aivoicelabofficial
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Transform Your Business with a Software ERP System
Canada Software Company
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Introduction to Artificial Intelligence
lohedi9363
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
Materi-Enum-and-Record-Data-Type (1).pptx
RanuFajar1
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
The Five Best AI Cover Tools in 2025.docx
aivoicelabofficial
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 

Http Basics

  • 1. HTTP Basics (Cont.) Things You (Dev, QA) Must Know
  • 2. Developer Tools ● Google Chrome Dev Tool ● Dev Tool Panels ○ Elements ○ Console ○ Sources ○ Network ○ Performance ○ Memory ○ Application ○ Security ○ Audits
  • 4. Security (HTTP & HTTPS) ● HTTP ○ People didn’t think everything through
  • 5. Security (HTTP & HTTPS) ● HTTPS ○ Secure HTTP (TLS 1.2) ○ Uses SSL Certificates to ensure server and/or client identity ○ Uses encryption to make sure data is not interceptable
  • 6. Session (Making HTTP Stateful) ● HTTP is Stateless ● Web applications are *mostly* stateful ● How to identify subsequent requests from the same client
  • 7. Cookies ● Simple Key-Value client side storage ● Usage ○ Authentication/Session Tracking ○ Personalization (Locale, Theme) ○ Web Activity Tracking (Adds) ○ Server Tracking (for clustered environments) ● Create HTTP Cookie ○ Set-Cookie: <cookie-name>=<cookie-value> ■ In server response header to tell client to store the cookie ○ Cookie: <cookie-name>=<cookie-value> ■ In client request header to let server know the info
  • 8. Cookies (cont.) ● Types of Cookie ○ Session vs Permanent cookies ■ Use Max-Age or Expires directive ○ Secure cookies ■ Only over HTTPS ○ HttpOnly cookies ■ Not accessible with JavaScript ■ To mitigate XSS ● Scope ○ Domain and Path ○ SameSite cookies (None, Strict, Lax)
  • 9. HTTP Caching ● Fetching data from server over network is expensive ● Some resources don’t change *at least for some time* ● Re-usability ● Cache Invalidation ○ Most difficult problem in Computer Science
  • 10. APIs ● Interface to communicate with the server ● RESTfulness ○ REpresentational State Transfer ○ NOT A STANDARD, it’s an Architectural Style
  • 11. Emulating API Calls ● Wake Up! ● Postman ● HTTP client to make API calls ● Demo
  • 12. If You Want To Outsmart Devs ● Lighthouse
  • 13. Resources (for those of you who are nerds) ● Google Developer (Web) ○ https://developers.google.com/web/fundamentals ● Google Chrome Developer Tool Crash Course ○ https://youtu.be/x4q86IjJFag ● Chrome Developers YouTube Channel ○ https://www.youtube.com/user/ChromeDevelopers/
  • 14. Did You Get Everything So Far?