Understanding Web Applications (HTTP/HTTPS)

Web applications are programs or software applications that run on a web server and are accessed via web browsers using the HTTP or HTTPS protocols. Understanding these protocols is crucial in web application security, as they are the foundation of communication between clients (usually web browsers) and servers.

What is a Web Application?

A web application is a software application that runs on a web server, as opposed to being installed on a user's local device. Web applications are accessible through a web browser using a URL. Web apps range from simple sites like blogs to complex platforms like online banking, e-commerce, and social media.

Frontend (Client-side): The part of the web application that users interact with. It’s usually built using HTML, CSS, JavaScript, and other front-end technologies. The front end runs in the user's web browser.
Backend (Server-side): The part of the application that handles the business logic, database operations, and client requests. It usually consists of a web server (e.g., Apache, Nginx), a programming language (e.g., PHP, Python, Ruby), and a database (e.g., MySQL, PostgreSQL, MongoDB).

HTTP (Hypertext Transfer Protocol)

HTTP is the protocol used for transmitting data over the web. It defines how messages are formatted and transmitted, and how web servers and browsers should respond to various commands. HTTP is stateless, meaning it does not keep track of previous requests. Each request is treated independently.

HTTP Request and Response

HTTP Request: When you visit a webpage (e.g., https://www.example.com), your browser sends an HTTP request to the server. This request may include headers, query parameters, and a body (in POST requests).
HTTP Response: The server processes the request and sends back an HTTP response, which contains the requested data (HTML, images, JSON, etc.) along with HTTP headers indicating the status of the request.

Basic HTTP Request Example:

HTTP request when you visit a website:

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

This request is asking the server to provide the /index.html page of www.example.com.

Basic HTTP Response Example:

The server might respond with the following:

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 1234

<html>
	<head>
		<title>Welcome</title>
	</head>
  <body>
	  <h1>Hello, World!</h1>
  </body>
</html>

HTTP Status Code: In the response, 200 OK is a status code that means the request was successful.
Content-Type: Indicates the type of the content (in this case, HTML).
Content-Length: Specifies the size of the response body.