HTTP Protocol

  1. Securing HTTP
    1. Security Challenges in HTTP
      1. HTTPS (HTTP Secure)
        1. TLS/SSL Integration
          1. Encryption of Data in Transit
            1. Data Integrity Protection
              1. Server Authentication
                1. Client Authentication
                2. TLS Handshake Process
                  1. Handshake Steps
                    1. Certificate Exchange
                      1. Key Exchange
                        1. Cipher Suite Negotiation
                        2. Digital Certificates
                          1. Certificate Structure
                            1. Certificate Authorities
                              1. Certificate Chain Validation
                                1. Certificate Revocation
                                2. HTTP Strict Transport Security (HSTS)
                                  1. HSTS Header
                                    1. HSTS Preloading
                                      1. HSTS Policy Enforcement
                                      2. Common Security Headers
                                        1. Content-Security-Policy
                                          1. X-Frame-Options
                                            1. X-Content-Type-Options
                                              1. Referrer-Policy
                                              2. Web Security Vulnerabilities
                                                1. Cross-Site Scripting (XSS)
                                                  1. Cross-Site Request Forgery (CSRF)
                                                    1. Clickjacking
                                                      1. Man-in-the-Middle Attacks

                                                    Previous

                                                    9. HTTP Caching

                                                    Go to top

                                                    Next

                                                    11. Advanced HTTP Concepts