What is HTTP (Hypertext Transfer Protocol)?
What is the purpose of HTTP?
How does HTTP work?
As a request-response protocol, HTTP gives users a way to interact with web resources such as HTML files by transmitting hypertext messages between clients and servers. HTTP clients generally use Transmission Control Protocol (TCP) connections to communicate with servers.
HTTP utilizes specific request methods in order to perform various tasks. All HTTP servers use the GET and HEAD methods, but not all support the rest of these request methods:
- GET requests a specific resource in its entirety
- HEAD requests a specific resource without the body content
- POST adds content, messages, or data to a new page under an existing web resource
- PUT directly modifies an existing web resource or creates a new URI if need be
- DELETE gets rid of a specified resource
- TRACE shows users any changes or additions made to a web resource
- OPTIONS shows users which HTTP methods are available for a specific URL
- CONNECT converts the request connection to a transparent TCP/IP tunnel
- PATCH partially modifies a web resource
Security Concerns Around HTTP
Unfortunately, adversaries can choose from many vectors to attack web servers, web applications, and websites. From cross-site scripting (XSS) to HTTP request smuggling, adversaries typically exploit well-known vulnerabilities and misconfigurations—not to mention the HTTP security concerns around sending plaintext credentials via HTTP. The OWASP foundation has highlighted the top 10 security risks to avoid when building web applications, helping improve defenses against HTTP-based attacks.
Adversaries also take advantage of HTTP to blend in with normal traffic while sneaking exfiltrated data and command-and-control communications past perimeter defenses. All these attacks also occur over HTTPS, an encrypted HTTP connection established with SSL/TLS. Learn how monitoring encrypted traffic matters for HTTP-based attacks such as the ProxyLogon Exchange Server exploit.