In preparation for an upcoming user group presentation and a project I have been working on, I have been doing a lot of reading about our old friend the Hypertext Transfer Protocol(HTTP).
Kurt Wiersma and I were talking at the last Twin Cities ColdFusion User Group meeting about application security and while talking we came to the realization that understanding the basics of how HTTP works is the foundation for recognizing threats to your application and in creating security countermeasure. Right there I decided that one of the next steps in my path along learning more about security and in educating other on security topics, was to learn as much as I could about the protocol on which we run our most precious applications.
I started where any reasonable person would think. Wikipedia. While Wikipedia may be fraught with errors and omissions, I usually find its technical articles to be quite a good starting place for understanding the basics.
I did also order an O'Reilly Text for deeper understanding and I began reading that this past weekend.
One thing I have found very interesting about HTTP, is that while its basics are, in fact, quite basic, I am finding it difficult to articulate them. Which, of course, is exactly what I need to do for my presentation. I find myself asking some questions:
- Do I need to explain what a protocol is?
- Do I need to discuss TCP/IP?
- Do I need to discuss the OSI Model? (Oh God please no!!!)
- How can I keep my presentation entertaining and yet informative?
I think that the answer to the first three questions is "no". I may mention these things, but I will not delve into detail. If anyone thinks I should do otherwise, I would love to hear your reasoning.
As for the last question, I am hoping to use what I am learning from Presentation Zen to liven up my presentation and make it more interesting than my previous slide shows.
While I am sure that most of the people reading my blog understand the basics of HTTP, you may be surprised, like me, about some of the subtleties you may have missed. I will also try to discuss some of the security implications that go a long with how HTTP works. Because that is the overall point of why I am doing this research.
I want to write about the basics of HTTP to help solidify my understanding and to help me articulate the basics for my presentation. So for my next few blog posts I will go into more detail on HTTP, and I will use some of the tools I have at my disposal to demonstrate these basics. I would also love to hear from others with expertise that could offer me their insights to help make my presentation and understanding better.
The tools I will look at using are: