Web Application Basics

What is a Uniform resource locator (URL)

Scheme

1. either http or https (most common)

2. user field is rare now days because of the security risk

3. Host/domain the name of the website and is vulnerable to typosquatting

4. the port is the help us to access the needed service on the web server

5. path represents where are we on the web server

6. query string is usually used for search and is vulnerable to injection attacks

7. fragment help use divide the single web page into parts that we can jump to

http requests/responses

Security Headers

1. Content-Security-Policy(CSP)

   1. Can help us defend against XSS
   2. It says which websites are trusted

2. Strict-Transport-Security (HSTS)

   1. The HSTS header ensures that web browsers will always connect over HTTPS

3. X-Content-Type-Options

   1. Instructs the browser to not guess the MIME time and use the content-type header

4. Referrer-Policy

   1. How much data will be sent to the user when being reffered