BOOK THIS SPACE FOR AD
ARTICLE ADAn HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user’s web browser. The browser may store it and send it back with later requests to the same server. Typically, it’s used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol.
Cookies are mainly used for three purposes:
Session management: Logins, shopping carts, game scores, or anything else the server should remember
Personalization: User preferences, themes, and other settings
Tracking: Recording and analyzing user behavior
In client-server protocols, like HTTP, sessions consist of three phases:
The client establishes a TCP connection (or the appropriate connection if the transport layer is not TCP).The client sends its request and waits for the answer.The server processes the request, sending back its answer, providing a status code and appropriate data.As of HTTP/1.1, the connection is no longer closed after completing the third phase, and the client is now granted a further request: this means the second and third phases can now be performed any number of times.
GET / HTTP/1.1Host: developer.mozilla.org
Accept-Language: frPOST /contact_form.php HTTP/1.1
Host: developer.mozilla.org
Content-Length: 64
Content-Type: application/x-www-form-urlencodedname=Joe%20User&request=Send%20me%20one%20of%20your%20catalogue
The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin.
It helps isolate potentially malicious documents, reducing possible attack vectors. For example, it prevents a malicious website on the Internet from running JS in a browser to read data from a third-party webmail service (which the user is signed into) or a company intranet (which is protected from direct access by the attacker by not having a public IP address) and relaying that data to the attacker.
Definition of an origin
Two URLs have the same origin if the protocol, port (if specified), and host are the same for both. You may see this referenced as the “scheme/host/port tuple”, or just “tuple”. (A “tuple” is a set of items that together comprise a whole — a generic form for double/triple/quadruple/quintuple/etc.)
The following table gives examples of origin comparisons with the URL http://store.company.com/dir/page.html:
http://store.company.com/dir2/other.html Same origin >> Only the path http://store.company.com/dir/inner/another.htmlSame origin >> Only the path differs
https://store.company.com/page.htmlFailure >> Different protocol
http://store.company.com:81/dir/page.htmlFailure >>Different port (http:// is port 80 by default)
http://news.company.com/dir/page.htmlFailure >> Different host
Burp Suite Professional is one of the most popular penetration testing and vulnerability finder tools, and is often used for checking web application security. “Burp,” as it is commonly known, is a proxy-based tool used to evaluate the security of web-based applications and do hands-on testing.
OWASP ZAP is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers. It is one of the most active Open Web Application Security Project projects and has been given Flagship status.