Web Applications Architecture Review Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
2 hours 19 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:00
Hello, everyone, and welcome back to the course. Need 500. Thanks. True logs,
00:04
Amigo Vieira in After a brief review about application structure, let's talk about the GP. Anticipate E
00:13
first considered this information One of the difference between recipe and your GP is the recipe. Establish a connection, which a process called through a handshake? Is his information true or false?
00:27
There's a few missions. True,
00:28
the 300 shake is a process that recipe uses to establish the connection between the client and server. The your GP Do not do this.
00:37
It's only saying the packets.
00:39
That's why the CPS called connection oriented and GDP its connection. N'est ce.
00:45
Later, we'll talk about the impact off recipe through a handshake In the log. Analysis,
00:51
let's start talking about blowing up the shock troops
00:54
in this video. The loan of Jap ships are
00:58
a brief review off. It'd be
01:00
followed by a review off I p anticipate model
01:03
and after we will present our levy for structure.
01:07
So let's start talking about http
01:11
http. Means hypertension transfer protocol
01:15
in here. The definition off war is a protocol.
01:19
A protocol is a set off. Rules tell our communication
01:23
and the set off rules is the funding inner FC.
01:26
You can check it in this webpage.
01:29
As we said before, we fit you to be the clients. Has something to the server in this, Have you answer so that you could be is how the client in several top
01:38
two things are really important to know. First http methods
01:44
they are sent by the clients in just the Web. Seven. What they want to do
01:49
and the 2nd 1 is they started schooled. They started. Scold is a way that Web server sent to decline. What the seven date with their request
02:00
e summary. The brother of your sins are get,
02:02
and it's go through a network.
02:05
The website will receive its and answers back with a start. It's cold.
02:08
The Web client. You got the answer and you show the page.
02:14
So the method is like a common
02:15
in that teepee starts cold is a result off this common.
02:20
But what are these HDP methods
02:23
here? The Dave off methods
02:27
most common are they get in post methods.
02:30
They get request a resource like a file image or some other resource.
02:36
The Post sent something to the Web server like my user name or password, the RC classified the methods with some properties.
02:46
One off this properties is if the method is safe.
02:49
The safe definition means that the methods is read on Lee.
02:53
So the method should not change anything on the Web server.
02:58
However, as we have seen, this course get can be used to perform attacks like brute force. Oh, Http. Flu
03:05
Other profits can be found in this action for the Jew off the RFC.
03:09
Now they started school. They started schooled. We'll tell us how the Web seven processes that tried to request
03:17
the most common codes are inside five favorite off codes.
03:22
The hundreds that are informational
03:25
200 that I coached you *** for operations
03:30
three hundred's. That means read directions.
03:32
400 means client Aargh
03:36
The client performed are wrong request
03:38
and the five hundred's means this ever error
03:42
the Rebs. Irvin could not answer the request because often ever
03:46
attacks Miss configuration overload can cause this.
03:51
And this is lied. I resume off the most common start. It's cold.
03:54
It is important to know some off them. Let's just go some
03:59
the 200 means okay.
04:00
This means that the Web's ever answered, and the client would get the answer.
04:04
300 into is the most common for head directions.
04:10
This happens when our base sent you to another one.
04:13
For example, after report your user name and password, the replication can send you to another Web page. The 404 happens when the Web seven doesn't find the requested resource.
04:26
It can be a typing there from the user. A wrong work Paige call in the cold. Are someone trying to find information?
04:33
You can check all the codes in the RFC
04:38
after this river review about http Lets talk about J C V I. P.
04:43
Http is an application protocol like the N S a. R a. Same tippy seems, http, is an application protocol.
04:51
It uses the application layer and it is located
04:56
at the top off the both martyrs. O aside and TCP I p
05:00
http uses lower layers to reach its destination. Like clients in servers. Usually they TTP uses TCP ports. 80
05:12
other ports, like 80 80 are possible, too.
05:15
If you see a yes alternated you be,
05:18
this stands for secure,
05:21
and it means that HDP restaurants were encrypted.
05:26
The most common port to https is 443
05:30
But like it should be, it's possible to see the GPS running in our knowledge. TCP ports.
05:36
But why should we care about recipe? I be
05:40
if the website in client use this HTTP.
05:44
As we said the GOP uses to c p i p
05:47
to clarify here we have a package capture
05:50
for our communication between clients in Web server.
05:56
The three first lines are the D. C P I. P. Communication. That three way handshake,
06:01
the TCP epic on vacation, is handled by the Web server operational system.
06:08
The TTP doesn't care about it.
06:11
If a client is a Web browser, it will say today, operational system the three way in shake your core and operational system built out of the Web browser. Hey, we are connected with this server. You can use this connection to say you're a tip information.
06:27
Then the next line is http request
06:30
here. I'll get this means that it should be and a GPS communications on Lee starts after the recipe to a handshake and the Web seven we own log Did you should be part https requests.
06:46
So for this communication, the website of it. We want we show one logline
06:53
and to finish here that apology that we were used during our course.
06:58
We have a new doctor machine
07:00
and they're vulnerable. Web application.
07:02
The replication is that all of us broken Web application projects application
07:09
and between the attacker in the application there is a firearm.
07:13
Everything here is viewed well,
07:15
so the process will be We use the tractor machine, just Dr Replication.
07:20
After the attack, you start the logs and you analyze them to identify the attack.
07:27
We also have a Web seven units to get some real logs, and those logs will be used as example.
07:34
Now answer the question.
07:36
I think the Web service starts cold on the left with its description on the right
07:44
Here you have the answer.
07:46
Just to remember, the 200 means succes are okay
07:51
for the next question. Consider this in a row.
07:55
You are a sock analysts and someone shows to you a packet Capture
07:59
the package capture below
08:01
Supposed I didn't need the Web. Seven logs.
08:05
How many lines we'll have the Web. Several logs to this communication.
08:09
A July ings Be four lines. See one line or d zero lines.
08:16
The answer is letter C one line. As we said before, the TTP communication starts after the three way handshake.
08:26
So we only have one. Http requests what means that we only have one logline
08:33
in this video we talked about http, is your important components http methods sent by the clients to the Web server and 80 to be stars codes sent from the Web. Seven to the clients as answer.
08:48
And finally, we review a little too c p I p Protocol
08:50
and how it is related to a T. T. P.
08:54
In the next video, we'll talk about logs and dizzy pardons. Where were we did find the key information in the Web, several logs and after you do some analyses on the most common website a social logs
09:07
like Apache in Jack's and Microsoft IIs.
Up Next
Identifying Web Attacks Through Logs

This course will review web application infrastructure, web servers, and the logs associated with them. We will also simulate 10 attack scenarios and identify the attack through logs that are generated by the web server.

Instructed By