Month: July 2017

The HTTP series (Part 5): Security

If you followed along the HTTP series, you are ready now to embark on a journey of HTTP security. And a journey it will be, I promise 🙂 Many companies have been a victim to security breaches. To name just a few prominent ones: Dropbox, Linkedin, MySpace, Adobe, Sony, Forbes and many others were on the receiving end of malicious attacks. Many accounts were compromised and the chances are, at least one of those was yours 🙂 You can actually check that on Have I Been Pwned. My email address was found on 4 different websites that were victims...

Read More

The HTTP series (Part 4): Authentication mechanisms

In the previous part, we’ve talked about the different ways that websites can use to identify the visiting user. But identification itself represents just a claim. When you identify yourself, you are claiming that you are someone. But there is no proof of that. Authentication, on the other hand, is showing a proof that you are what you claim to be, like showing your personal id or typing in your password. More often than not, the websites need that proof to serve you sensitive resources. HTTP has its own authentication mechanisms that allow the servers to issue challenges and get...

Read More

The HTTP series (Part 3): Client identification

Up until now, you learned about the basic concepts and some of the architectural aspects of HTTP. This leads us to the next important subject to the HTTP: client identification. In this article, you’ll learn why client identification is important and how can Web servers identify you (your Web client). You will also get to see how that information is used and stored. This is what we have learned so far, and where we are now: The HTTP series (Part 1): Overview of the basic concepts  The HTTP series (Part 2): Architectural aspects The HTTP series (Part 3): Client...

Read More