Web applications employ a myriad of different technologies to implement their functionality. This chapter contains a short primer on the key technologies that you are likely to encounter when attacking web applications. We shall examine the HTTP protocol, the technologies commonly employed on the server and client sides, and the encoding schemes used to represent data in different situations. These technologies are in general easy to understand, and a grasp of their relevant features is key to performing effective attacks against web applications.
If you are already familiar with the key technologies used in web applications, you can quickly skim through this chapter to confirm that there is nothing new in here for you. If you are still learning how web applications work, you should read this primer before continuing to the later chapters on specific vulnerabilities. For further reading on any of the areas covered, we recommended HTTP: The Definitive Guide by David Gourley and Brian Totty (O'Reilly, 2002).
The hypertext transfer protocol (HTTP) is the core communications protocol used to access the World Wide Web and is used by all of today's web applications. It is a simple protocol that was originally developed for retrieving static text-based resources, and has since been extended and leveraged in various ways to enable it to support the complex distributed applications that are now commonplace.
HTTP uses a message-based model ...