Sie sind auf Seite 1von 13

DTH3C3 - KEAMANAN JARINGAN

J AYA K U N C A R A R O S A S U S I L A , S . T. , M . T.
POKOK BAHASAN HARI INI

Web Security
Basic type Security
AJAX Save web
of web of web Active X Cookies Spyware
Security surfing
document document
WHAT IS INTERNET?

1. What is Internet?
1. Internet based Service?
2. What is WWW?
3. What is HTTP?
4. What is URL?
5. What is Website?
6. What is Web Server?
WHAT IS INTERNET?

• The Internet is essentially a global network of computing resources.


• Some of the basic services available to Internet users are −
– Email − A fast, easy, and inexpensive way to communicate with other Internet users around the
world.
– Telnet − Allows a user to log into a remote computer as though it were a local system.
– FTP − Allows a user to transfer virtually every kind of file that can be stored on a computer from
one Internet-connected computer to another.
– UseNet news − A distributed bulletin board that offers a combination news and discussion service
on thousands of topics.
– World Wide Web (WWW) − A hypertext interface to Internet information resources.
WHAT IS WWW?

• A technical definition of the World Wide Web is − All the resources and users on the Internet
that are using the Hypertext Transfer Protocol (HTTP).
• In simple terms, The World Wide Web is a way of exchanging information between computers
on the Internet, tying them together into a vast collection of interactive multimedia resources.
WHAT IS HTTP?

• HTTP stands for Hypertext Transfer Protocol. This is the protocol being used to transfer
hypertext documents that makes the World Wide Web possible.
• A standard web address is called a URL and here the prefix http indicates its protocol.
• URL stands for Uniform Resource Locator, and is used to specify addresses on the World
Wide Web.
• A URL is the fundamental network identification for any resource connected to the web (e.g.,
hypertext pages, images, and sound files).
• A URL will have the following format −
– protocol://hostname/other_information
BASIC
ARCHITECTURE
HTTP - MESSAGES

• HTTP makes use of the Uniform Resource Identifier (URI) to identify a given resource
and to establish a connection.
• Once the connection is established, HTTP messages are passed in a format similar to that
used by the Internet mail [RFC5322] and the Multipurpose Internet Mail Extensions (MIME)
[RFC2045].
• These messages include requests from client to server and responses from server to client
which will have the following format:
– HTTP-message = <Request> | <Response> ; HTTP/1.1 messages
HEADER FIELDS

1. General-header: These header fields have general applicability for both request and
response messages.
2. Request-header: These header fields have applicability only for request messages.
3. Response-header: These header fields have applicability only for response messages.
4. Entity-header: These header fields define meta information about the entity-body or, if no
body is present, about the resource identified by the request.
THE EXAMPLES OF VARIOUS HEADER
FIELDS
User-Agent: curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3
Host: www.example.com
Accept-Language: en, mi
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
ETag: "34aa387-d-1568eb00"
Accept-Ranges: bytes
Content-Length: 51
Vary: Accept-Encoding
Content-Type: text/plain
HTTP - METHODS

Method Description
GET The GET method is used to retrieve information from the given server using a given
URI. Requests using GET should only retrieve data and should have no other effect on
the data.
HEAD Same as GET, but transfers the status line and header section only.
POST A POST request is used to send data to the server, for example, customer information,
file upload, etc. using HTML forms.
PUT Replaces all current representations of the target resource with the uploaded content.
DELETE Removes all current representations of the target resource given by a URI.
CONNECT Establishes a tunnel to the server identified by a given URI.
OPTIONS Describes the communication options for the target resource.
TRACE Performs a message loop-back test along the path to the target resource.
HTTP - HEADER FIELDS

• HTTP header fields provide required information about the request or response, or about the
object sent in the message body.
• There are four types of HTTP message headers:
1. General-header: These header fields have general applicability for both request and response
messages.
2. Client Request-header: These header fields have applicability only for request messages.
3. Server Response-header: These header fields have applicability only for response messages.
4. Entity-header: These header fields define meta information about the entity-body or, if no body is
present, about the resource identified by the request.
THREE BASIC TYPES OF WEB
DOCUMENTS
• Static.
– A static web document resides in a file that it is associated with a web server. The author of a static
document determines the contents at the time the document is written. Because the contents do not
change, each request for a static document results in exactly the same response.
• Dynamic.
– A dynamic web document does not exist in a pre-difined form. When a request arrives the web server
runs an application program that creates the document. The server returns the output of the program as a
response to the browser that requested the document. Because a fresh document is created for each
request, the contents of a dynamic document can vary from one request to another.
• Active
– An active web document consists of a computer program that the server sends to the browser and that
the browser must run locally. When it runs, the active document program can interact with the user and
change the display continously.