Month: July 2017

If you followed along the HTTP series, you are ready now to embark on a journey of HTTP security. And a journey it will be, I promise 🙂 Many companies have been a victim to security breaches. To name just a few prominent ones: Dropbox, Linkedin, MySpace, Adobe, Sony, Forbes and many others were on the receiving end of malicious attacks. Many accounts were compromised and the chances are, at least one of those was yours 🙂 You can actually check that on Have I Been Pwned. My email address was found on 4 different websites that were victims...

In the previous part, we’ve talked about the different ways that websites can use to identify the visiting user. But identification itself represents just a claim. When you identify yourself, you are claiming that you are someone. But there is no proof of that. Authentication, on the other hand, is showing a proof that you are what you claim to be, like showing your personal id or typing in your password. More often than not, the websites need that proof to serve you sensitive resources. HTTP has its own authentication mechanisms that allow the servers to issue challenges and get...

Up until now, you learned about the basic concepts and some of the architectural aspects of HTTP. This leads us to the next important subject to the HTTP: client identification. In this article, you’ll learn why client identification is important and how can Web servers identify you (your Web client). You will also get to see how that information is used and stored. This is the third part of the HTTP Series. In this article, you will learn more about: Client Identification and Why It’s Extremely Important Different Ways to Identify a Client HTTP Request Headers Used for Identification...