Web Application Security

  1. Core Web Technologies and Protocols
    1. HTTP and HTTPS Protocols
      1. Protocol Overview
        1. Request and Response Structure
          1. Request Line
            1. Headers
              1. Body
                1. Response Status Line
                  1. Response Headers
                    1. Response Body
                    2. HTTP Methods
                      1. GET
                        1. POST
                          1. PUT
                            1. DELETE
                              1. PATCH
                                1. OPTIONS
                                  1. HEAD
                                  2. Status Codes
                                    1. Informational Responses
                                      1. Success Responses
                                        1. Redirection Messages
                                          1. Client Error Responses
                                            1. Server Error Responses
                                            2. HTTP Headers
                                              1. Standard Headers
                                                1. Custom Headers
                                                2. Cookies
                                                3. HTTPS and TLS
                                                  1. TLS Handshake Process
                                                    1. Certificate Validation
                                                      1. Mixed Content Risks
                                                        1. TLS Configuration Best Practices
                                                      2. Web Architecture Components
                                                        1. Client-Side Components
                                                          1. Browser Security Model
                                                            1. JavaScript Engine Security
                                                              1. Browser Storage Mechanisms
                                                                1. LocalStorage
                                                                  1. SessionStorage
                                                                    1. IndexedDB
                                                                      1. Cookies
                                                                    2. Server-Side Components
                                                                      1. Web Server
                                                                        1. Application Server
                                                                          1. Database Server
                                                                            1. Server-Side Scripting Languages
                                                                            2. Intermediary Components
                                                                              1. Forward Proxies
                                                                                1. Reverse Proxies
                                                                                  1. Content Delivery Networks
                                                                                    1. Load Balancers
                                                                                      1. Caching Mechanisms
                                                                                      2. API Architectures
                                                                                        1. REST APIs
                                                                                          1. SOAP APIs
                                                                                            1. GraphQL APIs
                                                                                              1. API Gateways
                                                                                            2. Data Encoding and Serialization
                                                                                              1. URL Encoding
                                                                                                1. Purpose and Usage
                                                                                                  1. Security Implications
                                                                                                  2. HTML Encoding
                                                                                                    1. Preventing XSS
                                                                                                      1. Encoding Special Characters
                                                                                                      2. Base64 Encoding
                                                                                                        1. Use Cases
                                                                                                          1. Security Considerations
                                                                                                          2. JSON Serialization
                                                                                                            1. JSON Structure
                                                                                                              1. Security Risks
                                                                                                              2. XML Processing
                                                                                                                1. XML Structure
                                                                                                                  1. XML Security Considerations

                                                                                                              Previous

                                                                                                              1. Introduction to Web Application Security

                                                                                                              Go to top

                                                                                                              Next

                                                                                                              3. Common Vulnerabilities and Attacks